Home
last modified time | relevance | path

Searched full:integrity (Results 1 – 25 of 477) sorted by relevance

12345678910>>...20

/linux-6.15/Documentation/block/
Ddata-integrity.rst2 Data Integrity
16 protocols (SBC Data Integrity Field, SCC protection proposal) as well
18 support for appending integrity metadata to an I/O. The integrity
29 DIF and the other integrity extensions is that the protection format
31 integrity of the I/O and reject it if corruption is detected. This
35 2. The Data Integrity Extensions
40 allow the operating system to interact with the integrity metadata
45 The SCSI Data Integrity Field works by appending 8 bytes of protection
46 information to each sector. The data + integrity metadata is stored
53 encouraged them to allow separation of the data and integrity metadata
[all …]
/linux-6.15/Documentation/admin-guide/device-mapper/
Ddm-integrity.rst2 dm-integrity
5 The dm-integrity target emulates a block device that has additional
6 per-sector tags that can be used for storing integrity information.
8 A general problem with storing integrity tags with every sector is that
9 writing the sector and the integrity tag must be atomic - i.e. in case of
10 crash, either both sector and integrity tag or none of them is written.
12 To guarantee write atomicity, the dm-integrity target uses journal, it
13 writes sector data and integrity tags into a journal, commits the journal
14 and then copies the data and integrity tags to their respective location.
16 The dm-integrity target can be used with the dm-crypt target - in this
[all …]
Ddm-crypt.rst137 integrity:<bytes>:<type>
139 in per-bio integrity structure. This metadata must by provided
140 by underlying dm-integrity target.
146 integrity for the encrypted device. The additional space is then
150 Optionally set the integrity key size if it differs from the digest size.
169 Use an integrity key of <bytes> size instead of using an integrity key size
/linux-6.15/security/integrity/
DMakefile3 # Makefile for caching inode integrity data (iint)
6 obj-$(CONFIG_INTEGRITY) += integrity.o
8 integrity-y := iint.o
9 integrity-$(CONFIG_INTEGRITY_AUDIT) += integrity_audit.o
10 integrity-$(CONFIG_INTEGRITY_SIGNATURE) += digsig.o
11 integrity-$(CONFIG_INTEGRITY_ASYMMETRIC_KEYS) += digsig_asymmetric.o
12 integrity-$(CONFIG_INTEGRITY_PLATFORM_KEYRING) += platform_certs/platform_keyring.o
13 integrity-$(CONFIG_INTEGRITY_MACHINE_KEYRING) += platform_certs/machine_keyring.o
14 integrity-$(CONFIG_LOAD_UEFI_KEYS) += platform_certs/efi_parser.o \
17 integrity-$(CONFIG_LOAD_IPL_KEYS) += platform_certs/load_ipl_s390.o
[all …]
DKconfig3 config INTEGRITY config
4 bool "Integrity subsystem"
8 This option enables the integrity subsystem, which is comprised
9 of a number of different components including the Integrity
17 if INTEGRITY
46 bool "Require all keys on the integrity keyrings be signed"
119 bool "Enables integrity auditing support "
123 In addition to enabling integrity auditing support, this
125 controls the level of integrity auditing messages.
126 0 - basic integrity auditing messages (default)
[all …]
Diint.c9 * - initialize the integrity directory in securityfs
13 #include "integrity.h"
32 * integrity_load_keys - load integrity keys hook
47 integrity_dir = securityfs_create_dir("integrity", NULL); in integrity_fs_init()
52 pr_err("Unable to create integrity sysfs dir: %d\n", in integrity_fs_init()
/linux-6.15/block/
Dbio-integrity.c3 * bio-integrity.c - bio data integrity extensions
9 #include <linux/blk-integrity.h>
18 * bio_integrity_free - Free bio integrity payload
21 * Description: Free the integrity portion of a bio.
43 * bio_integrity_alloc - Allocate integrity payload and attach it to bio
44 * @bio: bio to attach integrity metadata to
46 * @nr_vecs: Number of integrity metadata scatter-gather elements
48 * Description: This function prepares a bio for attaching integrity
50 * integrity metadata that can be attached.
94 * bio_integrity_unmap_user - Unmap user integrity payload
[all …]
Dbio-integrity-auto.c6 * Automatically generate and verify integrity data on PI capable devices if the
8 * data integrity even if the file system (or other user of the block device) is
11 #include <linux/blk-integrity.h>
62 pr_warn_once("%s: unknown integrity checksum type:%d\n", in bi_offload_capable()
71 * __bio_integrity_endio - Integrity I/O completion function
75 * integrity is a time-consuming task which must be run in process context.
97 * bio_integrity_prep - Prepare bio for integrity I/O
100 * Checks if the bio already has an integrity payload attached. If it does, the
103 * Otherwise allocates integrity payload and for writes the integrity metadata
137 * memory to disk for non-integrity metadata where nothing else in bio_integrity_prep()
[all …]
Dblk-integrity.c3 * blk-integrity.c - Block layer data integrity extensions
9 #include <linux/blk-integrity.h>
20 * blk_rq_count_integrity_sg - Count number of integrity scatterlist elements
22 * @bio: bio with integrity metadata attached
25 * scatterlist corresponding to the integrity metadata in a bio.
58 * blk_rq_map_integrity_sg - Map integrity metadata into a scatterlist
62 * Description: Map the integrity vectors in request into a
107 * is bigger than number of req's physical integrity segments in blk_rq_map_integrity_sg()
184 return &dev_to_disk(dev)->queue->limits.integrity; in dev_to_bi()
225 lim.integrity.flags &= ~flag; in flag_store()
[all …]
DKconfig64 bool "Block layer data integrity support"
70 data integrity option provides hooks which can be used by
71 filesystems to ensure better data integrity.
74 T10/SCSI Data Integrity Field or the T13/ATA External Path
85 integrity. However there are some setups that need this capability
DMakefile29 obj-$(CONFIG_BLK_DEV_INTEGRITY) += bio-integrity.o blk-integrity.o t10-pi.o \
30 bio-integrity-auto.o
/linux-6.15/Documentation/security/
Dipe.rst3 Integrity Policy Enforcement (IPE) - Kernel Documentation
17 strong integrity guarantees over both the executable code, and specific
19 specific data files would not be readable unless they passed integrity
22 of what would provide the integrity claims. At the time, there were two
23 main mechanisms considered that could guarantee integrity for the system
30 over IMA+EVM as the *integrity mechanism* in the original use case of IPE
39 files), cannot be enforced to be globally integrity verified. This means
41 enforce the integrity policy, or it should not.
44 policy would indicate what labels required integrity verification, which
48 file should be subject to integrity policy.
[all …]
Dsnp-tdx-threat-model.rst26 security technologies that aim to protect the confidentiality and integrity
46 integrity for the VM's guest memory and execution state (vCPU registers),
51 …w.amd.com/system/files/techdocs/sev-snp-strengthening-vm-isolation-with-integrity-protection-and-m…
163 integrity protection. This threat model assumes that those features are
168 1. Preserve the confidentiality and integrity of CoCo guest's private
201 data should also be considered untrusted until its integrity and
226 This allows the host to break the integrity of the code running
233 integrity or freshness of such data.
/linux-6.15/include/linux/
Dblk-integrity.h6 #include <linux/bio-integrity.h>
36 return q->limits.integrity.tuple_size; in blk_integrity_queue_supports_integrity()
43 return &disk->queue->limits.integrity; in blk_get_integrity()
59 * bio_integrity_intervals - Return number of integrity intervals for a bio
64 * sectors but integrity metadata is done in terms of the data integrity
66 * to the appropriate number of integrity intervals.
86 * Return the current bvec that contains the integrity data. bip_iter may be
87 * advanced to iterate over the integrity data.
Dt10-pi.h45 rq->q->limits.integrity.interval_exp) in t10_pi_ref_tag()
46 shift = rq->q->limits.integrity.interval_exp; in t10_pi_ref_tag()
70 rq->q->limits.integrity.interval_exp) in ext_pi_ref_tag()
71 shift = rq->q->limits.integrity.interval_exp; in ext_pi_ref_tag()
Dbio-integrity.h8 BIP_BLOCK_INTEGRITY = 1 << 0, /* block layer owns integrity data */
10 BIP_DISK_NOCHECK = 1 << 2, /* disable disk integrity checking */
21 unsigned short bip_vcnt; /* # of integrity bio_vecs */
22 unsigned short bip_max_vcnt; /* integrity bio_vec slots */
/linux-6.15/Documentation/ABI/stable/
Dsysfs-class-tpm4 Contact: linux-integrity@vger.kernel.org
12 Contact: linux-integrity@vger.kernel.org
24 Contact: linux-integrity@vger.kernel.org
32 Contact: linux-integrity@vger.kernel.org
49 Contact: linux-integrity@vger.kernel.org
72 Contact: linux-integrity@vger.kernel.org
81 Contact: linux-integrity@vger.kernel.org
89 Contact: linux-integrity@vger.kernel.org
112 Contact: linux-integrity@vger.kernel.org
164 Contact: linux-integrity@vger.kernel.org
[all …]
Dsysfs-block106 What: /sys/block/<disk>/integrity/device_is_integrity_capable
111 integrity metadata. Set if the device is T10 PI-capable.
118 What: /sys/block/<disk>/integrity/format
122 Metadata format for integrity capable block device.
126 If the device can store application integrity metadata but
129 If the device does not support integrity metadata, this
133 What: /sys/block/<disk>/integrity/protection_interval_bytes
138 by one integrity tuple. Typically the device's logical
142 What: /sys/block/<disk>/integrity/read_verify
147 integrity of read requests serviced by devices that
[all …]
/linux-6.15/security/integrity/ima/
DKconfig2 # IBM Integrity Measurement Architecture
5 bool "Integrity Measurement Architecture(IMA)"
18 The Trusted Computing Group(TCG) runtime Integrity
26 an aggregate integrity value over this list inside the
53 that IMA uses to maintain the integrity aggregate of the
88 prompt "Default integrity hash algorithm"
92 list, integrity appraisal and audit log. The compiled default
145 bool "Appraise integrity measurements"
148 This option enables local measurement integrity appraisal.
154 For more information on integrity appraisal refer to:
/linux-6.15/Documentation/staging/
Dxz.rst13 for executable code. CRC32 is supported for integrity checking.
53 Since the XZ Embedded supports only streams with CRC32 or no integrity
54 check, make sure that you don't use some other integrity check type
62 which will verify the integrity of the uncompressed data anyway.
63 Double checking the integrity would probably be waste of CPU cycles.
65 by the decoder; you can only change the integrity check type (or
/linux-6.15/drivers/md/
Ddm-io-rewind.c8 #include <linux/blk-integrity.h>
48 * dm_bio_integrity_rewind - Rewind integrity vector
49 * @bio: bio whose integrity vector to update
52 * Description: This function calculates how many integrity bytes the
54 * integrity vector accordingly.
/linux-6.15/security/ipe/
DKconfig3 # Integrity Policy Enforcement (IPE) configuration
7 bool "Integrity Policy Enforcement (IPE)"
16 This option enables the Integrity Policy Enforcement LSM
25 string "Integrity policy to apply on system startup"
/linux-6.15/crypto/krb5/
Dkrb5_api.c303 * crypto_krb5_encrypt - Apply Kerberos encryption and integrity.
314 * needed, encrypt this and the data in place and insert an integrity checksum
345 * crypto_krb5_decrypt - Validate and remove Kerberos encryption and integrity.
353 * Using the specified Kerberos encoding, check and remove the integrity
362 * if the integrity checksum doesn't match). Other errors may also be returned
375 * crypto_krb5_get_mic - Apply Kerberos integrity checksum.
385 * Using the specified Kerberos encoding, calculate and insert an integrity
412 * crypto_krb5_verify_mic - Validate and remove Kerberos integrity checksum.
421 * Using the specified Kerberos encoding, check and remove the integrity
/linux-6.15/security/integrity/evm/
DKconfig13 integrity attacks.
57 /sys/kernel/security/integrity/evm/evm_xattrs.
68 verify EVM integrity starting from the 'init' process. The
/linux-6.15/drivers/scsi/
Dsd_dif.c3 * sd_dif.c - SCSI Data Integrity Field
9 #include <linux/blk-integrity.h>
31 struct blk_integrity *bi = &lim->integrity; in sd_dif_config_host()

12345678910>>...20