-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsetup.txt
24 lines (14 loc) · 868 Bytes
/
setup.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
To set this up:
1) Copy kernel CA file from samples/ directory to the kernel build directory.
2.1) Build kernel with docs from kernel/config.txt
2.2) Setup kernel command-line from kernel/cmdline.txt
2.3) Edit /usr/share/initramfs-tools/hooks/kmod and remove the -aZ options
from cp (this is a temporary issue)
3) Run "make -C makekey" to make the secrets for /etc/keys.
4.1) Run "make -C initrd" to install the initrd scripts.
4.2) Build a new initrd and reboot.
5.1) Run "make -C initrd stage2" to configure the key blobs for the initrd.
5.2) Build a new initrd and reboot.
6) Run "evmctl ima_sign --hashalgo sha256 -r /lib* /usr /etc ; evmctl sign --hashalgo sha256 -r /lib* /usr /etc". Note that
sha256 isn't a good algorithm, we will change it to a stronger one (requiring
new kernel config and build) later. Default algorithm is easiest for testing.