| MACHINE ??= "evb-ast2600" |
| DISTRO ?= "openbmc-phosphor" |
| PACKAGE_CLASSES ?= "package_ipk" |
| SANITY_TESTED_DISTROS:append ?= " *" |
| EXTRA_IMAGE_FEATURES ?= "debug-tweaks" |
| USER_CLASSES ?= "buildstats" |
| PATCHRESOLVE = "noop" |
| BB_DISKMON_DIRS ??= "\ |
| STOPTASKS,${TMPDIR},1G,100K \ |
| STOPTASKS,${DL_DIR},1G,100K \ |
| STOPTASKS,${SSTATE_DIR},1G,100K \ |
| STOPTASKS,/tmp,100M,100K \ |
| HALT,${TMPDIR},100M,1K \ |
| HALT,${DL_DIR},100M,1K \ |
| HALT,${SSTATE_DIR},100M,1K \ |
| HALT,/tmp,10M,1K" |
| CONF_VERSION = "2" |
| |
| DISTRO_FEATURES:append = " integrity" |
| |
| # Enable IMA kernel support |
| # DISTRO_FEATURES:append = " ima" |
| |
| # Once ima-evm-rootfs is activated we need the keys below for signing |
| # executables and libraries |
| # IMAGE_CLASSES += "ima-evm-rootfs" |
| |
| # Modify the following variables to point to your own directory and keys |
| # The CA must be able to verify the x509 cert: |
| # openssl verify -CAfile ${IMA_EVM_ROOT_CA} ${IMA_EVM_X509} |
| # |
| # IMA_EVM_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys" |
| # IMA_EVM_PRIVKEY = "${IMA_EVM_KEY_DIR}/privkey_ima.pem" |
| # IMA_EVM_X509 = "${IMA_EVM_KEY_DIR}/x509_ima.der" |
| # IMA_EVM_ROOT_CA = "${IMA_EVM_KEY_DIR}/ima-local-ca.pem" |
| |
| # The following policy enforces IMA & EVM signatures |
| # IMA_EVM_POLICY = "${INTEGRITY_BASE}/recipes-security/ima_policy_appraise_all/files/ima_policy_appraise_all" |
| |
| require conf/machine/include/obmc-bsp-common.inc |