README.md: update according to the refactoring in ima-evm-rootfs.bbclass

Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-01-12 03:10:13 +00:00 · 2021-02-20 13:18:20 +01:00
parent 23928ef425
commit 5195ccdea1
1 changed files with 3 additions and 1 deletions
--- a/meta-integrity/README.md
+++ b/meta-integrity/README.md
@@ -73,8 +73,10 @@ Adding the layer only enables IMA (see below regarding EVM) during
 compilation of the Linux kernel. To also activate it when building
 the image, enable image signing in the local.conf like this:

-    INHERIT += "ima-evm-rootfs"
+    IMAGE_CLASSES += "ima-evm-rootfs"
    IMA_EVM_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys"
+    IMA_EVM_PRIVKEY = "${IMA_EVM_KEY_DIR}/privkey_ima.pem"
+    IMA_EVM_X509 = "${IMA_EVM_KEY_DIR}/x509_ima.der"

 This uses the default keys provided in the "data" directory of the layer.
 Because everyone has access to these private keys, such an image