Enable IMA in skiroot

This adds basic support for the Integrity Measurement Subsystem to the skiroot kernel. The changes to skiroot_defconfig are the kernel config options to enable IMA and the basic security subsystem. The values were obtained by running a make menuconfig, enabling IMA and the Nuvoton TPM driver, running a make defconfig, then updating skiroot_defconfig with this result. The changes to /etc/fstab ensure securityfs is mounted at boot. Signed-off-by: Dave Heller <hellerda@us.ibm.com>
author: Dave Heller <hellerda@us.ibm.com> 2016-06-05 16:39:56 -0400
committer: Dave Heller <hellerda@us.ibm.com> 2016-06-05 16:39:56 -0400
commit: a541bf744d1e1ddf8f30c7848775da5a6f0a3782 (patch)
tree: 401456bf39349a3443fcb8d2ef676f7e012aeba2 /openpower/overlay/etc/fstab
parent: a24eb9843bf0b0f8789042bbc00c464e914e727c (diff)
download: talos-op-build-a541bf744d1e1ddf8f30c7848775da5a6f0a3782.tar.gz
talos-op-build-a541bf744d1e1ddf8f30c7848775da5a6f0a3782.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/openpower/overlay/etc/fstab b/openpower/overlay/etc/fstab
index d373dc6b..ece6d843 100644
--- a/openpower/overlay/etc/fstab
+++ b/openpower/overlay/etc/fstab
@@ -4,3 +4,4 @@ proc		/proc		proc	defaults	0	0
 devpts		/dev/pts	devpts	defaults,gid=5,mode=620	0	0
 tmpfs		/dev/shm	tmpfs	mode=0777	0	0
 sysfs		/sys		sysfs	defaults	0	0
+securityfs	/sys/kernel/security	securityfs	defaults	0	0
author	Dave Heller <hellerda@us.ibm.com>	2016-06-05 16:39:56 -0400
committer	Dave Heller <hellerda@us.ibm.com>	2016-06-05 16:39:56 -0400
commit	a541bf744d1e1ddf8f30c7848775da5a6f0a3782 (patch)
tree	401456bf39349a3443fcb8d2ef676f7e012aeba2 /openpower/overlay/etc/fstab
parent	a24eb9843bf0b0f8789042bbc00c464e914e727c (diff)
download	talos-op-build-a541bf744d1e1ddf8f30c7848775da5a6f0a3782.tar.gz talos-op-build-a541bf744d1e1ddf8f30c7848775da5a6f0a3782.zip