Home
last modified time | relevance | path

Searched refs:IMA (Results 1 – 25 of 42) sorted by relevance

12

/openbmc/linux/security/integrity/ima/
H A DKconfig4 config IMA config
5 bool "Integrity Measurement Architecture(IMA)"
18 Measurement Architecture(IMA) maintains a list of hash
24 If your system has a TPM chip, then IMA also maintains
29 to learn more about IMA.
32 if IMA
35 bool "Enable carrying the IMA measurement list across a soft boot"
40 a TPM's quote after a soft boot, the IMA measurement list of the
43 Depending on the IMA policy, the measurement list can grow to
52 that IMA uses to maintain the integrity aggregate of the
[all …]
/openbmc/linux/Documentation/admin-guide/device-mapper/
H A Ddm-ima.rst26 IMA kernel subsystem provides the necessary functionality for
34 Setting the IMA Policy:
36 For IMA to measure the data on a given system, the IMA policy on the
45 The measurements will be reflected in the IMA logs, which are located at:
52 Then IMA ASCII measurement log has the following format:
61 TEMPLATE_DATA_DIGEST := Template data digest of the IMA record.
76 | The DM target data measured by IMA subsystem can alternatively
84 | To support recording duplicate IMA events in the IMA log, the Kernel needs to be configured with
89 Following device state changes will trigger IMA measurements:
103 The IMA measurement log has the following format for 'dm_table_load':
[all …]
/openbmc/openbmc/meta-security/meta-integrity/data/debug-keys/
H A DREADME.md1 # EVM & IMA keys
3 The following IMA & EVM debug/test keys are in this directory
7 - privkey_ima.pem: IMA & EVM private key used for signing files
/openbmc/linux/drivers/misc/sgi-gru/
H A Dgrukservices.c97 #define IMA IMA_CB_DELAY macro
589 gru_mesq(cb, mqd->mq_gpa, gru_get_tri(mhdr), 1, IMA); in send_noop_message()
615 IMA); in send_noop_message()
657 gru_gamir(cb, EOP_IR_CLR, HSTATUS(mqd->mq_gpa, half), XTYPE_DW, IMA); in send_message_queue_full()
669 XTYPE_DW, IMA); in send_message_queue_full()
680 IMA); in send_message_queue_full()
688 IMA); in send_message_queue_full()
712 gru_vset(cb, m, 0, XTYPE_CL, lines, 1, IMA); in send_message_put_nacked()
716 gru_vstore(cb, m, gru_get_tri(mesg), XTYPE_CL, lines, 1, IMA); in send_message_put_nacked()
819 gru_mesq(cb, mqd->mq_gpa, gru_get_tri(mhdr), clines, IMA); in gru_send_message_gpa()
[all …]
/openbmc/openbmc/meta-security/meta-integrity/
H A DREADME.md78 must have a recent enough IMA/EVM subsystem. The layer was tested with
86 does not have the necessary IMA/EVM features.
88 Adding the layer only enables IMA (see below regarding EVM) during
103 # The following policy enforces IMA & EVM signatures
163 After creating an image with IMA/EVM enabled, one needs to enable
164 the built-in policies before IMA/EVM is active at runtime. To do this,
172 policies in different ways. First, boot without any IMA policy and
184 IMA policy loading became broken in systemd 2.18. The modified systemd
209 After enabling a suitable IMA appraisal policy, reading and/or
244 of the files can be signed for IMA in the rootfs, with the extended
[all …]
/openbmc/openbmc/meta-security/meta-integrity/recipes-core/initrdscripts/
H A Dinitramfs-framework-ima.bb2 # which initializes IMA by loading a policy before transferring
8 SUMMARY = "IMA module for the modular initramfs system"
17 # Force proceed IMA procedure even 'no_ima' boot parameter is available.
/openbmc/openbmc/meta-security/meta-integrity/classes/
H A Dima-evm-rootfs.bbclass7 # Private key for IMA signing. The default is okay when
18 # Public part of certificates (used for both IMA and EVM).
30 # the iversion flags (needed by IMA when allowing writing).
80 bbnote "IMA/EVM: Signing root filesystem at ${IMAGE_ROOTFS} with key ${IMA_EVM_PRIVKEY}"
94 bbnote "IMA/EVM: Signing IMA policy with key ${IMA_EVM_PRIVKEY}"
/openbmc/linux/Documentation/security/
H A DIMA-templates.rst2 IMA Template Management Mechanism
13 necessary to extend the current version of IMA by defining additional
24 management from the remaining IMA code. The core of this solution is the
35 parameter. At boot time, IMA initializes the chosen template descriptor
39 After the initialization step, IMA will call ``ima_alloc_init_template()``
H A Dindex.rst9 IMA-templates
H A Ddigsig.rst20 Currently digital signatures are used by the IMA/EVM integrity protection subsystem.
/openbmc/openbmc/meta-openembedded/meta-oe/recipes-graphics/libsdl/libsdl-1.2.15/
H A DCVE-2019-7578.patch9 If IMA ADPCM format chunk was too short, InitIMA_ADPCM() parsing it
51 + SDL_SetError("Unexpected length of a chunk with an IMA ADPCM format");
H A DCVE-2019-7574.patch63 + SDL_SetError("Unexpected chunk length for an IMA ADPCM decoder");
H A DCVE-2019-7572.patch29 If an IMA ADPCM block contained an initial index out of step table
/openbmc/linux/Documentation/ABI/testing/
H A Dima_policy6 Measurement Architecture(IMA) maintains a list of hash
15 IMA appraisal, if configured, uses these file measurements
65 regular IMA file hash.
69 template:= name of a defined IMA template type
/openbmc/openbmc/meta-security/meta-integrity/recipes-core/packagegroups/
H A Dpackagegroup-ima-evm-utils.bb1 SUMMARY = "IMA/EVM userspace tools"
/openbmc/qemu/target/sparc/
H A Dcpu-feature.h.inc17 FEATURE(IMA)
/openbmc/openbmc/meta-security/meta-integrity/recipes-security/ima_policy_hashed/
H A Dima-policy-hashed_1.0.bb1 SUMMARY = "IMA sample hash policy"
/openbmc/openbmc/meta-security/meta-integrity/recipes-security/ima_policy_simple/
H A Dima-policy-simple_1.0.bb1 SUMMARY = "IMA sample simple policy"
/openbmc/openbmc/meta-security/meta-integrity/recipes-security/ima_policy_appraise_all/
H A Dima-policy-appraise-all_1.0.bb1 SUMMARY = "IMA sample simple appraise policy "
/openbmc/openbmc/meta-security/meta-integrity/recipes-security/ima-evm-keys/
H A Dima-evm-keys_1.0.bb1 SUMMARY = "IMA/EMV public keys"
/openbmc/openbmc/meta-security/meta-integrity/recipes-security/ima-evm-utils/
H A Dima-evm-utils_1.5.bb1 DESCRIPTION = "IMA/EVM control utility"
/openbmc/linux/security/integrity/
H A DKconfig10 Measurement Architecture (IMA), Extended Verification Module
11 (EVM), IMA-appraisal extension, digital signature verification
/openbmc/linux/Documentation/filesystems/
H A Dfsverity.rst83 - Integrity Measurement Architecture (IMA). IMA supports fs-verity
85 "IMA appraisal" enforces that files contain a valid, matching
87 by the IMA policy. For more information, see the IMA documentation.
138 is not needed for IMA appraisal, and it is not needed if the file
445 alternatives (such as userspace signature verification, and IMA
533 Note: IMA appraisal, which supports fs-verity, does not use PKCS#7
535 here. IMA appraisal does use X.509.
726 :Q: Why isn't fs-verity part of IMA?
727 :A: fs-verity and IMA (Integrity Measurement Architecture) have
729 hashing individual files using a Merkle tree. In contrast, IMA
[all …]
/openbmc/linux/fs/verity/
H A DKconfig48 IMA appraisal) can be much better. For details about the
/openbmc/openbmc/meta-security/meta-integrity/recipes-security/ima_policy_hashed/files/
H A Dima_policy_hashed2 # appraised. Files with signed IMA hash and normal hash are

12