2 files changed, 5 insertions, 3 deletions

diff --git a/meta-integrity/recipes-core/initrdscripts/files/init.ima b/meta-integrity/recipes-core/initrdscripts/files/init.ima
index f117717..f11ff13 100755
--- a/meta-integrity/recipes-core/initrdscripts/files/init.ima
+++ b/meta-integrity/recipes-core/initrdscripts/files/init.ima
@@ -95,20 +95,22 @@ fi
 [ ! -d "$securityfs_dir/ima" ] &&
     print_info "IMA is not enabled. Exiting ..." && exit 2
 
-keyring_id=0x`grep '\skeyring\s*\.ima: ' "${ROOT_DIR}/proc/keys" | awk '{ print $1 }'`
+mount --move ${ROOT_DIR}/proc /proc
 
 # The trusted IMA certificate /etc/keys/x509_evm.der in initramfs was
 # automatically loaded by kernel already. Here is the opportunity to load
 # a custom IMA certificate from the real rootfs.
 for cert in ${ROOT_DIR}/etc/keys/x509_evm*.der; do
     [ ! -s "$cert" ] && continue
+    name=`basename $cert`
 
-    if ! evmctl import "$cert" "$keyring_id" >"${ROOT_DIR}/dev/null"; then
+    if ! keyctl padd asymmetric "$name" %:.ima < $cert > ${ROOT_DIR}/dev/null; then
         print_critical "Unable to load the custom IMA certificate $cert for IMA appraisal"
     else
         print_verbose "The custom IMA certificate $cert loaded for IMA appraisal"
     fi
 done
+mount --move /proc ${ROOT_DIR}/proc
 
 # Attempt to load the default policy.
 [ ! -s "${IMA_POLICY}" ] && IMA_POLICY="${IMA_POLICY}.default"
diff --git a/meta-integrity/recipes-core/initrdscripts/initrdscripts-ima.bb b/meta-integrity/recipes-core/initrdscripts/initrdscripts-ima.bb
index e615e05..b261e9e 100644
--- a/meta-integrity/recipes-core/initrdscripts/initrdscripts-ima.bb
+++ b/meta-integrity/recipes-core/initrdscripts/initrdscripts-ima.bb
@@ -34,7 +34,7 @@ RDEPENDS_${PN} += "\
     gawk \
     util-linux-mount \
     util-linux-umount \
-    ima-evm-utils \
+    keyutils \
     ima-policy \
 "