dh/ima-evm-utils
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Provide random KMK example instead of fixed testing123

Browse Source 
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
This commit is contained in:
Dmitry Kasatkin 2014-02-17 16:06:28 +02:00
parent c7042472e8
commit bddbd31a15
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
README
View File

@ -82,6 +82,16 @@ or
$ scp x509_evm.pem target:/etc/keys $ scp x509_evm.pem target:/etc/keys
Generation of EVM keys
$ # create and save the kernel master key (user type)
$ keyctl add user kmk "`dd if=/dev/urandom bs=1 count=32 2>/dev/null`" @u
$ keyctl pipe `keyctl search @u user kmk` > /etc/keys/kmk
$ # create the EVM encrypted key
$ keyctl add encrypted evm-key "new user:kmk 32" @u
$ keyctl pipe `keyctl search @u encrypted evm-key` >/etc/keys/evm-key
Initialization Initialization
-------------- --------------
@ -92,7 +102,7 @@ Here is an example script /etc/initramfs-tools/scripts/local-top/ima.sh
# import EVM HMAC key # import EVM HMAC key
keyctl clear @u keyctl clear @u
keyctl add user kmk "testing123" @u cat /etc/keys/kmk | keyctl padd user kmk @u
keyctl add encrypted evm-key "load `cat /etc/keys/evm-key`" @u keyctl add encrypted evm-key "load `cat /etc/keys/evm-key`" @u
# import IMA public key # import IMA public key