On Mon, 2015-05-11 at 17:39 +0200, Zbigniew Jasiński wrote: > > 2. private key stored on the device and > > A. booting with evm=fix or > > B. manipulate files only through a process which has > > exclusive access to the private key
[...] > > For option 2A you wanted to add instructions to the Wiki - any progress for > > that? > > > > I think tizen.org Wiki 'Sign working device' covers this case. Okay, so let's talk about that. Which part of that Wiki page describes how to teach the kernel about the private key for evm? It mentions /etc/ima/x509_evm.der, but that is the public key, isn't it? The suggested kernel config has: CONFIG_EVM_KEY_PATH="/etc/ima/evm-key" CONFIG_EVM_KMK_PATH="/etc/ima/evm-kmk" But nothing in the Tizen Wiki explains how to create these files. There is https://wiki.tizen.org/wiki/Security:IntegrityMeasurement/Using_TPM but it describes completely different files. I'll look at the source next. -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
