Lines Matching +full:inactive +full:-
2 dm-ima
6 (including the attestation service) interact with it - both during the
7 setup and during rest of the system run-time. They share sensitive data
9 may want to verify the current run-time state of the relevant kernel
10 subsystems before fully trusting the system with business-critical
18 impact the security profile of the block device, and in-turn, of the
24 fully trusting the system with business-critical data/workload.
28 various block devices -
30 - by device mapper itself, from within the kernel,
31 - in a tamper resistant way,
32 - and re-measured - triggered on state/configuration change.
42 /etc/ima/ima-policy
43 measure func=CRITICAL_DATA label=device-mapper template=ima-buf
62 TEMPLATE_NAME := Template name that registered the integrity value (e.g. ima-buf).
98 ---------------
99 When a new table is loaded in a device's inactive table slot,
115 device_name := "name=" <dm-device-name>
116 device_uuid := "uuid=" <dm-device-uuid>
121 dm-device-name := Name of the device. If it contains special characters like '\', ',', ';',
123 dm-device-uuid := UUID of the device. If it contains special characters like '\', ',', ';',
128 which is being loaded into the DM device's inactive table slot.
134 … Represents nth target in the table (from 0 to N-1 targets specified in <num_device_targets>)
135 … If all the data for N targets doesn't fit in the given buffer - then the data that fits
137 … The remaining data from targets x+1 to N-1 is measured in the subsequent IMA events,
159 …10 a8c5ff755561c7a28146389d1514c318592af49a ima-buf sha256:4d73481ecce5eadba8ab084640d85bb9ca899af…
169 ------------------
200 …10 56c00cc062ffc24ccd9ac2d67d194af3282b934e ima-buf sha256:e7d12c03b958b4e0e53e7363a06376be88d98a1…
207 ------------------
209 data from an active and inactive table are measured.
222 device_inactive_metadata := Device metadata that reflects the inactive table.
226 inactive_table_hash := Hash of the inactive table.
238 …10 790e830a3a7a31590824ac0642b3b31c2d0e8b38 ima-buf sha256:ab9f3c959367a8f5d4403d6ce9c3627dadfa8f9…
248 ----------------
249 When an inactive table is cleared from the device, the device information and a sha256 hash of the
250 data from an inactive table are measured.
260 …device_inactive_metadata := Device metadata that was captured during the load time inactive table …
262 inactive_table_hash := Hash of the inactive table being cleared from the device.
266 For instance, if a linear device's inactive table is cleared,
272 …10 77d347408f557f68f0041acb0072946bb2367fe5 ima-buf sha256:42f9ca22163fdfa548e6229dece2959bc5ce295…
279 ------------------
293 new_device_name := "new_name=" <dm-device-name>
294 dm-device-name := Same as <dm-device-name> described in 'Table load' section above
295 new_device_uuid := "new_uuid=" <dm-device-uuid>
296 dm-device-uuid := Same as <dm-device-uuid> described in 'Table load' section above
300 #dmsetup rename linear1 --setuuid 1234-5678
305 …10 8b0423209b4c66ac1523f4c9848c9b51ee332f48 ima-buf sha256:6847b7258134189531db593e9230b257c84f040…
308 …name=linear1,uuid=,major=253,minor=2,minor_count=1,num_targets=1;new_name=linear1,new_uuid=1234-56…
317 …10 bef70476b99c2bdf7136fae033aa8627da1bf76f ima-buf sha256:8c6f9f53b9ef9dc8f92a2f2cca8910e622543d0…
320 name=linear1,uuid=1234-5678,major=253,minor=2,minor_count=1,num_targets=1;
321 new_name=linear\=2,new_uuid=1234-5678;
341 ---------
376 ---------
416 …iv_large_sectors=n,cipher_string=aes-xts-plain64,key_size=32,key_parts=1,key_extra_size=0,key_mac_…
419 -------------
463 ----------
488 ----------
501 … mirror_device_row is repeated <NR> times - for <NR> described in <nr_mirrors>.
504 where <X> ranges from 0 to (<NR> -1) - for <NR> described in <nr_mirrors>.
506 where <X> ranges from 0 to (<NR> -1) - for <NR> described in <nr_mirrors>.
527 -------------
542 … where <X> ranges from 0 to (<NPG> -1) - for <NPG> described in <nr_priority_groups>.
547 … where <X> ranges from 0 to (<NPG> -1) - for <NPG> described in <nr_priority_groups>,
548 … and <Y> ranges from 0 to (<NPGP> -1) - for <NPGP> described in <priority_groups_row>.
560 pg_state_0=E,nr_pgpaths_0=2,path_selector_name_0=queue-length,
563 pg_state_1=E,nr_pgpaths_1=2,path_selector_name_1=queue-length,
568 --------
584 … <raid_device_status_row> is repeated <NRD> times - for <NRD> described in <raid_disks>.
586 … where <X> ranges from 0 to (<NRD> -1) - for <NRD> described in <raid_disks>.
587 raid_device_status_str := "A" | "D" | "a" | "-"
608 ------------
638 -----------
654 where <X> ranges from 0 to (<NS> -1) - for <NS> described in <stripes>.
656 where <X> ranges from 0 to (<NS> -1) - for <NS> described in <stripes>.
658 where <X> ranges from 0 to (<NS> -1) - for <NS> described in <stripes>.
674 ----------
695 salt_str := "-" <verity_salt_str>
710 name=test-verity,uuid=,major=253,minor=2,minor_count=1,num_targets=1;