meta-security/meta-integrity/data/debug-keys/README.md

# EVM & IMA keys

The following IMA & EVM debug/test keys are in this directory

- ima-local-ca.priv: The CA's private key (password: 1234)
- ima-local-ca.pem: The CA's self-signed certificate
- privkey_ima.pem: IMA & EVM private key used for signing files
- x509_ima.der: Certificate containing public key (of privkey_ima.pem) to verify signatures

The CA's (self-signed) certificate can be used to verify the validity of
the x509_ima.der certificate. Since the CA certificate will be built into
the Linux kernel, any key (x509_ima.der) loaded onto the .ima keyring must
pass this test:

```
  openssl verify -CAfile ima-local-ca.pem x509_ima.der
````
Initial commit 2026-04-23 17:07:55 +08:00			`# EVM & IMA keys`

			`The following IMA & EVM debug/test keys are in this directory`

			`- ima-local-ca.priv: The CA's private key (password: 1234)`
			`- ima-local-ca.pem: The CA's self-signed certificate`
			`- privkey_ima.pem: IMA & EVM private key used for signing files`
			`- x509_ima.der: Certificate containing public key (of privkey_ima.pem) to verify signatures`

			`The CA's (self-signed) certificate can be used to verify the validity of`
			`the x509_ima.der certificate. Since the CA certificate will be built into`
			`the Linux kernel, any key (x509_ima.der) loaded onto the .ima keyring must`
			`pass this test:`

			```
			`openssl verify -CAfile ima-local-ca.pem x509_ima.der`
			````