100d43995STushar Sugandhi====== 200d43995STushar Sugandhidm-ima 300d43995STushar Sugandhi====== 400d43995STushar Sugandhi 500d43995STushar SugandhiFor a given system, various external services/infrastructure tools 600d43995STushar Sugandhi(including the attestation service) interact with it - both during the 700d43995STushar Sugandhisetup and during rest of the system run-time. They share sensitive data 800d43995STushar Sugandhiand/or execute critical workload on that system. The external services 900d43995STushar Sugandhimay want to verify the current run-time state of the relevant kernel 1000d43995STushar Sugandhisubsystems before fully trusting the system with business-critical 1100d43995STushar Sugandhidata/workload. 1200d43995STushar Sugandhi 1300d43995STushar SugandhiDevice mapper plays a critical role on a given system by providing 1400d43995STushar Sugandhivarious important functionalities to the block devices using various 1500d43995STushar Sugandhitarget types like crypt, verity, integrity etc. Each of these target 1600d43995STushar Sugandhitypes’ functionalities can be configured with various attributes. 1700d43995STushar SugandhiThe attributes chosen to configure these target types can significantly 1800d43995STushar Sugandhiimpact the security profile of the block device, and in-turn, of the 1900d43995STushar Sugandhisystem itself. For instance, the type of encryption algorithm and the 2000d43995STushar Sugandhikey size determines the strength of encryption for a given block device. 2100d43995STushar Sugandhi 2200d43995STushar SugandhiTherefore, verifying the current state of various block devices as well 2300d43995STushar Sugandhias their various target attributes is crucial for external services before 2400d43995STushar Sugandhifully trusting the system with business-critical data/workload. 2500d43995STushar Sugandhi 2600d43995STushar SugandhiIMA kernel subsystem provides the necessary functionality for 2700d43995STushar Sugandhidevice mapper to measure the state and configuration of 2800d43995STushar Sugandhivarious block devices - 29*17bfa968STushar Sugandhi 30*17bfa968STushar Sugandhi- by device mapper itself, from within the kernel, 3100d43995STushar Sugandhi- in a tamper resistant way, 3200d43995STushar Sugandhi- and re-measured - triggered on state/configuration change. 3300d43995STushar Sugandhi 3400d43995STushar SugandhiSetting the IMA Policy: 3500d43995STushar Sugandhi======================= 3600d43995STushar SugandhiFor IMA to measure the data on a given system, the IMA policy on the 3700d43995STushar Sugandhisystem needs to be updated to have following line, and the system needs 3800d43995STushar Sugandhito be restarted for the measurements to take effect. 3900d43995STushar Sugandhi 40*17bfa968STushar Sugandhi:: 41*17bfa968STushar Sugandhi 4200d43995STushar Sugandhi /etc/ima/ima-policy 4300d43995STushar Sugandhi measure func=CRITICAL_DATA label=device-mapper template=ima-buf 4400d43995STushar Sugandhi 4500d43995STushar SugandhiThe measurements will be reflected in the IMA logs, which are located at: 4600d43995STushar Sugandhi 47*17bfa968STushar Sugandhi:: 48*17bfa968STushar Sugandhi 4900d43995STushar Sugandhi /sys/kernel/security/integrity/ima/ascii_runtime_measurements 5000d43995STushar Sugandhi /sys/kernel/security/integrity/ima/binary_runtime_measurements 5100d43995STushar Sugandhi 5200d43995STushar SugandhiThen IMA ASCII measurement log has the following format: 53*17bfa968STushar Sugandhi 54*17bfa968STushar Sugandhi:: 55*17bfa968STushar Sugandhi 56*17bfa968STushar Sugandhi <PCR> <TEMPLATE_DATA_DIGEST> <TEMPLATE_NAME> <TEMPLATE_DATA> 5700d43995STushar Sugandhi 5800d43995STushar Sugandhi PCR := Platform Configuration Register, in which the values are registered. 5900d43995STushar Sugandhi This is applicable if TPM chip is in use. 60*17bfa968STushar Sugandhi 61*17bfa968STushar Sugandhi TEMPLATE_DATA_DIGEST := Template data digest of the IMA record. 62*17bfa968STushar Sugandhi TEMPLATE_NAME := Template name that registered the integrity value (e.g. ima-buf). 63*17bfa968STushar Sugandhi 64*17bfa968STushar Sugandhi TEMPLATE_DATA := <ALG> ":" <EVENT_DIGEST> <EVENT_NAME> <EVENT_DATA> 65*17bfa968STushar Sugandhi It contains data for the specific event to be measured, 66*17bfa968STushar Sugandhi in a given template data format. 67*17bfa968STushar Sugandhi 68*17bfa968STushar Sugandhi ALG := Algorithm to compute event digest 69*17bfa968STushar Sugandhi EVENT_DIGEST := Digest of the event data 70*17bfa968STushar Sugandhi EVENT_NAME := Description of the event (e.g. 'dm_table_load'). 7100d43995STushar Sugandhi EVENT_DATA := The event data to be measured. 7200d43995STushar Sugandhi 73*17bfa968STushar Sugandhi| 74*17bfa968STushar Sugandhi 75*17bfa968STushar Sugandhi| *NOTE #1:* 76*17bfa968STushar Sugandhi| The DM target data measured by IMA subsystem can alternatively 7700d43995STushar Sugandhi be queried from userspace by setting DM_IMA_MEASUREMENT_FLAG with 7800d43995STushar Sugandhi DM_TABLE_STATUS_CMD. 7900d43995STushar Sugandhi 80*17bfa968STushar Sugandhi| 81*17bfa968STushar Sugandhi 82*17bfa968STushar Sugandhi| *NOTE #2:* 83*17bfa968STushar Sugandhi| The Kernel configuration CONFIG_IMA_DISABLE_HTABLE allows measurement of duplicate records. 84*17bfa968STushar Sugandhi| To support recording duplicate IMA events in the IMA log, the Kernel needs to be configured with 85*17bfa968STushar Sugandhi CONFIG_IMA_DISABLE_HTABLE=y. 86*17bfa968STushar Sugandhi 8700d43995STushar SugandhiSupported Device States: 8800d43995STushar Sugandhi======================== 89*17bfa968STushar SugandhiFollowing device state changes will trigger IMA measurements: 9000d43995STushar Sugandhi 91*17bfa968STushar Sugandhi 1. Table load 92*17bfa968STushar Sugandhi #. Device resume 93*17bfa968STushar Sugandhi #. Device remove 94*17bfa968STushar Sugandhi #. Table clear 95*17bfa968STushar Sugandhi #. Device rename 96*17bfa968STushar Sugandhi 97*17bfa968STushar Sugandhi1. Table load: 9800d43995STushar Sugandhi--------------- 9900d43995STushar SugandhiWhen a new table is loaded in a device's inactive table slot, 10000d43995STushar Sugandhithe device information and target specific details from the 10100d43995STushar Sugandhitargets in the table are measured. 10200d43995STushar Sugandhi 103*17bfa968STushar SugandhiThe IMA measurement log has the following format for 'dm_table_load': 104*17bfa968STushar Sugandhi 105*17bfa968STushar Sugandhi:: 106*17bfa968STushar Sugandhi 107*17bfa968STushar Sugandhi EVENT_NAME := "dm_table_load" 108*17bfa968STushar Sugandhi EVENT_DATA := <dm_version_str> ";" <device_metadata> ";" <table_load_data> 109*17bfa968STushar Sugandhi 110*17bfa968STushar Sugandhi dm_version_str := "dm_version=" <N> "." <N> "." <N> 111*17bfa968STushar Sugandhi Same as Device Mapper driver version. 112*17bfa968STushar Sugandhi device_metadata := <device_name> "," <device_uuid> "," <device_major> "," <device_minor> "," 113*17bfa968STushar Sugandhi <minor_count> "," <num_device_targets> ";" 114*17bfa968STushar Sugandhi 115*17bfa968STushar Sugandhi device_name := "name=" <dm-device-name> 116*17bfa968STushar Sugandhi device_uuid := "uuid=" <dm-device-uuid> 117*17bfa968STushar Sugandhi device_major := "major=" <N> 118*17bfa968STushar Sugandhi device_minor := "minor=" <N> 119*17bfa968STushar Sugandhi minor_count := "minor_count=" <N> 120*17bfa968STushar Sugandhi num_device_targets := "num_targets=" <N> 121*17bfa968STushar Sugandhi dm-device-name := Name of the device. If it contains special characters like '\', ',', ';', 122*17bfa968STushar Sugandhi they are prefixed with '\'. 123*17bfa968STushar Sugandhi dm-device-uuid := UUID of the device. If it contains special characters like '\', ',', ';', 124*17bfa968STushar Sugandhi they are prefixed with '\'. 125*17bfa968STushar Sugandhi 126*17bfa968STushar Sugandhi table_load_data := <target_data> 127*17bfa968STushar Sugandhi Represents the data (as name=value pairs) from various targets in the table, 128*17bfa968STushar Sugandhi which is being loaded into the DM device's inactive table slot. 129*17bfa968STushar Sugandhi target_data := <target_data_row> | <target_data><target_data_row> 130*17bfa968STushar Sugandhi 131*17bfa968STushar Sugandhi target_data_row := <target_index> "," <target_begin> "," <target_len> "," <target_name> "," 132*17bfa968STushar Sugandhi <target_version> "," <target_attributes> ";" 133*17bfa968STushar Sugandhi target_index := "target_index=" <N> 134*17bfa968STushar Sugandhi Represents nth target in the table (from 0 to N-1 targets specified in <num_device_targets>) 135*17bfa968STushar Sugandhi If all the data for N targets doesn't fit in the given buffer - then the data that fits 136*17bfa968STushar Sugandhi in the buffer (say from target 0 to x) is measured in a given IMA event. 137*17bfa968STushar Sugandhi The remaining data from targets x+1 to N-1 is measured in the subsequent IMA events, 138*17bfa968STushar Sugandhi with the same format as that of 'dm_table_load' 139*17bfa968STushar Sugandhi i.e. <dm_version_str> ";" <device_metadata> ";" <table_load_data>. 140*17bfa968STushar Sugandhi 141*17bfa968STushar Sugandhi target_begin := "target_begin=" <N> 142*17bfa968STushar Sugandhi target_len := "target_len=" <N> 143*17bfa968STushar Sugandhi target_name := Name of the target. 'linear', 'crypt', 'integrity' etc. 144*17bfa968STushar Sugandhi The targets that are supported for IMA measurements are documented below in the 145*17bfa968STushar Sugandhi 'Supported targets' section. 146*17bfa968STushar Sugandhi target_version := "target_version=" <N> "." <N> "." <N> 147*17bfa968STushar Sugandhi target_attributes := Data containing comma separated list of name=value pairs of target specific attributes. 148*17bfa968STushar Sugandhi 14900d43995STushar Sugandhi For instance, if a linear device is created with the following table entries, 15000d43995STushar Sugandhi # dmsetup create linear1 15100d43995STushar Sugandhi 0 2 linear /dev/loop0 512 15200d43995STushar Sugandhi 2 2 linear /dev/loop0 512 15300d43995STushar Sugandhi 4 2 linear /dev/loop0 512 15400d43995STushar Sugandhi 6 2 linear /dev/loop0 512 15500d43995STushar Sugandhi 156*17bfa968STushar Sugandhi Then IMA ASCII measurement log will have the following entry: 15700d43995STushar Sugandhi (converted from ASCII to text for readability) 158*17bfa968STushar Sugandhi 15900d43995STushar Sugandhi 10 a8c5ff755561c7a28146389d1514c318592af49a ima-buf sha256:4d73481ecce5eadba8ab084640d85bb9ca899af4d0a122989252a76efadc5b72 160*17bfa968STushar Sugandhi dm_table_load 161*17bfa968STushar Sugandhi dm_version=4.45.0; 16200d43995STushar Sugandhi name=linear1,uuid=,major=253,minor=0,minor_count=1,num_targets=4; 16300d43995STushar Sugandhi target_index=0,target_begin=0,target_len=2,target_name=linear,target_version=1.4.0,device_name=7:0,start=512; 16400d43995STushar Sugandhi target_index=1,target_begin=2,target_len=2,target_name=linear,target_version=1.4.0,device_name=7:0,start=512; 16500d43995STushar Sugandhi target_index=2,target_begin=4,target_len=2,target_name=linear,target_version=1.4.0,device_name=7:0,start=512; 16600d43995STushar Sugandhi target_index=3,target_begin=6,target_len=2,target_name=linear,target_version=1.4.0,device_name=7:0,start=512; 16700d43995STushar Sugandhi 168*17bfa968STushar Sugandhi2. Device resume: 16900d43995STushar Sugandhi------------------ 170*17bfa968STushar SugandhiWhen a suspended device is resumed, the device information and the hash of the 17100d43995STushar Sugandhidata from previous load of an active table are measured. 17200d43995STushar Sugandhi 173*17bfa968STushar SugandhiThe IMA measurement log has the following format for 'dm_device_resume': 174*17bfa968STushar Sugandhi 175*17bfa968STushar Sugandhi:: 176*17bfa968STushar Sugandhi 177*17bfa968STushar Sugandhi EVENT_NAME := "dm_device_resume" 178*17bfa968STushar Sugandhi EVENT_DATA := <dm_version_str> ";" <device_metadata> ";" <active_table_hash> ";" <current_device_capacity> ";" 179*17bfa968STushar Sugandhi 180*17bfa968STushar Sugandhi dm_version_str := As described in the 'Table load' section above. 181*17bfa968STushar Sugandhi device_metadata := As described in the 'Table load' section above. 182*17bfa968STushar Sugandhi active_table_hash := "active_table_hash=" <table_hash_alg> ":" <table_hash> 183*17bfa968STushar Sugandhi Rerpresents the hash of the IMA data being measured for the 184*17bfa968STushar Sugandhi active table for the device. 185*17bfa968STushar Sugandhi table_hash_alg := Algorithm used to compute the hash. 186*17bfa968STushar Sugandhi table_hash := Hash of the (<dm_version_str> ";" <device_metadata> ";" <table_load_data> ";") 187*17bfa968STushar Sugandhi as described in the 'dm_table_load' above. 188*17bfa968STushar Sugandhi Note: If the table_load data spans across multiple IMA 'dm_table_load' 189*17bfa968STushar Sugandhi events for a given device, the hash is computed combining all the event data 190*17bfa968STushar Sugandhi i.e. (<dm_version_str> ";" <device_metadata> ";" <table_load_data> ";") 191*17bfa968STushar Sugandhi across all those events. 192*17bfa968STushar Sugandhi current_device_capacity := "current_device_capacity=" <N> 193*17bfa968STushar Sugandhi 19400d43995STushar Sugandhi For instance, if a linear device is resumed with the following command, 19500d43995STushar Sugandhi #dmsetup resume linear1 19600d43995STushar Sugandhi 197*17bfa968STushar Sugandhi then IMA ASCII measurement log will have an entry with: 19800d43995STushar Sugandhi (converted from ASCII to text for readability) 19900d43995STushar Sugandhi 200*17bfa968STushar Sugandhi 10 56c00cc062ffc24ccd9ac2d67d194af3282b934e ima-buf sha256:e7d12c03b958b4e0e53e7363a06376be88d98a1ac191fdbd3baf5e4b77f329b6 201*17bfa968STushar Sugandhi dm_device_resume 202*17bfa968STushar Sugandhi dm_version=4.45.0; 203*17bfa968STushar Sugandhi name=linear1,uuid=,major=253,minor=0,minor_count=1,num_targets=4; 204*17bfa968STushar Sugandhi active_table_hash=sha256:4d73481ecce5eadba8ab084640d85bb9ca899af4d0a122989252a76efadc5b72;current_device_capacity=8; 205*17bfa968STushar Sugandhi 206*17bfa968STushar Sugandhi3. Device remove: 20700d43995STushar Sugandhi------------------ 20800d43995STushar SugandhiWhen a device is removed, the device information and a sha256 hash of the 20900d43995STushar Sugandhidata from an active and inactive table are measured. 21000d43995STushar Sugandhi 211*17bfa968STushar SugandhiThe IMA measurement log has the following format for 'dm_device_remove': 212*17bfa968STushar Sugandhi 213*17bfa968STushar Sugandhi:: 214*17bfa968STushar Sugandhi 215*17bfa968STushar Sugandhi EVENT_NAME := "dm_device_remove" 216*17bfa968STushar Sugandhi EVENT_DATA := <dm_version_str> ";" <device_active_metadata> ";" <device_inactive_metadata> ";" 217*17bfa968STushar Sugandhi <active_table_hash> "," <inactive_table_hash> "," <remove_all> ";" <current_device_capacity> ";" 218*17bfa968STushar Sugandhi 219*17bfa968STushar Sugandhi dm_version_str := As described in the 'Table load' section above. 220*17bfa968STushar Sugandhi device_active_metadata := Device metadata that reflects the currently loaded active table. 221*17bfa968STushar Sugandhi The format is same as 'device_metadata' described in the 'Table load' section above. 222*17bfa968STushar Sugandhi device_inactive_metadata := Device metadata that reflects the inactive table. 223*17bfa968STushar Sugandhi The format is same as 'device_metadata' described in the 'Table load' section above. 224*17bfa968STushar Sugandhi active_table_hash := Hash of the currently loaded active table. 225*17bfa968STushar Sugandhi The format is same as 'active_table_hash' described in the 'Device resume' section above. 226*17bfa968STushar Sugandhi inactive_table_hash := Hash of the inactive table. 227*17bfa968STushar Sugandhi The format is same as 'active_table_hash' described in the 'Device resume' section above. 228*17bfa968STushar Sugandhi remove_all := "remove_all=" <yes_no> 229*17bfa968STushar Sugandhi yes_no := "y" | "n" 230*17bfa968STushar Sugandhi current_device_capacity := "current_device_capacity=" <N> 231*17bfa968STushar Sugandhi 23200d43995STushar Sugandhi For instance, if a linear device is removed with the following command, 233*17bfa968STushar Sugandhi #dmsetup remove l1 23400d43995STushar Sugandhi 235*17bfa968STushar Sugandhi then IMA ASCII measurement log will have the following entry: 23600d43995STushar Sugandhi (converted from ASCII to text for readability) 23700d43995STushar Sugandhi 238*17bfa968STushar Sugandhi 10 790e830a3a7a31590824ac0642b3b31c2d0e8b38 ima-buf sha256:ab9f3c959367a8f5d4403d6ce9c3627dadfa8f9f0e7ec7899299782388de3840 239*17bfa968STushar Sugandhi dm_device_remove 240*17bfa968STushar Sugandhi dm_version=4.45.0; 241*17bfa968STushar Sugandhi device_active_metadata=name=l1,uuid=,major=253,minor=2,minor_count=1,num_targets=2; 242*17bfa968STushar Sugandhi device_inactive_metadata=name=l1,uuid=,major=253,minor=2,minor_count=1,num_targets=1; 243*17bfa968STushar Sugandhi active_table_hash=sha256:4a7e62efaebfc86af755831998b7db6f59b60d23c9534fb16a4455907957953a, 244*17bfa968STushar Sugandhi inactive_table_hash=sha256:9d79c175bc2302d55a183e8f50ad4bafd60f7692fd6249e5fd213e2464384b86,remove_all=n; 245*17bfa968STushar Sugandhi current_device_capacity=2048; 24600d43995STushar Sugandhi 247*17bfa968STushar Sugandhi4. Table clear: 24800d43995STushar Sugandhi---------------- 24900d43995STushar SugandhiWhen an inactive table is cleared from the device, the device information and a sha256 hash of the 25000d43995STushar Sugandhidata from an inactive table are measured. 25100d43995STushar Sugandhi 252*17bfa968STushar SugandhiThe IMA measurement log has the following format for 'dm_table_clear': 25300d43995STushar Sugandhi 254*17bfa968STushar Sugandhi:: 25500d43995STushar Sugandhi 256*17bfa968STushar Sugandhi EVENT_NAME := "dm_table_clear" 257*17bfa968STushar Sugandhi EVENT_DATA := <dm_version_str> ";" <device_inactive_metadata> ";" <inactive_table_hash> ";" <current_device_capacity> ";" 25800d43995STushar Sugandhi 259*17bfa968STushar Sugandhi dm_version_str := As described in the 'Table load' section above. 260*17bfa968STushar Sugandhi device_inactive_metadata := Device metadata that was captured during the load time inactive table being cleared. 261*17bfa968STushar Sugandhi The format is same as 'device_metadata' described in the 'Table load' section above. 262*17bfa968STushar Sugandhi inactive_table_hash := Hash of the inactive table being cleared from the device. 263*17bfa968STushar Sugandhi The format is same as 'active_table_hash' described in the 'Device resume' section above. 264*17bfa968STushar Sugandhi current_device_capacity := "current_device_capacity=" <N> 265*17bfa968STushar Sugandhi 266*17bfa968STushar Sugandhi For instance, if a linear device's inactive table is cleared, 267*17bfa968STushar Sugandhi #dmsetup clear l1 268*17bfa968STushar Sugandhi 269*17bfa968STushar Sugandhi then IMA ASCII measurement log will have an entry with: 27000d43995STushar Sugandhi (converted from ASCII to text for readability) 27100d43995STushar Sugandhi 272*17bfa968STushar Sugandhi 10 77d347408f557f68f0041acb0072946bb2367fe5 ima-buf sha256:42f9ca22163fdfa548e6229dece2959bc5ce295c681644240035827ada0e1db5 273*17bfa968STushar Sugandhi dm_table_clear 274*17bfa968STushar Sugandhi dm_version=4.45.0; 275*17bfa968STushar Sugandhi name=l1,uuid=,major=253,minor=2,minor_count=1,num_targets=1; 276*17bfa968STushar Sugandhi inactive_table_hash=sha256:75c0dc347063bf474d28a9907037eba060bfe39d8847fc0646d75e149045d545;current_device_capacity=1024; 27700d43995STushar Sugandhi 278*17bfa968STushar Sugandhi5. Device rename: 27900d43995STushar Sugandhi------------------ 28000d43995STushar SugandhiWhen an device's NAME or UUID is changed, the device information and the new NAME and UUID 28100d43995STushar Sugandhiare measured. 28200d43995STushar Sugandhi 283*17bfa968STushar SugandhiThe IMA measurement log has the following format for 'dm_device_rename': 28400d43995STushar Sugandhi 285*17bfa968STushar Sugandhi:: 28600d43995STushar Sugandhi 287*17bfa968STushar Sugandhi EVENT_NAME := "dm_device_rename" 288*17bfa968STushar Sugandhi EVENT_DATA := <dm_version_str> ";" <device_active_metadata> ";" <new_device_name> "," <new_device_uuid> ";" <current_device_capacity> ";" 289*17bfa968STushar Sugandhi 290*17bfa968STushar Sugandhi dm_version_str := As described in the 'Table load' section above. 291*17bfa968STushar Sugandhi device_active_metadata := Device metadata that reflects the currently loaded active table. 292*17bfa968STushar Sugandhi The format is same as 'device_metadata' described in the 'Table load' section above. 293*17bfa968STushar Sugandhi new_device_name := "new_name=" <dm-device-name> 294*17bfa968STushar Sugandhi dm-device-name := Same as <dm-device-name> described in 'Table load' section above 295*17bfa968STushar Sugandhi new_device_uuid := "new_uuid=" <dm-device-uuid> 296*17bfa968STushar Sugandhi dm-device-uuid := Same as <dm-device-uuid> described in 'Table load' section above 297*17bfa968STushar Sugandhi current_device_capacity := "current_device_capacity=" <N> 298*17bfa968STushar Sugandhi 299*17bfa968STushar Sugandhi E.g 1: if a linear device's name is changed with the following command, 30000d43995STushar Sugandhi #dmsetup rename linear1 --setuuid 1234-5678 30100d43995STushar Sugandhi 302*17bfa968STushar Sugandhi then IMA ASCII measurement log will have an entry with: 30300d43995STushar Sugandhi (converted from ASCII to text for readability) 30400d43995STushar Sugandhi 305*17bfa968STushar Sugandhi 10 8b0423209b4c66ac1523f4c9848c9b51ee332f48 ima-buf sha256:6847b7258134189531db593e9230b257c84f04038b5a18fd2e1473860e0569ac 306*17bfa968STushar Sugandhi dm_device_rename 307*17bfa968STushar Sugandhi dm_version=4.45.0; 308*17bfa968STushar Sugandhi name=linear1,uuid=,major=253,minor=2,minor_count=1,num_targets=1;new_name=linear1,new_uuid=1234-5678; 309*17bfa968STushar Sugandhi current_device_capacity=1024; 310*17bfa968STushar Sugandhi 311*17bfa968STushar Sugandhi E.g 2: if a linear device's name is changed with the following command, 31200d43995STushar Sugandhi # dmsetup rename linear1 linear=2 31300d43995STushar Sugandhi 314*17bfa968STushar Sugandhi then IMA ASCII measurement log will have an entry with: 315*17bfa968STushar Sugandhi (converted from ASCII to text for readability) 316*17bfa968STushar Sugandhi 317*17bfa968STushar Sugandhi 10 bef70476b99c2bdf7136fae033aa8627da1bf76f ima-buf sha256:8c6f9f53b9ef9dc8f92a2f2cca8910e622543d0f0d37d484870cb16b95111402 318*17bfa968STushar Sugandhi dm_device_rename 319*17bfa968STushar Sugandhi dm_version=4.45.0; 320*17bfa968STushar Sugandhi name=linear1,uuid=1234-5678,major=253,minor=2,minor_count=1,num_targets=1; 321*17bfa968STushar Sugandhi new_name=linear\=2,new_uuid=1234-5678; 322*17bfa968STushar Sugandhi current_device_capacity=1024; 32300d43995STushar Sugandhi 32400d43995STushar SugandhiSupported targets: 32500d43995STushar Sugandhi================== 32600d43995STushar Sugandhi 327*17bfa968STushar SugandhiFollowing targets are supported to measure their data using IMA: 32800d43995STushar Sugandhi 329*17bfa968STushar Sugandhi 1. cache 330*17bfa968STushar Sugandhi #. crypt 331*17bfa968STushar Sugandhi #. integrity 332*17bfa968STushar Sugandhi #. linear 333*17bfa968STushar Sugandhi #. mirror 334*17bfa968STushar Sugandhi #. multipath 335*17bfa968STushar Sugandhi #. raid 336*17bfa968STushar Sugandhi #. snapshot 337*17bfa968STushar Sugandhi #. striped 338*17bfa968STushar Sugandhi #. verity 339*17bfa968STushar Sugandhi 340*17bfa968STushar Sugandhi1. cache 34100d43995STushar Sugandhi--------- 342*17bfa968STushar SugandhiThe 'target_attributes' (described as part of EVENT_DATA in 'Table load' 343*17bfa968STushar Sugandhisection above) has the following data format for 'cache' target. 34400d43995STushar Sugandhi 345*17bfa968STushar Sugandhi:: 34600d43995STushar Sugandhi 347*17bfa968STushar Sugandhi target_attributes := <target_name> "," <target_version> "," <metadata_mode> "," <cache_metadata_device> "," 348*17bfa968STushar Sugandhi <cache_device> "," <cache_origin_device> "," <writethrough> "," <writeback> "," 349*17bfa968STushar Sugandhi <passthrough> "," <no_discard_passdown> ";" 350*17bfa968STushar Sugandhi 351*17bfa968STushar Sugandhi target_name := "target_name=cache" 352*17bfa968STushar Sugandhi target_version := "target_version=" <N> "." <N> "." <N> 353*17bfa968STushar Sugandhi metadata_mode := "metadata_mode=" <cache_metadata_mode> 354*17bfa968STushar Sugandhi cache_metadata_mode := "fail" | "ro" | "rw" 355*17bfa968STushar Sugandhi cache_device := "cache_device=" <cache_device_name_string> 356*17bfa968STushar Sugandhi cache_origin_device := "cache_origin_device=" <cache_origin_device_string> 357*17bfa968STushar Sugandhi writethrough := "writethrough=" <yes_no> 358*17bfa968STushar Sugandhi writeback := "writeback=" <yes_no> 359*17bfa968STushar Sugandhi passthrough := "passthrough=" <yes_no> 360*17bfa968STushar Sugandhi no_discard_passdown := "no_discard_passdown=" <yes_no> 361*17bfa968STushar Sugandhi yes_no := "y" | "n" 362*17bfa968STushar Sugandhi 363*17bfa968STushar Sugandhi E.g. 364*17bfa968STushar Sugandhi When a 'cache' target is loaded, then IMA ASCII measurement log will have an entry 365*17bfa968STushar Sugandhi similar to the following, depicting what 'cache' attributes are measured in EVENT_DATA 366*17bfa968STushar Sugandhi for 'dm_table_load' event. 36700d43995STushar Sugandhi (converted from ASCII to text for readability) 368*17bfa968STushar Sugandhi 369*17bfa968STushar Sugandhi dm_version=4.45.0;name=cache1,uuid=cache_uuid,major=253,minor=2,minor_count=1,num_targets=1; 370*17bfa968STushar Sugandhi target_index=0,target_begin=0,target_len=28672,target_name=cache,target_version=2.2.0,metadata_mode=rw, 371*17bfa968STushar Sugandhi cache_metadata_device=253:4,cache_device=253:3,cache_origin_device=253:5,writethrough=y,writeback=n, 372*17bfa968STushar Sugandhi passthrough=n,metadata2=y,no_discard_passdown=n; 373*17bfa968STushar Sugandhi 374*17bfa968STushar Sugandhi 375*17bfa968STushar Sugandhi2. crypt 376*17bfa968STushar Sugandhi--------- 377*17bfa968STushar SugandhiThe 'target_attributes' (described as part of EVENT_DATA in 'Table load' 378*17bfa968STushar Sugandhisection above) has the following data format for 'crypt' target. 379*17bfa968STushar Sugandhi 380*17bfa968STushar Sugandhi:: 381*17bfa968STushar Sugandhi 382*17bfa968STushar Sugandhi target_attributes := <target_name> "," <target_version> "," <allow_discards> "," <same_cpu_crypt> "," 383*17bfa968STushar Sugandhi <submit_from_crypt_cpus> "," <no_read_workqueue> "," <no_write_workqueue> "," 384*17bfa968STushar Sugandhi <iv_large_sectors> "," <iv_large_sectors> "," [<integrity_tag_size> ","] [<cipher_auth> ","] 385*17bfa968STushar Sugandhi [<sector_size> ","] [<cipher_string> ","] <key_size> "," <key_parts> "," 386*17bfa968STushar Sugandhi <key_extra_size> "," <key_mac_size> ";" 387*17bfa968STushar Sugandhi 388*17bfa968STushar Sugandhi target_name := "target_name=crypt" 389*17bfa968STushar Sugandhi target_version := "target_version=" <N> "." <N> "." <N> 390*17bfa968STushar Sugandhi allow_discards := "allow_discards=" <yes_no> 391*17bfa968STushar Sugandhi same_cpu_crypt := "same_cpu_crypt=" <yes_no> 392*17bfa968STushar Sugandhi submit_from_crypt_cpus := "submit_from_crypt_cpus=" <yes_no> 393*17bfa968STushar Sugandhi no_read_workqueue := "no_read_workqueue=" <yes_no> 394*17bfa968STushar Sugandhi no_write_workqueue := "no_write_workqueue=" <yes_no> 395*17bfa968STushar Sugandhi iv_large_sectors := "iv_large_sectors=" <yes_no> 396*17bfa968STushar Sugandhi integrity_tag_size := "integrity_tag_size=" <N> 397*17bfa968STushar Sugandhi cipher_auth := "cipher_auth=" <string> 398*17bfa968STushar Sugandhi sector_size := "sector_size=" <N> 399*17bfa968STushar Sugandhi cipher_string := "cipher_string=" 400*17bfa968STushar Sugandhi key_size := "key_size=" <N> 401*17bfa968STushar Sugandhi key_parts := "key_parts=" <N> 402*17bfa968STushar Sugandhi key_extra_size := "key_extra_size=" <N> 403*17bfa968STushar Sugandhi key_mac_size := "key_mac_size=" <N> 404*17bfa968STushar Sugandhi yes_no := "y" | "n" 405*17bfa968STushar Sugandhi 406*17bfa968STushar Sugandhi E.g. 407*17bfa968STushar Sugandhi When a 'crypt' target is loaded, then IMA ASCII measurement log will have an entry 408*17bfa968STushar Sugandhi similar to the following, depicting what 'crypt' attributes are measured in EVENT_DATA 409*17bfa968STushar Sugandhi for 'dm_table_load' event. 410*17bfa968STushar Sugandhi (converted from ASCII to text for readability) 411*17bfa968STushar Sugandhi 412*17bfa968STushar Sugandhi dm_version=4.45.0; 413*17bfa968STushar Sugandhi name=crypt1,uuid=crypt_uuid1,major=253,minor=0,minor_count=1,num_targets=1; 41400d43995STushar Sugandhi target_index=0,target_begin=0,target_len=1953125,target_name=crypt,target_version=1.23.0, 41500d43995STushar Sugandhi allow_discards=y,same_cpu=n,submit_from_crypt_cpus=n,no_read_workqueue=n,no_write_workqueue=n, 41600d43995STushar Sugandhi iv_large_sectors=n,cipher_string=aes-xts-plain64,key_size=32,key_parts=1,key_extra_size=0,key_mac_size=0; 41700d43995STushar Sugandhi 418*17bfa968STushar Sugandhi3. integrity 41900d43995STushar Sugandhi------------- 420*17bfa968STushar SugandhiThe 'target_attributes' (described as part of EVENT_DATA in 'Table load' 421*17bfa968STushar Sugandhisection above) has the following data format for 'integrity' target. 42200d43995STushar Sugandhi 423*17bfa968STushar Sugandhi:: 42400d43995STushar Sugandhi 425*17bfa968STushar Sugandhi target_attributes := <target_name> "," <target_version> "," <dev_name> "," <start> 426*17bfa968STushar Sugandhi <tag_size> "," <mode> "," [<meta_device> ","] [<block_size> ","] <recalculate> "," 427*17bfa968STushar Sugandhi <allow_discards> "," <fix_padding> "," <fix_hmac> "," <legacy_recalculate> "," 428*17bfa968STushar Sugandhi <journal_sectors> "," <interleave_sectors> "," <buffer_sectors> ";" 42900d43995STushar Sugandhi 430*17bfa968STushar Sugandhi target_name := "target_name=integrity" 431*17bfa968STushar Sugandhi target_version := "target_version=" <N> "." <N> "." <N> 432*17bfa968STushar Sugandhi dev_name := "dev_name=" <device_name_str> 433*17bfa968STushar Sugandhi start := "start=" <N> 434*17bfa968STushar Sugandhi tag_size := "tag_size=" <N> 435*17bfa968STushar Sugandhi mode := "mode=" <integrity_mode_str> 436*17bfa968STushar Sugandhi integrity_mode_str := "J" | "B" | "D" | "R" 437*17bfa968STushar Sugandhi meta_device := "meta_device=" <meta_device_str> 438*17bfa968STushar Sugandhi block_size := "block_size=" <N> 439*17bfa968STushar Sugandhi recalculate := "recalculate=" <yes_no> 440*17bfa968STushar Sugandhi allow_discards := "allow_discards=" <yes_no> 441*17bfa968STushar Sugandhi fix_padding := "fix_padding=" <yes_no> 442*17bfa968STushar Sugandhi fix_hmac := "fix_hmac=" <yes_no> 443*17bfa968STushar Sugandhi legacy_recalculate := "legacy_recalculate=" <yes_no> 444*17bfa968STushar Sugandhi journal_sectors := "journal_sectors=" <N> 445*17bfa968STushar Sugandhi interleave_sectors := "interleave_sectors=" <N> 446*17bfa968STushar Sugandhi buffer_sectors := "buffer_sectors=" <N> 447*17bfa968STushar Sugandhi yes_no := "y" | "n" 448*17bfa968STushar Sugandhi 449*17bfa968STushar Sugandhi E.g. 450*17bfa968STushar Sugandhi When a 'integrity' target is loaded, then IMA ASCII measurement log will have an entry 451*17bfa968STushar Sugandhi similar to the following, depicting what 'integrity' attributes are measured in EVENT_DATA 452*17bfa968STushar Sugandhi for 'dm_table_load' event. 45300d43995STushar Sugandhi (converted from ASCII to text for readability) 45400d43995STushar Sugandhi 455*17bfa968STushar Sugandhi dm_version=4.45.0; 456*17bfa968STushar Sugandhi name=integrity1,uuid=,major=253,minor=1,minor_count=1,num_targets=1; 457*17bfa968STushar Sugandhi target_index=0,target_begin=0,target_len=7856,target_name=integrity,target_version=1.10.0, 458*17bfa968STushar Sugandhi dev_name=253:0,start=0,tag_size=32,mode=J,recalculate=n,allow_discards=n,fix_padding=n, 459*17bfa968STushar Sugandhi fix_hmac=n,legacy_recalculate=n,journal_sectors=88,interleave_sectors=32768,buffer_sectors=128; 460*17bfa968STushar Sugandhi 461*17bfa968STushar Sugandhi 462*17bfa968STushar Sugandhi4. linear 46300d43995STushar Sugandhi---------- 464*17bfa968STushar SugandhiThe 'target_attributes' (described as part of EVENT_DATA in 'Table load' 465*17bfa968STushar Sugandhisection above) has the following data format for 'linear' target. 46600d43995STushar Sugandhi 467*17bfa968STushar Sugandhi:: 468*17bfa968STushar Sugandhi 469*17bfa968STushar Sugandhi target_attributes := <target_name> "," <target_version> "," <device_name> <,> <start> ";" 470*17bfa968STushar Sugandhi 471*17bfa968STushar Sugandhi target_name := "target_name=linear" 472*17bfa968STushar Sugandhi target_version := "target_version=" <N> "." <N> "." <N> 473*17bfa968STushar Sugandhi device_name := "device_name=" <linear_device_name_str> 474*17bfa968STushar Sugandhi start := "start=" <N> 475*17bfa968STushar Sugandhi 476*17bfa968STushar Sugandhi E.g. 477*17bfa968STushar Sugandhi When a 'linear' target is loaded, then IMA ASCII measurement log will have an entry 478*17bfa968STushar Sugandhi similar to the following, depicting what 'linear' attributes are measured in EVENT_DATA 479*17bfa968STushar Sugandhi for 'dm_table_load' event. 48000d43995STushar Sugandhi (converted from ASCII to text for readability) 481*17bfa968STushar Sugandhi 482*17bfa968STushar Sugandhi dm_version=4.45.0; 483*17bfa968STushar Sugandhi name=linear1,uuid=linear_uuid1,major=253,minor=2,minor_count=1,num_targets=1; 484*17bfa968STushar Sugandhi target_index=0,target_begin=0,target_len=28672,target_name=linear,target_version=1.4.0, 485*17bfa968STushar Sugandhi device_name=253:1,start=2048; 486*17bfa968STushar Sugandhi 487*17bfa968STushar Sugandhi5. mirror 488*17bfa968STushar Sugandhi---------- 489*17bfa968STushar SugandhiThe 'target_attributes' (described as part of EVENT_DATA in 'Table load' 490*17bfa968STushar Sugandhisection above) has the following data format for 'mirror' target. 491*17bfa968STushar Sugandhi 492*17bfa968STushar Sugandhi:: 493*17bfa968STushar Sugandhi 494*17bfa968STushar Sugandhi target_attributes := <target_name> "," <target_version> "," <nr_mirrors> "," 495*17bfa968STushar Sugandhi <mirror_device_data> "," <handle_errors> "," <keep_log> "," <log_type_status> ";" 496*17bfa968STushar Sugandhi 497*17bfa968STushar Sugandhi target_name := "target_name=mirror" 498*17bfa968STushar Sugandhi target_version := "target_version=" <N> "." <N> "." <N> 499*17bfa968STushar Sugandhi nr_mirrors := "nr_mirrors=" <NR> 500*17bfa968STushar Sugandhi mirror_device_data := <mirror_device_row> | <mirror_device_data><mirror_device_row> 501*17bfa968STushar Sugandhi mirror_device_row is repeated <NR> times - for <NR> described in <nr_mirrors>. 502*17bfa968STushar Sugandhi mirror_device_row := <mirror_device_name> "," <mirror_device_status> 503*17bfa968STushar Sugandhi mirror_device_name := "mirror_device_" <X> "=" <mirror_device_name_str> 504*17bfa968STushar Sugandhi where <X> ranges from 0 to (<NR> -1) - for <NR> described in <nr_mirrors>. 505*17bfa968STushar Sugandhi mirror_device_status := "mirror_device_" <X> "_status=" <mirror_device_status_char> 506*17bfa968STushar Sugandhi where <X> ranges from 0 to (<NR> -1) - for <NR> described in <nr_mirrors>. 507*17bfa968STushar Sugandhi mirror_device_status_char := "A" | "F" | "D" | "S" | "R" | "U" 508*17bfa968STushar Sugandhi handle_errors := "handle_errors=" <yes_no> 509*17bfa968STushar Sugandhi keep_log := "keep_log=" <yes_no> 510*17bfa968STushar Sugandhi log_type_status := "log_type_status=" <log_type_status_str> 511*17bfa968STushar Sugandhi yes_no := "y" | "n" 512*17bfa968STushar Sugandhi 513*17bfa968STushar Sugandhi E.g. 514*17bfa968STushar Sugandhi When a 'mirror' target is loaded, then IMA ASCII measurement log will have an entry 515*17bfa968STushar Sugandhi similar to the following, depicting what 'mirror' attributes are measured in EVENT_DATA 516*17bfa968STushar Sugandhi for 'dm_table_load' event. 517*17bfa968STushar Sugandhi (converted from ASCII to text for readability) 518*17bfa968STushar Sugandhi 519*17bfa968STushar Sugandhi dm_version=4.45.0; 520*17bfa968STushar Sugandhi name=mirror1,uuid=mirror_uuid1,major=253,minor=6,minor_count=1,num_targets=1; 521*17bfa968STushar Sugandhi target_index=0,target_begin=0,target_len=2048,target_name=mirror,target_version=1.14.0,nr_mirrors=2, 522*17bfa968STushar Sugandhi mirror_device_0=253:4,mirror_device_0_status=A, 523*17bfa968STushar Sugandhi mirror_device_1=253:5,mirror_device_1_status=A, 52400d43995STushar Sugandhi handle_errors=y,keep_log=n,log_type_status=; 52500d43995STushar Sugandhi 526*17bfa968STushar Sugandhi6. multipath 52700d43995STushar Sugandhi------------- 528*17bfa968STushar SugandhiThe 'target_attributes' (described as part of EVENT_DATA in 'Table load' 529*17bfa968STushar Sugandhisection above) has the following data format for 'multipath' target. 53000d43995STushar Sugandhi 531*17bfa968STushar Sugandhi:: 532*17bfa968STushar Sugandhi 533*17bfa968STushar Sugandhi target_attributes := <target_name> "," <target_version> "," <nr_priority_groups> 534*17bfa968STushar Sugandhi ["," <pg_state> "," <priority_groups> "," <priority_group_paths>] ";" 535*17bfa968STushar Sugandhi 536*17bfa968STushar Sugandhi target_name := "target_name=multipath" 537*17bfa968STushar Sugandhi target_version := "target_version=" <N> "." <N> "." <N> 538*17bfa968STushar Sugandhi nr_priority_groups := "nr_priority_groups=" <NPG> 539*17bfa968STushar Sugandhi priority_groups := <priority_groups_row>|<priority_groups_row><priority_groups> 540*17bfa968STushar Sugandhi priority_groups_row := "pg_state_" <X> "=" <pg_state_str> "," "nr_pgpaths_" <X> "=" <NPGP> "," 541*17bfa968STushar Sugandhi "path_selector_name_" <X> "=" <string> "," <priority_group_paths> 542*17bfa968STushar Sugandhi where <X> ranges from 0 to (<NPG> -1) - for <NPG> described in <nr_priority_groups>. 543*17bfa968STushar Sugandhi pg_state_str := "E" | "A" | "D" 544*17bfa968STushar Sugandhi <priority_group_paths> := <priority_group_paths_row> | <priority_group_paths_row><priority_group_paths> 545*17bfa968STushar Sugandhi priority_group_paths_row := "path_name_" <X> "_" <Y> "=" <string> "," "is_active_" <X> "_" <Y> "=" <is_active_str> 546*17bfa968STushar Sugandhi "fail_count_" <X> "_" <Y> "=" <N> "," "path_selector_status_" <X> "_" <Y> "=" <path_selector_status_str> 547*17bfa968STushar Sugandhi where <X> ranges from 0 to (<NPG> -1) - for <NPG> described in <nr_priority_groups>, 548*17bfa968STushar Sugandhi and <Y> ranges from 0 to (<NPGP> -1) - for <NPGP> described in <priority_groups_row>. 549*17bfa968STushar Sugandhi is_active_str := "A" | "F" 550*17bfa968STushar Sugandhi 551*17bfa968STushar Sugandhi E.g. 552*17bfa968STushar Sugandhi When a 'multipath' target is loaded, then IMA ASCII measurement log will have an entry 553*17bfa968STushar Sugandhi similar to the following, depicting what 'multipath' attributes are measured in EVENT_DATA 554*17bfa968STushar Sugandhi for 'dm_table_load' event. 555*17bfa968STushar Sugandhi (converted from ASCII to text for readability) 556*17bfa968STushar Sugandhi 557*17bfa968STushar Sugandhi dm_version=4.45.0; 558*17bfa968STushar Sugandhi name=mp,uuid=,major=253,minor=0,minor_count=1,num_targets=1; 559*17bfa968STushar Sugandhi target_index=0,target_begin=0,target_len=2097152,target_name=multipath,target_version=1.14.0,nr_priority_groups=2, 560*17bfa968STushar Sugandhi pg_state_0=E,nr_pgpaths_0=2,path_selector_name_0=queue-length, 561*17bfa968STushar Sugandhi path_name_0_0=8:16,is_active_0_0=A,fail_count_0_0=0,path_selector_status_0_0=, 562*17bfa968STushar Sugandhi path_name_0_1=8:32,is_active_0_1=A,fail_count_0_1=0,path_selector_status_0_1=, 563*17bfa968STushar Sugandhi pg_state_1=E,nr_pgpaths_1=2,path_selector_name_1=queue-length, 564*17bfa968STushar Sugandhi path_name_1_0=8:48,is_active_1_0=A,fail_count_1_0=0,path_selector_status_1_0=, 565*17bfa968STushar Sugandhi path_name_1_1=8:64,is_active_1_1=A,fail_count_1_1=0,path_selector_status_1_1=; 566*17bfa968STushar Sugandhi 567*17bfa968STushar Sugandhi7. raid 56800d43995STushar Sugandhi-------- 569*17bfa968STushar SugandhiThe 'target_attributes' (described as part of EVENT_DATA in 'Table load' 570*17bfa968STushar Sugandhisection above) has the following data format for 'raid' target. 57100d43995STushar Sugandhi 572*17bfa968STushar Sugandhi:: 573*17bfa968STushar Sugandhi 574*17bfa968STushar Sugandhi target_attributes := <target_name> "," <target_version> "," <raid_type> "," <raid_disks> "," <raid_state> 575*17bfa968STushar Sugandhi <raid_device_status> ["," journal_dev_mode] ";" 576*17bfa968STushar Sugandhi 577*17bfa968STushar Sugandhi target_name := "target_name=raid" 578*17bfa968STushar Sugandhi target_version := "target_version=" <N> "." <N> "." <N> 579*17bfa968STushar Sugandhi raid_type := "raid_type=" <raid_type_str> 580*17bfa968STushar Sugandhi raid_disks := "raid_disks=" <NRD> 581*17bfa968STushar Sugandhi raid_state := "raid_state=" <raid_state_str> 582*17bfa968STushar Sugandhi raid_state_str := "frozen" | "reshape" |"resync" | "check" | "repair" | "recover" | "idle" |"undef" 583*17bfa968STushar Sugandhi raid_device_status := <raid_device_status_row> | <raid_device_status_row><raid_device_status> 584*17bfa968STushar Sugandhi <raid_device_status_row> is repeated <NRD> times - for <NRD> described in <raid_disks>. 585*17bfa968STushar Sugandhi raid_device_status_row := "raid_device_" <X> "_status=" <raid_device_status_str> 586*17bfa968STushar Sugandhi where <X> ranges from 0 to (<NRD> -1) - for <NRD> described in <raid_disks>. 587*17bfa968STushar Sugandhi raid_device_status_str := "A" | "D" | "a" | "-" 588*17bfa968STushar Sugandhi journal_dev_mode := "journal_dev_mode=" <journal_dev_mode_str> 589*17bfa968STushar Sugandhi journal_dev_mode_str := "writethrough" | "writeback" | "invalid" 590*17bfa968STushar Sugandhi 591*17bfa968STushar Sugandhi E.g. 592*17bfa968STushar Sugandhi When a 'raid' target is loaded, then IMA ASCII measurement log will have an entry 593*17bfa968STushar Sugandhi similar to the following, depicting what 'raid' attributes are measured in EVENT_DATA 594*17bfa968STushar Sugandhi for 'dm_table_load' event. 59500d43995STushar Sugandhi (converted from ASCII to text for readability) 59600d43995STushar Sugandhi 597*17bfa968STushar Sugandhi dm_version=4.45.0; 598*17bfa968STushar Sugandhi name=raid_LV1,uuid=uuid_raid_LV1,major=253,minor=12,minor_count=1,num_targets=1; 599*17bfa968STushar Sugandhi target_index=0,target_begin=0,target_len=2048,target_name=raid,target_version=1.15.1, 600*17bfa968STushar Sugandhi raid_type=raid10,raid_disks=4,raid_state=idle, 601*17bfa968STushar Sugandhi raid_device_0_status=A, 602*17bfa968STushar Sugandhi raid_device_1_status=A, 603*17bfa968STushar Sugandhi raid_device_2_status=A, 604*17bfa968STushar Sugandhi raid_device_3_status=A; 605*17bfa968STushar Sugandhi 606*17bfa968STushar Sugandhi 607*17bfa968STushar Sugandhi8. snapshot 60800d43995STushar Sugandhi------------ 609*17bfa968STushar SugandhiThe 'target_attributes' (described as part of EVENT_DATA in 'Table load' 610*17bfa968STushar Sugandhisection above) has the following data format for 'snapshot' target. 61100d43995STushar Sugandhi 612*17bfa968STushar Sugandhi:: 61300d43995STushar Sugandhi 614*17bfa968STushar Sugandhi target_attributes := <target_name> "," <target_version> "," <snap_origin_name> "," 615*17bfa968STushar Sugandhi <snap_cow_name> "," <snap_valid> "," <snap_merge_failed> "," <snapshot_overflowed> ";" 616*17bfa968STushar Sugandhi 617*17bfa968STushar Sugandhi target_name := "target_name=snapshot" 618*17bfa968STushar Sugandhi target_version := "target_version=" <N> "." <N> "." <N> 619*17bfa968STushar Sugandhi snap_origin_name := "snap_origin_name=" <string> 620*17bfa968STushar Sugandhi snap_cow_name := "snap_cow_name=" <string> 621*17bfa968STushar Sugandhi snap_valid := "snap_valid=" <yes_no> 622*17bfa968STushar Sugandhi snap_merge_failed := "snap_merge_failed=" <yes_no> 623*17bfa968STushar Sugandhi snapshot_overflowed := "snapshot_overflowed=" <yes_no> 624*17bfa968STushar Sugandhi yes_no := "y" | "n" 625*17bfa968STushar Sugandhi 626*17bfa968STushar Sugandhi E.g. 627*17bfa968STushar Sugandhi When a 'snapshot' target is loaded, then IMA ASCII measurement log will have an entry 628*17bfa968STushar Sugandhi similar to the following, depicting what 'snapshot' attributes are measured in EVENT_DATA 629*17bfa968STushar Sugandhi for 'dm_table_load' event. 63000d43995STushar Sugandhi (converted from ASCII to text for readability) 631*17bfa968STushar Sugandhi 632*17bfa968STushar Sugandhi dm_version=4.45.0; 633*17bfa968STushar Sugandhi name=snap1,uuid=snap_uuid1,major=253,minor=13,minor_count=1,num_targets=1; 634*17bfa968STushar Sugandhi target_index=0,target_begin=0,target_len=4096,target_name=snapshot,target_version=1.16.0, 635*17bfa968STushar Sugandhi snap_origin_name=253:11,snap_cow_name=253:12,snap_valid=y,snap_merge_failed=n,snapshot_overflowed=n; 636*17bfa968STushar Sugandhi 637*17bfa968STushar Sugandhi9. striped 638*17bfa968STushar Sugandhi----------- 639*17bfa968STushar SugandhiThe 'target_attributes' (described as part of EVENT_DATA in 'Table load' 640*17bfa968STushar Sugandhisection above) has the following data format for 'striped' target. 641*17bfa968STushar Sugandhi 642*17bfa968STushar Sugandhi:: 643*17bfa968STushar Sugandhi 644*17bfa968STushar Sugandhi target_attributes := <target_name> "," <target_version> "," <stripes> "," <chunk_size> "," 645*17bfa968STushar Sugandhi <stripe_data> ";" 646*17bfa968STushar Sugandhi 647*17bfa968STushar Sugandhi target_name := "target_name=striped" 648*17bfa968STushar Sugandhi target_version := "target_version=" <N> "." <N> "." <N> 649*17bfa968STushar Sugandhi stripes := "stripes=" <NS> 650*17bfa968STushar Sugandhi chunk_size := "chunk_size=" <N> 651*17bfa968STushar Sugandhi stripe_data := <stripe_data_row>|<stripe_data><stripe_data_row> 652*17bfa968STushar Sugandhi stripe_data_row := <stripe_device_name> "," <stripe_physical_start> "," <stripe_status> 653*17bfa968STushar Sugandhi stripe_device_name := "stripe_" <X> "_device_name=" <stripe_device_name_str> 654*17bfa968STushar Sugandhi where <X> ranges from 0 to (<NS> -1) - for <NS> described in <stripes>. 655*17bfa968STushar Sugandhi stripe_physical_start := "stripe_" <X> "_physical_start=" <N> 656*17bfa968STushar Sugandhi where <X> ranges from 0 to (<NS> -1) - for <NS> described in <stripes>. 657*17bfa968STushar Sugandhi stripe_status := "stripe_" <X> "_status=" <stripe_status_str> 658*17bfa968STushar Sugandhi where <X> ranges from 0 to (<NS> -1) - for <NS> described in <stripes>. 659*17bfa968STushar Sugandhi stripe_status_str := "D" | "A" 660*17bfa968STushar Sugandhi 661*17bfa968STushar Sugandhi E.g. 662*17bfa968STushar Sugandhi When a 'striped' target is loaded, then IMA ASCII measurement log will have an entry 663*17bfa968STushar Sugandhi similar to the following, depicting what 'striped' attributes are measured in EVENT_DATA 664*17bfa968STushar Sugandhi for 'dm_table_load' event. 665*17bfa968STushar Sugandhi (converted from ASCII to text for readability) 666*17bfa968STushar Sugandhi 667*17bfa968STushar Sugandhi dm_version=4.45.0; 668*17bfa968STushar Sugandhi name=striped1,uuid=striped_uuid1,major=253,minor=5,minor_count=1,num_targets=1; 669*17bfa968STushar Sugandhi target_index=0,target_begin=0,target_len=640,target_name=striped,target_version=1.6.0,stripes=2,chunk_size=64, 670*17bfa968STushar Sugandhi stripe_0_device_name=253:0,stripe_0_physical_start=2048,stripe_0_status=A, 671*17bfa968STushar Sugandhi stripe_1_device_name=253:3,stripe_1_physical_start=2048,stripe_1_status=A; 67200d43995STushar Sugandhi 67300d43995STushar Sugandhi10. verity 67400d43995STushar Sugandhi---------- 675*17bfa968STushar SugandhiThe 'target_attributes' (described as part of EVENT_DATA in 'Table load' 676*17bfa968STushar Sugandhisection above) has the following data format for 'verity' target. 67700d43995STushar Sugandhi 678*17bfa968STushar Sugandhi:: 679*17bfa968STushar Sugandhi 680*17bfa968STushar Sugandhi target_attributes := <target_name> "," <target_version> "," <hash_failed> "," <verity_version> "," 681*17bfa968STushar Sugandhi <data_device_name> "," <hash_device_name> "," <verity_algorithm> "," <root_digest> "," 682*17bfa968STushar Sugandhi <salt> "," <ignore_zero_blocks> "," <check_at_most_once> ["," <root_hash_sig_key_desc>] 683*17bfa968STushar Sugandhi ["," <verity_mode>] ";" 684*17bfa968STushar Sugandhi 685*17bfa968STushar Sugandhi target_name := "target_name=verity" 686*17bfa968STushar Sugandhi target_version := "target_version=" <N> "." <N> "." <N> 687*17bfa968STushar Sugandhi hash_failed := "hash_failed=" <hash_failed_str> 688*17bfa968STushar Sugandhi hash_failed_str := "C" | "V" 689*17bfa968STushar Sugandhi verity_version := "verity_version=" <verity_version_str> 690*17bfa968STushar Sugandhi data_device_name := "data_device_name=" <data_device_name_str> 691*17bfa968STushar Sugandhi hash_device_name := "hash_device_name=" <hash_device_name_str> 692*17bfa968STushar Sugandhi verity_algorithm := "verity_algorithm=" <verity_algorithm_str> 693*17bfa968STushar Sugandhi root_digest := "root_digest=" <root_digest_str> 694*17bfa968STushar Sugandhi salt := "salt=" <salt_str> 695*17bfa968STushar Sugandhi salt_str := "-" <verity_salt_str> 696*17bfa968STushar Sugandhi ignore_zero_blocks := "ignore_zero_blocks=" <yes_no> 697*17bfa968STushar Sugandhi check_at_most_once := "check_at_most_once=" <yes_no> 698*17bfa968STushar Sugandhi root_hash_sig_key_desc := "root_hash_sig_key_desc=" 699*17bfa968STushar Sugandhi verity_mode := "verity_mode=" <verity_mode_str> 700*17bfa968STushar Sugandhi verity_mode_str := "ignore_corruption" | "restart_on_corruption" | "panic_on_corruption" | "invalid" 701*17bfa968STushar Sugandhi yes_no := "y" | "n" 702*17bfa968STushar Sugandhi 703*17bfa968STushar Sugandhi E.g. 704*17bfa968STushar Sugandhi When a 'verity' target is loaded, then IMA ASCII measurement log will have an entry 705*17bfa968STushar Sugandhi similar to the following, depicting what 'verity' attributes are measured in EVENT_DATA 706*17bfa968STushar Sugandhi for 'dm_table_load' event. 70700d43995STushar Sugandhi (converted from ASCII to text for readability) 708*17bfa968STushar Sugandhi 709*17bfa968STushar Sugandhi dm_version=4.45.0; 71000d43995STushar Sugandhi name=test-verity,uuid=,major=253,minor=2,minor_count=1,num_targets=1; 71100d43995STushar Sugandhi target_index=0,target_begin=0,target_len=1953120,target_name=verity,target_version=1.8.0,hash_failed=V, 71200d43995STushar Sugandhi verity_version=1,data_device_name=253:1,hash_device_name=253:0,verity_algorithm=sha256, 71300d43995STushar Sugandhi root_digest=29cb87e60ce7b12b443ba6008266f3e41e93e403d7f298f8e3f316b29ff89c5e, 71400d43995STushar Sugandhi salt=e48da609055204e89ae53b655ca2216dd983cf3cb829f34f63a297d106d53e2d, 71500d43995STushar Sugandhi ignore_zero_blocks=n,check_at_most_once=n; 716