mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-01-12 03:10:13 +00:00
Code Issues Projects Releases Wiki Activity
Files
0652c9fd7496d021f91759cc7489b6faad3e04bd
meta-security/meta-integrity/data/debug-keys/README.md
Stefan Berger 0652c9fd74 ima: Document and replace keys and adapt scripts for EC keys 
For shorted file signatures use EC keys rather than RSA keys.
Document the debug keys and their purpose.
Adapt the scripts for creating these types of keys to now
create EC keys.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-05-06 07:54:09 -04:00

653 B
Raw Blame History

EVM & IMA keys

The following IMA & EVM debug/test keys are in this directory

  • ima-local-ca.priv: The CA's private key (password: 1234)
  • ima-local-ca.pem: The CA's self-signed certificate
  • privkey_ima.pem: IMA & EVM private key used for signing files
  • x509_ima.der: Certificate containing public key (of privkey_ima.pem) to verify signatures

The CA's (self-signed) certificate can be used to verify the validity of the x509_ima.der certificate. Since the CA certificate will be built into the Linux kernel, any key (x509_ima.der) loaded onto the .ima keyring must pass this test:

  openssl verify -CAfile ima-local-ca.pem x509_ima.der
Reference in New Issue View Git Blame Copy Permalink