Home
last modified time | relevance | path

Searched refs:IMA (Results 1 – 23 of 23) sorted by relevance

/linux/security/integrity/ima/
H A DKconfig4 config IMA config
5 bool "Integrity Measurement Architecture(IMA)"
19 Measurement Architecture(IMA) maintains a list of hash
25 If your system has a TPM chip, then IMA also maintains
30 to learn more about IMA.
33 if IMA
36 bool "Enable carrying the IMA measurement list across a soft boot"
41 a TPM's quote after a soft boot, the IMA measurement list of the
44 Depending on the IMA policy, the measurement list can grow to
53 that IMA use
[all...]
/linux/Documentation/translations/zh_CN/security/
H A Dipe.rst29 1. IMA + EVM Signatures
33 中,最终选择DM-Verity而非IMA+EVM作为完整性机制,主
38 * 使用IMA+EVM时,如果没有加密解决方案,系统很容易受到
46 在当时,这是通过强制访问控制标签来实现的,IMA策略会
58 攻击中,块设备最初报告适当的内容以供IMA哈希计算,通
71 * 不需要两个签名(IMA 然后是 EVM):一个签名可以覆盖整个
87 当时,IMA作为唯一的完整性策略机制,被用来与这些要求进行对比,
88 但未能满足所有最低要求。尽管考虑过扩展IMA以涵盖这些要求,但
91 1. 回归风险;这其中许多变更将导致对已经存在于内核的IMA进行
94 2. IMA在该系统中用于测量和证明;将测量策略与本地完整性策略
H A Dindex.rst31 * IMA-templates
/linux/Documentation/admin-guide/device-mapper/
H A Ddm-ima.rst26 IMA kernel subsystem provides the necessary functionality for
34 Setting the IMA Policy:
36 For IMA to measure the data on a given system, the IMA policy on the
45 The measurements will be reflected in the IMA logs, which are located at:
52 Then IMA ASCII measurement log has the following format:
61 TEMPLATE_DATA_DIGEST := Template data digest of the IMA record.
76 | The DM target data measured by IMA subsystem can alternatively
84 | To support recording duplicate IMA events in the IMA log, the Kernel needs to be configured with
89 Following device state changes will trigger IMA measurements:
103 The IMA measurement log has the following format for 'dm_table_load':
[all …]
/linux/drivers/misc/sgi-gru/
H A Dgrukservices.c97 #define IMA IMA_CB_DELAY macro
589 gru_mesq(cb, mqd->mq_gpa, gru_get_tri(mhdr), 1, IMA); in send_noop_message()
615 IMA); in send_noop_message()
657 gru_gamir(cb, EOP_IR_CLR, HSTATUS(mqd->mq_gpa, half), XTYPE_DW, IMA); in send_message_queue_full()
669 XTYPE_DW, IMA); in send_message_queue_full()
680 IMA); in send_message_queue_full()
688 IMA); in send_message_queue_full()
712 gru_vset(cb, m, 0, XTYPE_CL, lines, 1, IMA); in send_message_put_nacked()
716 gru_vstore(cb, m, gru_get_tri(mesg), XTYPE_CL, lines, 1, IMA); in send_message_put_nacked()
819 gru_mesq(cb, mqd->mq_gpa, gru_get_tri(mhdr), clines, IMA); in gru_send_message_gpa()
[all …]
/linux/Documentation/security/
H A DIMA-templates.rst2 IMA Template Management Mechanism
13 necessary to extend the current version of IMA by defining additional
24 management from the remaining IMA code. The core of this solution is the
35 parameter. At boot time, IMA initializes the chosen template descriptor
39 After the initialization step, IMA will call ``ima_alloc_init_template()``
H A Dindex.rst10 IMA-templates
H A Ddigsig.rst20 Currently digital signatures are used by the IMA/EVM integrity protection subsystem.
/linux/security/integrity/
H A DKconfig10 Measurement Architecture (IMA), Extended Verification Module
11 (EVM), IMA-appraisal extension, digital signature verification
/linux/fs/verity/
H A DKconfig45 IMA appraisal) can be much better. For details about the
/linux/Documentation/translations/zh_CN/filesystems/
H A Dubifs-authentication.rst336 首次挂载时将全部数字签名替换为 HMAC,其处理逻辑与 IMA/EVM 子系统应对此类情
/linux/Documentation/security/tpm/
H A Dxen-tpmfront.rst121 In order to use features such as IMA that require a TPM to be loaded prior to
/linux/Documentation/admin-guide/LSM/
H A Dipe.rst598 An example of such is loading IMA policies by writing the path
603 Controls loading IMA certificates through the Kconfigs,
807 IMA, and Loadpin.
809 IMA and IPE are functionally very similar. The significant difference between
/linux/Documentation/userspace-api/
H A Dcheck_exec.rst130 user session) where scripts' integrity is verified (e.g. with IMA/EVM or
/linux/security/
H A DKconfig95 various security modules (AppArmor, IMA, SafeSetID, TOMOYO, TPM).
/linux/Documentation/arch/x86/
H A Dintel_txt.rst64 Measurement Architecture (IMA) and Linux Integrity Module interface
/linux/Documentation/admin-guide/
H A Dkernel-parameters.txt23 IMA Integrity measurement architecture is enabled.
2334 ima_appraise= [IMA] appraise integrity measurements
2338 ima_appraise_tcb [IMA] Deprecated. Use ima_policy= instead.
2342 ima_canonical_fmt [IMA]
2346 ima_hash= [IMA]
2354 ima_policy= [IMA]
2355 The builtin policies to load during IMA setup.
2379 ima_tcb [IMA] Deprecated. Use ima_policy= instead.
2381 Computing Base. This means IMA will measure all
2385 ima_template= [IMA]
[all …]
/linux/arch/loongarch/
H A DKconfig692 select HAVE_IMA_KEXEC if IMA
/linux/arch/powerpc/
H A DKconfig643 select HAVE_IMA_KEXEC if IMA
/linux/arch/riscv/
H A DKconfig1080 select HAVE_IMA_KEXEC if IMA
/linux/arch/arm64/
H A DKconfig1589 select HAVE_IMA_KEXEC if IMA
/linux/arch/x86/
H A DKconfig2000 select HAVE_IMA_KEXEC if IMA
/linux/
H A DMAINTAINERS12744 INTEGRITY MEASUREMENT ARCHITECTURE (IMA)