[https://docs.windriver.com/bundle/Wind_River_Linux_Security_Features_Guide_LTS_19/page/kuh1498049452269.html] [https://docs.windriver.com/bundle/Wind_River_Linux_Security_Features_Guide_LTS_19/page/nku1498134922524.html] [https://docs.windriver.com/bundle/Wind_River_Linux_Security_Features_Guide_LTS_19/page/nfm1498584366873.html] [https://docs.windriver.com/bundle/Wind_River_Linux_Security_Features_Guide_LTS_19/page/qys1498136116688.html] "Sign the executable with the IMA private key" step should specify that it uses the password set at "Generating User Keys for Security Features." step not a generic "windriver" password If the password set at "Generating User Keys for Security Features." step is not used the following error will be generated: evmctl ima_sign --hashalgo sha256 --key /etc/keys/x509_ima.key --pass=windriver /tmp/test2.sh Failed to PEM_read_PrivateKey key file: /etc/keys/x509_ima.key openssl: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt openssl: error:0906A065:PEM routines:PEM_do_header:bad decrypt