diff options
Diffstat (limited to 'meta-security/meta-integrity/README.md')
-rw-r--r-- | meta-security/meta-integrity/README.md | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/meta-security/meta-integrity/README.md b/meta-security/meta-integrity/README.md index 5bef76e8d..460794878 100644 --- a/meta-security/meta-integrity/README.md +++ b/meta-security/meta-integrity/README.md @@ -74,7 +74,7 @@ compilation of the Linux kernel. To also activate it when building the image, enable image signing in the local.conf like this: INHERIT += "ima-evm-rootfs" - IMA_EVM_KEY_DIR = "${IMA_EVM_BASE}/data/debug-keys" + IMA_EVM_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys" This uses the default keys provided in the "data" directory of the layer. Because everyone has access to these private keys, such an image @@ -96,7 +96,7 @@ for that are included in the layer. This is also how the # In that shell, create the keys. Several options exist: # 1. Self-signed keys. - $IMA_EVM_BASE/scripts/ima-gen-self-signed.sh + $INTEGRITY_BASE/scripts/ima-gen-self-signed.sh # 2. Keys signed by a new CA. # When asked for a PEM passphrase, that will be for the root CA. @@ -104,11 +104,11 @@ for that are included in the layer. This is also how the # only creating new certificates does. Most likely the default # attributes for these certificates need to be adapted; modify # the scripts as needed. - # $IMA_EVM_BASE/scripts/ima-gen-local-ca.sh - # $IMA_EVM_BASE/scripts/ima-gen-CA-signed.sh + # $INTEGRITY_BASE/scripts/ima-gen-local-ca.sh + # $INTEGRITY_BASE/scripts/ima-gen-CA-signed.sh # 3. Keys signed by an existing CA. - # $IMA_EVM_BASE/scripts/ima-gen-CA-signed.sh <CA.pem> <CA.priv> + # $INTEGRITY_BASE/scripts/ima-gen-CA-signed.sh <CA.pem> <CA.priv> exit When using ``ima-self-signed.sh`` as described above, self-signed keys @@ -169,7 +169,7 @@ IMA policy loading became broken in systemd 2.18. The modified systemd changes. To activate policy loading via systemd, place a policy file in `/etc/ima/ima-policy`, for example with: - IMA_EVM_POLICY_SYSTEMD = "${IMA_EVM_BASE}/data/ima_policy_simple" + IMA_EVM_POLICY_SYSTEMD = "${INTEGRITY_BASE}/data/ima_policy_simple" To check that measuring works, look at `/sys/kernel/security/ima/ascii_runtime_measurements` |