Home
last modified time | relevance | path

Searched refs:IMA (Results 1 – 24 of 24) sorted by relevance

/linux/security/integrity/ima/
A DKconfig4 config IMA config
5 bool "Integrity Measurement Architecture(IMA)"
30 to learn more about IMA.
33 if IMA
67 Select the default IMA measurement template.
126 bool "Enable multiple writes to the IMA policy"
136 bool "Enable reading back the current IMA policy"
168 bool "IMA build time configured policy rules"
218 bool "Appraise IMA policy signature"
254 Keys may be added to the IMA or IMA blacklist keyrings, if the
[all …]
/linux/Documentation/admin-guide/device-mapper/
A Ddm-ima.rst26 IMA kernel subsystem provides the necessary functionality for
34 Setting the IMA Policy:
36 For IMA to measure the data on a given system, the IMA policy on the
52 Then IMA ASCII measurement log has the following format:
61 TEMPLATE_DATA_DIGEST := Template data digest of the IMA record.
84 | To support recording duplicate IMA events in the IMA log, the Kernel needs to be configured with
89 Following device state changes will trigger IMA measurements:
197 then IMA ASCII measurement log will have an entry with:
269 then IMA ASCII measurement log will have an entry with:
302 then IMA ASCII measurement log will have an entry with:
[all …]
/linux/drivers/misc/sgi-gru/
A Dgrukservices.c97 #define IMA IMA_CB_DELAY macro
589 gru_mesq(cb, mqd->mq_gpa, gru_get_tri(mhdr), 1, IMA); in send_noop_message()
615 IMA); in send_noop_message()
669 XTYPE_DW, IMA); in send_message_queue_full()
680 IMA); in send_message_queue_full()
688 IMA); in send_message_queue_full()
712 gru_vset(cb, m, 0, XTYPE_CL, lines, 1, IMA); in send_message_put_nacked()
716 gru_vstore(cb, m, gru_get_tri(mesg), XTYPE_CL, lines, 1, IMA); in send_message_put_nacked()
819 gru_mesq(cb, mqd->mq_gpa, gru_get_tri(mhdr), clines, IMA); in gru_send_message_gpa()
913 gru_vload_phys(cb, gpa, gru_get_tri(dsr), iaa, IMA); in gru_read_gpa()
[all …]
/linux/Documentation/security/
A DIMA-templates.rst2 IMA Template Management Mechanism
13 necessary to extend the current version of IMA by defining additional
24 management from the remaining IMA code. The core of this solution is the
35 parameter. At boot time, IMA initializes the chosen template descriptor
39 After the initialization step, IMA will call ``ima_alloc_init_template()``
A Dindex.rst10 IMA-templates
A Dipe.rst26 1. IMA + EVM Signatures
30 over IMA+EVM as the *integrity mechanism* in the original use case of IPE
35 * With IMA+EVM, without an encryption solution, the system is vulnerable
43 At the time, this was done with mandatory access control labels. An IMA
56 the block device reports the appropriate content for the IMA hash
70 * No need for two signatures (IMA, then EVM): one signature covers
89 IMA, as the only integrity policy mechanism at the time, was
91 all of the minimum requirements. Extending IMA to cover these
96 dramatic code changes to IMA, which is already present in the
99 2. IMA was used in the system for measurement and attestation;
A Ddigsig.rst20 Currently digital signatures are used by the IMA/EVM integrity protection subsystem.
/linux/Documentation/ABI/testing/
A Dima_policy6 Measurement Architecture(IMA) maintains a list of hash
15 IMA appraisal, if configured, uses these file measurements
65 regular IMA file hash.
69 template:= name of a defined IMA template type
/linux/security/integrity/
A DKconfig10 Measurement Architecture (IMA), Extended Verification Module
11 (EVM), IMA-appraisal extension, digital signature verification
/linux/Documentation/filesystems/
A Dfsverity.rst83 - Integrity Measurement Architecture (IMA). IMA supports fs-verity
85 "IMA appraisal" enforces that files contain a valid, matching
87 by the IMA policy. For more information, see the IMA documentation.
148 is not needed for IMA appraisal, and it is not needed if the file
455 alternatives (such as userspace signature verification, and IMA
558 here. IMA appraisal does use X.509.
749 :Q: Why isn't fs-verity part of IMA?
750 :A: fs-verity and IMA (Integrity Measurement Architecture) have
752 hashing individual files using a Merkle tree. In contrast, IMA
757 IMA supports the fs-verity hashing mechanism as an alternative
[all …]
A Dubifs-authentication.rst431 to the way the IMA/EVM subsystem deals with such situations. The HMAC key
/linux/fs/verity/
A DKconfig48 IMA appraisal) can be much better. For details about the
/linux/Documentation/security/tpm/
A Dxen-tpmfront.rst121 In order to use features such as IMA that require a TPM to be loaded prior to
/linux/Documentation/admin-guide/LSM/
A Dipe.rst554 An example of such is loading IMA policies by writing the path
559 Controls loading IMA certificates through the Kconfigs,
763 IMA, and Loadpin.
765 IMA and IPE are functionally very similar. The significant difference between
/linux/Documentation/admin-guide/
A Dkernel-parameters.rst121 IMA Integrity measurement architecture is enabled.
A Dkernel-parameters.txt2074 ima_appraise= [IMA] appraise integrity measurements
2082 ima_canonical_fmt [IMA]
2086 ima_hash= [IMA]
2094 ima_policy= [IMA]
2095 The builtin policies to load during IMA setup.
2119 ima_tcb [IMA] Deprecated. Use ima_policy= instead.
2121 Computing Base. This means IMA will measure all
2125 ima_template= [IMA]
2132 [IMA] Define a custom template format.
2144 ima.ahash_bufsize= [IMA] Asynchronous hash buffer size
[all …]
/linux/security/
A DKconfig71 various security modules (AppArmor, IMA, SafeSetID, TOMOYO, TPM).
/linux/Documentation/arch/x86/
A Dintel_txt.rst64 Measurement Architecture (IMA) and Linux Integrity Module interface
/linux/lib/
A DKconfig612 which is used by IMA/EVM digital signature extension.
/linux/arch/riscv/
A DKconfig892 select HAVE_IMA_KEXEC if IMA
/linux/arch/powerpc/
A DKconfig623 select HAVE_IMA_KEXEC if IMA
/linux/arch/arm64/
A DKconfig1565 select HAVE_IMA_KEXEC if IMA
/linux/arch/x86/
A DKconfig2067 select HAVE_IMA_KEXEC if IMA
/linux/
A DMAINTAINERS11247 INTEGRITY MEASUREMENT ARCHITECTURE (IMA)

Completed in 57 milliseconds