evmctl - IMA/EVM control tool
evmctl provides signing support for IMA/EVM. Functionality includes signing of file content (IMA), file metadata (EVM), importing public keys into kernel keyring. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
This commit is contained in:
Dmitry Kasatkin
17
tests/evm_sign_all.sh
Executable file
17
tests/evm_sign_all.sh
Executable file
@ -0,0 +1,17 @@
|
||||
#!/bin/sh
|
||||
|
||||
verbose=""
|
||||
if [ "$1" = "-v" ] ; then
|
||||
verbose="-v"
|
||||
shift 1
|
||||
fi
|
||||
|
||||
dir=${1:-/}
|
||||
|
||||
echo "Label: $dir"
|
||||
|
||||
find $dir \( -fstype rootfs -o -fstype ext3 -o -fstype ext4 \) ! -path "/lib/modules/*" -type f -uid 0 -exec evmctl sign --imahash $verbose '{}' \;
|
||||
find /lib/modules ! -name "*.ko" -type f -uid 0 -exec evmctl sign --imahash $verbose '{}' \;
|
||||
# security.ima needs to have signature for modules
|
||||
find /lib/modules -name "*.ko" -type f -uid 0 -exec evmctl sign --imasig $verbose '{}' \;
|
||||
|
||||
Reference in New Issue
Block a user