jeans/operating-system
jeans/operating-system
1
0
Fork 0
mirror of https://github.com/home-assistant/operating-system.git synced 2025-07-28 15:36:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Choose Security Module using Kernel configuration (#2407)

Browse Source
This commit is contained in:
Stefan Agner 2023-03-14 18:29:01 +01:00 committed by GitHub
parent 1d2de24cbe
commit 2b0187604b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 14 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
buildroot-external/board/arm-uefi/generic-aarch64/grub.cfg
View File

@ -56,7 +56,7 @@ fi
save_env A_TRY A_OK B_TRY B_OK ORDER MACHINE_ID save_env A_TRY A_OK B_TRY B_OK ORDER MACHINE_ID
default_cmdline="rootwait zram.enabled=1 zram.num_devices=3 apparmor=1 security=apparmor net.naming-scheme=v250 systemd.machine_id=$MACHINE_ID fsck.repair=yes" default_cmdline="rootwait zram.enabled=1 zram.num_devices=3 net.naming-scheme=v250 systemd.machine_id=$MACHINE_ID fsck.repair=yes"
file_env -f ($root)/cmdline.txt cmdline file_env -f ($root)/cmdline.txt cmdline
# root is a full HDD/partition definition in GRUB format like hd0,gpt1 # root is a full HDD/partition definition in GRUB format like hd0,gpt1

2
buildroot-external/board/asus/tinker/uboot-boot.ush
View File

@ -17,7 +17,7 @@ test -n "${BOOT_A_LEFT}" || setenv BOOT_A_LEFT 3
test -n "${BOOT_B_LEFT}" || setenv BOOT_B_LEFT 3 test -n "${BOOT_B_LEFT}" || setenv BOOT_B_LEFT 3
# HassOS bootargs # HassOS bootargs
setenv bootargs_hassos "zram.enabled=1 zram.num_devices=3 apparmor=1 security=apparmor net.naming-scheme=v250 systemd.machine_id=${MACHINE_ID} fsck.repair=yes" setenv bootargs_hassos "zram.enabled=1 zram.num_devices=3 net.naming-scheme=v250 systemd.machine_id=${MACHINE_ID} fsck.repair=yes"
# HassOS system A/B # HassOS system A/B
setenv bootargs_a "root=PARTUUID=8d3d53e3-6d49-4c38-8349-aff6859e82fd rootfstype=squashfs ro rootwait" setenv bootargs_a "root=PARTUUID=8d3d53e3-6d49-4c38-8349-aff6859e82fd rootfstype=squashfs ro rootwait"

2
buildroot-external/board/hardkernel/odroid-c2/uboot-boot.ush
View File

@ -19,7 +19,7 @@ test -n "${BOOT_A_LEFT}" || setenv BOOT_A_LEFT 3
test -n "${BOOT_B_LEFT}" || setenv BOOT_B_LEFT 3 test -n "${BOOT_B_LEFT}" || setenv BOOT_B_LEFT 3
# HassOS bootargs # HassOS bootargs
setenv bootargs_hassos "zram.enabled=1 zram.num_devices=3 apparmor=1 security=apparmor net.naming-scheme=v250 systemd.machine_id=${MACHINE_ID} fsck.repair=yes" setenv bootargs_hassos "zram.enabled=1 zram.num_devices=3 net.naming-scheme=v250 systemd.machine_id=${MACHINE_ID} fsck.repair=yes"
# HassOS system A/B # HassOS system A/B
setenv bootargs_a "root=PARTUUID=48617373-06 rootfstype=squashfs ro rootwait" setenv bootargs_a "root=PARTUUID=48617373-06 rootfstype=squashfs ro rootwait"

2
buildroot-external/board/hardkernel/odroid-c4/uboot-boot.ush
View File

@ -19,7 +19,7 @@ test -n "${BOOT_A_LEFT}" || setenv BOOT_A_LEFT 3
test -n "${BOOT_B_LEFT}" || setenv BOOT_B_LEFT 3 test -n "${BOOT_B_LEFT}" || setenv BOOT_B_LEFT 3
# HassOS bootargs # HassOS bootargs
setenv bootargs_hassos "zram.enabled=1 zram.num_devices=3 apparmor=1 security=apparmor net.naming-scheme=v250 systemd.machine_id=${MACHINE_ID} clk_ignore_unused usb-storage.quirks=0x2537:0x1066:u,0x2537:0x1068:u" setenv bootargs_hassos "zram.enabled=1 zram.num_devices=3 net.naming-scheme=v250 systemd.machine_id=${MACHINE_ID} clk_ignore_unused usb-storage.quirks=0x2537:0x1066:u,0x2537:0x1068:u"
# HassOS system A/B # HassOS system A/B
setenv bootargs_a "root=PARTUUID=48617373-06 rootfstype=squashfs ro rootwait" setenv bootargs_a "root=PARTUUID=48617373-06 rootfstype=squashfs ro rootwait"

2
buildroot-external/board/hardkernel/odroid-m1/uboot-boot.ush
View File

@ -17,7 +17,7 @@ test -n "${BOOT_A_LEFT}" || setenv BOOT_A_LEFT 3
test -n "${BOOT_B_LEFT}" || setenv BOOT_B_LEFT 3 test -n "${BOOT_B_LEFT}" || setenv BOOT_B_LEFT 3
# HassOS bootargs # HassOS bootargs
setenv bootargs_hassos "zram.enabled=1 zram.num_devices=3 apparmor=1 security=apparmor net.naming-scheme=v250 systemd.machine_id=${MACHINE_ID} fsck.repair=yes" setenv bootargs_hassos "zram.enabled=1 zram.num_devices=3 net.naming-scheme=v250 systemd.machine_id=${MACHINE_ID} fsck.repair=yes"
# HassOS system A/B # HassOS system A/B
setenv bootargs_a "root=PARTUUID=8d3d53e3-6d49-4c38-8349-aff6859e82fd rootfstype=squashfs ro rootwait" setenv bootargs_a "root=PARTUUID=8d3d53e3-6d49-4c38-8349-aff6859e82fd rootfstype=squashfs ro rootwait"

2
buildroot-external/board/hardkernel/odroid-n2/uboot-boot.ush
View File

@ -19,7 +19,7 @@ test -n "${BOOT_A_LEFT}" || setenv BOOT_A_LEFT 3
test -n "${BOOT_B_LEFT}" || setenv BOOT_B_LEFT 3 test -n "${BOOT_B_LEFT}" || setenv BOOT_B_LEFT 3
# HassOS bootargs # HassOS bootargs
setenv bootargs_hassos "zram.enabled=1 zram.num_devices=3 apparmor=1 security=apparmor net.naming-scheme=v250 systemd.machine_id=${MACHINE_ID} fsck.repair=yes" setenv bootargs_hassos "zram.enabled=1 zram.num_devices=3 net.naming-scheme=v250 systemd.machine_id=${MACHINE_ID} fsck.repair=yes"
# HassOS system A/B # HassOS system A/B
setenv bootargs_a "root=PARTUUID=48617373-06 rootfstype=squashfs ro rootwait" setenv bootargs_a "root=PARTUUID=48617373-06 rootfstype=squashfs ro rootwait"

2
buildroot-external/board/hardkernel/odroid-xu4/uboot-boot.ush
View File

@ -21,7 +21,7 @@ test -n "${BOOT_A_LEFT}" || setenv BOOT_A_LEFT 3
test -n "${BOOT_B_LEFT}" || setenv BOOT_B_LEFT 3 test -n "${BOOT_B_LEFT}" || setenv BOOT_B_LEFT 3
# HassOS bootargs # HassOS bootargs
setenv bootargs_hassos "zram.enabled=1 zram.num_devices=3 apparmor=1 security=apparmor net.naming-scheme=v250 systemd.machine_id=${MACHINE_ID} fsck.repair=yes" setenv bootargs_hassos "zram.enabled=1 zram.num_devices=3 net.naming-scheme=v250 systemd.machine_id=${MACHINE_ID} fsck.repair=yes"
# HassOS system A/B # HassOS system A/B
setenv bootargs_a "root=PARTUUID=48617373-06 rootfstype=squashfs ro rootwait" setenv bootargs_a "root=PARTUUID=48617373-06 rootfstype=squashfs ro rootwait"

2
buildroot-external/board/khadas/vim3/uboot-boot.ush
View File

@ -19,7 +19,7 @@ test -n "${BOOT_A_LEFT}" || setenv BOOT_A_LEFT 3
test -n "${BOOT_B_LEFT}" || setenv BOOT_B_LEFT 3 test -n "${BOOT_B_LEFT}" || setenv BOOT_B_LEFT 3
# HassOS bootargs # HassOS bootargs
setenv bootargs_hassos "zram.enabled=1 zram.num_devices=3 apparmor=1 security=apparmor net.naming-scheme=v250 systemd.machine_id=${MACHINE_ID} fsck.repair=yes" setenv bootargs_hassos "zram.enabled=1 zram.num_devices=3 net.naming-scheme=v250 systemd.machine_id=${MACHINE_ID} fsck.repair=yes"
# HassOS system A/B # HassOS system A/B
setenv bootargs_a "root=PARTUUID=48617373-06 rootfstype=squashfs ro rootwait" setenv bootargs_a "root=PARTUUID=48617373-06 rootfstype=squashfs ro rootwait"

2
buildroot-external/board/pc/grub.cfg
View File

@ -56,7 +56,7 @@ fi
save_env A_TRY A_OK B_TRY B_OK ORDER MACHINE_ID save_env A_TRY A_OK B_TRY B_OK ORDER MACHINE_ID
default_cmdline="rootwait zram.enabled=1 zram.num_devices=3 apparmor=1 security=apparmor net.naming-scheme=v250 systemd.machine_id=$MACHINE_ID fsck.repair=yes" default_cmdline="rootwait zram.enabled=1 zram.num_devices=3 net.naming-scheme=v250 systemd.machine_id=$MACHINE_ID fsck.repair=yes"
file_env -f ($root)/cmdline.txt cmdline file_env -f ($root)/cmdline.txt cmdline
# root is a full HDD/partition definition in GRUB format like hd0,gpt1 # root is a full HDD/partition definition in GRUB format like hd0,gpt1

2
buildroot-external/board/raspberrypi/uboot-boot.ush
View File

@ -18,7 +18,7 @@ test -n "${BOOT_A_LEFT}" || setenv BOOT_A_LEFT 3
test -n "${BOOT_B_LEFT}" || setenv BOOT_B_LEFT 3 test -n "${BOOT_B_LEFT}" || setenv BOOT_B_LEFT 3
# HassOS bootargs # HassOS bootargs
setenv bootargs_hassos "zram.enabled=1 zram.num_devices=3 apparmor=1 security=apparmor rootwait net.naming-scheme=v250 systemd.machine_id=${MACHINE_ID} cgroup_enable=memory fsck.repair=yes" setenv bootargs_hassos "zram.enabled=1 zram.num_devices=3 rootwait net.naming-scheme=v250 systemd.machine_id=${MACHINE_ID} cgroup_enable=memory fsck.repair=yes"
# HassOS system A/B # HassOS system A/B
setenv bootargs_a "root=PARTUUID=8d3d53e3-6d49-4c38-8349-aff6859e82fd rootfstype=squashfs ro" setenv bootargs_a "root=PARTUUID=8d3d53e3-6d49-4c38-8349-aff6859e82fd rootfstype=squashfs ro"

2
buildroot-external/board/raspberrypi/uboot-boot64.ush
View File

@ -18,7 +18,7 @@ test -n "${BOOT_A_LEFT}" || setenv BOOT_A_LEFT 3
test -n "${BOOT_B_LEFT}" || setenv BOOT_B_LEFT 3 test -n "${BOOT_B_LEFT}" || setenv BOOT_B_LEFT 3
# HassOS bootargs # HassOS bootargs
setenv bootargs_hassos "zram.enabled=1 zram.num_devices=3 apparmor=1 security=apparmor rootwait net.naming-scheme=v250 systemd.machine_id=${MACHINE_ID} cgroup_enable=memory fsck.repair=yes" setenv bootargs_hassos "zram.enabled=1 zram.num_devices=3 rootwait net.naming-scheme=v250 systemd.machine_id=${MACHINE_ID} cgroup_enable=memory fsck.repair=yes"
# HassOS system A/B # HassOS system A/B
setenv bootargs_a "root=PARTUUID=8d3d53e3-6d49-4c38-8349-aff6859e82fd rootfstype=squashfs ro" setenv bootargs_a "root=PARTUUID=8d3d53e3-6d49-4c38-8349-aff6859e82fd rootfstype=squashfs ro"

2
buildroot-external/board/raspberrypi/yellow/uboot-boot64.ush
View File

@ -18,7 +18,7 @@ test -n "${BOOT_A_LEFT}" || setenv BOOT_A_LEFT 3
test -n "${BOOT_B_LEFT}" || setenv BOOT_B_LEFT 3 test -n "${BOOT_B_LEFT}" || setenv BOOT_B_LEFT 3
# HassOS bootargs # HassOS bootargs
setenv bootargs_hassos "zram.enabled=1 zram.num_devices=3 apparmor=1 security=apparmor rootwait net.naming-scheme=v250 systemd.machine_id=${MACHINE_ID} cgroup_enable=memory fsck.repair=yes" setenv bootargs_hassos "zram.enabled=1 zram.num_devices=3 rootwait net.naming-scheme=v250 systemd.machine_id=${MACHINE_ID} cgroup_enable=memory fsck.repair=yes"
# Red Button pressed? # Red Button pressed?
if gpio input GPIO27; then if gpio input GPIO27; then

2
buildroot-external/kernel/hassos.config
View File

@ -31,6 +31,8 @@ CONFIG_SECCOMP_FILTER=y
CONFIG_AUDIT=y CONFIG_AUDIT=y
CONFIG_SECURITY=y CONFIG_SECURITY=y
CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR=y
# CONFIG_SECURITY_SELINUX is not set
CONFIG_LSM="apparmor"
CONFIG_CRYPTO=y CONFIG_CRYPTO=y
CONFIG_CRYPTO_LZ4=y CONFIG_CRYPTO_LZ4=y