From 1259958f3ccf3ab56c2236a38db6e13b99b2648d Mon Sep 17 00:00:00 2001
From: Yunguo Wei <yunguo.wei@windriver.com>
Date: Sun, 12 Nov 2017 09:43:48 +0800
Subject: initrdscripts: rename expected ima certificate (#28)

evmctl is able to import DER format certificate only.

Although *.crt doesn't mean its a PEM certificate, but *.der makes more
sense.

Signed-off-by: Yunguo Wei <yunguo.wei@windriver.com>
---
 meta-integrity/recipes-core/initrdscripts/files/init.ima | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-integrity/recipes-core/initrdscripts/files/init.ima b/meta-integrity/recipes-core/initrdscripts/files/init.ima
index 5d12945..6cd7c88 100755
--- a/meta-integrity/recipes-core/initrdscripts/files/init.ima
+++ b/meta-integrity/recipes-core/initrdscripts/files/init.ima
@@ -100,7 +100,7 @@ keyring_id=0x`grep '\skeyring\s*\.ima: ' "${ROOT_DIR}/proc/keys" | awk '{ print
 # The trusted IMA certificate /etc/keys/x509_evm.der in initramfs was
 # automatically loaded by kernel already. Here is the opportunity to load
 # a custom IMA certificate from the real rootfs.
-for cert in ${ROOT_DIR}/etc/keys/x509_evm*.crt; do
+for cert in ${ROOT_DIR}/etc/keys/x509_evm*.der; do
     [ ! -s "$cert" ] && continue
 
     if ! evmctl import "$cert" "$keyring_id" >"${ROOT_DIR}/dev/null"; then
-- 
cgit v1.2.3-54-g00ecf