Merge tag '0.45' of ssh://git-amr-1.devtools.intel.com:29418/openbmc-openbmc into update

author: Jason M. Bills <jason.m.bills@linux.intel.com> 2021-04-19 22:02:49 +0300
committer: Jason M. Bills <jason.m.bills@linux.intel.com> 2021-04-19 22:02:49 +0300
commit: 36caa12533da01d4319c5ffe7613711a0ec7dea7 (patch)
tree: 591c2077bb14cfd9d23893d32cca71fa7a01bc9c /meta-security/meta-integrity/README.md
parent: 12bef3e1bf292dec5ac15af9fb41e86f7bcfb0cb (diff)
parent: 3cec7f5a630c1ddcad058eb76e1f732a5fa20d59 (diff)
download: openbmc-36caa12533da01d4319c5ffe7613711a0ec7dea7.tar.xz
1 files changed, 3 insertions, 1 deletions
diff --git a/meta-security/meta-integrity/README.md b/meta-security/meta-integrity/README.md
index 460794878..5048fba1e 100644
--- a/meta-security/meta-integrity/README.md
+++ b/meta-security/meta-integrity/README.md
@@ -73,8 +73,10 @@ Adding the layer only enables IMA (see below regarding EVM) during
 compilation of the Linux kernel. To also activate it when building
 the image, enable image signing in the local.conf like this:
 
-    INHERIT += "ima-evm-rootfs"
+    IMAGE_CLASSES += "ima-evm-rootfs"
     IMA_EVM_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys"
+    IMA_EVM_PRIVKEY = "${IMA_EVM_KEY_DIR}/privkey_ima.pem"
+    IMA_EVM_X509 = "${IMA_EVM_KEY_DIR}/x509_ima.der"
 
 This uses the default keys provided in the "data" directory of the layer.
 Because everyone has access to these private keys, such an image
author	Jason M. Bills <jason.m.bills@linux.intel.com>	2021-04-19 22:02:49 +0300
committer	Jason M. Bills <jason.m.bills@linux.intel.com>	2021-04-19 22:02:49 +0300
commit	36caa12533da01d4319c5ffe7613711a0ec7dea7 (patch)
tree	591c2077bb14cfd9d23893d32cca71fa7a01bc9c /meta-security/meta-integrity/README.md
parent	12bef3e1bf292dec5ac15af9fb41e86f7bcfb0cb (diff)
parent	3cec7f5a630c1ddcad058eb76e1f732a5fa20d59 (diff)
download	openbmc-36caa12533da01d4319c5ffe7613711a0ec7dea7.tar.xz