aboutsummaryrefslogtreecommitdiffstats
path: root/meta-integrity/data/debug-keys/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'meta-integrity/data/debug-keys/README.md')
-rw-r--r--meta-integrity/data/debug-keys/README.md17
1 files changed, 17 insertions, 0 deletions
diff --git a/meta-integrity/data/debug-keys/README.md b/meta-integrity/data/debug-keys/README.md
new file mode 100644
index 0000000..e613968
--- /dev/null
+++ b/meta-integrity/data/debug-keys/README.md
@@ -0,0 +1,17 @@
+# EVM & IMA keys
+
+The following IMA & EVM debug/test keys are in this directory
+
+- ima-local-ca.priv: The CA's private key (password: 1234)
+- ima-local-ca.pem: The CA's self-signed certificate
+- privkey_ima.pem: IMA & EVM private key used for signing files
+- x509_ima.der: Certificate containing public key (of privkey_ima.pem) to verify signatures
+
+The CA's (self-signed) certificate can be used to verify the validity of
+the x509_ima.der certificate. Since the CA certificate will be built into
+the Linux kernel, any key (x509_ima.der) loaded onto the .ima keyring must
+pass this test:
+
+```
+ openssl verify -CAfile ima-local-ca.pem x509_ima.der
+````
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-27 14:19:35 +0000