Gitiles
Code Review Sign In
gerrit.openbmc.org / mdmillerii / openbmc / 3eeda90d141cf2db6541a740e22e20be04504bb5 / . / meta-security / meta-integrity / data / debug-keys
tree: a59e26becdd7f33aba41cc6f7f73091dfb4bfd30 [path history] [tgz]
  1. ima-local-ca.pem
  2. ima-local-ca.priv
  3. privkey_ima.pem
  4. privkey_modsign.pem
  5. README.md
  6. x509_ima.der
  7. x509_modsign.crt
meta-security/meta-integrity/data/debug-keys/README.md

EVM & IMA keys

The following IMA & EVM debug/test keys are in this directory

  • ima-local-ca.priv: The CA's private key (password: 1234)
  • ima-local-ca.pem: The CA's self-signed certificate
  • privkey_ima.pem: IMA & EVM private key used for signing files
  • x509_ima.der: Certificate containing public key (of privkey_ima.pem) to verify signatures

The CA's (self-signed) certificate can be used to verify the validity of the x509_ima.der certificate. Since the CA certificate will be built into the Linux kernel, any key (x509_ima.der) loaded onto the .ima keyring must pass this test:

  openssl verify -CAfile ima-local-ca.pem x509_ima.der