| /linux/drivers/md/ |
| H A D | dm-ima.c | 169 memset(&(md->ima), 0, sizeof(md->ima)); in dm_ima_reset_data()
170 md->ima.dm_version_str_len = strlen(DM_IMA_VERSION_STR); in dm_ima_reset_data()
227 memcpy(ima_buf + l, DM_IMA_VERSION_STR, table->md->ima.dm_version_str_len); in dm_ima_measure_on_table_load()
228 l += table->md->ima.dm_version_str_len; in dm_ima_measure_on_table_load()
285 memcpy(ima_buf + l, DM_IMA_VERSION_STR, table->md->ima.dm_version_str_len); in dm_ima_measure_on_table_load()
286 l += table->md->ima.dm_version_str_len; in dm_ima_measure_on_table_load()
338 if (table->md->ima.active_table.hash != table->md->ima.inactive_table.hash) in dm_ima_measure_on_table_load()
339 kfree(table->md->ima.inactive_table.hash); in dm_ima_measure_on_table_load()
341 table->md->ima.inactive_table.hash = digest_buf; in dm_ima_measure_on_table_load()
342 table->md->ima.inactive_table.hash_len = strlen(digest_buf); in dm_ima_measure_on_table_load()
[all …]
|
| H A D | dm-core.h | 147 struct dm_ima_measurements ima; member
|
| H A D | Makefile | 101 dm-mod-objs += dm-ima.o
|
| /linux/Documentation/translations/zh_CN/security/ |
| H A D | IMA-templates.rst | 17 原始的 ``ima`` 模板是固定长度的,包含文件数据的哈希值和路径名。文件数据
45 相同的机制也用于显示度量条目。函数 ``ima[_ascii]_measurements_show()`` 会为
60 - 'd-ngv2':与d-ng相同,但以"ima"或"verity"摘要类型为前缀
65 如果'security.ima'包含文件哈希;
79 - "ima":其格式是 ``d|n`` ;
80 - "ima-ng"(默认):其格式是 ``d-ng|n-ng`` ;
81 - "ima-ngv2":其格式是 ``d-ngv2|n-ng`` ;
82 - "ima-sig":其格式是 ``d-ng|n-ng|sig`` ;
83 - "ima-sigv2":其格式是 ``d-ngv2|n-ng|sig`` ;
84 - "ima-buf":其格式是 ``d-ng|n-ng|buf`` ;
[all …]
|
| /linux/security/integrity/ima/ |
| H A D | Makefile | 7 obj-$(CONFIG_IMA) += ima.o ima_iint.o
9 ima-y := ima_fs.o ima_queue.o ima_init.o ima_main.o ima_crypto.o ima_api.o \
11 ima-$(CONFIG_IMA_APPRAISE) += ima_appraise.o
12 ima-$(CONFIG_IMA_APPRAISE_MODSIG) += ima_modsig.o
13 ima-$(CONFIG_HAVE_IMA_KEXEC) += ima_kexec.o
14 ima-$(CONFIG_IMA_BLACKLIST_KEYRING) += ima_mok.o
15 ima-$(CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS) += ima_asymmetric_keys.o
16 ima-$(CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS) += ima_queue_keys.o
19 ima-$(CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT) += ima_efi.o
|
| H A D | Kconfig | 69 The original 'ima' measurement list template contains a
71 limited to 255 characters. The 'ima-ng' measurement list
77 bool "ima-ng (default)"
79 bool "ima-sig"
84 default "ima-ng" if IMA_NG_TEMPLATE
85 default "ima-sig" if IMA_SIG_TEMPLATE
155 <http://linux-ima.sourceforge.net>
276 bool "Load X509 certificate onto the '.ima' trusted keyring"
281 loaded on the .ima trusted keyring. These public keys are
284 loading from the kernel onto the '.ima' trusted keyring.
|
| H A D | ima_main.c | 1317 DEFINE_LSM(ima) = {
|
| /linux/Documentation/ABI/testing/ |
| H A D | ima_policy | 1 What: /sys/kernel/security/*/ima/policy
10 Policies are loaded into the securityfs file ima/policy
13 the file ima/policy is closed.
58 stored in security.ima xattr. Requires
68 (eg, .builtin_trusted_keys|.ima). Only valid
71 (eg, ima-ng). Only valid when action is "measure".
78 files where the security.ima xattr was hashed with one
156 keys added to .builtin_trusted_keys or .ima keyring:
158 measure func=KEY_CHECK keyrings=.builtin_trusted_keys|.ima
162 security.ima xattr of a file:
[all …]
|
| H A D | evm | 94 core/ima-setup) have support for loading keys at boot
|
| /linux/Documentation/security/ |
| H A D | IMA-templates.rst | 9 The original ``ima`` template is fixed length, containing the filedata hash
51 The functions ``ima[_ascii]_measurements_show()`` retrieve, for each entry,
70 - 'd-ngv2': same as d-ng, but prefixed with the "ima" or "verity" digest type
75 or the EVM portable signature, if 'security.ima' contains a file hash.
90 - "ima": its format is ``d|n``;
91 - "ima-ng" (default): its format is ``d-ng|n-ng``;
92 - "ima-ngv2": its format is ``d-ngv2|n-ng``;
93 - "ima-sig": its format is ``d-ng|n-ng|sig``;
94 - "ima-sigv2": its format is ``d-ngv2|n-ng|sig``;
95 - "ima-buf": its format is ``d-ng|n-ng|buf``;
[all …]
|
| /linux/Documentation/admin-guide/device-mapper/ |
| H A D | dm-ima.rst | 2 dm-ima
42 /etc/ima/ima-policy
43 measure func=CRITICAL_DATA label=device-mapper template=ima-buf
49 /sys/kernel/security/integrity/ima/ascii_runtime_measurements
50 /sys/kernel/security/integrity/ima/binary_runtime_measurements
62 TEMPLATE_NAME := Template name that registered the integrity value (e.g. ima-buf).
159 …10 a8c5ff755561c7a28146389d1514c318592af49a ima-buf sha256:4d73481ecce5eadba8ab084640d85bb9ca899af…
200 …10 56c00cc062ffc24ccd9ac2d67d194af3282b934e ima-buf sha256:e7d12c03b958b4e0e53e7363a06376be88d98a1…
238 …10 790e830a3a7a31590824ac0642b3b31c2d0e8b38 ima-buf sha256:ab9f3c959367a8f5d4403d6ce9c3627dadfa8f9…
272 …10 77d347408f557f68f0041acb0072946bb2367fe5 ima-buf sha256:42f9ca22163fdfa548e6229dece2959bc5ce295…
[all …]
|
| H A D | index.rst | 16 dm-ima
|
| /linux/arch/x86/kernel/ |
| H A D | kexec-bzimage64.c | 255 struct ima_setup_data *ima; in setup_ima_state() local
261 sd->len = sizeof(*ima); in setup_ima_state()
263 ima = (void *)sd + sizeof(struct setup_data); in setup_ima_state()
264 ima->addr = image->ima_buffer_addr; in setup_ima_state()
265 ima->size = image->ima_buffer_size; in setup_ima_state()
|
| /linux/drivers/misc/sgi-gru/ |
| H A D | gru_instructions.h | 90 unsigned char ima: 3; /* CB_DelRep, unmapped mode */ member
305 unsigned long idef2, unsigned char ima) in __opdword() argument
312 (ima << GRU_CB_IMA_SHFT) | in __opdword()
616 unsigned int ima :3; member
|
| /linux/security/integrity/ |
| H A D | Kconfig | 27 of the different use cases - evm, ima, and modules.
52 This option requires that all keys added to the .ima and
134 source "security/integrity/ima/Kconfig"
|
| H A D | Makefile | 22 obj-$(CONFIG_IMA) += ima/
|
| /linux/security/selinux/ |
| H A D | Makefile | 25 selinux-$(CONFIG_IMA) += ima.o
|
| /linux/tools/testing/selftests/kexec/ |
| H A D | kexec_common_lib.sh | 204 local ima_policy=$SECURITYFS/ima/policy
|
| H A D | test_kexec_file_load.sh | 85 line=$(getfattr -n security.ima -e hex --absolute-names $KERNEL_IMAGE 2>&1)
|
| /linux/security/integrity/evm/ |
| H A D | Kconfig | 39 security.SMACK64, security.capability, and security.ima) included
|
| /linux/tools/testing/selftests/bpf/prog_tests/ |
| H A D | test_ima.c | 74 struct ima *skel = NULL; in test_test_ima()
|
| /linux/Documentation/arch/powerpc/ |
| H A D | imc.rst | 49 https://github.com/open-power/ima-catalog
|
| /linux/Documentation/admin-guide/LSM/ |
| H A D | ipe.rst | 599 to the policy file to ``$securityfs/ima/policy``
|
| /linux/Documentation/admin-guide/ |
| H A D | kernel-parameters.txt | 2390 Formats: { "ima" | "ima-ng" | "ima-ngv2" | "ima-sig" |
2391 "ima-sigv2" }
2392 Default: "ima-ng"
2398 ima.ahash_minsize= [IMA] Minimum file size for asynchronous hash usage
2407 ima.ahash_bufsize= [IMA] Asynchronous hash buffer size
2415 ima= [IMA] Enable or disable IMA
|
| /linux/Documentation/filesystems/ |
| H A D | fsverity.rst | 86 signature in their "security.ima" extended attribute, as controlled
|