diff options
author | Yunguo Wei <yunguo.wei@windriver.com> | 2017-11-12 09:43:48 +0800 |
---|---|---|
committer | Jia Zhang <qianyue.zj@alibaba-inc.com> | 2017-11-12 09:43:48 +0800 |
commit | 1259958f3ccf3ab56c2236a38db6e13b99b2648d (patch) | |
tree | b92c0ca4d312e2ad92daad1302768b7350bc1a79 | |
parent | 99f74720193a787547a66a38c5e15d2e5ce5e7c0 (diff) | |
download | meta-secure-core-1259958f3ccf3ab56c2236a38db6e13b99b2648d.tar.gz |
initrdscripts: rename expected ima certificate (#28)
evmctl is able to import DER format certificate only.
Although *.crt doesn't mean its a PEM certificate, but *.der makes more
sense.
Signed-off-by: Yunguo Wei <yunguo.wei@windriver.com>
-rwxr-xr-x | meta-integrity/recipes-core/initrdscripts/files/init.ima | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meta-integrity/recipes-core/initrdscripts/files/init.ima b/meta-integrity/recipes-core/initrdscripts/files/init.ima index 5d12945..6cd7c88 100755 --- a/meta-integrity/recipes-core/initrdscripts/files/init.ima +++ b/meta-integrity/recipes-core/initrdscripts/files/init.ima | |||
@@ -100,7 +100,7 @@ keyring_id=0x`grep '\skeyring\s*\.ima: ' "${ROOT_DIR}/proc/keys" | awk '{ print | |||
100 | # The trusted IMA certificate /etc/keys/x509_evm.der in initramfs was | 100 | # The trusted IMA certificate /etc/keys/x509_evm.der in initramfs was |
101 | # automatically loaded by kernel already. Here is the opportunity to load | 101 | # automatically loaded by kernel already. Here is the opportunity to load |
102 | # a custom IMA certificate from the real rootfs. | 102 | # a custom IMA certificate from the real rootfs. |
103 | for cert in ${ROOT_DIR}/etc/keys/x509_evm*.crt; do | 103 | for cert in ${ROOT_DIR}/etc/keys/x509_evm*.der; do |
104 | [ ! -s "$cert" ] && continue | 104 | [ ! -s "$cert" ] && continue |
105 | 105 | ||
106 | if ! evmctl import "$cert" "$keyring_id" >"${ROOT_DIR}/dev/null"; then | 106 | if ! evmctl import "$cert" "$keyring_id" >"${ROOT_DIR}/dev/null"; then |