1 files changed, 15 insertions, 13 deletions

diff --git a/meta-integrity/recipes-kernel/linux/linux/ima.cfg b/meta-integrity/recipes-kernel/linux/linux/ima.cfg
index 02381aa..b3e47ba 100644
--- a/meta-integrity/recipes-kernel/linux/linux/ima.cfg
+++ b/meta-integrity/recipes-kernel/linux/linux/ima.cfg
@@ -1,16 +1,18 @@
-# Enable bare minimum IMA measurement and appraisal as needed by this layer.
-
-CONFIG_SECURITY=y
-CONFIG_INTEGRITY=y
-
-# measurement
 CONFIG_IMA=y
-
-# appraisal
+CONFIG_IMA_MEASURE_PCR_IDX=10
+CONFIG_IMA_NG_TEMPLATE=y
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
+CONFIG_IMA_DEFAULT_HASH_SHA1=y
+CONFIG_IMA_DEFAULT_HASH="sha1"
 CONFIG_IMA_APPRAISE=y
-CONFIG_INTEGRITY_SIGNATURE=y
-CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
-
-# Kernel will get built with embedded X.509 root CA key and all keys
-# need to be signed with that.
+CONFIG_IMA_APPRAISE_BOOTPARAM=y
 CONFIG_IMA_TRUSTED_KEYRING=y
+CONFIG_SIGNATURE=y
+CONFIG_IMA_WRITE_POLICY=y
+CONFIG_IMA_READ_POLICY=y
+CONFIG_IMA_LOAD_X509=y
+CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der"
+
+#CONFIG_INTEGRITY_SIGNATURE=y
+#CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+#CONFIG_INTEGRITY_TRUSTED_KEYRING=y