diff options
| author | Ming Liu <liu.ming50@gmail.com> | 2021-02-20 13:18:20 +0100 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2021-02-23 20:34:51 -0800 |
| commit | 4dc646c8cee3774e32011db534cc9f4fb8915fa3 (patch) | |
| tree | a6e50147a1f3dc9a7b8bcb738861a24f70aca88a /meta-integrity/README.md | |
| parent | 76d1e3ecad77ecd38c1c99171d5f2497d1258644 (diff) | |
| download | meta-security-4dc646c8cee3774e32011db534cc9f4fb8915fa3.tar.gz | |
README.md: update according to the refactoring in ima-evm-rootfs.bbclass
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-integrity/README.md')
| -rw-r--r-- | meta-integrity/README.md | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/meta-integrity/README.md b/meta-integrity/README.md index 4607948..5048fba 100644 --- a/meta-integrity/README.md +++ b/meta-integrity/README.md | |||
| @@ -73,8 +73,10 @@ Adding the layer only enables IMA (see below regarding EVM) during | |||
| 73 | compilation of the Linux kernel. To also activate it when building | 73 | compilation of the Linux kernel. To also activate it when building |
| 74 | the image, enable image signing in the local.conf like this: | 74 | the image, enable image signing in the local.conf like this: |
| 75 | 75 | ||
| 76 | INHERIT += "ima-evm-rootfs" | 76 | IMAGE_CLASSES += "ima-evm-rootfs" |
| 77 | IMA_EVM_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys" | 77 | IMA_EVM_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys" |
| 78 | IMA_EVM_PRIVKEY = "${IMA_EVM_KEY_DIR}/privkey_ima.pem" | ||
| 79 | IMA_EVM_X509 = "${IMA_EVM_KEY_DIR}/x509_ima.der" | ||
| 78 | 80 | ||
| 79 | This uses the default keys provided in the "data" directory of the layer. | 81 | This uses the default keys provided in the "data" directory of the layer. |
| 80 | Because everyone has access to these private keys, such an image | 82 | Because everyone has access to these private keys, such an image |