initrdscripts: rename expected ima certificate (#28)

evmctl is able to import DER format certificate only. Although *.crt doesn't mean its a PEM certificate, but *.der makes more sense. Signed-off-by: Yunguo Wei <yunguo.wei@windriver.com>
author: Yunguo Wei <yunguo.wei@windriver.com> 2017-11-12 09:43:48 +0800
committer: Jia Zhang <qianyue.zj@alibaba-inc.com> 2017-11-12 09:43:48 +0800
commit: 1259958f3ccf3ab56c2236a38db6e13b99b2648d (patch)
tree: b92c0ca4d312e2ad92daad1302768b7350bc1a79
parent: 99f74720193a787547a66a38c5e15d2e5ce5e7c0 (diff)
download: meta-secure-core-1259958f3ccf3ab56c2236a38db6e13b99b2648d.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/meta-integrity/recipes-core/initrdscripts/files/init.ima b/meta-integrity/recipes-core/initrdscripts/files/init.ima
index 5d12945..6cd7c88 100755
--- a/meta-integrity/recipes-core/initrdscripts/files/init.ima
+++ b/meta-integrity/recipes-core/initrdscripts/files/init.ima
@@ -100,7 +100,7 @@ keyring_id=0x`grep '\skeyring\s*\.ima: ' "${ROOT_DIR}/proc/keys" | awk '{ print
 # The trusted IMA certificate /etc/keys/x509_evm.der in initramfs was
 # automatically loaded by kernel already. Here is the opportunity to load
 # a custom IMA certificate from the real rootfs.
-for cert in ${ROOT_DIR}/etc/keys/x509_evm*.crt; do
+for cert in ${ROOT_DIR}/etc/keys/x509_evm*.der; do
    [ ! -s "$cert" ] && continue
    if ! evmctl import "$cert" "$keyring_id" >"${ROOT_DIR}/dev/null"; then
author	Yunguo Wei <yunguo.wei@windriver.com>	2017-11-12 09:43:48 +0800
committer	Jia Zhang <qianyue.zj@alibaba-inc.com>	2017-11-12 09:43:48 +0800
commit	1259958f3ccf3ab56c2236a38db6e13b99b2648d (patch)
tree	b92c0ca4d312e2ad92daad1302768b7350bc1a79
parent	99f74720193a787547a66a38c5e15d2e5ce5e7c0 (diff)
download	meta-secure-core-1259958f3ccf3ab56c2236a38db6e13b99b2648d.tar.gz

diff --git a/meta-integrity/recipes-core/initrdscripts/files/init.ima b/meta-integrity/recipes-core/initrdscripts/files/init.ima index 5d12945..6cd7c88 100755 --- a/meta-integrity/recipes-core/initrdscripts/files/init.ima +++ b/meta-integrity/recipes-core/initrdscripts/files/init.ima
@@ -100,7 +100,7 @@ keyring_id=0x`grep '\skeyring\s*\.ima: ' "${ROOT_DIR}/proc/keys" \| awk '{ print
100	# The trusted IMA certificate /etc/keys/x509_evm.der in initramfs was	100	# The trusted IMA certificate /etc/keys/x509_evm.der in initramfs was
101	# automatically loaded by kernel already. Here is the opportunity to load	101	# automatically loaded by kernel already. Here is the opportunity to load
102	# a custom IMA certificate from the real rootfs.	102	# a custom IMA certificate from the real rootfs.
103	for cert in ${ROOT_DIR}/etc/keys/x509_evm*.crt; do	103	for cert in ${ROOT_DIR}/etc/keys/x509_evm*.der; do
104	[ ! -s "$cert" ] && continue	104	[ ! -s "$cert" ] && continue
105		105
106	if ! evmctl import "$cert" "$keyring_id" >"${ROOT_DIR}/dev/null"; then	106	if ! evmctl import "$cert" "$keyring_id" >"${ROOT_DIR}/dev/null"; then