key-store: rename ima private key and certificate on target

If sample keys are selected, key-store service will deploy IMA private
key during first boot, but beople may be confused if we deploy a sample
private key like "xxx.crt", so this commit is making sure key/cert on
target are consistent with key files on build system.

Signed-off-by: Yunguo Wei <yunguo.wei@windriver.com>
This commit is contained in:
Yunguo Wei
2018-10-26 10:16:42 +08:00
committed by Jia Zhang
parent bf314c0d0c
commit 37a59625e5
4 changed files with 18 additions and 5 deletions
@@ -110,10 +110,10 @@ for cert in ${ROOT_DIR}/etc/keys/x509_secondary_*.der; do
fi
done
# The trusted IMA certificate /etc/keys/x509_evm.der in initramfs was
# The trusted IMA certificate /etc/keys/x509_ima.der in initramfs was
# automatically loaded by kernel already. Here is the opportunity to load
# a custom IMA certificate from the real rootfs.
for cert in ${ROOT_DIR}/etc/keys/x509_evm*.der; do
for cert in ${ROOT_DIR}/etc/keys/x509_ima*.der; do
[ ! -s "$cert" ] && continue
name=`basename $cert`