Home
last modified time | relevance | path

Searched refs:IMA (Results 1 – 23 of 23) sorted by relevance

/linux/security/integrity/ima/
H A DKconfig4 config IMA config
5 bool "Integrity Measurement Architecture(IMA)"
19 Measurement Architecture(IMA) maintains a list of hash
25 If your system has a TPM chip, then IMA also maintains
30 to learn more about IMA.
33 if IMA
36 bool "Enable carrying the IMA measurement list across a soft boot"
41 a TPM's quote after a soft boot, the IMA measurement list of the
44 Depending on the IMA policy, the measurement list can grow to
53 that IMA use
[all...]
/linux/Documentation/translations/zh_CN/security/
H A Dipe.rst29 1. IMA + EVM Signatures
33 中,最终选择DM-Verity而非IMA+EVM作为完整性机制,主
38 * 使用IMA+EVM时,如果没有加密解决方案,系统很容易受到
46 在当时,这是通过强制访问控制标签来实现的,IMA策略会
58 攻击中,块设备最初报告适当的内容以供IMA哈希计算,通
71 * 不需要两个签名(IMA 然后是 EVM):一个签名可以覆盖整个
87 当时,IMA作为唯一的完整性策略机制,被用来与这些要求进行对比,
88 但未能满足所有最低要求。尽管考虑过扩展IMA以涵盖这些要求,但
91 1. 回归风险;这其中许多变更将导致对已经存在于内核的IMA进行
94 2. IMA在该系统中用于测量和证明;将测量策略与本地完整性策略
H A Dindex.rst31 * IMA-templates
/linux/Documentation/admin-guide/device-mapper/
H A Ddm-ima.rst26 IMA kernel subsystem provides the necessary functionality for
34 Setting the IMA Policy:
36 For IMA to measure the data on a given system, the IMA policy on the
45 The measurements will be reflected in the IMA logs, which are located at:
52 Then IMA ASCII measurement log has the following format:
61 TEMPLATE_DATA_DIGEST := Template data digest of the IMA record.
76 | The DM target data measured by IMA subsystem can alternatively
84 | To support recording duplicate IMA events in the IMA log, the Kernel needs to be configured with
89 Following device state changes will trigger IMA measurements:
103 The IMA measurement log has the following format for 'dm_table_load':
[all …]
/linux/drivers/misc/sgi-gru/
H A Dgrukservices.c97 #define IMA IMA_CB_DELAY macro
589 gru_mesq(cb, mqd->mq_gpa, gru_get_tri(mhdr), 1, IMA); in send_noop_message()
615 IMA); in send_noop_message()
657 gru_gamir(cb, EOP_IR_CLR, HSTATUS(mqd->mq_gpa, half), XTYPE_DW, IMA); in send_message_queue_full()
669 XTYPE_DW, IMA); in send_message_queue_full()
680 IMA); in send_message_queue_full()
688 IMA); in send_message_queue_full()
712 gru_vset(cb, m, 0, XTYPE_CL, lines, 1, IMA); in send_message_put_nacked()
716 gru_vstore(cb, m, gru_get_tri(mesg), XTYPE_CL, lines, 1, IMA); in send_message_put_nacked()
819 gru_mesq(cb, mqd->mq_gpa, gru_get_tri(mhdr), clines, IMA); in gru_send_message_gpa()
[all …]
/linux/Documentation/security/
H A DIMA-templates.rst2 IMA Template Management Mechanism
13 necessary to extend the current version of IMA by defining additional
24 management from the remaining IMA code. The core of this solution is the
35 parameter. At boot time, IMA initializes the chosen template descriptor
39 After the initialization step, IMA will call ``ima_alloc_init_template()``
H A Dindex.rst10 IMA-templates
H A Dipe.rst26 1. IMA + EVM Signatures
30 over IMA+EVM as the *integrity mechanism* in the original use case of IPE
35 * With IMA+EVM, without an encryption solution, the system is vulnerable
43 At the time, this was done with mandatory access control labels. An IMA
56 the block device reports the appropriate content for the IMA hash
70 * No need for two signatures (IMA, then EVM): one signature covers
89 IMA, as the only integrity policy mechanism at the time, was
91 all of the minimum requirements. Extending IMA to cover these
96 dramatic code changes to IMA, which is already present in the
99 2. IMA was used in the system for measurement and attestation;
H A Ddigsig.rst20 Currently digital signatures are used by the IMA/EVM integrity protection subsystem.
/linux/Documentation/ABI/testing/
H A Dima_policy6 Measurement Architecture(IMA) maintains a list of hash
15 IMA appraisal, if configured, uses these file measurements
66 regular IMA file hash.
70 template:= name of a defined IMA template type
/linux/security/integrity/
H A DKconfig10 Measurement Architecture (IMA), Extended Verification Module
11 (EVM), IMA-appraisal extension, digital signature verification
/linux/fs/verity/
H A DKconfig45 IMA appraisal) can be much better. For details about the
/linux/Documentation/translations/zh_CN/filesystems/
H A Dubifs-authentication.rst336 首次挂载时将全部数字签名替换为 HMAC,其处理逻辑与 IMA/EVM 子系统应对此类情
/linux/Documentation/security/tpm/
H A Dxen-tpmfront.rst121 In order to use features such as IMA that require a TPM to be loaded prior to
/linux/Documentation/admin-guide/LSM/
H A Dipe.rst598 An example of such is loading IMA policies by writing the path
603 Controls loading IMA certificates through the Kconfigs,
807 IMA, and Loadpin.
809 IMA and IPE are functionally very similar. The significant difference between
/linux/Documentation/userspace-api/
H A Dcheck_exec.rst130 user session) where scripts' integrity is verified (e.g. with IMA/EVM or
/linux/security/
H A DKconfig97 various security modules (AppArmor, IMA, SafeSetID, TOMOYO, TPM).
/linux/Documentation/arch/x86/
H A Dintel_txt.rst64 Measurement Architecture (IMA) and Linux Integrity Module interface
/linux/lib/
H A DKconfig462 which is used by IMA/EVM digital signature extension.
/linux/Documentation/admin-guide/
H A Dkernel-parameters.txt24 IMA Integrity measurement architecture is enabled.
2337 ima_appraise= [IMA] appraise integrity measurements
2341 ima_appraise_tcb [IMA] Deprecated. Use ima_policy= instead.
2345 ima_canonical_fmt [IMA]
2349 ima_hash= [IMA]
2357 ima_policy= [IMA]
2358 The builtin policies to load during IMA setup.
2382 ima_tcb [IMA] Deprecated. Use ima_policy= instead.
2384 Computing Base. This means IMA will measure all
2388 ima_template= [IMA]
[all …]
/linux/arch/loongarch/
H A DKconfig643 select HAVE_IMA_KEXEC if IMA
/linux/arch/powerpc/
H A DKconfig646 select HAVE_IMA_KEXEC if IMA
/linux/
H A DMAINTAINERS12669 INTEGRITY MEASUREMENT ARCHITECTURE (IMA)