meta-integrity: rename IMA_EVM_BASE to INTEGRITY_BASE

data/debug-keys will be reused for demo modsign keys, so rename IMA_EVM_BASE to more generic INTEGRITY_BASE. Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
author: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com> 2019-07-28 18:31:48 +0300
committer: Armin Kuster <akuster808@gmail.com> 2019-08-04 13:12:41 -0700
commit: c9c4e6c228556cc2054a4b49f85b282fd69fc25c (patch)
tree: 6e796d2009a9617c1ab2d876150005f8f4d61cb9 /meta-integrity/README.md
parent: 0a73a14fbb0418b4b563ab987aea424dd1eff815 (diff)
download: meta-security-c9c4e6c228556cc2054a4b49f85b282fd69fc25c.tar.gz
1 files changed, 6 insertions, 6 deletions
diff --git a/meta-integrity/README.md b/meta-integrity/README.md
index 5bef76e..4607948 100644
--- a/meta-integrity/README.md
+++ b/meta-integrity/README.md
@@ -74,7 +74,7 @@ compilation of the Linux kernel. To also activate it when building
 the image, enable image signing in the local.conf like this:
    INHERIT += "ima-evm-rootfs"
-    IMA_EVM_KEY_DIR = "${IMA_EVM_BASE}/data/debug-keys"
+    IMA_EVM_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys"
 This uses the default keys provided in the "data" directory of the layer.
 Because everyone has access to these private keys, such an image
@@ -96,7 +96,7 @@ for that are included in the layer. This is also how the
    # In that shell, create the keys. Several options exist:
    # 1. Self-signed keys.
-    $IMA_EVM_BASE/scripts/ima-gen-self-signed.sh
+    $INTEGRITY_BASE/scripts/ima-gen-self-signed.sh
    # 2. Keys signed by a new CA.
    # When asked for a PEM passphrase, that will be for the root CA.
@@ -104,11 +104,11 @@ for that are included in the layer. This is also how the
    # only creating new certificates does. Most likely the default
    # attributes for these certificates need to be adapted; modify
    # the scripts as needed.
-    # $IMA_EVM_BASE/scripts/ima-gen-local-ca.sh
+    # $INTEGRITY_BASE/scripts/ima-gen-local-ca.sh
-    # $IMA_EVM_BASE/scripts/ima-gen-CA-signed.sh
+    # $INTEGRITY_BASE/scripts/ima-gen-CA-signed.sh
    # 3. Keys signed by an existing CA.
-    # $IMA_EVM_BASE/scripts/ima-gen-CA-signed.sh <CA.pem> <CA.priv>
+    # $INTEGRITY_BASE/scripts/ima-gen-CA-signed.sh <CA.pem> <CA.priv>
    exit
 When using ``ima-self-signed.sh`` as described above, self-signed keys
@@ -169,7 +169,7 @@ IMA policy loading became broken in systemd 2.18. The modified systemd
 changes. To activate policy loading via systemd, place a policy file
 in `/etc/ima/ima-policy`, for example with:
-    IMA_EVM_POLICY_SYSTEMD = "${IMA_EVM_BASE}/data/ima_policy_simple"
+    IMA_EVM_POLICY_SYSTEMD = "${INTEGRITY_BASE}/data/ima_policy_simple"
 To check that measuring works, look at `/sys/kernel/security/ima/ascii_runtime_measurements`
author	Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>	2019-07-28 18:31:48 +0300
committer	Armin Kuster <akuster808@gmail.com>	2019-08-04 13:12:41 -0700
commit	c9c4e6c228556cc2054a4b49f85b282fd69fc25c (patch)
tree	6e796d2009a9617c1ab2d876150005f8f4d61cb9 /meta-integrity/README.md
parent	0a73a14fbb0418b4b563ab987aea424dd1eff815 (diff)
download	meta-security-c9c4e6c228556cc2054a4b49f85b282fd69fc25c.tar.gz

diff --git a/meta-integrity/README.md b/meta-integrity/README.md index 5bef76e..4607948 100644 --- a/meta-integrity/README.md +++ b/meta-integrity/README.md
@@ -74,7 +74,7 @@ compilation of the Linux kernel. To also activate it when building
74	the image, enable image signing in the local.conf like this:	74	the image, enable image signing in the local.conf like this:
75		75
76	INHERIT += "ima-evm-rootfs"	76	INHERIT += "ima-evm-rootfs"
77	IMA_EVM_KEY_DIR = "${IMA_EVM_BASE}/data/debug-keys"	77	IMA_EVM_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys"
78		78
79	This uses the default keys provided in the "data" directory of the layer.	79	This uses the default keys provided in the "data" directory of the layer.
80	Because everyone has access to these private keys, such an image	80	Because everyone has access to these private keys, such an image
@@ -96,7 +96,7 @@ for that are included in the layer. This is also how the
96	# In that shell, create the keys. Several options exist:	96	# In that shell, create the keys. Several options exist:
97		97
98	# 1. Self-signed keys.	98	# 1. Self-signed keys.
99	$IMA_EVM_BASE/scripts/ima-gen-self-signed.sh	99	$INTEGRITY_BASE/scripts/ima-gen-self-signed.sh
100		100
101	# 2. Keys signed by a new CA.	101	# 2. Keys signed by a new CA.
102	# When asked for a PEM passphrase, that will be for the root CA.	102	# When asked for a PEM passphrase, that will be for the root CA.
@@ -104,11 +104,11 @@ for that are included in the layer. This is also how the
104	# only creating new certificates does. Most likely the default	104	# only creating new certificates does. Most likely the default
105	# attributes for these certificates need to be adapted; modify	105	# attributes for these certificates need to be adapted; modify
106	# the scripts as needed.	106	# the scripts as needed.
107	# $IMA_EVM_BASE/scripts/ima-gen-local-ca.sh	107	# $INTEGRITY_BASE/scripts/ima-gen-local-ca.sh
108	# $IMA_EVM_BASE/scripts/ima-gen-CA-signed.sh	108	# $INTEGRITY_BASE/scripts/ima-gen-CA-signed.sh
109		109
110	# 3. Keys signed by an existing CA.	110	# 3. Keys signed by an existing CA.
111	# $IMA_EVM_BASE/scripts/ima-gen-CA-signed.sh <CA.pem> <CA.priv>	111	# $INTEGRITY_BASE/scripts/ima-gen-CA-signed.sh <CA.pem> <CA.priv>
112	exit	112	exit
113		113
114	When using ``ima-self-signed.sh`` as described above, self-signed keys	114	When using ``ima-self-signed.sh`` as described above, self-signed keys
@@ -169,7 +169,7 @@ IMA policy loading became broken in systemd 2.18. The modified systemd
169	changes. To activate policy loading via systemd, place a policy file	169	changes. To activate policy loading via systemd, place a policy file
170	in `/etc/ima/ima-policy`, for example with:	170	in `/etc/ima/ima-policy`, for example with:
171		171
172	IMA_EVM_POLICY_SYSTEMD = "${IMA_EVM_BASE}/data/ima_policy_simple"	172	IMA_EVM_POLICY_SYSTEMD = "${INTEGRITY_BASE}/data/ima_policy_simple"
173		173
174	To check that measuring works, look at `/sys/kernel/security/ima/ascii_runtime_measurements`	174	To check that measuring works, look at `/sys/kernel/security/ima/ascii_runtime_measurements`
175		175