[meta-security] [PATCH V2 6/8] update according to the refactoring in ima-evm-rootfs.bbclass

Ming Liu <liu.ming50@...>

From: Ming Liu <>

Signed-off-by: Ming Liu <>
meta-integrity/ | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta-integrity/ b/meta-integrity/
index 4607948..5048fba 100644
--- a/meta-integrity/
+++ b/meta-integrity/
@@ -73,8 +73,10 @@ Adding the layer only enables IMA (see below regarding=
EVM) during
compilation of the Linux kernel. To also activate it when building
the image, enable image signing in the local.conf like this:
- INHERIT +=3D "ima-evm-rootfs"
+ IMAGE_CLASSES +=3D "ima-evm-rootfs"
IMA_EVM_KEY_DIR =3D "${INTEGRITY_BASE}/data/debug-keys"
+ IMA_EVM_PRIVKEY =3D "${IMA_EVM_KEY_DIR}/privkey_ima.pem"
+ IMA_EVM_X509 =3D "${IMA_EVM_KEY_DIR}/x509_ima.der"
This uses the default keys provided in the "data" directory of the layer=
Because everyone has access to these private keys, such an image