Hi Toradex community,
I’m currently trying to enable DISTRO_FEATURES ‘integrity’ and ‘ima’ from meta-security/meta-integrity in our BSPs using the pinned versions from Toradex BSP 5.7.2 respectively 6.2.0. As soon as I add the ‘ima’ feature, kernel compilation fails with this error:
NOTE: do_kernel_metadata: for summary/debug, set KCONF_AUDIT_LEVEL > 0
| ERROR: Feature 'features/ima/ima.scc' not found, this will cause configuration failures.
To excludes effects from our own distribution and machine configuration, I tried with standard Toradex BSP, colibri-imx7-emmc as machine and tdx-reference-minimal-image (where I removed connman-plugin-wifi due this caused an error when enabling the ‘integrity’ feature). The behaviour is exactly the same as for our BSPs.
The missing file is part of Yocto kernel metadata yocto-kernel-cache. Walking through Toradex’ kernel recipes I understood that ‘linux-toradex-mainline_x.y.bb’ recipes inherit ‘kernel-yocto’, so I would expect the kernel recipes to be “linux-yocto style” recipes already containing metadata. But I don’t find any *.scc file in my build folder, what would fit the error message above. When browsing [ima « features - yocto-kernel-cache - Patches and configuration for the linux-yocto kernel tree] I can see that the files are definitely there, so my question is: Where is my mistake? Is the kernel metadata not pulled? If it is pulled, where is it normally located?
Hope someone can help me out! Thanks in advance!
Cheers, Marc
Colibri iMX7 Dual 1GB
Linux BSP 5.7.2
Linux BSP 6.2.0