dm-ima.rst - OpenGrok cross reference for /Documentation/admin-guide/device-mapper/dm-ima.rst

Lines Matching +full:d +full:- +full:cache +full:- +full:block +full:- +full:size
2 dm-ima
6 (including the attestation service) interact with it - both during the
7 setup and during rest of the system run-time.  They share sensitive data
9 may want to verify the current run-time state of the relevant kernel
10 subsystems before fully trusting the system with business-critical
14 various important functionalities to the block devices using various
18 impact the security profile of the block device, and in-turn, of the
20 key size determines the strength of encryption for a given block device.
22 Therefore, verifying the current state of various block devices as well
24 fully trusting the system with business-critical data/workload.
28 various block devices -
30 - by device mapper itself, from within the kernel,
31 - in a tamper resistant way,
32 - and re-measured - triggered on state/configuration change.
42  /etc/ima/ima-policy
43     measure func=CRITICAL_DATA label=device-mapper template=ima-buf
62  TEMPLATE_NAME := Template name that registered the integrity value (e.g. ima-buf).
98 ---------------
115  device_name := "name=" <dm-device-name>
116  device_uuid := "uuid=" <dm-device-uuid>
121  dm-device-name := Name of the device. If it contains special characters like '\', ',', ';',
123  dm-device-uuid := UUID of the device. If it contains special characters like '\', ',', ';',
134 …       Represents nth target in the table (from 0 to N-1 targets specified in <num_device_targets>)
135 …            If all the data for N targets doesn't fit in the given buffer - then the data that fits
137 …               The remaining data from targets x+1 to N-1 is measured in the subsequent IMA events,
159 …10 a8c5ff755561c7a28146389d1514c318592af49a ima-buf sha256:4d73481ecce5eadba8ab084640d85bb9ca899af…
169 ------------------
200 …10 56c00cc062ffc24ccd9ac2d67d194af3282b934e ima-buf sha256:e7d12c03b958b4e0e53e7363a06376be88d98a1…
207 ------------------
238 …10 790e830a3a7a31590824ac0642b3b31c2d0e8b38 ima-buf sha256:ab9f3c959367a8f5d4403d6ce9c3627dadfa8f9…
248 ----------------
272 …10 77d347408f557f68f0041acb0072946bb2367fe5 ima-buf sha256:42f9ca22163fdfa548e6229dece2959bc5ce295…
279 ------------------
293  new_device_name := "new_name=" <dm-device-name>
294  dm-device-name := Same as <dm-device-name> described in 'Table load' section above
295  new_device_uuid := "new_uuid=" <dm-device-uuid>
296  dm-device-uuid := Same as <dm-device-uuid> described in 'Table load' section above
300   #dmsetup rename linear1 --setuuid 1234-5678
305 …10 8b0423209b4c66ac1523f4c9848c9b51ee332f48 ima-buf sha256:6847b7258134189531db593e9230b257c84f040…
308 …name=linear1,uuid=,major=253,minor=2,minor_count=1,num_targets=1;new_name=linear1,new_uuid=1234-56…
317 …10 bef70476b99c2bdf7136fae033aa8627da1bf76f ima-buf sha256:8c6f9f53b9ef9dc8f92a2f2cca8910e622543d0…
320  name=linear1,uuid=1234-5678,major=253,minor=2,minor_count=1,num_targets=1;
321  new_name=linear\=2,new_uuid=1234-5678;
329  1. cache
340 1. cache
341 ---------
343 section above) has the following data format for 'cache' target.
351  target_name := "target_name=cache"
364  When a 'cache' target is loaded, then IMA ASCII measurement log will have an entry
365  similar to the following, depicting what 'cache' attributes are measured in EVENT_DATA
370 …target_index=0,target_begin=0,target_len=28672,target_name=cache,target_version=2.2.0,metadata_mod…
376 ---------
416 …iv_large_sectors=n,cipher_string=aes-xts-plain64,key_size=32,key_parts=1,key_extra_size=0,key_mac_…
419 -------------
436  integrity_mode_str := "J" | "B" | "D" | "R"
463 ----------
488 ----------
501 …                     mirror_device_row is repeated <NR> times - for <NR> described in <nr_mirrors>.
504                        where <X> ranges from 0 to (<NR> -1) - for <NR> described in <nr_mirrors>.
506                          where <X> ranges from 0 to (<NR> -1) - for <NR> described in <nr_mirrors>.
507  mirror_device_status_char := "A" | "F" | "D" | "S" | "R" | "U"
527 -------------
542 …               where <X> ranges from 0 to (<NPG> -1) - for <NPG> described in <nr_priority_groups>.
543  pg_state_str := "E" | "A" | "D"
547 …               where <X> ranges from 0 to (<NPG> -1) - for <NPG> described in <nr_priority_groups>,
548 …              and <Y> ranges from 0 to (<NPGP> -1) - for <NPGP> described in <priority_groups_row>.
560     pg_state_0=E,nr_pgpaths_0=2,path_selector_name_0=queue-length,
563     pg_state_1=E,nr_pgpaths_1=2,path_selector_name_1=queue-length,
568 --------
584 …            <raid_device_status_row> is repeated <NRD> times - for <NRD> described in <raid_disks>.
586 …                       where <X> ranges from 0 to (<NRD> -1) - for <NRD> described in <raid_disks>.
587  raid_device_status_str := "A" | "D" | "a" | "-"
608 ------------
638 -----------
654                        where <X> ranges from 0 to (<NS> -1) - for <NS> described in <stripes>.
656                            where <X> ranges from 0 to (<NS> -1) - for <NS> described in <stripes>.
658                   where <X> ranges from 0 to (<NS> -1) - for <NS> described in <stripes>.
659  stripe_status_str := "D" | "A"
674 ----------
695  salt_str := "-" <verity_salt_str>
710  name=test-verity,uuid=,major=253,minor=2,minor_count=1,num_targets=1;