meta-integrity: Remove stale variables and documentation

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

2 files changed, 1 insertions, 11 deletions

diff --git a/meta-integrity/README.md b/meta-integrity/README.md
index c333a9f..75dadd4 100644
--- a/meta-integrity/README.md
+++ b/meta-integrity/README.md
@@ -153,12 +153,7 @@ ima-evm-rootfs.bbclass:
     IMA_EVM_KEY_DIR = "<full path>"
     IMA_EVM_PRIVKEY = "<some other path/privkey_ima.pem>"
 
-By default, the entire file system gets signed. When using a policy which
-does not require that, the set of files to be labelled can be chosen
-by overriding the default "find" expression, for example like this:
-
-    IMA_EVM_ROOTFS_FILES = "usr sbin bin lib -type f"
-
+By default, the entire file system gets signed.
 
 2. Usage
 ========
diff --git a/meta-integrity/classes/ima-evm-rootfs.bbclass b/meta-integrity/classes/ima-evm-rootfs.bbclass
index 7b73373..bc07d58 100644
--- a/meta-integrity/classes/ima-evm-rootfs.bbclass
+++ b/meta-integrity/classes/ima-evm-rootfs.bbclass
@@ -19,11 +19,6 @@ IMA_EVM_X509 ?= "${IMA_EVM_KEY_DIR}/x509_ima.der"
 # ima-local-ca.x509 is what ima-gen-local-ca.sh creates.
 IMA_EVM_ROOT_CA ?= "${IMA_EVM_KEY_DIR}/ima-local-ca.pem"
 
-# Sign all regular files by default.
-IMA_EVM_ROOTFS_SIGNED ?= ". -type f"
-# Hash nothing by default.
-IMA_EVM_ROOTFS_HASHED ?= ". -depth 0 -false"
-
 # Mount these file systems (identified via their mount point) with
 # the iversion flags (needed by IMA when allowing writing).
 IMA_EVM_ROOTFS_IVERSION ?= ""