diff options
Diffstat (limited to 'meta-security/meta-integrity/README.md')
| -rw-r--r-- | meta-security/meta-integrity/README.md | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/meta-security/meta-integrity/README.md b/meta-security/meta-integrity/README.md index f08a1646c4..8f525a6860 100644 --- a/meta-security/meta-integrity/README.md +++ b/meta-security/meta-integrity/README.md @@ -69,8 +69,10 @@ Adding the layer only enables IMA (see below regarding EVM) during compilation of the Linux kernel. To also activate it when building the image, enable image signing in the local.conf like this: - INHERIT += "ima-evm-rootfs" + IMAGE_CLASSES += "ima-evm-rootfs" IMA_EVM_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys" + IMA_EVM_PRIVKEY = "${IMA_EVM_KEY_DIR}/privkey_ima.pem" + IMA_EVM_X509 = "${IMA_EVM_KEY_DIR}/x509_ima.der" This uses the default keys provided in the "data" directory of the layer. Because everyone has access to these private keys, such an image |