Topics

[meta-security] [PATCH V2 6/8] README.md: update according to the refactoring in ima-evm-rootfs.bbclass


Ming Liu <liu.ming50@...>
 

From: Ming Liu <liu.ming50@gmail.com>

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
---
meta-integrity/README.md | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta-integrity/README.md b/meta-integrity/README.md
index 4607948..5048fba 100644
--- a/meta-integrity/README.md
+++ b/meta-integrity/README.md
@@ -73,8 +73,10 @@ Adding the layer only enables IMA (see below regarding=
EVM) during
compilation of the Linux kernel. To also activate it when building
the image, enable image signing in the local.conf like this:
=20
- INHERIT +=3D "ima-evm-rootfs"
+ IMAGE_CLASSES +=3D "ima-evm-rootfs"
IMA_EVM_KEY_DIR =3D "${INTEGRITY_BASE}/data/debug-keys"
+ IMA_EVM_PRIVKEY =3D "${IMA_EVM_KEY_DIR}/privkey_ima.pem"
+ IMA_EVM_X509 =3D "${IMA_EVM_KEY_DIR}/x509_ima.der"
=20
This uses the default keys provided in the "data" directory of the layer=
.
Because everyone has access to these private keys, such an image
--=20
2.29.0