1 files changed, 5 insertions, 4 deletions
diff --git a/meta-integrity/README.md b/meta-integrity/README.md
index ad17c05..32365e9 100644
--- a/meta-integrity/README.md
+++ b/meta-integrity/README.md
@@ -110,14 +110,15 @@ default, the sample keys are used for the purpose of development and
 demonstration. Please ensure you know what your risk is to use the sample keys
 in your product, because they are completely public.
-If sample keys are used, the private IMA key is installed as /etc/keys/x509_ima.key.
+Private keys are not installed into the target image. If you understand your
+risks, you can copy them to your target file system or to an external storage.
-A typical signing command is as following:
+If you do so, a typical signing command is as following:
-    # evmctl ima_sign --hashalgo sha256 --key /etc/keys/x509_ima.key --pass=<passowrd> /path/to/file
+    # evmctl ima_sign --hashalgo sha256 --key path/to/x509_ima.key --pass=<passowrd> /path/to/file
 or
-    # evmctl ima_sign --hashalgo sha256 --key /etc/keys/x509_ima.key --pass=<passowrd> -r /path/to/directory
+    # evmctl ima_sign --hashalgo sha256 --key /path/to/x509_ima.key --pass=<passowrd> -r /path/to/directory
 The following command can be used to verify a file's IMA signature with specified certificate:

diff --git a/meta-integrity/README.md b/meta-integrity/README.md index ad17c05..32365e9 100644 --- a/meta-integrity/README.md +++ b/meta-integrity/README.md
@@ -110,14 +110,15 @@ default, the sample keys are used for the purpose of development and
110	demonstration. Please ensure you know what your risk is to use the sample keys	110	demonstration. Please ensure you know what your risk is to use the sample keys
111	in your product, because they are completely public.	111	in your product, because they are completely public.
112		112
113	If sample keys are used, the private IMA key is installed as /etc/keys/x509_ima.key.	113	Private keys are not installed into the target image. If you understand your
		114	risks, you can copy them to your target file system or to an external storage.
114		115
115	A typical signing command is as following:	116	If you do so, a typical signing command is as following:
116		117
117	# evmctl ima_sign --hashalgo sha256 --key /etc/keys/x509_ima.key --pass=<passowrd> /path/to/file	118	# evmctl ima_sign --hashalgo sha256 --key path/to/x509_ima.key --pass=<passowrd> /path/to/file
118	or	119	or
119		120
120	# evmctl ima_sign --hashalgo sha256 --key /etc/keys/x509_ima.key --pass=<passowrd> -r /path/to/directory	121	# evmctl ima_sign --hashalgo sha256 --key /path/to/x509_ima.key --pass=<passowrd> -r /path/to/directory
121		122
122	The following command can be used to verify a file's IMA signature with specified certificate:	123	The following command can be used to verify a file's IMA signature with specified certificate:
123		124