Re: combining trusted/security layers


Trevor Woerner
 

Hi Randy,

Thanks for relaying, and continuing the conversation.

On Wed 2018-06-06 @ 05:44:41 PM, Randy MacLeod wrote:
Email from Jia:

Categorizing the recipes in meta-security may be the hardest work in the
whole move. I take a quick glance at the list (thanks for Trevor!) and a
big catalog would be penetration test (meta-penetration-test?). We need
more catalogs to cover the remaining tools. Definitely, the naming
scheme for me is a challenge.
Okay. I can create a meta-penetration-test or meta-pentesting layer in my fork
of Jia's meta-secure-core and start putting the relevant recipes of that
category there to see what others think.

meta-secure-core already has a meta-ids (intrusion detection system) layer, so
I can look through meta-security's list to see which ones apply to that
category also.

When done, if the remaining recipes don't fit into any obvious category, I'll
poke this list again (or bring it up in the calls) to get others' feedback.

Regarding meta-tpm1/2, we could consider to cherry pick one among the 3
layers as the baseline and move the trivial parts in recipe from other 2
layers into the baseline. Other conflicting recipes would follow the
same methodology.
I have a WIP branch here with my work updating and bringing the latest TPM2
stuff into meta-secure-core. It's hung up now because, for the git recipes,
the Intel people are dlopen()'ing raw .so files, and I'm trying to get them to
rectify this before their next API-changing release of their latest TSS
libraries:

https://github.com/twoerner/meta-secure-core/tree/contrib/twoerner/tpm2-recipe-updates

Thanks!

Join openembedded-architecture@lists.openembedded.org to automatically receive all group messages.