README.md: update according to the refactoring in ima-evm-rootfs.bbclass

Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-01-12 03:10:13 +00:00 · 2021-02-20 13:18:20 +01:00
parent 76d1e3ecad
commit 4dc646c8ce
1 changed files with 3 additions and 1 deletions
--- a/meta-integrity/README.md
+++ b/meta-integrity/README.md
@@ -73,8 +73,10 @@ Adding the layer only enables IMA (see below regarding EVM) during
 compilation of the Linux kernel. To also activate it when building
 the image, enable image signing in the local.conf like this:

-    INHERIT += "ima-evm-rootfs"
+    IMAGE_CLASSES += "ima-evm-rootfs"
    IMA_EVM_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys"
+    IMA_EVM_PRIVKEY = "${IMA_EVM_KEY_DIR}/privkey_ima.pem"
+    IMA_EVM_X509 = "${IMA_EVM_KEY_DIR}/x509_ima.der"

 This uses the default keys provided in the "data" directory of the layer.
 Because everyone has access to these private keys, such an image