mirror of
https://github.com/jiazhang0/meta-secure-core.git
synced 2026-07-16 20:56:58 +00:00
37a59625e5
If sample keys are selected, key-store service will deploy IMA private key during first boot, but beople may be confused if we deploy a sample private key like "xxx.crt", so this commit is making sure key/cert on target are consistent with key files on build system. Signed-off-by: Yunguo Wei <yunguo.wei@windriver.com>
24 lines
776 B
INI
24 lines
776 B
INI
CONFIG_IMA=y
|
|
# CONFIG_IMA_KEXEC is not set
|
|
# CONFIG_IMA_LSM_RULES is not set
|
|
CONFIG_IMA_WRITE_POLICY=y
|
|
CONFIG_IMA_READ_POLICY=y
|
|
CONFIG_IMA_MEASURE_PCR_IDX=10
|
|
# CONFIG_IMA_TEMPLATE is not set
|
|
# CONFIG_IMA_NG_TEMPLATE=y is not set
|
|
CONFIG_IMA_SIG_TEMPLATE=y
|
|
CONFIG_IMA_DEFAULT_TEMPLATE="ima-sig"
|
|
# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set
|
|
CONFIG_IMA_DEFAULT_HASH_SHA256=y
|
|
# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
|
|
# CONFIG_IMA_DEFAULT_HASH_WP512 is not set
|
|
CONFIG_IMA_DEFAULT_HASH="sha256"
|
|
CONFIG_IMA_APPRAISE=y
|
|
CONFIG_IMA_LOAD_X509=y
|
|
CONFIG_IMA_APPRAISE_BOOTPARAM=y
|
|
CONFIG_IMA_TRUSTED_KEYRING=y
|
|
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
|
|
CONFIG_IMA_BLACKLIST_KEYRING=y
|
|
CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der"
|
|
# CONFIG_IMA_APPRAISE_SIGNED_INIT is not set
|