[lx2160a] Secure boot IMA-EVM image

jhkim2 · ‎03-11-2021

Hi, everyone

I built the secure boot IMA-EVM images with flex-builder. (I did not load the images in target yet.)

Do the all files in rootfs contain "security.ima" and "security.evm" attributes?

How can I select the files to adopt "IMA-EVM" and the files not to adopt "IMA-EVM"?

For example, I wish "/etc/network/interfaces" file not to use the authentication method,

because I want to modify the contents of the file in run time.

Thanks in advance.

JeongHwan Kim

bpe · ‎03-12-2021

LSDK uses default IMA apprise policy which appraises all files owned by root.
Using a custom IMA policy allows more fine-grained control. Refer to IMA
Wiki and IMA appraisal policy documentation for more details:

https://sourceforge.net/p/linux-ima/wiki/Home/#understanding-the-ima-appraisal-policy

https://source.codeaurora.org/external/qoriq/qoriq-components/linux/tree/Documentation/ABI/testing/i...

Hope this helps,
Platon

View solution in original post

bpe · ‎03-12-2021

LSDK uses default IMA apprise policy which appraises all files owned by root.
Using a custom IMA policy allows more fine-grained control. Refer to IMA
Wiki and IMA appraisal policy documentation for more details:

https://sourceforge.net/p/linux-ima/wiki/Home/#understanding-the-ima-appraisal-policy

https://source.codeaurora.org/external/qoriq/qoriq-components/linux/tree/Documentation/ABI/testing/i...

Hope this helps,
Platon