From 223a98407c2202bd5862a5d0c3408bc0c93a04b2 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Mon, 4 May 2026 10:16:08 -0500 Subject: [PATCH 1/7] examples: Create ima_gen_signing_key function and use it Create ima_gen_signing_key function for creating an IMA signing key and use it by existing scripts. Move contents from ima-genkey.sh and ima-genkey-ecc.sh into it. Signed-off-by: Stefan Berger --- examples/functions | 81 ++++++++++++++++++++++++++++++++++++++ examples/ima-genkey-ecc.sh | 35 +++------------- examples/ima-genkey.sh | 36 +++-------------- 3 files changed, 93 insertions(+), 59 deletions(-) create mode 100755 examples/functions diff --git a/examples/functions b/examples/functions new file mode 100755 index 00000000..91231474 --- /dev/null +++ b/examples/functions @@ -0,0 +1,81 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0-or-later + +# Get the OpenSSL keyalgo parameter +# @param1: The key algorithm; must be a name that OpenSSL command line tool +# accepts +get_ossl_keyalgo() +{ + case "$1" in + rsa:2048) + echo "$1" + ;; + prime256v1) + echo "ec" + ;; + esac +} + +# Get the OpenSSL -pkeyopt that may be necessary for the given key algo +# @param1: The key algorithm; must be a name that OpenSSL command line tool +# accepts +get_ossl_keyalgo_detail() +{ + case "$1" in + rsa:2048) + echo "" + ;; + prime256v1) + echo "-pkeyopt ec_paramgen_curve:${keyalgo}" + ;; + esac +} + +# Create an IMA file signing key +# @param1: The key algorithm; must be a name that OpenSSL command line tool +# accepts: rsa:2048, rsa:3072, rsa:4096, prime256v1 +ima_gen_signing_key() +{ + keyalgo="$1" + + GENKEY=ima.genkey + + ossl_keyalgo=$(get_ossl_keyalgo "$keyalgo") + if [ -z "$ossl_keyalgo" ]; then + echo "Error: Unsupported key algorithm $keyalgo." >&2 + return 1 + fi + ossl_keyalgo_detail=$(get_ossl_keyalgo_detail "$keyalgo") + + cat << __EOF__ >$GENKEY +[ req ] +distinguished_name = req_distinguished_name +prompt = no +string_mask = utf8only +x509_extensions = v3_usr + +[ req_distinguished_name ] +O = $(hostname) +CN = $(whoami) signing key +emailAddress = $(whoami)@$(hostname) + +[ v3_usr ] +basicConstraints=critical,CA:FALSE +#basicConstraints=CA:FALSE +keyUsage=digitalSignature +#keyUsage = nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage=critical,codeSigning +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid +#authorityKeyIdentifier=keyid,issuer +__EOF__ + + openssl req -new -nodes -batch -config $GENKEY \ + -out csr_ima.pem -keyout privkey_ima.pem \ + -newkey "${ossl_keyalgo}" \ + ${ossl_keyalgo_detail:+${ossl_keyalgo_detail}} || return $? + openssl x509 -req -in csr_ima.pem -days 365 -extfile $GENKEY -extensions v3_usr \ + -CA ima-local-ca.pem -CAkey ima-local-ca.priv -CAcreateserial \ + -outform DER -out x509_ima.der + return $? +} diff --git a/examples/ima-genkey-ecc.sh b/examples/ima-genkey-ecc.sh index e6301a62..156270c0 100755 --- a/examples/ima-genkey-ecc.sh +++ b/examples/ima-genkey-ecc.sh @@ -1,33 +1,10 @@ #!/bin/sh +# SPDX-License-Identifier: GPL-2.0-or-later -GENKEY=ima.genkey +DIR=$(dirname "$0") -cat << __EOF__ >$GENKEY -[ req ] -distinguished_name = req_distinguished_name -prompt = no -string_mask = utf8only -x509_extensions = v3_usr +cd "${DIR}" 1>/dev/null || exit 1 -[ req_distinguished_name ] -O = `hostname` -CN = `whoami` signing key -emailAddress = `whoami`@`hostname` - -[ v3_usr ] -basicConstraints=critical,CA:FALSE -#basicConstraints=CA:FALSE -keyUsage=digitalSignature -#keyUsage = nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage=critical,codeSigning -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid -#authorityKeyIdentifier=keyid,issuer -__EOF__ - -openssl req -new -nodes -utf8 -sha256 -days 365 -batch -config $GENKEY \ - -out csr_ima.pem -keyout privkey_ima.pem \ - -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -openssl x509 -req -in csr_ima.pem -days 365 -extfile $GENKEY -extensions v3_usr \ - -CA ima-local-ca.pem -CAkey ima-local-ca.priv -CAcreateserial \ - -outform DER -out x509_ima.der +. ./functions +ima_gen_signing_key prime256v1 +exit $? diff --git a/examples/ima-genkey.sh b/examples/ima-genkey.sh index 00fa6486..66225eba 100755 --- a/examples/ima-genkey.sh +++ b/examples/ima-genkey.sh @@ -1,34 +1,10 @@ #!/bin/sh +# SPDX-License-Identifier: GPL-2.0-or-later -GENKEY=ima.genkey +DIR=$(dirname "$0") -cat << __EOF__ >$GENKEY -[ req ] -default_bits = 2048 -distinguished_name = req_distinguished_name -prompt = no -string_mask = utf8only -x509_extensions = v3_usr - -[ req_distinguished_name ] -O = `hostname` -CN = `whoami` signing key -emailAddress = `whoami`@`hostname` - -[ v3_usr ] -basicConstraints=critical,CA:FALSE -#basicConstraints=CA:FALSE -keyUsage=digitalSignature -#keyUsage = nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage=critical,codeSigning -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid -#authorityKeyIdentifier=keyid,issuer -__EOF__ - -openssl req -new -nodes -utf8 -sha256 -days 365 -batch -config $GENKEY \ - -out csr_ima.pem -keyout privkey_ima.pem -openssl x509 -req -in csr_ima.pem -days 365 -extfile $GENKEY -extensions v3_usr \ - -CA ima-local-ca.pem -CAkey ima-local-ca.priv -CAcreateserial \ - -outform DER -out x509_ima.der +cd "${DIR}" 1>/dev/null || exit 1 +. ./functions +ima_gen_signing_key rsa:2048 +exit $? From 827b6425d8835f3c6c6bedaf46d4beabbf280e2c Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Mon, 4 May 2026 10:51:39 -0500 Subject: [PATCH 2/7] examples: Create ima_gen_localca function and use it Create ima_gen_localca function for creating an IMA signing key and use it by existing scripts. Move code from ima-gen-local-ca-ecc.sh and ima-gen-local-ca.sh into it. Signed-off-by: Stefan Berger --- examples/functions | 45 ++++++++++++++++++++++++++++++++ examples/ima-gen-local-ca-ecc.sh | 29 ++++---------------- examples/ima-gen-local-ca.sh | 31 +++++----------------- 3 files changed, 56 insertions(+), 49 deletions(-) diff --git a/examples/functions b/examples/functions index 91231474..5a19729a 100755 --- a/examples/functions +++ b/examples/functions @@ -79,3 +79,48 @@ __EOF__ -outform DER -out x509_ima.der return $? } + +# Create a local CA +# @param1: The key algorithm; must be a name that OpenSSL command line tool +# accepts: rsa:2048, rsa:3072, rsa:4096, prime256v1 +ima_gen_localca() +{ + keyalgo="$1" + + GENKEY=ima-local-ca.genkey + + ossl_keyalgo=$(get_ossl_keyalgo "$keyalgo") + if [ -z "$ossl_keyalgo" ]; then + echo "Error: Unsupported key algorithm $keyalgo." >&2 + return 1 + fi + ossl_keyalgo_detail=$(get_ossl_keyalgo_detail "$keyalgo") + +cat << __EOF__ >$GENKEY +[ req ] +distinguished_name = req_distinguished_name +prompt = no +string_mask = utf8only +x509_extensions = v3_ca + +[ req_distinguished_name ] +O = IMA-CA +CN = IMA/EVM certificate signing key +emailAddress = ca@ima-ca + +[ v3_ca ] +basicConstraints=CA:TRUE +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer +keyUsage = cRLSign, keyCertSign +__EOF__ + + openssl req -new -x509 -utf8 -sha256 -days 3650 -batch -config $GENKEY \ + -outform DER -out ima-local-ca.x509 -keyout ima-local-ca.priv \ + -newkey "${ossl_keyalgo}" \ + ${ossl_keyalgo_detail:+${ossl_keyalgo_detail}} || return $? + + openssl x509 -inform DER -in ima-local-ca.x509 -out ima-local-ca.pem + + return $? +} diff --git a/examples/ima-gen-local-ca-ecc.sh b/examples/ima-gen-local-ca-ecc.sh index d5ab6e75..6696b539 100755 --- a/examples/ima-gen-local-ca-ecc.sh +++ b/examples/ima-gen-local-ca-ecc.sh @@ -1,28 +1,9 @@ #!/bin/sh -GENKEY=ima-local-ca.genkey +DIR=$(dirname "$0") -cat << __EOF__ >$GENKEY -[ req ] -distinguished_name = req_distinguished_name -prompt = no -string_mask = utf8only -x509_extensions = v3_ca +cd "${DIR}" 1>/dev/null || exit 1 -[ req_distinguished_name ] -O = IMA-CA -CN = IMA/EVM certificate signing key -emailAddress = ca@ima-ca - -[ v3_ca ] -basicConstraints=CA:TRUE -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer -keyUsage = cRLSign, keyCertSign -__EOF__ - -openssl req -new -x509 -utf8 -sha256 -days 3650 -batch -config $GENKEY \ - -outform DER -out ima-local-ca.x509 -keyout ima-local-ca.priv \ - -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 - -openssl x509 -inform DER -in ima-local-ca.x509 -out ima-local-ca.pem +. ./functions +ima_gen_localca prime256v1 +exit $? diff --git a/examples/ima-gen-local-ca.sh b/examples/ima-gen-local-ca.sh index 6fd49975..bec58b80 100755 --- a/examples/ima-gen-local-ca.sh +++ b/examples/ima-gen-local-ca.sh @@ -1,29 +1,10 @@ #!/bin/sh +# SPDX-License-Identifier: GPL-2.0-or-later -GENKEY=ima-local-ca.genkey +DIR=$(dirname "$0") -cat << __EOF__ >$GENKEY -[ req ] -default_bits = 2048 -distinguished_name = req_distinguished_name -prompt = no -string_mask = utf8only -x509_extensions = v3_ca - -[ req_distinguished_name ] -O = IMA-CA -CN = IMA/EVM certificate signing key -emailAddress = ca@ima-ca - -[ v3_ca ] -basicConstraints=CA:TRUE -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer -keyUsage = cRLSign, keyCertSign -__EOF__ - -openssl req -new -x509 -utf8 -sha256 -days 3650 -batch -config $GENKEY \ - -outform DER -out ima-local-ca.x509 -keyout ima-local-ca.priv - -openssl x509 -inform DER -in ima-local-ca.x509 -out ima-local-ca.pem +cd "${DIR}" 1>/dev/null || exit 1 +. ./functions +ima_gen_localca rsa:2048 +exit $? From 555c36077da42bf80121276fc25daa7320d89ff6 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Mon, 4 May 2026 11:38:36 -0500 Subject: [PATCH 3/7] examples: Create ima_gen_signing_key_selfsigned function and use it Create ima_gen_signing_key_localca function for creating an IMA signing key that also has a self-signed certificate and use it by existing scripts. Move code from ima-genkey-self-ecc.sh and ima-genkey-self.sh into it. Signed-off-by: Stefan Berger --- examples/functions | 50 +++++++++++++++++++++++++++++++++ examples/ima-genkey-self-ecc.sh | 30 ++++---------------- examples/ima-genkey-self.sh | 31 ++++---------------- 3 files changed, 62 insertions(+), 49 deletions(-) diff --git a/examples/functions b/examples/functions index 5a19729a..cfb13b8f 100755 --- a/examples/functions +++ b/examples/functions @@ -124,3 +124,53 @@ __EOF__ return $? } + +# Create an EVM/IMA signing key that is also a key of a self-signed CA +# @param1: The key algorithm; must be a name that OpenSSL command line tool +# accepts: rsa:2048, rsa:3072, rsa:4096, prime256v1 +ima_gen_signing_key_selfsigned() +{ + GENKEY=x509_evm.genkey + + ossl_keyalgo=$(get_ossl_keyalgo "$keyalgo") + if [ -z "$ossl_keyalgo" ]; then + echo "Error: Unsupported key algorithm $keyalgo." >&2 + return 1 + fi + ossl_keyalgo_detail=$(get_ossl_keyalgo_detail "$keyalgo") + + cat << __EOF__ >$GENKEY +[ req ] +distinguished_name = req_distinguished_name +prompt = no +string_mask = utf8only +x509_extensions = myexts + +[ req_distinguished_name ] +O = $(hostname) +CN = $(whoami) signing key +emailAddress = $(whoami)@$(hostname) + +[ myexts ] +basicConstraints=critical,CA:FALSE +keyUsage=digitalSignature +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid +__EOF__ + + openssl req -x509 -new -nodes -utf8 -sha256 -days 3650 -batch -config $GENKEY \ + -outform DER -out x509_evm.der -keyout privkey_evm.pem \ + -newkey "${ossl_keyalgo}" \ + ${ossl_keyalgo_detail:+${ossl_keyalgo_detail}} || return $? + + case "$keyalgo" in + rsa:*) + openssl rsa -pubout -in privkey_evm.pem -out pubkey_evm.pem + ;; + primve256v1|secp384r1|secp521r1) + openssl ec -pubout -in privkey_evm.pem -out pubkey_evm.pem + ;; + esac + + return $? +} diff --git a/examples/ima-genkey-self-ecc.sh b/examples/ima-genkey-self-ecc.sh index f4ef49ff..fd2f4323 100755 --- a/examples/ima-genkey-self-ecc.sh +++ b/examples/ima-genkey-self-ecc.sh @@ -1,28 +1,10 @@ #!/bin/sh +# SPDX-License-Identifier: GPL-2.0-or-later -GENKEY=x509_evm.genkey +DIR=$(dirname "$0") -cat << __EOF__ >$GENKEY -[ req ] -distinguished_name = req_distinguished_name -prompt = no -string_mask = utf8only -x509_extensions = myexts +cd "${DIR}" 1>/dev/null || exit 1 -[ req_distinguished_name ] -O = `hostname` -CN = `whoami` signing key -emailAddress = `whoami`@`hostname` - -[ myexts ] -basicConstraints=critical,CA:FALSE -keyUsage=digitalSignature -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid -__EOF__ - -openssl req -x509 -new -nodes -utf8 -sha256 -days 3650 -batch -config $GENKEY \ - -outform DER -out x509_evm.der -keyout privkey_evm.pem \ - -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 - -openssl ec -pubout -in privkey_evm.pem -out pubkey_evm.pem +. ./functions +ima_gen_signing_key_selfsigned prime256v1 +exit $? diff --git a/examples/ima-genkey-self.sh b/examples/ima-genkey-self.sh index c04df372..ceca4bd6 100755 --- a/examples/ima-genkey-self.sh +++ b/examples/ima-genkey-self.sh @@ -1,29 +1,10 @@ #!/bin/sh +# SPDX-License-Identifier: GPL-2.0-or-later -GENKEY=x509_evm.genkey +DIR=$(dirname "$0") -cat << __EOF__ >$GENKEY -[ req ] -default_bits = 2048 -distinguished_name = req_distinguished_name -prompt = no -string_mask = utf8only -x509_extensions = myexts - -[ req_distinguished_name ] -O = `hostname` -CN = `whoami` signing key -emailAddress = `whoami`@`hostname` - -[ myexts ] -basicConstraints=critical,CA:FALSE -keyUsage=digitalSignature -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid -__EOF__ - -openssl req -x509 -new -nodes -utf8 -sha256 -days 3650 -batch -config $GENKEY \ - -outform DER -out x509_evm.der -keyout privkey_evm.pem - -openssl rsa -pubout -in privkey_evm.pem -out pubkey_evm.pem +cd "${DIR}" 1>/dev/null || exit 1 +. ./functions +ima_gen_signing_key_selfsigned rsa:2048 +exit $? From 547fa247cce0388b7cfc8637c5fc86d5c747c7b2 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Mon, 4 May 2026 11:00:36 -0500 Subject: [PATCH 4/7] examples: Allow passing key algorithm to ima-genkey.sh Allow passing a key algorithm parameter to ima-genkey.sh and support a few more algorithms. Also support -? and --help to display the help screen. Signed-off-by: Stefan Berger --- examples/functions | 11 +++++++---- examples/ima-genkey.sh | 26 +++++++++++++++++++++++++- 2 files changed, 32 insertions(+), 5 deletions(-) diff --git a/examples/functions b/examples/functions index cfb13b8f..697cc34d 100755 --- a/examples/functions +++ b/examples/functions @@ -1,16 +1,19 @@ #!/bin/sh # SPDX-License-Identifier: GPL-2.0-or-later +# For help screens to display supported algorithms +SUPPORTED_ALGORITHMS="rsa:2048, rsa:3072, rsa:4096, prime256v1, secp384r1, and secp521r1" + # Get the OpenSSL keyalgo parameter # @param1: The key algorithm; must be a name that OpenSSL command line tool # accepts get_ossl_keyalgo() { case "$1" in - rsa:2048) + rsa:2048|rsa:3072|rsa:4096) echo "$1" ;; - prime256v1) + prime256v1|secp384r1|secp521r1) echo "ec" ;; esac @@ -22,10 +25,10 @@ get_ossl_keyalgo() get_ossl_keyalgo_detail() { case "$1" in - rsa:2048) + rsa:2048|rsa:3072|rsa:4096) echo "" ;; - prime256v1) + prime256v1|secp384r1|secp521r1) echo "-pkeyopt ec_paramgen_curve:${keyalgo}" ;; esac diff --git a/examples/ima-genkey.sh b/examples/ima-genkey.sh index 66225eba..6bcdeb35 100755 --- a/examples/ima-genkey.sh +++ b/examples/ima-genkey.sh @@ -6,5 +6,29 @@ DIR=$(dirname "$0") cd "${DIR}" 1>/dev/null || exit 1 . ./functions -ima_gen_signing_key rsa:2048 + +#default key algorithm +keyalgo=rsa:2048 + +if [ "$1" = "-?" ] || [ "$1" = "--help" ]; then + cat <<_EOF_ +Create an EVM/IMA file signing key with a given algorithm. + +Usage: $0 [options] keyalgo + +The following key algorithms are supported: + ${SUPPORTED_ALGORITHMS} + +The following options are supported: + -?, --help : Display this help screen and exit + +_EOF_ + exit 0 +fi + +if [ "$1" != "" ]; then + keyalgo="$1" +fi + +ima_gen_signing_key "${keyalgo}" exit $? From 2f7187dbe3708eab45c4f487e743668a44a5afa7 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Mon, 4 May 2026 11:10:57 -0500 Subject: [PATCH 5/7] examples: Allow passing key algorithm to ima-gen-local-ca.sh Allow passing a key algorithm parameter to ima-genkey.sh. Also support -? and --help to display the help screen. Signed-off-by: Stefan Berger --- examples/ima-gen-local-ca.sh | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/examples/ima-gen-local-ca.sh b/examples/ima-gen-local-ca.sh index bec58b80..0d1f9180 100755 --- a/examples/ima-gen-local-ca.sh +++ b/examples/ima-gen-local-ca.sh @@ -6,5 +6,29 @@ DIR=$(dirname "$0") cd "${DIR}" 1>/dev/null || exit 1 . ./functions -ima_gen_localca rsa:2048 + +#default key algorithm +keyalgo=rsa:2048 + +if [ "$1" = "-?" ] || [ "$1" = "--help" ]; then + cat <<_EOF_ +Create a local CA with a given key algorithm. + +Usage: $0 [options] keyalgo + +The following key algorithms are supported: + ${SUPPORTED_ALGORITHMS} + +The following options are supported: + -?, --help : Display this help screen and exit + +_EOF_ + exit 0 +fi + +if [ "$1" != "" ]; then + keyalgo="$1" +fi + +ima_gen_localca "${keyalgo}" exit $? From 3ca88c4d966ba58bc5a27dcdf2f0217b11796a98 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Mon, 4 May 2026 11:50:02 -0500 Subject: [PATCH 6/7] examples: Allow passing key algorithm to ima-genkey-self.sh Allow passing a key algorithm parameter to ima-genkey-self.sh. Also support -? and --help to display the help screen. Signed-off-by: Stefan Berger --- examples/ima-genkey-self.sh | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/examples/ima-genkey-self.sh b/examples/ima-genkey-self.sh index ceca4bd6..62ac8bce 100755 --- a/examples/ima-genkey-self.sh +++ b/examples/ima-genkey-self.sh @@ -6,5 +6,30 @@ DIR=$(dirname "$0") cd "${DIR}" 1>/dev/null || exit 1 . ./functions -ima_gen_signing_key_selfsigned rsa:2048 + +#default key algorithm +keyalgo=rsa:2048 + +if [ "$1" = "-?" ] || [ "$1" = "--help" ]; then + cat <<_EOF_ +Create an EVM/IMA file signing key with a given key algorithm. The key is also +used by a self-signed CA. + +Usage: $0 [options] keyalgo + +The following key algorithms are supported: + ${SUPPORTED_ALGORITHMS} + +The following options are supported: + -?, --help : Display this help screen and exit + +_EOF_ + exit 0 +fi + +if [ "$1" != "" ]; then + keyalgo="$1" +fi + +ima_gen_signing_key_selfsigned "${keyalgo}" exit $? From b6c404da715ca0d913a30c367677fcb22ade417b Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Mon, 4 May 2026 11:13:45 -0500 Subject: [PATCH 7/7] example: Remove unnecessary scripts With ima-gen-local-ca.sh, ima-genkey.sh, and ima-genkey-self-ecc.sh now supporting command line parameters to take the key algorithm, remove the now unnecessary scripts for EC keys. Signed-off-by: Stefan Berger --- Makefile.am | 5 +---- examples/ima-gen-local-ca-ecc.sh | 9 --------- examples/ima-genkey-ecc.sh | 10 ---------- examples/ima-genkey-self-ecc.sh | 10 ---------- 4 files changed, 1 insertion(+), 33 deletions(-) delete mode 100755 examples/ima-gen-local-ca-ecc.sh delete mode 100755 examples/ima-genkey-ecc.sh delete mode 100755 examples/ima-genkey-self-ecc.sh diff --git a/Makefile.am b/Makefile.am index 949c353d..daed1e3f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -10,10 +10,7 @@ endif doc_DATA = \ examples/ima-genkey-self.sh \ examples/ima-genkey.sh \ - examples/ima-gen-local-ca.sh \ - examples/ima-genkey-self-ecc.sh \ - examples/ima-genkey-ecc.sh \ - examples/ima-gen-local-ca-ecc.sh + examples/ima-gen-local-ca.sh EXTRA_DIST = autogen.sh $(doc_DATA) CLEANFILES = *.html *.xsl diff --git a/examples/ima-gen-local-ca-ecc.sh b/examples/ima-gen-local-ca-ecc.sh deleted file mode 100755 index 6696b539..00000000 --- a/examples/ima-gen-local-ca-ecc.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -DIR=$(dirname "$0") - -cd "${DIR}" 1>/dev/null || exit 1 - -. ./functions -ima_gen_localca prime256v1 -exit $? diff --git a/examples/ima-genkey-ecc.sh b/examples/ima-genkey-ecc.sh deleted file mode 100755 index 156270c0..00000000 --- a/examples/ima-genkey-ecc.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -# SPDX-License-Identifier: GPL-2.0-or-later - -DIR=$(dirname "$0") - -cd "${DIR}" 1>/dev/null || exit 1 - -. ./functions -ima_gen_signing_key prime256v1 -exit $? diff --git a/examples/ima-genkey-self-ecc.sh b/examples/ima-genkey-self-ecc.sh deleted file mode 100755 index fd2f4323..00000000 --- a/examples/ima-genkey-self-ecc.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -# SPDX-License-Identifier: GPL-2.0-or-later - -DIR=$(dirname "$0") - -cd "${DIR}" 1>/dev/null || exit 1 - -. ./functions -ima_gen_signing_key_selfsigned prime256v1 -exit $?