Home
last modified time | relevance | path

Searched refs:IMA (Results 1 – 25 of 29) sorted by relevance

12

/linux-6.15/security/integrity/ima/
H A DKconfig4 config IMA config
5 bool "Integrity Measurement Architecture(IMA)"
30 to learn more about IMA.
33 if IMA
67 Select the default IMA measurement template.
126 bool "Enable multiple writes to the IMA policy"
136 bool "Enable reading back the current IMA policy"
168 bool "IMA build time configured policy rules"
218 bool "Appraise IMA policy signature"
254 Keys may be added to the IMA or IMA blacklist keyrings, if the
[all …]
/linux-6.15/Documentation/translations/zh_CN/security/
H A DIMA-templates.rst4 :Original: Documentation/security/IMA-templates.rst
10 IMA模板管理机制
21IMA这是有必要的。例如,可能报告的信息包括索引节点的 UID/GID或索引节点
28 提出的解决方案通过将模板管理与其余IMA代码分离来解决这个问题。该解决方案
35 模板格式(一个由 ``|`` 字符分隔的字段标识符字符串)。在启动时,IMA通过将格
38 在初始化步骤之后,IMA将调用 ``ima_alloc_init_template()`` (这是为新模板
H A Dindex.rst29 * IMA-templates
H A Ddigsig.rst28 目前,数字签名被IMA/EVM完整性保护子系统使用。
/linux-6.15/Documentation/admin-guide/device-mapper/
H A Ddm-ima.rst26 IMA kernel subsystem provides the necessary functionality for
34 Setting the IMA Policy:
36 For IMA to measure the data on a given system, the IMA policy on the
52 Then IMA ASCII measurement log has the following format:
61 TEMPLATE_DATA_DIGEST := Template data digest of the IMA record.
84 | To support recording duplicate IMA events in the IMA log, the Kernel needs to be configured with
89 Following device state changes will trigger IMA measurements:
197 then IMA ASCII measurement log will have an entry with:
269 then IMA ASCII measurement log will have an entry with:
302 then IMA ASCII measurement log will have an entry with:
[all …]
/linux-6.15/drivers/misc/sgi-gru/
H A Dgrukservices.c97 #define IMA IMA_CB_DELAY macro
589 gru_mesq(cb, mqd->mq_gpa, gru_get_tri(mhdr), 1, IMA); in send_noop_message()
615 IMA); in send_noop_message()
669 XTYPE_DW, IMA); in send_message_queue_full()
680 IMA); in send_message_queue_full()
688 IMA); in send_message_queue_full()
712 gru_vset(cb, m, 0, XTYPE_CL, lines, 1, IMA); in send_message_put_nacked()
716 gru_vstore(cb, m, gru_get_tri(mesg), XTYPE_CL, lines, 1, IMA); in send_message_put_nacked()
819 gru_mesq(cb, mqd->mq_gpa, gru_get_tri(mhdr), clines, IMA); in gru_send_message_gpa()
913 gru_vload_phys(cb, gpa, gru_get_tri(dsr), iaa, IMA); in gru_read_gpa()
[all …]
/linux-6.15/Documentation/security/
H A DIMA-templates.rst2 IMA Template Management Mechanism
13 necessary to extend the current version of IMA by defining additional
24 management from the remaining IMA code. The core of this solution is the
35 parameter. At boot time, IMA initializes the chosen template descriptor
39 After the initialization step, IMA will call ``ima_alloc_init_template()``
H A Dindex.rst10 IMA-templates
H A Dipe.rst26 1. IMA + EVM Signatures
30 over IMA+EVM as the *integrity mechanism* in the original use case of IPE
35 * With IMA+EVM, without an encryption solution, the system is vulnerable
43 At the time, this was done with mandatory access control labels. An IMA
56 the block device reports the appropriate content for the IMA hash
70 * No need for two signatures (IMA, then EVM): one signature covers
89 IMA, as the only integrity policy mechanism at the time, was
91 all of the minimum requirements. Extending IMA to cover these
96 dramatic code changes to IMA, which is already present in the
99 2. IMA was used in the system for measurement and attestation;
H A Ddigsig.rst20 Currently digital signatures are used by the IMA/EVM integrity protection subsystem.
/linux-6.15/Documentation/ABI/testing/
H A Dima_policy6 Measurement Architecture(IMA) maintains a list of hash
15 IMA appraisal, if configured, uses these file measurements
65 regular IMA file hash.
69 template:= name of a defined IMA template type
/linux-6.15/Documentation/translations/zh_CN/security/tpm/
H A Dxen-tpmfront.rst112 为了使用诸如IMA(完整性测量架构)等需要在initrd之前加载TPM的功能,必须将
/linux-6.15/security/integrity/
H A DKconfig10 Measurement Architecture (IMA), Extended Verification Module
11 (EVM), IMA-appraisal extension, digital signature verification
/linux-6.15/Documentation/filesystems/
H A Dfsverity.rst83 - Integrity Measurement Architecture (IMA). IMA supports fs-verity
85 "IMA appraisal" enforces that files contain a valid, matching
87 by the IMA policy. For more information, see the IMA documentation.
148 is not needed for IMA appraisal, and it is not needed if the file
461 alternatives (such as userspace signature verification, and IMA
564 here. IMA appraisal does use X.509.
755 :Q: Why isn't fs-verity part of IMA?
756 :A: fs-verity and IMA (Integrity Measurement Architecture) have
758 hashing individual files using a Merkle tree. In contrast, IMA
763 IMA supports the fs-verity hashing mechanism as an alternative
[all …]
H A Dubifs-authentication.rst431 to the way the IMA/EVM subsystem deals with such situations. The HMAC key
/linux-6.15/fs/verity/
H A DKconfig44 IMA appraisal) can be much better. For details about the
/linux-6.15/Documentation/security/tpm/
H A Dxen-tpmfront.rst121 In order to use features such as IMA that require a TPM to be loaded prior to
/linux-6.15/Documentation/admin-guide/LSM/
H A Dipe.rst554 An example of such is loading IMA policies by writing the path
559 Controls loading IMA certificates through the Kconfigs,
763 IMA, and Loadpin.
765 IMA and IPE are functionally very similar. The significant difference between
/linux-6.15/Documentation/userspace-api/
H A Dcheck_exec.rst130 user session) where scripts' integrity is verified (e.g. with IMA/EVM or
/linux-6.15/Documentation/admin-guide/
H A Dkernel-parameters.rst136 IMA Integrity measurement architecture is enabled.
H A Dkernel-parameters.txt2127 ima_appraise= [IMA] appraise integrity measurements
2135 ima_canonical_fmt [IMA]
2139 ima_hash= [IMA]
2147 ima_policy= [IMA]
2148 The builtin policies to load during IMA setup.
2172 ima_tcb [IMA] Deprecated. Use ima_policy= instead.
2174 Computing Base. This means IMA will measure all
2178 ima_template= [IMA]
2185 [IMA] Define a custom template format.
2197 ima.ahash_bufsize= [IMA] Asynchronous hash buffer size
[all …]
/linux-6.15/security/
H A DKconfig97 various security modules (AppArmor, IMA, SafeSetID, TOMOYO, TPM).
/linux-6.15/Documentation/arch/x86/
H A Dintel_txt.rst64 Measurement Architecture (IMA) and Linux Integrity Module interface
/linux-6.15/lib/
H A DKconfig561 which is used by IMA/EVM digital signature extension.
/linux-6.15/arch/powerpc/
H A DKconfig642 select HAVE_IMA_KEXEC if IMA

12