Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
meta-digi/meta-digi-dey/recipes-core
History
Tatiana Leon f510a438df trustfence-initramfs: do not boot non-encrypted rootfs if encryption is enabled 
Allowing to boot a non-encrypted rootfs when encryption is enable is a security
hole: if an attacker can somehow write (offline) to the media, he could flash a
custom unencrypted rootfs and break into the system.

If the system is configured to use encryption, only encrypted rootfs will boot.
Trying to boot a non-encrypted rootfs will fail and power off the device.

https://jira.digi.com/browse/DEL-3829

Signed-off-by: Tatiana Leon <tatiana.leon@digi.com>
 		2017-03-14 19:19:33 +01:00
..
base-files base-files: fix resize-ext4fs script to work with DM devices 2016-07-26 12:29:54 +02:00
busybox busybox: remove libdigi dependency 2017-03-07 17:32:34 +01:00
images dey-image-recovery-initramfs: force image type to 'cpio' 2017-03-01 16:56:53 +01:00
init-ifupdown meta-digi-dey: Added check if wlan1 interface already exist. 2017-03-14 13:20:10 +01:00
initscripts initscripts: add script to enable CAAM JS0 wakeup 2017-02-09 18:09:14 +01:00
packagegroups morty migration: packagegroups: remove explicit LICENSE variable 2017-02-28 11:46:57 +01:00
psplash psplash: fix init script to avoid running the app without fb 2017-01-03 12:42:10 +01:00
recovery recovery-utils: add support to set the rootfs encryption key 2017-03-14 18:01:02 +01:00
systemd meta-digi-dey: trustfence: Explicitely check for "1" for variable enable 2016-06-10 09:48:05 +02:00
sysvinit meta-digi-dey: trustfence: Explicitely check for "1" for variable enable 2016-06-10 09:48:05 +02:00
trustfence trustfence-initramfs: do not boot non-encrypted rootfs if encryption is enabled 2017-03-14 19:19:33 +01:00