620860c15a
This commit adds the Dynamic Integrity Measurement (DIM) architecture to security/integrity. DIM is designed to monitor the integrity of executables and running processes by maintaining and verifying hashes. It can also interact with TPM hardware to extend integrity measurements. The DIM architecture consists of two main modules: - dim_core: Provides the core functionality for measuring, monitor and log the integrity of running processes and executables. - dim_monitor: Provides the ability to measure and monitor the integrity of dim_core. Subdirectory overview: - common: Contains shared utilities, hash functions, TPM interaction, and logging for DIM. - core: Implements the "dim_core" module and the main integrity measurement logic, including process measurement, memory management, and policies. - measure: Provides measurement utilities and baseline functions for DIM's integrity checks. - monitor: Implements the "dim_monitor" module. CONFIG options: - CONFIG_DIM: Top-level option to enable the DIM architecture. - CONFIG_DIM_CORE: Enables the "dim_core" module for core functionalities. - CONFIG_DIM_HASH_SUPPORT_SM3: Enables the SM3 hash algorithm for integrity measurement. - CONFIG_DIM_MONITOR: Enables the "dim_monitor" module. The code is from: https://gitee.com/openeuler/dim. Signed-off-by: Sinong Chen <costinchen@tencent.com> |
||
|---|---|---|
| .. | ||
| apparmor | ||
| bpf | ||
| integrity | ||
| keys | ||
| landlock | ||
| loadpin | ||
| lockdown | ||
| safesetid | ||
| selinux | ||
| smack | ||
| tomoyo | ||
| yama | ||
| Kconfig | ||
| Kconfig.hardening | ||
| Makefile | ||
| commoncap.c | ||
| device_cgroup.c | ||
| inode.c | ||
| lsm_audit.c | ||
| min_addr.c | ||
| security.c | ||