From a541bf744d1e1ddf8f30c7848775da5a6f0a3782 Mon Sep 17 00:00:00 2001
From: Dave Heller <hellerda@us.ibm.com>
Date: Sun, 5 Jun 2016 16:39:56 -0400
Subject: Enable IMA in skiroot

This adds basic support for the Integrity Measurement Subsystem to the
skiroot kernel.

The changes to skiroot_defconfig are the kernel config options to enable IMA
and the basic security subsystem.  The values were obtained by running a make
menuconfig, enabling IMA and the Nuvoton TPM driver, running a make defconfig,
then updating skiroot_defconfig with this result.

The changes to /etc/fstab ensure securityfs is mounted at boot.

Signed-off-by: Dave Heller <hellerda@us.ibm.com>
---
 openpower/overlay/etc/fstab | 1 +
 1 file changed, 1 insertion(+)

(limited to 'openpower/overlay')

diff --git a/openpower/overlay/etc/fstab b/openpower/overlay/etc/fstab
index d373dc6b..ece6d843 100644
--- a/openpower/overlay/etc/fstab
+++ b/openpower/overlay/etc/fstab
@@ -4,3 +4,4 @@ proc		/proc		proc	defaults	0	0
 devpts		/dev/pts	devpts	defaults,gid=5,mode=620	0	0
 tmpfs		/dev/shm	tmpfs	mode=0777	0	0
 sysfs		/sys		sysfs	defaults	0	0
+securityfs	/sys/kernel/security	securityfs	defaults	0	0
-- 
cgit v1.2.1