Wind River Support Network

HomeDefectsLIN1019-4058
Fixed

LIN1019-4058 : IMA Denial testcases: "windriver" password not working

Created: Feb 19, 2020    Updated: Apr 15, 2020
Resolved Date: Mar 18, 2020
Found In Version: 10.19.45.4
Fix Version: 10.19.45.6
Severity: Standard
Applicable for: Wind River Linux LTS 19
Component/s: Documentation

Description

[https://docs.windriver.com/bundle/Wind_River_Linux_Security_Features_Guide_LTS_19/page/kuh1498049452269.html]
 [https://docs.windriver.com/bundle/Wind_River_Linux_Security_Features_Guide_LTS_19/page/nku1498134922524.html]
 [https://docs.windriver.com/bundle/Wind_River_Linux_Security_Features_Guide_LTS_19/page/nfm1498584366873.html]
 [https://docs.windriver.com/bundle/Wind_River_Linux_Security_Features_Guide_LTS_19/page/qys1498136116688.html]

"Sign the executable with the IMA private key" step should specify that it uses the password set at "Generating User Keys for Security Features." step not a generic "windriver" password

If the password set at "Generating User Keys for Security Features." step is not used the following error will be generated:
 evmctl ima_sign --hashalgo sha256 --key /etc/keys/x509_ima.key --pass=windriver /tmp/test2.sh
 Failed to PEM_read_PrivateKey key file: /etc/keys/x509_ima.key
 openssl: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
 openssl: error:0906A065:PEM routines:PEM_do_header:bad decrypt
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube