Refer Fedora/RedHat's way https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.5_technical_notes/dracut
To enable user space fips mode in the image recipe as part of an 'IMAGE_CLASSES'. Basically if FIPS-140-2 is enabled, then we can touch the file as a post image generation activity. Signed-off-by: Hongxu Jia <hongxu....@windriver.com> --- classes/image-enable-fips.bbclass | 5 +++++ conf/layer.conf | 2 ++ 2 files changed, 7 insertions(+) create mode 100644 classes/image-enable-fips.bbclass diff --git a/classes/image-enable-fips.bbclass b/classes/image-enable-fips.bbclass new file mode 100644 index 0000000..6c5b370 --- /dev/null +++ b/classes/image-enable-fips.bbclass @@ -0,0 +1,5 @@ +ROOTFS_POSTPROCESS_COMMAND_append = "enable_system_fips;" +enable_system_fips() { + install -d ${IMAGE_ROOTFS}${sysconfdir} + touch ${IMAGE_ROOTFS}${sysconfdir}/system-fips +} diff --git a/conf/layer.conf b/conf/layer.conf index 27a872e..185f422 100644 --- a/conf/layer.conf +++ b/conf/layer.conf @@ -18,3 +18,5 @@ LAYERDEPENDS_meta-openssl-one-zero-two-fips = " \ meta-openssl-one-zero-two \ wr-template \ " + +IMAGE_CLASSES_append = "${@'' if d.getVar('OPENSSL_FIPS_ENABLED', True) != '1' else ' image-enable-fips'}" -- 2.7.4 -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto