Home
last modified time | relevance | path

Searched refs:IMA (Results 1 – 25 of 27) sorted by relevance

12

/linux/security/integrity/ima/
H A DKconfig4 config IMA config
5 bool "Integrity Measurement Architecture(IMA)"
19 Measurement Architecture(IMA) maintains a list of hash
25 If your system has a TPM chip, then IMA also maintains
30 to learn more about IMA.
33 if IMA
36 bool "Enable carrying the IMA measurement list across a soft boot"
41 a TPM's quote after a soft boot, the IMA measurement list of the
44 Depending on the IMA policy, the measurement list can grow to
53 that IMA use
[all...]
/linux/Documentation/translations/zh_CN/security/
H A Dipe.rst29 1. IMA + EVM Signatures
33 中,最终选择DM-Verity而非IMA+EVM作为完整性机制,主
38 * 使用IMA+EVM时,如果没有加密解决方案,系统很容易受到
46 在当时,这是通过强制访问控制标签来实现的,IMA策略会
58 攻击中,块设备最初报告适当的内容以供IMA哈希计算,通
71 * 不需要两个签名(IMA 然后是 EVM):一个签名可以覆盖整个
87 当时,IMA作为唯一的完整性策略机制,被用来与这些要求进行对比,
88 但未能满足所有最低要求。尽管考虑过扩展IMA以涵盖这些要求,但
91 1. 回归风险;这其中许多变更将导致对已经存在于内核的IMA进行
94 2. IMA在该系统中用于测量和证明;将测量策略与本地完整性策略
H A Dindex.rst31 * IMA-templates
/linux/Documentation/admin-guide/device-mapper/
H A Ddm-ima.rst26 IMA kernel subsystem provides the necessary functionality for
34 Setting the IMA Policy:
36 For IMA to measure the data on a given system, the IMA policy on the
45 The measurements will be reflected in the IMA logs, which are located at:
52 Then IMA ASCII measurement log has the following format:
61 TEMPLATE_DATA_DIGEST := Template data digest of the IMA record.
76 | The DM target data measured by IMA subsystem can alternatively
84 | To support recording duplicate IMA events in the IMA log, the Kernel needs to be configured with
89 Following device state changes will trigger IMA measurements:
103 The IMA measurement log has the following format for 'dm_table_load':
[all …]
/linux/drivers/misc/sgi-gru/
H A Dgrukservices.c97 #define IMA IMA_CB_DELAY macro
589 gru_mesq(cb, mqd->mq_gpa, gru_get_tri(mhdr), 1, IMA); in send_noop_message()
615 IMA); in send_noop_message()
657 gru_gamir(cb, EOP_IR_CLR, HSTATUS(mqd->mq_gpa, half), XTYPE_DW, IMA); in send_message_queue_full()
669 XTYPE_DW, IMA); in send_message_queue_full()
680 IMA); in send_message_queue_full()
688 IMA); in send_message_queue_full()
712 gru_vset(cb, m, 0, XTYPE_CL, lines, 1, IMA); in send_message_put_nacked()
716 gru_vstore(cb, m, gru_get_tri(mesg), XTYPE_CL, lines, 1, IMA); in send_message_put_nacked()
819 gru_mesq(cb, mqd->mq_gpa, gru_get_tri(mhdr), clines, IMA); in gru_send_message_gpa()
[all …]
/linux/Documentation/security/
H A DIMA-templates.rst2 IMA Template Management Mechanism
13 necessary to extend the current version of IMA by defining additional
24 management from the remaining IMA code. The core of this solution is the
35 parameter. At boot time, IMA initializes the chosen template descriptor
39 After the initialization step, IMA will call ``ima_alloc_init_template()``
H A Dindex.rst10 IMA-templates
H A Dipe.rst26 1. IMA + EVM Signatures
30 over IMA+EVM as the *integrity mechanism* in the original use case of IPE
35 * With IMA+EVM, without an encryption solution, the system is vulnerable
43 At the time, this was done with mandatory access control labels. An IMA
56 the block device reports the appropriate content for the IMA hash
70 * No need for two signatures (IMA, then EVM): one signature covers
89 IMA, as the only integrity policy mechanism at the time, was
91 all of the minimum requirements. Extending IMA to cover these
96 dramatic code changes to IMA, which is already present in the
99 2. IMA was used in the system for measurement and attestation;
H A Ddigsig.rst20 Currently digital signatures are used by the IMA/EVM integrity protection subsystem.
/linux/Documentation/ABI/testing/
H A Dima_policy6 Measurement Architecture(IMA) maintains a list of hash
15 IMA appraisal, if configured, uses these file measurements
66 regular IMA file hash.
70 template:= name of a defined IMA template type
/linux/security/integrity/
H A DKconfig10 Measurement Architecture (IMA), Extended Verification Module
11 (EVM), IMA-appraisal extension, digital signature verification
/linux/Documentation/filesystems/
H A Dfsverity.rst83 - Integrity Measurement Architecture (IMA). IMA supports fs-verity
85 "IMA appraisal" enforces that files contain a valid, matching
87 by the IMA policy. For more information, see the IMA documentation.
148 is not needed for IMA appraisal, and it is not needed if the file
460 alternatives (such as userspace signature verification, and IMA
561 Note: IMA appraisal, which supports fs-verity, does not use PKCS#7
563 here. IMA appraisal does use X.509.
754 :Q: Why isn't fs-verity part of IMA?
755 :A: fs-verity and IMA (Integrity Measurement Architecture) have
757 hashing individual files using a Merkle tree. In contrast, IMA
[all …]
/linux/fs/verity/
H A DKconfig42 IMA appraisal) can be much better. For details about the
/linux/Documentation/translations/zh_CN/filesystems/
H A Dubifs-authentication.rst336 首次挂载时将全部数字签名替换为 HMAC,其处理逻辑与 IMA/EVM 子系统应对此类情
/linux/Documentation/security/tpm/
H A Dxen-tpmfront.rst121 In order to use features such as IMA that require a TPM to be loaded prior to
/linux/Documentation/admin-guide/LSM/
H A Dipe.rst598 An example of such is loading IMA policies by writing the path
603 Controls loading IMA certificates through the Kconfigs,
807 IMA, and Loadpin.
809 IMA and IPE are functionally very similar. The significant difference between
/linux/Documentation/userspace-api/
H A Dcheck_exec.rst130 user session) where scripts' integrity is verified (e.g. with IMA/EVM or
/linux/security/
H A DKconfig97 various security modules (AppArmor, IMA, SafeSetID, TOMOYO, TPM).
/linux/Documentation/arch/x86/
H A Dintel_txt.rst64 Measurement Architecture (IMA) and Linux Integrity Module interface
/linux/lib/
H A DKconfig475 which is used by IMA/EVM digital signature extension.
/linux/Documentation/admin-guide/
H A Dkernel-parameters.txt24 IMA Integrity measurement architecture is enabled.
2324 ima_appraise= [IMA] appraise integrity measurements
2328 ima_appraise_tcb [IMA] Deprecated. Use ima_policy= instead.
2332 ima_canonical_fmt [IMA]
2336 ima_hash= [IMA]
2344 ima_policy= [IMA]
2345 The builtin policies to load during IMA setup.
2369 ima_tcb [IMA] Deprecated. Use ima_policy= instead.
2371 Computing Base. This means IMA will measure all
2375 ima_template= [IMA]
[all …]
/linux/arch/loongarch/
H A DKconfig635 select HAVE_IMA_KEXEC if IMA
/linux/arch/powerpc/
H A DKconfig644 select HAVE_IMA_KEXEC if IMA
/linux/arch/riscv/
H A DKconfig1084 select HAVE_IMA_KEXEC if IMA
/linux/arch/arm64/
H A DKconfig1589 select HAVE_IMA_KEXEC if IMA

12