[LTP] [PATCH v3 2/2] IMA: Add a test to verify importing a certificate into keyring

Mimi Zohar zohar@linux.ibm.com
Wed Jun 24 22:02:43 CEST 2020


On Wed, 2020-06-24 at 15:59 -0400, Lachlan Sneff wrote:
> 
> >> diff --git a/testcases/kernel/security/integrity/ima/README.md b/testcases/kernel/security/integrity/ima/README.md
> >> index 16a1f48c3..e41f7b570 100644
> >> --- a/testcases/kernel/security/integrity/ima/README.md
> >> +++ b/testcases/kernel/security/integrity/ima/README.md
> >> @@ -16,6 +16,27 @@ CONFIG_INTEGRITY=y
> >>   CONFIG_IMA=y
> >>   ```
> >>   
> >> +IMA Key Import test
> >> +-------------
> >> +
> >> +`ima_keys.sh` requires an x509 key to be generated and placed
> >> +at `/etc/keys/x509_ima.der`.
> > The filename "/etc/keys/x509_ima.der" is configurable.  It's based on
> > CONFIG_IMA_X509_PATH Kconfig option.  Perhaps extract it from the
> > running kernel's Kconfig?
> I didn't think pulling it from the kernel config. Will try this. I 
> assume `grep "..." /boot/config-$(uname -r)` is the right way to grab a 
> line from the config?

Try using scripts/extract-ikconfig.

Mimi



More information about the ltp mailing list