Home
last modified time | relevance | path

Searched refs:ima (Results 1 – 25 of 53) sorted by relevance

123

/openbmc/linux/drivers/md/
H A Ddm-ima.c171 memset(&(md->ima), 0, sizeof(md->ima)); in dm_ima_reset_data()
172 md->ima.dm_version_str_len = strlen(DM_IMA_VERSION_STR); in dm_ima_reset_data()
229 memcpy(ima_buf + l, DM_IMA_VERSION_STR, table->md->ima.dm_version_str_len); in dm_ima_measure_on_table_load()
230 l += table->md->ima.dm_version_str_len; in dm_ima_measure_on_table_load()
286 memcpy(ima_buf + l, DM_IMA_VERSION_STR, table->md->ima.dm_version_str_len); in dm_ima_measure_on_table_load()
287 l += table->md->ima.dm_version_str_len; in dm_ima_measure_on_table_load()
339 if (table->md->ima.active_table.hash != table->md->ima.inactive_table.hash) in dm_ima_measure_on_table_load()
340 kfree(table->md->ima.inactive_table.hash); in dm_ima_measure_on_table_load()
342 table->md->ima.inactive_table.hash = digest_buf; in dm_ima_measure_on_table_load()
343 table->md->ima.inactive_table.hash_len = strlen(digest_buf); in dm_ima_measure_on_table_load()
[all …]
/openbmc/linux/security/integrity/ima/
H A DMakefile7 obj-$(CONFIG_IMA) += ima.o
9 ima-y := ima_fs.o ima_queue.o ima_init.o ima_main.o ima_crypto.o ima_api.o \
11 ima-$(CONFIG_IMA_APPRAISE) += ima_appraise.o
12 ima-$(CONFIG_IMA_APPRAISE_MODSIG) += ima_modsig.o
13 ima-$(CONFIG_HAVE_IMA_KEXEC) += ima_kexec.o
14 ima-$(CONFIG_IMA_BLACKLIST_KEYRING) += ima_mok.o
15 ima-$(CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS) += ima_asymmetric_keys.o
16 ima-$(CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS) += ima_queue_keys.o
19 ima-$(CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT) += ima_efi.o
H A DKconfig68 The original 'ima' measurement list template contains a
70 limited to 255 characters. The 'ima-ng' measurement list
76 bool "ima-ng (default)"
78 bool "ima-sig"
83 default "ima-ng" if IMA_NG_TEMPLATE
84 default "ima-sig" if IMA_SIG_TEMPLATE
154 <http://linux-ima.sourceforge.net>
275 bool "Load X509 certificate onto the '.ima' trusted keyring"
280 loaded on the .ima trusted keyring. These public keys are
283 loading from the kernel onto the '.ima' trusted keyring.
/openbmc/openbmc/meta-security/meta-integrity/recipes-core/initrdscripts/
H A Dinitramfs-framework-ima.bb12 # This policy file will get installed as /etc/ima/ima-policy.
15 IMA_POLICY ?= "ima-policy-hashed"
20 SRC_URI = " file://ima"
23 REQUIRED_DISTRO_FEATURES = "ima"
26 install -d ${D}/${sysconfdir}/ima
28 install ${UNPACKDIR}/ima ${D}/init.d/20-ima
30 sed -i "s/@@FORCE_IMA@@/${IMA_FORCE}/g" ${D}/init.d/20-ima
35 RDEPENDS:${PN} = "keyutils ima-evm-keys ${IMA_POLICY}"
/openbmc/openbmc/meta-security/meta-integrity/classes/
H A Dima-evm-rootfs.bbclass2 # set explicitly in a local.conf before activating ima-evm-rootfs.
26 # ima-local-ca.x509 is what ima-gen-local-ca.sh creates.
27 IMA_EVM_ROOT_CA ?= "${IMA_EVM_KEY_DIR}/ima-local-ca.pem"
33 # Avoid re-generating fstab when ima is enabled.
34 WIC_CREATE_EXTRA_ARGS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' --no-fstab-update'…
37 IMAGE_INSTALL:append = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' ima-evm-utils', '', d)}"
90 install -d ./${sysconfdir}/ima
91 rm -f ./${sysconfdir}/ima/ima-policy
92 install "${IMA_EVM_POLICY}" ./${sysconfdir}/ima/ima-policy
96 … --key "${IMA_EVM_PRIVKEY}" ${IMA_EVM_PRIVKEY_KEYID_OPT} "${IMAGE_ROOTFS}/etc/ima/ima-policy"
[all …]
/openbmc/openbmc/meta-security/meta-integrity/recipes-security/ima_policy_hashed/
H A Dima-policy-hashed_1.0.bb12 REQUIRED_DISTRO_FEATURES = "ima"
15 install -d ${D}/${sysconfdir}/ima
16 install ${UNPACKDIR}/ima_policy_hashed ${D}/${sysconfdir}/ima/ima-policy
19 FILES:${PN} = "${sysconfdir}/ima"
20 RDEPENDS:${PN} = "ima-evm-utils"
/openbmc/openbmc/meta-security/meta-integrity/recipes-security/ima_policy_simple/
H A Dima-policy-simple_1.0.bb10 REQUIRED_DISTRO_FEATURES = "ima"
13 install -d ${D}/${sysconfdir}/ima
14 install ${UNPACKDIR}/ima_policy_simple ${D}/${sysconfdir}/ima/ima-policy
17 FILES:${PN} = "${sysconfdir}/ima"
18 RDEPENDS:${PN} = "ima-evm-utils"
/openbmc/openbmc/meta-security/meta-integrity/recipes-security/ima_policy_appraise_all/
H A Dima-policy-appraise-all_1.0.bb10 REQUIRED_DISTRO_FEATURES = "ima"
13 install -d ${D}/${sysconfdir}/ima
14 install ${UNPACKDIR}/ima_policy_appraise_all ${D}/${sysconfdir}/ima/ima-policy
17 FILES:${PN} = "${sysconfdir}/ima"
18 RDEPENDS:${PN} = "ima-evm-utils"
/openbmc/openbmc/meta-security/meta-integrity/recipes-kernel/linux/
H A Dlinux_ima.inc3 …if [ "${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'yes', '', d)}" = "yes" ] && [ -f .config ] ;…
8 KERNEL_FEATURES:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', ' features/ima/modsig…
9 KERNEL_FEATURES:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' features/ima/ima.scc', …
/openbmc/openbmc/meta-security/meta-integrity/scripts/
H A Dima-gen-local-ca.sh17 GENKEY=ima-local-ca.genkey
40 -outform DER -out ima-local-ca.x509 -keyout ima-local-ca.priv
42 openssl x509 -inform DER -in ima-local-ca.x509 -out ima-local-ca.pem
H A Dima-gen-CA-signed.sh17 GENKEY=ima.genkey
18 CA=${1:-ima-local-ca.pem}
19 CAKEY=${2:-ima-local-ca.priv}
/openbmc/openbmc/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/
H A Dima24 if [ ! -d /sys/kernel/security/ima ]; then
33 for kind in ima evm; do
55 …id line in IMA policy: $i"; exit 1; fi; fi; done) </etc/ima/ima-policy >/sys/kernel/security/ima/p…
/openbmc/linux/Documentation/ABI/testing/
H A Dima_policy1 What: /sys/kernel/security/*/ima/policy
10 Policies are loaded into the securityfs file ima/policy
13 the file ima/policy is closed.
57 stored in security.ima xattr. Requires
67 (eg, .builtin_trusted_keys|.ima). Only valid
70 (eg, ima-ng). Only valid when action is "measure".
77 files where the security.ima xattr was hashed with one
155 keys added to .builtin_trusted_keys or .ima keyring:
157 measure func=KEY_CHECK keyrings=.builtin_trusted_keys|.ima
161 security.ima xattr of a file:
[all …]
/openbmc/linux/Documentation/security/
H A DIMA-templates.rst9 The original ``ima`` template is fixed length, containing the filedata hash
51 The functions ``ima[_ascii]_measurements_show()`` retrieve, for each entry,
70 - 'd-ngv2': same as d-ng, but prefixed with the "ima" or "verity" digest type
75 or the EVM portable signature, if 'security.ima' contains a file hash.
90 - "ima": its format is ``d|n``;
91 - "ima-ng" (default): its format is ``d-ng|n-ng``;
92 - "ima-ngv2": its format is ``d-ngv2|n-ng``;
93 - "ima-sig": its format is ``d-ng|n-ng|sig``;
94 - "ima-sigv2": its format is ``d-ngv2|n-ng|sig``;
95 - "ima-buf": its format is ``d-ng|n-ng|buf``;
[all …]
/openbmc/openbmc/meta-security/meta-integrity/data/debug-keys/
H A DREADME.md5 - ima-local-ca.priv: The CA's private key (password: 1234)
6 - ima-local-ca.pem: The CA's self-signed certificate
12 the Linux kernel, any key (x509_ima.der) loaded onto the .ima keyring must
16 openssl verify -CAfile ima-local-ca.pem x509_ima.der
/openbmc/openbmc/meta-security/meta-integrity/
H A DREADME.md92 DISTRO_FEATURES:append = " integrity ima"
94 IMAGE_CLASSES += "ima-evm-rootfs"
101 IMA_EVM_ROOT_CA = "${IMA_EVM_KEY_DIR}/ima-local-ca.pem"
131 # $INTEGRITY_BASE/scripts/ima-gen-local-ca.sh
132 # $INTEGRITY_BASE/scripts/ima-gen-CA-signed.sh
135 # $INTEGRITY_BASE/scripts/ima-gen-CA-signed.sh <CA.pem> <CA.priv>
138 The ``ima-gen-local-ca.sh`` and ``ima-gen.sh`` scripts create a root CA
139 and sign the signing keys with it. The ``ima-evm-rootfs.bbclass`` then
146 …IMA_EVM_ROOT_CA = "<path to .x509 file, for example the ima-local-ca.x509 created by ima-gen-local…
153 ima-evm-rootfs.bbclass:
[all …]
/openbmc/openbmc/meta-security/meta-integrity/recipes-core/base-files/
H A Dbase-files_%.bbappend1 require ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'base-files-ima.inc', '', d)}
/openbmc/openbmc/meta-security/meta-integrity/recipes-core/packagegroups/
H A Dpackagegroup-ima-evm-utils.bb6 REQUIRED_DISTRO_FEATURES = "ima"
10 ima-evm-utils \
/openbmc/openbmc/meta-security/meta-integrity/recipes-core/images/
H A Dintegrity-image-minimal.bb12 packagegroup-ima-evm-utils \
17 INHERIT += "ima-evm-rootfs"
/openbmc/openbmc/meta-security/recipes-core/images/
H A Dsecurity-test-image.bb12 ${@bb.utils.contains("BBFILE_COLLECTIONS", "integrity", "packagegroup-ima-evm-utils","", d)} \
16 TEST_SUITES:append = " parsec tpm2 swtpm ima"
/openbmc/openbmc/meta-security/meta-integrity/recipes-security/ima-evm-utils/
H A Dima-evm-utils_1.5.bb12 https://github.com/mimizohar/ima-evm-utils/releases/download/v${PV}/${BP}.tar.gz \
19 REQUIRED_DISTRO_FEATURES = "ima"
/openbmc/linux/arch/x86/kernel/
H A Dkexec-bzimage64.c217 struct ima_setup_data *ima; in setup_ima_state() local
223 sd->len = sizeof(*ima); in setup_ima_state()
225 ima = (void *)sd + sizeof(struct setup_data); in setup_ima_state()
226 ima->addr = image->ima_buffer_addr; in setup_ima_state()
227 ima->size = image->ima_buffer_size; in setup_ima_state()
/openbmc/linux/Documentation/admin-guide/device-mapper/
H A Ddm-ima.rst2 dm-ima
42 /etc/ima/ima-policy
43 measure func=CRITICAL_DATA label=device-mapper template=ima-buf
49 /sys/kernel/security/integrity/ima/ascii_runtime_measurements
50 /sys/kernel/security/integrity/ima/binary_runtime_measurements
62 TEMPLATE_NAME := Template name that registered the integrity value (e.g. ima-buf).
159 …10 a8c5ff755561c7a28146389d1514c318592af49a ima-buf sha256:4d73481ecce5eadba8ab084640d85bb9ca899af…
200 …10 56c00cc062ffc24ccd9ac2d67d194af3282b934e ima-buf sha256:e7d12c03b958b4e0e53e7363a06376be88d98a1…
238 …10 790e830a3a7a31590824ac0642b3b31c2d0e8b38 ima-buf sha256:ab9f3c959367a8f5d4403d6ce9c3627dadfa8f9…
272 …10 77d347408f557f68f0041acb0072946bb2367fe5 ima-buf sha256:42f9ca22163fdfa548e6229dece2959bc5ce295…
[all …]
/openbmc/linux/drivers/misc/sgi-gru/
H A Dgru_instructions.h100 unsigned char ima: 3; /* CB_DelRep, unmapped mode */ member
315 unsigned long idef2, unsigned char ima) in __opdword() argument
322 (ima << GRU_CB_IMA_SHFT) | in __opdword()
626 unsigned int ima :3; member
/openbmc/linux/security/integrity/
H A DKconfig27 of the different use cases - evm, ima, and modules.
51 This option requires that all keys added to the .ima and
133 source "security/integrity/ima/Kconfig"

123