Light

jiazhang0 / securecore Goto Github PK

View Code? Open in Web Editor NEW

8.0 3.0 3.0 20 KB

OpenEmbedded/Poky-compatible reference implementation based on meta-secure-core

License: MIT License

Shell 100.00%

security secure-boot ima integrity tpm tpm2 yocto poky signing-keys

securecore's Introduction

SecureCore

OpenEmbedded-certificated secure OS

securecore's People

Contributors

Stargazers

Watchers

Forkers

chenqi1989 icgilca svieg

securecore's Issues

IMA not working?

I'm trying to test out the IMA support here on QEMU. I have patched poky to add initramfs into mkefidisk.wks, use systemd-boot and pass IMA bootargs and the following added to the end of conf/local.conf:

IMAGE_FSTYPES += "wic"
WKS_FILE_qemux86-64 = "mkefidisk.wks"
EXTRA_IMAGEDEPENDS_qemux86-64_append = " ovmf"

Doing a runqemu nographic serial ovmf wic results in the following console.txt

Using the ima-inspect util that I sent a PR for, I can see that when I boot with ima_appraise=off things are signed by the sample key:

ima_inspect -a ima /lib/ld-2.26.so

/lib/ld-2.26.so

security.ima

digital signature version 2
digest algorithm: sha256
key-id v2 (gpg compatible): d0fc63d5
signature length: 2048 bits
signature data:

476965e54eae61e6 88463ca03870e42a 698096d6de446a8d c6e39fc8de01cef0 8d353e698dd222d8 007f9d5081526ae7 f583f9082ddc9a35 feebe9242e6dfd92
1ffa731b3ea569af 39596f5f676d330c 1d879a38817b516d 528d36f9510be8e8 a9a8f63c1c0b8af6 bea055935b8c1df6 aea078cdb35b0a6d 1ec06cc02de44062
e1275a0cd4c57a88 3c2012ecb874fdca fbf2d4ff810c966d 6975f9b3de20ccef 3d9ded0b1ea2dcac 0b892b862e2f2a60 6f1a0e127bb4cba9 7eeaf4c8ed9e115e
b8e21ed6f2e4610f 6a426515d038a27f 9ae857ac6ca09883 fc764393a923a1fe d3f1f373bfcddbb1 c8b2d83dac0d023f 87d032724d054b9a e3f418adbfbf2624

Dumping x509_ima.der with openssl I can see:

    X509v3 extensions:
        X509v3 Subject Key Identifier:
            4D:24:84:EA:40:37:2F:88:5F:D6:B3:13:56:03:B4:B5:D0:FC:63:D5

So we have a key match. Any ideas? Thanks!

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.