| /linux/security/integrity/ima/ |
| H A D | Makefile | 7 obj-$(CONFIG_IMA) += ima.o ima_iint.o
9 ima-y := ima_fs.o ima_queue.o ima_init.o ima_main.o ima_crypto.o ima_api.o \
11 ima-$(CONFIG_IMA_APPRAISE) += ima_appraise.o
12 ima-$(CONFIG_IMA_APPRAISE_MODSIG) += ima_modsig.o
13 ima-$(CONFIG_HAVE_IMA_KEXEC) += ima_kexec.o
14 ima-$(CONFIG_IMA_BLACKLIST_KEYRING) += ima_mok.o
15 ima-$(CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS) += ima_asymmetric_keys.o
16 ima-$(CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS) += ima_queue_keys.o
19 ima-$(CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT) += ima_efi.o
|
| H A D | Kconfig | 69 The original 'ima' measurement list template contains a
71 limited to 255 characters. The 'ima-ng' measurement list
77 bool "ima-ng (default)"
79 bool "ima-sig"
84 default "ima-ng" if IMA_NG_TEMPLATE
85 default "ima-sig" if IMA_SIG_TEMPLATE
155 <http://linux-ima.sourceforge.net>
276 bool "Load X509 certificate onto the '.ima' trusted keyring"
281 loaded on the .ima trusted keyring. These public keys are
284 loading from the kernel onto the '.ima' truste
[all...] |
| H A D | ima_main.c | 26 #include <linux/ima.h>
32 #include "ima.h"
51 pr_info("Warning: ima setup option only permitted in kdump"); in ima_setup()
60 pr_err("Invalid ima setup option: \"%s\" , please specify ima=on|off.", str); in ima_setup()
64 __setup("ima=", ima_setup);
387 /* read 'security.ima' */ in process_measurement()
1301 .name = "ima", in init_ima_lsm()
1317 DEFINE_LSM(ima) = {
|
| /linux/Documentation/ABI/testing/ |
| H A D | ima_policy | 1 What: /sys/kernel/security/*/ima/policy
10 Policies are loaded into the securityfs file ima/policy
13 the file ima/policy is closed.
58 stored in security.ima xattr. Requires
68 (eg, .builtin_trusted_keys|.ima). Only valid
71 (eg, ima-ng). Only valid when action is "measure".
78 files where the security.ima xattr was hashed with one
156 keys added to .builtin_trusted_keys or .ima keyring:
158 measure func=KEY_CHECK keyrings=.builtin_trusted_keys|.ima
162 security.ima xattr of a file:
[all …]
|
| H A D | evm | 94 core/ima-setup) have support for loading keys at boot
|
| /linux/Documentation/security/ |
| H A D | IMA-templates.rst | 9 The original ``ima`` template is fixed length, containing the filedata hash
51 The functions ``ima[_ascii]_measurements_show()`` retrieve, for each entry,
70 - 'd-ngv2': same as d-ng, but prefixed with the "ima" or "verity" digest type
75 or the EVM portable signature, if 'security.ima' contains a file hash.
90 - "ima": its format is ``d|n``;
91 - "ima-ng" (default): its format is ``d-ng|n-ng``;
92 - "ima-ngv2": its format is ``d-ngv2|n-ng``;
93 - "ima-sig": its format is ``d-ng|n-ng|sig``;
94 - "ima-sigv2": its format is ``d-ngv2|n-ng|sig``;
95 - "ima-buf": its format is ``d-ng|n-ng|buf``;
[all …]
|
| /linux/Documentation/admin-guide/device-mapper/ |
| H A D | dm-ima.rst | 2 dm-ima
42 /etc/ima/ima-policy
43 measure func=CRITICAL_DATA label=device-mapper template=ima-buf
49 /sys/kernel/security/integrity/ima/ascii_runtime_measurements
50 /sys/kernel/security/integrity/ima/binary_runtime_measurements
62 TEMPLATE_NAME := Template name that registered the integrity value (e.g. ima-buf).
159 …10 a8c5ff755561c7a28146389d1514c318592af49a ima-buf sha256:4d73481ecce5eadba8ab084640d85bb9ca899af…
200 …10 56c00cc062ffc24ccd9ac2d67d194af3282b934e ima-buf sha256:e7d12c03b958b4e0e53e7363a06376be88d98a1…
238 …10 790e830a3a7a31590824ac0642b3b31c2d0e8b38 ima-buf sha256:ab9f3c959367a8f5d4403d6ce9c3627dadfa8f9…
272 …10 77d347408f557f68f0041acb0072946bb2367fe5 ima-buf sha256:42f9ca22163fdfa548e6229dece2959bc5ce295…
[all …]
|
| /linux/arch/x86/kernel/ |
| H A D | kexec-bzimage64.c | 255 struct ima_setup_data *ima; in setup_ima_state() local
261 sd->len = sizeof(*ima); in setup_ima_state()
263 ima = (void *)sd + sizeof(struct setup_data); in setup_ima_state()
264 ima->addr = image->ima_buffer_addr; in setup_ima_state()
265 ima->size = image->ima_buffer_size; in setup_ima_state()
|
| /linux/drivers/misc/sgi-gru/ |
| H A D | gru_instructions.h | 90 unsigned char ima: 3; /* CB_DelRep, unmapped mode */ member
305 unsigned long idef2, unsigned char ima) in __opdword() argument
312 (ima << GRU_CB_IMA_SHFT) | in __opdword()
616 unsigned int ima :3; member
|
| /linux/security/integrity/ |
| H A D | Kconfig | 27 of the different use cases - evm, ima, and modules.
52 This option requires that all keys added to the .ima and
134 source "security/integrity/ima/Kconfig"
|
| H A D | Makefile | 22 obj-$(CONFIG_IMA) += ima/
|
| /linux/security/selinux/ |
| H A D | Makefile | 25 selinux-$(CONFIG_IMA) += ima.o
|
| /linux/tools/testing/selftests/kexec/ |
| H A D | kexec_common_lib.sh | 204 local ima_policy=$SECURITYFS/ima/policy
|
| H A D | test_kexec_file_load.sh | 85 line=$(getfattr -n security.ima -e hex --absolute-names $KERNEL_IMAGE 2>&1)
|
| /linux/security/integrity/evm/ |
| H A D | Kconfig | 39 security.SMACK64, security.capability, and security.ima) included
|
| /linux/tools/testing/selftests/bpf/prog_tests/ |
| H A D | test_ima.c | 74 struct ima *skel = NULL; in test_test_ima()
|
| /linux/Documentation/arch/powerpc/ |
| H A D | imc.rst | 49 https://github.com/open-power/ima-catalog
|
| /linux/Documentation/admin-guide/LSM/ |
| H A D | ipe.rst | 599 to the policy file to ``$securityfs/ima/policy``
|
| /linux/Documentation/admin-guide/ |
| H A D | kernel-parameters.txt | 2390 Formats: { "ima" | "ima-ng" | "ima-ngv2" | "ima-sig" |
2391 "ima-sigv2" }
2392 Default: "ima-ng"
2398 ima.ahash_minsize= [IMA] Minimum file size for asynchronous hash usage
2407 ima.ahash_bufsize= [IMA] Asynchronous hash buffer size
2415 ima= [IMA] Enable or disable IMA
|
| /linux/ |
| H A D | MAINTAINERS | 12667 F: security/integrity/ima/
|