dm-ima.h 2.6 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
/* SPDX-License-Identifier: GPL-2.0
 *
 * Copyright (C) 2021 Microsoft Corporation
 *
 * Author: Tushar Sugandhi <tusharsu@linux.microsoft.com>
 *
 * File: dm-ima.h
 *       Header file for device mapper IMA measurements.
 */

#ifndef DM_IMA_H
#define DM_IMA_H

#define DM_IMA_MEASUREMENT_BUF_LEN	4096
#define DM_IMA_DEVICE_BUF_LEN		1024
#define DM_IMA_TARGET_METADATA_BUF_LEN	128
#define DM_IMA_TARGET_DATA_BUF_LEN	2048
18
#define DM_IMA_DEVICE_CAPACITY_BUF_LEN	128
19
#define DM_IMA_TABLE_HASH_ALG		"sha256"
20

21 22 23 24 25 26 27 28
#define __dm_ima_stringify(s) #s
#define __dm_ima_str(s) __dm_ima_stringify(s)

#define DM_IMA_VERSION_STR "dm_version="	\
	__dm_ima_str(DM_VERSION_MAJOR) "."	\
	__dm_ima_str(DM_VERSION_MINOR) "."	\
	__dm_ima_str(DM_VERSION_PATCHLEVEL) ";"

29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
#ifdef CONFIG_IMA

struct dm_ima_device_table_metadata {
	/*
	 * Contains data specific to the device which is common across
	 * all the targets in the table (e.g. name, uuid, major, minor, etc).
	 * The values are stored in comma separated list of key1=val1,key2=val2;
	 * pairs delimited by a semicolon at the end of the list.
	 */
	char *device_metadata;
	unsigned int device_metadata_len;
	unsigned int num_targets;

	/*
	 * Contains the sha256 hashes of the IMA measurements of the target
	 * attributes' key-value pairs from the active/inactive tables.
	 */
	char *hash;
	unsigned int hash_len;
};

/*
 * This structure contains device metadata, and table hash for
 * active and inactive tables for ima measurements.
 */
struct dm_ima_measurements {
	struct dm_ima_device_table_metadata active_table;
	struct dm_ima_device_table_metadata inactive_table;
57
	unsigned int dm_version_str_len;
58 59 60 61
};

void dm_ima_reset_data(struct mapped_device *md);
void dm_ima_measure_on_table_load(struct dm_table *table, unsigned int status_flags);
62
void dm_ima_measure_on_device_resume(struct mapped_device *md, bool swap);
63
void dm_ima_measure_on_device_remove(struct mapped_device *md, bool remove_all);
64
void dm_ima_measure_on_table_clear(struct mapped_device *md, bool new_map);
65
void dm_ima_measure_on_device_rename(struct mapped_device *md);
66 67 68 69 70

#else

static inline void dm_ima_reset_data(struct mapped_device *md) {}
static inline void dm_ima_measure_on_table_load(struct dm_table *table, unsigned int status_flags) {}
71
static inline void dm_ima_measure_on_device_resume(struct mapped_device *md, bool swap) {}
72
static inline void dm_ima_measure_on_device_remove(struct mapped_device *md, bool remove_all) {}
73
static inline void dm_ima_measure_on_table_clear(struct mapped_device *md, bool new_map) {}
74
static inline void dm_ima_measure_on_device_rename(struct mapped_device *md) {}
75 76 77 78

#endif /* CONFIG_IMA */

#endif /* DM_IMA_H */