linux/Documentation
Mimi Zohar 3323eec921 integrity: IMA as an integrity service provider
IMA provides hardware (TPM) based measurement and attestation for
file measurements. As the Trusted Computing (TPM) model requires,
IMA measures all files before they are accessed in any way (on the
integrity_bprm_check, integrity_path_check and integrity_file_mmap
hooks), and commits the measurements to the TPM. Once added to the
TPM, measurements can not be removed.

In addition, IMA maintains a list of these file measurements, which
can be used to validate the aggregate value stored in the TPM.  The
TPM can sign these measurements, and thus the system can prove, to
itself and to a third party, the system's integrity in a way that
cannot be circumvented by malicious or compromised software.

- alloc ima_template_entry before calling ima_store_template()
- log ima_add_boot_aggregate() failure
- removed unused IMA_TEMPLATE_NAME_LEN
- replaced hard coded string length with #define name

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-06 09:05:30 +11:00
..
ABI Add c2 port support 2008-11-12 17:17:18 -08:00
accounting .gitignore updates 2008-10-30 11:38:45 -07:00
acpi ACPI: update debug parameter documentation 2008-11-07 21:45:29 -05:00
aoe aoe: user can ask driver to forget previously detected devices 2008-02-08 09:22:31 -08:00
arm Merge branch 'for-rmk' of git://git.kernel.org/pub/scm/linux/kernel/git/ycmiao/pxa-linux-2.6 into devel 2008-12-29 18:08:11 +00:00
auxdisplay .gitignore updates 2008-10-30 11:38:45 -07:00
blackfin Blackfin arch: add supporting for kgdb 2008-10-13 14:07:19 +08:00
block Documentation: remove reference to ll_rw_blk.c and moved drivers/block/elevator.c 2008-12-29 08:28:43 +01:00
blockdev Create/use more directory structure in the Documentation/ tree. 2008-11-14 17:28:53 +00:00
cdrom doc/cdrom: Trvial documentation error, file not present 2008-10-10 08:22:44 +02:00
cgroups freezer_cg: disable writing freezer.state of root cgroup 2008-11-12 17:17:16 -08:00
connector .gitignore updates 2008-10-30 11:38:45 -07:00
console Typo: fro -> from 2007-07-19 10:04:47 -07:00
controllers sched: add hierarchical accounting to cpu accounting controller 2008-11-11 12:13:28 +01:00
cpu-freq doc: Update sh cpufreq documentation. 2008-12-22 18:44:47 +09:00
cpuidle cpuidle: Add Documentation 2008-02-14 00:16:13 -05:00
cris fix random typos 2008-10-16 11:21:30 -07:00
crypto [CRYPTO] doc: Update api-intro.txt 2008-01-11 08:16:14 +11:00
development-process Add the development process document 2008-10-16 11:51:30 -06:00
device-mapper dm crypt: add documentation 2008-04-25 13:27:03 +01:00
DocBook WAN: syncppp.c is no longer used by any kernel code. Remove it. 2008-11-22 02:49:48 +01:00
driver-model Driver core: Update some prototypes in platform.txt 2008-02-02 15:14:49 -08:00
dvb V4L/DVB (9812): [PATCH] short help for Technisat cards to select the right configuration 2008-12-30 09:38:35 -02:00
early-userspace Documentation: Remove last references to BitKeeper. 2008-04-21 22:19:05 +00:00
fault-injection fault-injection: fix example scripts in documentation 2007-07-16 09:05:45 -07:00
fb [ARM] pxafb: add support for overlay1 and overlay2 as framebuffer devices 2008-12-29 18:00:04 +08:00
filesystems [XFS] Fix merge failures 2008-12-29 16:47:18 +11:00
firmware_class firmware_sample_driver.c: fix coding style 2008-04-21 22:23:30 +00:00
frv move frv docs one level up 2008-02-03 15:54:28 +02:00
hwmon adt7462: new hwmon driver 2008-11-12 17:17:17 -08:00
i2c i2c: The i2c mailing list is moving 2008-10-30 15:55:47 +01:00
i2o documentation: convert the Documentation directory to UTF-8 2007-05-09 08:58:19 +02:00
ia64 .gitignore updates 2008-10-30 11:38:45 -07:00
ide gayle: add "doubler" parameter 2008-04-27 15:38:30 +02:00
infiniband IB/umad: Add P_Key index support 2007-10-09 19:59:15 -07:00
input Input: fix the example of an input device driver 2008-11-11 11:41:49 -05:00
ioctl Create/use more directory structure in the Documentation/ tree. 2008-11-14 17:28:53 +00:00
isdn Rationalise Randy's address a bit 2008-10-30 11:38:47 -07:00
ja_JP HOWTO: Sync patch for jp_JP/HOWTO 2008-10-29 15:03:50 -07:00
kbuild kbuild: introduce $(kecho) convenience echo 2008-12-03 21:32:00 +01:00
kdump powerpc: Support for relocatable kdump kernel 2008-10-22 15:01:22 +11:00
ko_KR HOWTO: update misspelling and word incorrected 2007-12-17 10:33:19 -08:00
laptops Merge branch 'linus' into test 2008-10-23 00:11:07 -04:00
lguest lguest: move the initial guest page table creation code to the host 2008-12-30 09:26:11 +10:30
m68k [SCSI] 53c7xx: fix removal fallout 2008-01-11 18:22:30 -06:00
make Documentation/make/headers_install.txt 2007-10-17 08:43:05 -07:00
mips au1xxx-ide: fix MWDMA support 2008-04-26 22:25:22 +02:00
mn10300 mn10300: add the MN10300/AM33 architecture to the kernel 2008-02-08 09:22:30 -08:00
mtd [MTD] [NAND] nand_ecc.c: rewrite for improved performance 2008-08-16 10:55:33 +01:00
namespaces The namespaces compatibility list doc 2007-11-29 09:24:53 -08:00
netlabel Fix occurrences of "the the " 2007-05-09 08:57:56 +02:00
networking dccp ccid-2: Phase out the use of boolean Ack Vector sysctl 2008-12-08 01:19:06 -08:00
parisc
PCI Create/use more directory structure in the Documentation/ tree. 2008-11-14 17:28:53 +00:00
pcmcia .gitignore updates 2008-10-30 11:38:45 -07:00
power pm: document use of RTC in pm_trace 2008-10-16 11:21:29 -07:00
powerpc gianfar: Convert gianfar to an of_platform_driver 2008-12-16 15:29:15 -08:00
prctl generic, x86: add tests for prctl PR_GET_TSC and PR_SET_TSC 2008-04-19 19:19:55 +02:00
RCU Merge branch 'core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2008-12-30 16:10:19 -08:00
s390 [S390] cio: Exorcise cio_msg= from documentation. 2008-10-10 21:33:49 +02:00
scheduler Merge branch 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2008-12-28 12:27:58 -08:00
scsi [SCSI] cxgb3i: Add cxgb3i iSCSI driver. 2008-12-30 10:45:33 -06:00
serial Create/use more directory structure in the Documentation/ tree. 2008-11-14 17:28:53 +00:00
sh sh: Kill off remaining CONFIG_SH_KGDB bits. 2008-12-22 18:44:05 +09:00
sound Merge branch 'topic/oxygen' into to-push 2008-12-25 11:40:30 +01:00
sparc sparc: Remove Documentation/sparc/sbus_drivers.txt 2008-08-29 02:15:25 -07:00
spi spi documentation: use __initdata on struct 2008-12-01 19:55:24 -08:00
sysctl Document kernel taint flags properly 2008-10-29 15:03:49 -07:00
telephony remove mention of CONFIG_KMOD from documentation 2008-07-22 19:24:29 +10:00
thermal thermal: update the documentation 2008-04-29 02:49:47 -04:00
timers hpet: /dev/hpet - fixes and cleanup 2008-07-31 18:45:41 +02:00
tracers tracing, doc: update mmiotrace documentation 2008-11-23 20:33:24 +01:00
uml Fix typos in /Documentation : 'U-Z' 2006-11-30 04:58:40 +01:00
usb USB: fix comment about endianness of descriptors 2008-12-17 10:49:14 -08:00
video4linux V4L/DVB (10128): modify V4L documentation to be a valid XHTML 2008-12-30 09:40:39 -02:00
vm .gitignore updates 2008-10-30 11:38:45 -07:00
w1 hdq: documentation for OMAP HDQ 2008-11-12 17:17:18 -08:00
watchdog .gitignore updates 2008-10-30 11:38:45 -07:00
x86 Merge branches 'x86/apic', 'x86/cleanups', 'x86/cpufeature', 'x86/crashdump', 'x86/debug', 'x86/defconfig', 'x86/detect-hyper', 'x86/doc', 'x86/dumpstack', 'x86/early-printk', 'x86/fpu', 'x86/idle', 'x86/io', 'x86/memory-corruption-check', 'x86/microcode', 'x86/mm', 'x86/mtrr', 'x86/nmi-watchdog', 'x86/pat2', 'x86/pci-ioapic-boot-irq-quirks', 'x86/ptrace', 'x86/quirks', 'x86/reboot', 'x86/setup-memory', 'x86/signal', 'x86/sparse-fixes', 'x86/time', 'x86/uv' and 'x86/xen' into x86/core 2008-12-23 16:27:23 +01:00
zh_CN Chinese: add translation of Codingstyle 2008-01-24 20:40:04 -08:00
00-INDEX Merge branch 'doc-subdirs' of git://git.kernel.org/pub/scm/linux/kernel/git/rdunlap/linux-docs 2008-11-15 11:51:03 -08:00
applying-patches.txt
atomic_ops.txt documentation: atomic_add_unless() doesn't imply mb() on failure 2008-02-23 17:52:36 -08:00
basic_profiling.txt
binfmt_misc.txt documentation: convert the Documentation directory to UTF-8 2007-05-09 08:58:19 +02:00
braille-console.txt Basic braille screen reader support 2008-04-30 08:29:52 -07:00
bt8xxgpio.txt gpio: add bt8xxgpio driver 2008-07-25 10:53:30 -07:00
BUG-HUNTING Documentation: add hint about call traces & module symbols to BUG-HUNTING 2008-02-06 10:41:09 -08:00
c2port.txt Add c2 port support 2008-11-12 17:17:18 -08:00
cachetlb.txt remove unused flush_tlb_pgtables 2007-10-19 11:53:34 -07:00
Changes [x86 setup] Document grub < 0.93 as broken 2007-08-02 13:50:43 -04:00
CodingStyle documentation: update CodingStyle tips for Emacs users 2008-07-25 10:53:29 -07:00
cpu-hotplug.txt cpu hotplug: s390 doesn't support additional_cpus anymore. 2008-08-12 16:07:28 -07:00
cpu-load.txt [PATCH] Documentation: CPU load calculation description 2007-03-01 14:53:39 -08:00
cpusets.txt container freezer: document the cgroup freezer subsystem. 2008-10-20 08:52:34 -07:00
cputopology.txt cpu topology: always define CPU topology information 2008-06-13 10:09:46 +02:00
credentials.txt CRED: Documentation 2008-11-14 10:39:26 +11:00
dcdbas.txt
debugging-modules.txt Documentation: Clarify when module debugging actually works. 2008-02-03 15:27:38 +02:00
debugging-via-ohci1394.txt firewire: fw-ohci: add option for remote debugging 2008-04-18 17:55:33 +02:00
dell_rbu.txt
devices.txt USB: add USB test and measurement class driver 2008-10-17 14:40:51 -07:00
DMA-API.txt DMA-API.txt: fix description of pci_map_sg/dma_map_sg scatterlists handling 2008-12-01 19:55:24 -08:00
DMA-attributes.txt powerpc/cell: Add DMA_ATTR_WEAK_ORDERING dma attribute and use in Cell IOMMU code 2008-07-22 10:39:36 +10:00
DMA-ISA-LPC.txt Fix typos in /Documentation : 'T'' 2006-11-30 04:55:36 +01:00
DMA-mapping.txt Documentation/DMA-mapping.txt: update for pci_dma_mapping_error() changes 2008-09-23 08:09:14 -07:00
dontdiff dontdiff: more updates to be closer to gitignore 2008-10-16 11:21:31 -07:00
edac.txt Documentation cleanup: trivial misspelling, punctuation, and grammar corrections. 2008-07-26 12:00:06 -07:00
eisa.txt Fix typos in /Documentation : 'U-Z' 2006-11-30 04:58:40 +01:00
email-clients.txt Documentation/email-clients.txt: add some info about gmail 2008-11-06 15:41:19 -08:00
exception.txt
feature-removal-schedule.txt selinux: Deprecate and schedule the removal of the the compat_net functionality 2008-12-31 12:54:11 -05:00
ftrace.txt ftrace: improve documentation 2008-11-28 13:15:14 +01:00
gpio.txt gpiolib: request/free hooks 2008-10-16 11:21:40 -07:00
highuid.txt [SPARC]: Remove SunOS and Solaris binary support. 2008-04-21 15:10:15 -07:00
HOWTO Remove Andrew Morton's http://www.zip.com.au/~akpm/ 2008-10-16 11:21:32 -07:00
hw_random.txt hw_random doc updates 2008-03-24 19:22:19 -07:00
ics932s401 ics932s401: new clock generator chip driver 2008-11-12 17:17:18 -08:00
initrd.txt use the newc archive format as requested by initramfs 2008-02-03 14:54:41 +02:00
Intel-IOMMU.txt Documentation cleanup: trivial misspelling, punctuation, and grammar corrections. 2008-07-26 12:00:06 -07:00
io_ordering.txt
io-mapping.txt io mapping: improve documentation 2008-11-03 18:21:44 +01:00
IO-mapping.txt
iostats.txt Documentation cleanup: trivial misspelling, punctuation, and grammar corrections. 2008-07-26 12:00:06 -07:00
IPMI.txt IPMI: new NMI handling 2007-10-18 14:37:32 -07:00
IRQ-affinity.txt genirq: Expose default irq affinity mask (take 3) 2008-06-05 15:18:30 +02:00
IRQ.txt
irqflags-tracing.txt
isapnp.txt
java.txt Documentation/java.txt: typo and grammar fixes 2007-10-20 02:37:21 +02:00
kernel-doc-nano-HOWTO.txt sched: add kernel doc for the completion, fix kernel-doc-nano-HOWTO.txt 2008-08-26 10:26:54 +02:00
kernel-docs.txt doc: update to URL and status of kernel-docs.txt entry 2008-06-06 11:29:10 -07:00
kernel-parameters.txt integrity: IMA as an integrity service provider 2009-02-06 09:05:30 +11:00
keys-request-key.txt keys: allow the callout data to be passed as a blob rather than a string 2008-04-29 08:06:16 -07:00
keys.txt Documentation cleanup: trivial misspelling, punctuation, and grammar corrections. 2008-07-26 12:00:06 -07:00
kobject.txt kobject: Fix kobject_rename and !CONFIG_SYSFS 2008-10-16 09:24:52 -07:00
kprobes.txt powerpc/booke: Add kprobes support for booke style processors 2008-06-26 03:35:46 -05:00
kref.txt docs: convert kref semaphore to mutex 2008-02-06 10:41:09 -08:00
ldm.txt LDM: Fix for Windows Vista dynamic disks 2007-05-21 09:58:40 -07:00
leds-class.txt Documentation cleanup: trivial misspelling, punctuation, and grammar corrections. 2008-07-26 12:00:06 -07:00
local_ops.txt documentation: local_ops fix on_each_cpu 2008-12-01 13:51:26 +01:00
lockdep-design.txt
lockstat.txt lockstat: contend with points 2008-10-20 15:43:10 +02:00
logo.gif
logo.txt
magic-number.txt [SPARC]: Remove SunOS and Solaris binary support. 2008-04-21 15:10:15 -07:00
Makefile docsrc: build Documentation/ sources 2008-08-12 16:07:30 -07:00
ManagementStyle docs: fix ManagementStyle book name 2008-10-30 11:38:46 -07:00
markers.txt markers: comment marker_synchronize_unregister() on data dependency 2008-11-28 16:47:41 +01:00
mca.txt The ps2esdi driver was marked as BROKEN more than two years ago due to being 2008-03-17 09:03:05 +01:00
md.txt md: Tidy up rdev_size_store a bit: 2008-07-21 14:22:18 +10:00
memory-barriers.txt read_barrier_depends arch fixlets 2008-05-14 10:05:18 -07:00
memory-hotplug.txt memory hotplug: document the memory hotplug notifier 2007-10-22 08:13:17 -07:00
memory.txt
mono.txt
mutex-design.txt Documentation: Add nested versions of mutex locks to docs 2007-10-20 00:15:26 +02:00
nmi_watchdog.txt x86, nmi-watchdog: update procfs nmi_watchdog file documentation v2 2008-10-30 19:07:04 +01:00
nommu-mmap.txt
numastat.txt
oops-tracing.txt Taint kernel after WARN_ON(condition) 2008-04-29 08:05:59 -07:00
parport-lowlevel.txt plip: fix parport_register_device name parameter 2007-11-26 19:39:01 -08:00
parport.txt
pi-futex.txt
pnp.txt Documentation: Replace obsolete "driverfs" with "sysfs". 2008-01-24 20:40:04 -08:00
preempt-locking.txt
printk-formats.txt DOC: add printk-formats.txt 2008-11-12 17:17:17 -08:00
prio_tree.txt
rbtree.txt [PATCH] Documentation/rbtree.txt 2007-02-11 10:51:35 -08:00
rfkill.txt rfkill: add master_switch_mode and EPO lock to rfkill and rfkill-input 2008-10-31 19:00:09 -04:00
robust-futex-ABI.txt Fix typos in /Documentation : 'U-Z' 2006-11-30 04:58:40 +01:00
robust-futexes.txt Fix typos in /Documentation : Misc 2006-11-30 05:21:10 +01:00
rt-mutex-design.txt
rt-mutex.txt
rtc.txt rtc: cleanup example code 2008-02-06 10:41:14 -08:00
SAK.txt Remove Andrew Morton's old email accounts 2008-10-16 11:21:32 -07:00
SecurityBugs
SELinux.txt selinux: add support for installing a dummy policy (v2) 2008-08-27 08:54:08 +10:00
serial-console.txt
sgi-ioc4.txt
sgi-visws.txt
SM501.txt Tweak Documentation/SM501.txt 2007-10-17 08:43:06 -07:00
Smack.txt Smack: Simplified Mandatory Access Control Kernel 2008-02-05 09:44:20 -08:00
sparse.txt kbuild: sparse needs CF not CHECKFLAGS 2008-07-25 22:12:39 +02:00
spinlocks.txt Add additional examples in Documentation/spinlocks.txt 2008-04-11 13:21:14 -06:00
stable_api_nonsense.txt stable_api_nonsense.txt: Disambiguate the use of "this" by using "that" to refer to the syscall interface 2007-07-30 14:25:12 -07:00
stable_kernel_rules.txt Update stable tree documentation 2008-10-29 15:03:49 -07:00
SubmitChecklist documentation: explain memory barriers 2008-10-16 11:21:32 -07:00
SubmittingDrivers Remove Andrew Morton's old email accounts 2008-10-16 11:21:32 -07:00
SubmittingPatches Merge branch 'docs' of git://git.lwn.net/linux-2.6 2008-10-16 12:18:16 -07:00
svga.txt
sysfs-rules.txt sysfs-rules.txt: reword API stability statement 2008-07-21 21:54:59 -07:00
sysrq.txt Merge branch 'v28-timers-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2008-10-20 13:19:56 -07:00
tracepoints.txt tracepoints: Documentation TPPROTO misspelt in Documentation/tracepoints.txt 2008-11-29 15:13:42 +01:00
unaligned-memory-access.txt introduce HAVE_EFFICIENT_UNALIGNED_ACCESS Kconfig symbol 2008-07-25 10:53:27 -07:00
unicode.txt
unshare.txt
VGA-softcursor.txt
video-output.txt output: Add output class document 2006-12-20 01:46:58 -05:00
volatile-considered-harmful.txt Documentation cleanup: trivial misspelling, punctuation, and grammar corrections. 2008-07-26 12:00:06 -07:00
voyager.txt
zorro.txt