From 80b91392d13369d495f15a55c4c8d927dc3b7db2 Mon Sep 17 00:00:00 2001 From: syh Date: Fri, 20 Dec 2024 06:14:58 +0000 Subject: [PATCH] =?UTF-8?q?update=20docs/zh/docs/ShangMi/=E6=96=87?= =?UTF-8?q?=E4=BB=B6=E5=AE=8C=E6=95=B4=E6=80=A7=E4=BF=9D=E6=8A=A4.md.=20?= =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=96=87=E6=A1=A3=E6=A0=BC=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...56\214\346\225\264\346\200\247\344\277\235\346\212\244.md" | 4 ++++ 1 file changed, 4 insertions(+) diff --git "a/docs/zh/docs/ShangMi/\346\226\207\344\273\266\345\256\214\346\225\264\346\200\247\344\277\235\346\212\244.md" "b/docs/zh/docs/ShangMi/\346\226\207\344\273\266\345\256\214\346\225\264\346\200\247\344\277\235\346\212\244.md" index 208e9df00..3722026df 100644 --- "a/docs/zh/docs/ShangMi/\346\226\207\344\273\266\345\256\214\346\225\264\346\200\247\344\277\235\346\212\244.md" +++ "b/docs/zh/docs/ShangMi/\346\226\207\344\273\266\345\256\214\346\225\264\346\200\247\344\277\235\346\212\244.md" @@ -24,7 +24,10 @@ IMA全称Integrity Measurement Architecture,是Linux内核提供的强制访 # 生成SM2证书 # openssl x509 -req -days 3650 -extfile ima.cfg -signkey ima.key -in ima.csr -out ima.crt ``` + 4. 生成IMA二级证书: + + ```sh # 创建证书配置文件 echo 'subjectKeyIdentifier=hash' > ima.cfg echo 'authorityKeyIdentifier=keyid,issuer' >> ima.cfg @@ -36,6 +39,7 @@ IMA全称Integrity Measurement Architecture,是Linux内核提供的强制访 openssl x509 -req -sm3 -CAcreateserial -CA ca.crt -CAkey ca.key -extfile ima.cfg -in ima.csr -out ima.crt # 转换为DER格式 openssl x509 -outform DER -in ima.crt -out x509_ima.der0 + ``` 5. 将根证书放置到内核源码目录,并修改内核编译选项CONFIG_SYSTEM_TRUSTED_KEYS,将指定证书编译到内核TRUSTED密钥中(仅评估模式涉及): -- Gitee