From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4D0D6C11F69 for ; Tue, 13 Jul 2021 00:49:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 33D9861209 for ; Tue, 13 Jul 2021 00:49:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233792AbhGMAwD (ORCPT ); Mon, 12 Jul 2021 20:52:03 -0400 Received: from linux.microsoft.com ([13.77.154.182]:53390 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233778AbhGMAwD (ORCPT ); Mon, 12 Jul 2021 20:52:03 -0400 Received: from Lenovo-Legion-Ubuntu.lan (c-71-197-163-6.hsd1.wa.comcast.net [71.197.163.6]) by linux.microsoft.com (Postfix) with ESMTPSA id 49B5720B83FC; Mon, 12 Jul 2021 17:49:14 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 49B5720B83FC DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1626137354; bh=SU//hBzMUkk+Q1PURhM7dihSkjJiuMVhggj6Kv2tVo4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qJEZzJxOTdEvcVFZ+Q0Ek/dPaBUPbC+JdZfBxGilA8kDr6TUvrkIRxBViMuTfxZDW hCOfiJrg5w9XIHNA9dAznGIXpF84u2ZS2Po8ug/hALwW8lFkWV9Xssj4ESN8A+sB7B jBGkNrObna7JrVzSsLGmJ5u0pc0QvEzKBOeXtP9g= From: Tushar Sugandhi To: dm-devel@redhat.com, agk@redhat.com, snitzer@redhat.com Cc: zohar@linux.ibm.com, linux-integrity@vger.kernel.org, nramas@linux.microsoft.com, tusharsu@linux.microsoft.com Subject: [PATCH 7/7] dm: add documentation for IMA measurement support Date: Mon, 12 Jul 2021 17:49:04 -0700 Message-Id: <20210713004904.8808-8-tusharsu@linux.microsoft.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210713004904.8808-1-tusharsu@linux.microsoft.com> References: <20210713004904.8808-1-tusharsu@linux.microsoft.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org To interpret various DM target measurement data in IMA logs, a separate documentation page is needed under Documentation/admin-guide/device-mapper. Add documentation to help system administrators and attestation client/server component owners to interpret the measurement data generated by various DM targets, on various device/table state changes. Signed-off-by: Tushar Sugandhi --- .../admin-guide/device-mapper/dm-ima.rst | 306 ++++++++++++++++++ .../admin-guide/device-mapper/index.rst | 1 + 2 files changed, 307 insertions(+) create mode 100644 Documentation/admin-guide/device-mapper/dm-ima.rst diff --git a/Documentation/admin-guide/device-mapper/dm-ima.rst b/Documentation/admin-guide/device-mapper/dm-ima.rst new file mode 100644 index 000000000000..1be2da7c6b6b --- /dev/null +++ b/Documentation/admin-guide/device-mapper/dm-ima.rst @@ -0,0 +1,306 @@ +====== +dm-ima +====== + +For a given system, various external services/infrastructure tools +(including the attestation service) interact with it - both during the +setup and during rest of the system run-time. They share sensitive data +and/or execute critical workload on that system. The external services +may want to verify the current run-time state of the relevant kernel +subsystems before fully trusting the system with business-critical +data/workload. + +Device mapper plays a critical role on a given system by providing +various important functionalities to the block devices using various +target types like crypt, verity, integrity etc. Each of these target +types’ functionalities can be configured with various attributes. +The attributes chosen to configure these target types can significantly +impact the security profile of the block device, and in-turn, of the +system itself. For instance, the type of encryption algorithm and the +key size determines the strength of encryption for a given block device. + +Therefore, verifying the current state of various block devices as well +as their various target attributes is crucial for external services before +fully trusting the system with business-critical data/workload. + +IMA kernel subsystem provides the necessary functionality for +device mapper to measure the state and configuration of +various block devices - + - BY device mapper itself, from within the kernel, + - in a tamper resistant way, + - and re-measured - triggered on state/configuration change. + +Setting the IMA Policy: +======================= +For IMA to measure the data on a given system, the IMA policy on the +system needs to be updated to have following line, and the system needs +to be restarted for the measurements to take effect. + +/etc/ima/ima-policy + measure func=CRITICAL_DATA label=device-mapper template=ima-buf + +The measurements will be reflected in the IMA logs, which are located at: + +/sys/kernel/security/integrity/ima/ascii_runtime_measurements +/sys/kernel/security/integrity/ima/binary_runtime_measurements + +Then IMA ASCII measurement log has the following format: +PCR TEMPLATE_DIGEST TEMPLATE ALG:EVENT_DIGEST EVENT_NAME EVENT_DATA + +PCR := Platform Configuration Register, in which the values are registered. + This is applicable if TPM chip is in use. +TEMPLATE_DIGEST := Template digest of the IMA record. +TEMPLATE := Template that registered the integrity value (e.g. ima-buf). +ALG:EVENT_DIGEST = Algorithm to compute event digest, followed by digest of event data +EVENT_NAME := Description of the event (e.g. 'table_load'). +EVENT_DATA := The event data to be measured. + +The DM target data measured by IMA subsystem can alternatively +be queried from userspace by setting DM_IMA_MEASUREMENT_FLAG with +DM_TABLE_STATUS_CMD. + +Supported Device States: +======================== +Following device state changes will trigger IMA measurements. +01. Table load +02. Device resume +03. Device remove +04. Table clear +05. Device rename + +01. Table load: +--------------- +When a new table is loaded in a device's inactive table slot, +the device information and target specific details from the +targets in the table are measured. + +For instance, if a linear device is created with the following table entries, +# dmsetup create linear1 +0 2 linear /dev/loop0 512 +2 2 linear /dev/loop0 512 +4 2 linear /dev/loop0 512 +6 2 linear /dev/loop0 512 + +Then IMA ASCII measurement log will have an entry with: +EVENT_NAME := table_load +EVENT_DATA := [device_data];[target_data_row_1];[target_data_row_2];...[target_data_row_n]; + +E.g. +(converted from ASCII to text for readability) +10 a8c5ff755561c7a28146389d1514c318592af49a ima-buf sha256:4d73481ecce5eadba8ab084640d85bb9ca899af4d0a122989252a76efadc5b72 +table_load +name=linear1,uuid=,major=253,minor=0,minor_count=1,num_targets=4; +target_index=0,target_begin=0,target_len=2,target_type_name=linear,target_type_version=1.4.0,device_name=7:0,start=512; +target_index=1,target_begin=2,target_len=2,target_type_name=linear,target_type_version=1.4.0,device_name=7:0,start=512; +target_index=2,target_begin=4,target_len=2,target_type_name=linear,target_type_version=1.4.0,device_name=7:0,start=512; +target_index=3,target_begin=6,target_len=2,target_type_name=linear,target_type_version=1.4.0,device_name=7:0,start=512; + +02. Device resume: +------------------ +When a suspended device is resumed, the device information and a sha256 hash of the +data from previous load of an active table are measured. + +For instance, if a linear device is resumed with the following command, +#dmsetup resume linear1 + +Then IMA ASCII measurement log will have an entry with: +EVENT_NAME := device_resume +EVENT_DATA := [device_data];active_table_hash=(sha256hash([device_data];[target_data_row_1];...[target_data_row_n]); + current_device_capacity=; + +E.g. +(converted from ASCII to text for readability) +10 56c00cc062ffc24ccd9ac2d67d194af3282b934e ima-buf sha256:e7d12c03b958b4e0e53e7363a06376be88d98a1ac191fdbd3baf5e4b77f329b6 +device_resume +name=linear1,uuid=,major=253,minor=0,minor_count=1,num_targets=4; +active_table_hash=4d73481ecce5eadba8ab084640d85bb9ca899af4d0a122989252a76efadc5b72;current_device_capacity=8; + +03. Device remove: +------------------ +When a device is removed, the device information and a sha256 hash of the +data from an active and inactive table are measured. + +For instance, if a linear device is removed with the following command, +# dmsetup remove linear1 + +Then IMA ASCII measurement log will have an entry with: +EVENT_NAME := device_remove +EVENT_DATA := [device_active_metadata];[device_inactive_metadata]; + [active_table_hash=(sha256hash([device_active_metadata];[active_table_row_1];...[active_table_row_n]), + [inactive_table_hash=(sha256hash([device_inactive_metadata];[inactive_table_row_1];...[inactive_table_row_n]), + remove_all=[y|n];current_device_capacity=; + +E.g +(converted from ASCII to text for readability) +10 499812b621b705061c4514d643894483e16d2619 ima-buf sha256:c3f26b02f09bf5b464925589454bdd4d354077ce430fd1e75c9e96ce29cd1cad +device_remove +device_active_metadata=name=linear1,uuid=,major=253,minor=0,minor_count=1,num_targets=4; +device_inactive_metadata=name=linear1,uuid=,major=253,minor=0,minor_count=1,num_targets=2; +active_table_hash=4d73481ecce5eadba8ab084640d85bb9ca899af4d0a122989252a76efadc5b72, +inactive_table_hash=5596cc857b0e887fd0c5d58dc6382513284596b07f09fd37efae2da224bd521d,remove_all=n; +current_device_capacity=8; + + +04. Table clear: +---------------- +When an inactive table is cleared from the device, the device information and a sha256 hash of the +data from an inactive table are measured. + +For instance, if a linear device's inactive table is cleared with the following command, + +# dmsetup clear linear1 + +Then IMA ASCII measurement log will have an entry with: +EVENT_NAME := table_clear +EVENT_DATA := [device_data];inactive_table_hash=(sha256hash([device_data];[inactive_table_row_1];...[inactive_table_row_n]); +current_device_capacity=; + +E.g. +(converted from ASCII to text for readability) +10 9c11e284d792875352d51c09f6643c96649484be ima-buf sha256:84b22b364ea4d8264fa33c38635c18ef448fa9077731fa7e5f969b1da2003ea4 +table_clear +name=linear1,uuid=,major=253,minor=0,minor_count=1,num_targets=2; +inactive_table_hash=5596cc857b0e887fd0c5d58dc6382513284596b07f09fd37efae2da224bd521d;current_device_capacity=0; + + +05. Device rename: +------------------ +When an device's NAME or UUID is changed, the device information and the new NAME and UUID +are measured. + +For instance, if a linear device's name is changed with the following command, + +#dmsetup rename linear1 linear=2 +Then IMA ASCII measurement log will have an entry with: +EVENT_NAME := device_rename +EVENT_DATA := [current_device_data];new_name=;new_uuid=;current_device_capacity=; + +E.g 1: +#dmsetup rename linear1 --setuuid 1234-5678 + +IMA Log entry: +(converted from ASCII to text for readability) +10 7380ef4d1349fe1ebd74affa54e9fcc960e3cbf5 ima-buf sha256:9759e36a17a967ea43c1bf3455279395a40bd0401105ec5ad8edb9a52054efc7 +device_rename +name=linear1,uuid=,major=253,minor=0,minor_count=1,num_targets=1;new_name=linear1,new_uuid=1234-5678;current_device_capacity=2; + +E.g 2: +# dmsetup rename linear1 linear=2 +10 092c8266fc36e44f74c59f123ecfe15310f249f4 ima-buf sha256:4cf8b85c81fa6fedaeb602b05019124dbbb0605dce58fcdeea56887a8a3874cd +device_rename +name=linear1,uuid=1234-5678,major=253,minor=0,minor_count=1,num_targets=1;new_name=linear\=2,new_uuid=1234-5678;current_device_capacity=2; + + +Supported targets: +================== +Following targets are supported to measure their data using IMA. + +01. cache +02. crypt +03. integrity +04. linear +05. mirror +06. multipath +07. raid +08. snapshot +09. striped +10. verity + +01. cache +--------- +<> + +02. crypt +----- +When a crypt target is loaded, then IMA ASCII measurement log will have an entry +similar to the following, depicting what crypt attributes are measured in EVENT_DATA. + +(converted from ASCII to text for readability) +10 fe3b80a35b155bd282df778e2625066c05fc068c ima-buf sha256:2d86ce9d6f16a4a97607318aa123ae816e0ceadefeea7903abf7f782f2cb78ad +table_load +name=test-crypt,uuid=,major=253,minor=0,minor_count=1,num_targets=1; +target_index=0,target_begin=0,target_len=1953125,target_type_name=crypt,target_type_version=1.23.0, +allow_discards=y,same_cpu=n,submit_from_crypt_cpus=n,no_read_workqueue=n,no_write_workqueue=n, +iv_large_sectors=n,cipher_string=aes-xts-plain64,key_size=32,key_parts=1,key_extra_size=0,key_mac_size=0; + +03. integrity +------------- +<> + + +04. linear +---------- +When a linear target is loaded, then IMA ASCII measurement log will have an entry +similar to the following, depicting what linear attributes are measured in EVENT_DATA. + +(converted from ASCII to text for readability) +10 a8c5ff755561c7a28146389d1514c318592af49a ima-buf sha256:4d73481ecce5eadba8ab084640d85bb9ca899af4d0a122989252a76efadc5b72 +table_load +name=linear1,uuid=,major=253,minor=0,minor_count=1,num_targets=4; +target_index=0,target_begin=0,target_len=2,target_type_name=linear,target_type_version=1.4.0,device_name=7:0,start=512; +target_index=1,target_begin=2,target_len=2,target_type_name=linear,target_type_version=1.4.0,device_name=7:0,start=512; +target_index=2,target_begin=4,target_len=2,target_type_name=linear,target_type_version=1.4.0,device_name=7:0,start=512; +target_index=3,target_begin=6,target_len=2,target_type_name=linear,target_type_version=1.4.0,device_name=7:0,start=512; + +05. mirror +---------- +When a mirror target is loaded, then IMA ASCII measurement log will have an entry +similar to the following, depicting what mirror attributes are measured in EVENT_DATA. + +(converted from ASCII to text for readability) +10 90ff9113a00c367df823595dc347425ce3bfc50a ima-buf sha256:8da0678ed3bf616533573d9e61e5342f2bd16cb0b3145a08262641a743806c2e +table_load +name=test-mirror,uuid=,major=253,minor=4,minor_count=1,num_targets=1; +target_index=0,target_begin=0,target_len=1953125,target_type_name=mirror,target_type_version=1.14.0, +mirrors=2,mirror_device_0=253:2,mirror_device_0_status=A,mirror_device_1=253:3,mirror_device_1_status=A, +handle_errors=y,keep_log=n,log_type_status=; + +06. multipath +------------- +<> + +07. raid +-------- +When a raid target is loaded, then IMA ASCII measurement log will have an entry +similar to the following, depicting what raid attributes are measured in EVENT_DATA. + +(converted from ASCII to text for readability) +10 76cb30d0cd0fe099966f20f5c82e3a2ac29b21a0 ima-buf sha256:52250f20b27376fcfb348bdfa1e1cf5acfd6646e0f3ad1a72952cffd9f818753 +table_load +name=test-raid1,uuid=,major=253,minor=2,minor_count=1,num_targets=1; +target_index=0,target_begin=0,target_len=1953125,target_type_name=raid,target_type_version=1.15.1, +raid_type=raid1,raid_disks=2,raid_state=idle,raid_device_0_status=A,raid_device_1_status=A; + +08. snapshot +------------ +<> + +09. striped +---------- +When a linear target is loaded, then IMA ASCII measurement log will have an entry +similar to the following, depicting what linear attributes are measured in EVENT_DATA. + +(converted from ASCII to text for readability) +10 7bd94fa8f799169b9f12d97b9dbdce4dc5509233 ima-buf sha256:0d148eda69887f7833f1a6042767b54359cd23b64fa941b9e1856879eee1f778 +table_load +name=test-raid0,uuid=,major=253,minor=8,minor_count=1,num_targets=1; +target_index=0,target_begin=0,target_len=7812096,target_type_name=striped,target_type_version=1.6.0,stripes=4,chunk_size=128, +stripe_0_device_name=253:1,stripe_0_physical_start=0,stripe_0_status=A, +stripe_1_device_name=253:3,stripe_1_physical_start=0,stripe_1_status=A, +stripe_2_device_name=253:5,stripe_2_physical_start=0,stripe_2_status=A, +stripe_3_device_name=253:7,stripe_3_physical_start=0,stripe_3_status=A; + +10. verity +---------- +When a verity target is loaded, then IMA ASCII measurement log will have an entry +similar to the following, depicting what verity attributes are measured in EVENT_DATA. + +(converted from ASCII to text for readability) +10 fced5f575b140fc0efac302c88a635174cd663da ima-buf sha256:021370c1cc93929460b06922c606334fb1d7ea5ecf04f2384f3157a446894283 +table_load +name=test-verity,uuid=,major=253,minor=2,minor_count=1,num_targets=1; +target_index=0,target_begin=0,target_len=1953120,target_type_name=verity,target_type_version=1.8.0,hash_failed=V, +verity_version=1,data_device_name=253:1,hash_device_name=253:0,verity_algorithm=sha256, +root_digest=29cb87e60ce7b12b443ba6008266f3e41e93e403d7f298f8e3f316b29ff89c5e, +salt=e48da609055204e89ae53b655ca2216dd983cf3cb829f34f63a297d106d53e2d, +ignore_zero_blocks=n,check_at_most_once=n; diff --git a/Documentation/admin-guide/device-mapper/index.rst b/Documentation/admin-guide/device-mapper/index.rst index 6cf8adc86fa8..cde52cc09645 100644 --- a/Documentation/admin-guide/device-mapper/index.rst +++ b/Documentation/admin-guide/device-mapper/index.rst @@ -13,6 +13,7 @@ Device Mapper dm-dust dm-ebs dm-flakey + dm-ima dm-init dm-integrity dm-io -- 2.25.1 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 695D5C07E9A for ; Tue, 13 Jul 2021 00:56:10 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id EF029611CB for ; Tue, 13 Jul 2021 00:56:09 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org EF029611CB Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: mail.kernel.org; spf=tempfail smtp.mailfrom=dm-devel-bounces@redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-486-v3VV4jUJMx2pPaW0kHPDrw-1; Mon, 12 Jul 2021 20:56:07 -0400 X-MC-Unique: v3VV4jUJMx2pPaW0kHPDrw-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 20F0A80198A; Tue, 13 Jul 2021 00:56:03 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 008555D9DC; Tue, 13 Jul 2021 00:56:02 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C6D7D4EA39; Tue, 13 Jul 2021 00:56:02 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 16D0thCc025286 for ; Mon, 12 Jul 2021 20:55:43 -0400 Received: by smtp.corp.redhat.com (Postfix) id 608062033972; Tue, 13 Jul 2021 00:55:43 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5C1CD20341A2 for ; Tue, 13 Jul 2021 00:55:39 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D6BE389B848 for ; Tue, 13 Jul 2021 00:55:39 +0000 (UTC) Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by relay.mimecast.com with ESMTP id us-mta-549-xunb3OhGNTa5neZ3Iv5Z2w-1; Mon, 12 Jul 2021 20:55:38 -0400 X-MC-Unique: xunb3OhGNTa5neZ3Iv5Z2w-1 Received: from Lenovo-Legion-Ubuntu.lan (c-71-197-163-6.hsd1.wa.comcast.net [71.197.163.6]) by linux.microsoft.com (Postfix) with ESMTPSA id 49B5720B83FC; Mon, 12 Jul 2021 17:49:14 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 49B5720B83FC From: Tushar Sugandhi To: dm-devel@redhat.com, agk@redhat.com, snitzer@redhat.com Date: Mon, 12 Jul 2021 17:49:04 -0700 Message-Id: <20210713004904.8808-8-tusharsu@linux.microsoft.com> In-Reply-To: <20210713004904.8808-1-tusharsu@linux.microsoft.com> References: <20210713004904.8808-1-tusharsu@linux.microsoft.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 16D0thCc025286 X-loop: dm-devel@redhat.com Cc: tusharsu@linux.microsoft.com, nramas@linux.microsoft.com, linux-integrity@vger.kernel.org, zohar@linux.ibm.com Subject: [dm-devel] [PATCH 7/7] dm: add documentation for IMA measurement support X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dm-devel-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 VG8gaW50ZXJwcmV0IHZhcmlvdXMgRE0gdGFyZ2V0IG1lYXN1cmVtZW50IGRhdGEgaW4gSU1BIGxv Z3MsCmEgc2VwYXJhdGUgZG9jdW1lbnRhdGlvbiBwYWdlIGlzIG5lZWRlZCB1bmRlcgpEb2N1bWVu dGF0aW9uL2FkbWluLWd1aWRlL2RldmljZS1tYXBwZXIuCgpBZGQgZG9jdW1lbnRhdGlvbiB0byBo ZWxwIHN5c3RlbSBhZG1pbmlzdHJhdG9ycyBhbmQgYXR0ZXN0YXRpb24KY2xpZW50L3NlcnZlciBj b21wb25lbnQgb3duZXJzIHRvIGludGVycHJldCB0aGUgbWVhc3VyZW1lbnQKZGF0YSBnZW5lcmF0 ZWQgYnkgdmFyaW91cyBETSB0YXJnZXRzLCBvbiB2YXJpb3VzIGRldmljZS90YWJsZSBzdGF0ZQpj aGFuZ2VzLgoKU2lnbmVkLW9mZi1ieTogVHVzaGFyIFN1Z2FuZGhpIDx0dXNoYXJzdUBsaW51eC5t aWNyb3NvZnQuY29tPgotLS0KIC4uLi9hZG1pbi1ndWlkZS9kZXZpY2UtbWFwcGVyL2RtLWltYS5y c3QgICAgICB8IDMwNiArKysrKysrKysrKysrKysrKysKIC4uLi9hZG1pbi1ndWlkZS9kZXZpY2Ut bWFwcGVyL2luZGV4LnJzdCAgICAgICB8ICAgMSArCiAyIGZpbGVzIGNoYW5nZWQsIDMwNyBpbnNl cnRpb25zKCspCiBjcmVhdGUgbW9kZSAxMDA2NDQgRG9jdW1lbnRhdGlvbi9hZG1pbi1ndWlkZS9k ZXZpY2UtbWFwcGVyL2RtLWltYS5yc3QKCmRpZmYgLS1naXQgYS9Eb2N1bWVudGF0aW9uL2FkbWlu LWd1aWRlL2RldmljZS1tYXBwZXIvZG0taW1hLnJzdCBiL0RvY3VtZW50YXRpb24vYWRtaW4tZ3Vp ZGUvZGV2aWNlLW1hcHBlci9kbS1pbWEucnN0Cm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAw MDAwMDAwMDAwMC4uMWJlMmRhN2M2YjZiCi0tLSAvZGV2L251bGwKKysrIGIvRG9jdW1lbnRhdGlv bi9hZG1pbi1ndWlkZS9kZXZpY2UtbWFwcGVyL2RtLWltYS5yc3QKQEAgLTAsMCArMSwzMDYgQEAK Kz09PT09PQorZG0taW1hCis9PT09PT0KKworRm9yIGEgZ2l2ZW4gc3lzdGVtLCB2YXJpb3VzIGV4 dGVybmFsIHNlcnZpY2VzL2luZnJhc3RydWN0dXJlIHRvb2xzCisoaW5jbHVkaW5nIHRoZSBhdHRl c3RhdGlvbiBzZXJ2aWNlKSBpbnRlcmFjdCB3aXRoIGl0IC0gYm90aCBkdXJpbmcgdGhlCitzZXR1 cCBhbmQgZHVyaW5nIHJlc3Qgb2YgdGhlIHN5c3RlbSBydW4tdGltZS4gIFRoZXkgc2hhcmUgc2Vu c2l0aXZlIGRhdGEKK2FuZC9vciBleGVjdXRlIGNyaXRpY2FsIHdvcmtsb2FkIG9uIHRoYXQgc3lz dGVtLiAgVGhlIGV4dGVybmFsIHNlcnZpY2VzCittYXkgd2FudCB0byB2ZXJpZnkgdGhlIGN1cnJl bnQgcnVuLXRpbWUgc3RhdGUgb2YgdGhlIHJlbGV2YW50IGtlcm5lbAorc3Vic3lzdGVtcyBiZWZv cmUgZnVsbHkgdHJ1c3RpbmcgdGhlIHN5c3RlbSB3aXRoIGJ1c2luZXNzLWNyaXRpY2FsCitkYXRh L3dvcmtsb2FkLgorCitEZXZpY2UgbWFwcGVyIHBsYXlzIGEgY3JpdGljYWwgcm9sZSBvbiBhIGdp dmVuIHN5c3RlbSBieSBwcm92aWRpbmcKK3ZhcmlvdXMgaW1wb3J0YW50IGZ1bmN0aW9uYWxpdGll cyB0byB0aGUgYmxvY2sgZGV2aWNlcyB1c2luZyB2YXJpb3VzCit0YXJnZXQgdHlwZXMgbGlrZSBj cnlwdCwgdmVyaXR5LCBpbnRlZ3JpdHkgZXRjLiAgRWFjaCBvZiB0aGVzZSB0YXJnZXQKK3R5cGVz 4oCZIGZ1bmN0aW9uYWxpdGllcyBjYW4gYmUgY29uZmlndXJlZCB3aXRoIHZhcmlvdXMgYXR0cmli dXRlcy4KK1RoZSBhdHRyaWJ1dGVzIGNob3NlbiB0byBjb25maWd1cmUgdGhlc2UgdGFyZ2V0IHR5 cGVzIGNhbiBzaWduaWZpY2FudGx5CitpbXBhY3QgdGhlIHNlY3VyaXR5IHByb2ZpbGUgb2YgdGhl IGJsb2NrIGRldmljZSwgYW5kIGluLXR1cm4sIG9mIHRoZQorc3lzdGVtIGl0c2VsZi4gIEZvciBp bnN0YW5jZSwgdGhlIHR5cGUgb2YgZW5jcnlwdGlvbiBhbGdvcml0aG0gYW5kIHRoZQora2V5IHNp emUgZGV0ZXJtaW5lcyB0aGUgc3RyZW5ndGggb2YgZW5jcnlwdGlvbiBmb3IgYSBnaXZlbiBibG9j ayBkZXZpY2UuCisKK1RoZXJlZm9yZSwgdmVyaWZ5aW5nIHRoZSBjdXJyZW50IHN0YXRlIG9mIHZh cmlvdXMgYmxvY2sgZGV2aWNlcyBhcyB3ZWxsCithcyB0aGVpciB2YXJpb3VzIHRhcmdldCBhdHRy aWJ1dGVzIGlzIGNydWNpYWwgZm9yIGV4dGVybmFsIHNlcnZpY2VzIGJlZm9yZQorZnVsbHkgdHJ1 c3RpbmcgdGhlIHN5c3RlbSB3aXRoIGJ1c2luZXNzLWNyaXRpY2FsIGRhdGEvd29ya2xvYWQuCisK K0lNQSBrZXJuZWwgc3Vic3lzdGVtIHByb3ZpZGVzIHRoZSBuZWNlc3NhcnkgZnVuY3Rpb25hbGl0 eSBmb3IKK2RldmljZSBtYXBwZXIgdG8gbWVhc3VyZSB0aGUgc3RhdGUgYW5kIGNvbmZpZ3VyYXRp b24gb2YKK3ZhcmlvdXMgYmxvY2sgZGV2aWNlcyAtCisgIC0gQlkgZGV2aWNlIG1hcHBlciBpdHNl bGYsIGZyb20gd2l0aGluIHRoZSBrZXJuZWwsCisgIC0gaW4gYSB0YW1wZXIgcmVzaXN0YW50IHdh eSwKKyAgLSBhbmQgcmUtbWVhc3VyZWQgLSB0cmlnZ2VyZWQgb24gc3RhdGUvY29uZmlndXJhdGlv biBjaGFuZ2UuCisKK1NldHRpbmcgdGhlIElNQSBQb2xpY3k6Cis9PT09PT09PT09PT09PT09PT09 PT09PQorRm9yIElNQSB0byBtZWFzdXJlIHRoZSBkYXRhIG9uIGEgZ2l2ZW4gc3lzdGVtLCB0aGUg SU1BIHBvbGljeSBvbiB0aGUKK3N5c3RlbSBuZWVkcyB0byBiZSB1cGRhdGVkIHRvIGhhdmUgZm9s bG93aW5nIGxpbmUsIGFuZCB0aGUgc3lzdGVtIG5lZWRzCit0byBiZSByZXN0YXJ0ZWQgZm9yIHRo ZSBtZWFzdXJlbWVudHMgdG8gdGFrZSBlZmZlY3QuCisKKy9ldGMvaW1hL2ltYS1wb2xpY3kKKyBt ZWFzdXJlIGZ1bmM9Q1JJVElDQUxfREFUQSBsYWJlbD1kZXZpY2UtbWFwcGVyIHRlbXBsYXRlPWlt YS1idWYKKworVGhlIG1lYXN1cmVtZW50cyB3aWxsIGJlIHJlZmxlY3RlZCBpbiB0aGUgSU1BIGxv Z3MsIHdoaWNoIGFyZSBsb2NhdGVkIGF0OgorCisvc3lzL2tlcm5lbC9zZWN1cml0eS9pbnRlZ3Jp dHkvaW1hL2FzY2lpX3J1bnRpbWVfbWVhc3VyZW1lbnRzCisvc3lzL2tlcm5lbC9zZWN1cml0eS9p bnRlZ3JpdHkvaW1hL2JpbmFyeV9ydW50aW1lX21lYXN1cmVtZW50cworCitUaGVuIElNQSBBU0NJ SSBtZWFzdXJlbWVudCBsb2cgaGFzIHRoZSBmb2xsb3dpbmcgZm9ybWF0OgorUENSIFRFTVBMQVRF X0RJR0VTVCBURU1QTEFURSBBTEc6RVZFTlRfRElHRVNUIEVWRU5UX05BTUUgRVZFTlRfREFUQQor CitQQ1IgOj0gUGxhdGZvcm0gQ29uZmlndXJhdGlvbiBSZWdpc3RlciwgaW4gd2hpY2ggdGhlIHZh bHVlcyBhcmUgcmVnaXN0ZXJlZC4KKyAgICAgICBUaGlzIGlzIGFwcGxpY2FibGUgaWYgVFBNIGNo aXAgaXMgaW4gdXNlLgorVEVNUExBVEVfRElHRVNUIDo9IFRlbXBsYXRlIGRpZ2VzdCBvZiB0aGUg SU1BIHJlY29yZC4KK1RFTVBMQVRFIDo9IFRlbXBsYXRlIHRoYXQgcmVnaXN0ZXJlZCB0aGUgaW50 ZWdyaXR5IHZhbHVlIChlLmcuIGltYS1idWYpLgorQUxHOkVWRU5UX0RJR0VTVCA9IEFsZ29yaXRo bSB0byBjb21wdXRlIGV2ZW50IGRpZ2VzdCwgZm9sbG93ZWQgYnkgZGlnZXN0IG9mIGV2ZW50IGRh dGEKK0VWRU5UX05BTUUgOj0gRGVzY3JpcHRpb24gb2YgdGhlIGV2ZW50IChlLmcuICd0YWJsZV9s b2FkJykuCitFVkVOVF9EQVRBIDo9IFRoZSBldmVudCBkYXRhIHRvIGJlIG1lYXN1cmVkLgorCitU aGUgRE0gdGFyZ2V0IGRhdGEgbWVhc3VyZWQgYnkgSU1BIHN1YnN5c3RlbSBjYW4gYWx0ZXJuYXRp dmVseQorYmUgcXVlcmllZCBmcm9tIHVzZXJzcGFjZSBieSBzZXR0aW5nIERNX0lNQV9NRUFTVVJF TUVOVF9GTEFHIHdpdGgKK0RNX1RBQkxFX1NUQVRVU19DTUQuCisKK1N1cHBvcnRlZCBEZXZpY2Ug U3RhdGVzOgorPT09PT09PT09PT09PT09PT09PT09PT09CitGb2xsb3dpbmcgZGV2aWNlIHN0YXRl IGNoYW5nZXMgd2lsbCB0cmlnZ2VyIElNQSBtZWFzdXJlbWVudHMuCiswMS4gVGFibGUgbG9hZAor MDIuIERldmljZSByZXN1bWUKKzAzLiBEZXZpY2UgcmVtb3ZlCiswNC4gVGFibGUgY2xlYXIKKzA1 LiBEZXZpY2UgcmVuYW1lCisKKzAxLiBUYWJsZSBsb2FkOgorLS0tLS0tLS0tLS0tLS0tCitXaGVu IGEgbmV3IHRhYmxlIGlzIGxvYWRlZCBpbiBhIGRldmljZSdzIGluYWN0aXZlIHRhYmxlIHNsb3Qs Cit0aGUgZGV2aWNlIGluZm9ybWF0aW9uIGFuZCB0YXJnZXQgc3BlY2lmaWMgZGV0YWlscyBmcm9t IHRoZQordGFyZ2V0cyBpbiB0aGUgdGFibGUgYXJlIG1lYXN1cmVkLgorCitGb3IgaW5zdGFuY2Us IGlmIGEgbGluZWFyIGRldmljZSBpcyBjcmVhdGVkIHdpdGggdGhlIGZvbGxvd2luZyB0YWJsZSBl bnRyaWVzLAorIyBkbXNldHVwIGNyZWF0ZSBsaW5lYXIxCiswIDIgbGluZWFyIC9kZXYvbG9vcDAg NTEyCisyIDIgbGluZWFyIC9kZXYvbG9vcDAgNTEyCis0IDIgbGluZWFyIC9kZXYvbG9vcDAgNTEy Cis2IDIgbGluZWFyIC9kZXYvbG9vcDAgNTEyCisKK1RoZW4gSU1BIEFTQ0lJIG1lYXN1cmVtZW50 IGxvZyB3aWxsIGhhdmUgYW4gZW50cnkgd2l0aDoKK0VWRU5UX05BTUUgOj0gdGFibGVfbG9hZAor RVZFTlRfREFUQSA6PSBbZGV2aWNlX2RhdGFdO1t0YXJnZXRfZGF0YV9yb3dfMV07W3RhcmdldF9k YXRhX3Jvd18yXTsuLi5bdGFyZ2V0X2RhdGFfcm93X25dOworCitFLmcuCisoY29udmVydGVkIGZy b20gQVNDSUkgdG8gdGV4dCBmb3IgcmVhZGFiaWxpdHkpCisxMCBhOGM1ZmY3NTU1NjFjN2EyODE0 NjM4OWQxNTE0YzMxODU5MmFmNDlhIGltYS1idWYgc2hhMjU2OjRkNzM0ODFlY2NlNWVhZGJhOGFi MDg0NjQwZDg1YmI5Y2E4OTlhZjRkMGExMjI5ODkyNTJhNzZlZmFkYzViNzIKK3RhYmxlX2xvYWQK K25hbWU9bGluZWFyMSx1dWlkPSxtYWpvcj0yNTMsbWlub3I9MCxtaW5vcl9jb3VudD0xLG51bV90 YXJnZXRzPTQ7Cit0YXJnZXRfaW5kZXg9MCx0YXJnZXRfYmVnaW49MCx0YXJnZXRfbGVuPTIsdGFy Z2V0X3R5cGVfbmFtZT1saW5lYXIsdGFyZ2V0X3R5cGVfdmVyc2lvbj0xLjQuMCxkZXZpY2VfbmFt ZT03OjAsc3RhcnQ9NTEyOwordGFyZ2V0X2luZGV4PTEsdGFyZ2V0X2JlZ2luPTIsdGFyZ2V0X2xl bj0yLHRhcmdldF90eXBlX25hbWU9bGluZWFyLHRhcmdldF90eXBlX3ZlcnNpb249MS40LjAsZGV2 aWNlX25hbWU9NzowLHN0YXJ0PTUxMjsKK3RhcmdldF9pbmRleD0yLHRhcmdldF9iZWdpbj00LHRh cmdldF9sZW49Mix0YXJnZXRfdHlwZV9uYW1lPWxpbmVhcix0YXJnZXRfdHlwZV92ZXJzaW9uPTEu NC4wLGRldmljZV9uYW1lPTc6MCxzdGFydD01MTI7Cit0YXJnZXRfaW5kZXg9Myx0YXJnZXRfYmVn aW49Nix0YXJnZXRfbGVuPTIsdGFyZ2V0X3R5cGVfbmFtZT1saW5lYXIsdGFyZ2V0X3R5cGVfdmVy c2lvbj0xLjQuMCxkZXZpY2VfbmFtZT03OjAsc3RhcnQ9NTEyOworCiswMi4gRGV2aWNlIHJlc3Vt ZToKKy0tLS0tLS0tLS0tLS0tLS0tLQorV2hlbiBhIHN1c3BlbmRlZCBkZXZpY2UgaXMgcmVzdW1l ZCwgdGhlIGRldmljZSBpbmZvcm1hdGlvbiBhbmQgYSBzaGEyNTYgaGFzaCBvZiB0aGUKK2RhdGEg ZnJvbSBwcmV2aW91cyBsb2FkIG9mIGFuIGFjdGl2ZSB0YWJsZSBhcmUgbWVhc3VyZWQuCisKK0Zv ciBpbnN0YW5jZSwgaWYgYSBsaW5lYXIgZGV2aWNlIGlzIHJlc3VtZWQgd2l0aCB0aGUgZm9sbG93 aW5nIGNvbW1hbmQsCisjZG1zZXR1cCByZXN1bWUgbGluZWFyMQorCitUaGVuIElNQSBBU0NJSSBt ZWFzdXJlbWVudCBsb2cgd2lsbCBoYXZlIGFuIGVudHJ5IHdpdGg6CitFVkVOVF9OQU1FIDo9IGRl dmljZV9yZXN1bWUKK0VWRU5UX0RBVEEgOj0gW2RldmljZV9kYXRhXTthY3RpdmVfdGFibGVfaGFz aD0oc2hhMjU2aGFzaChbZGV2aWNlX2RhdGFdO1t0YXJnZXRfZGF0YV9yb3dfMV07Li4uW3Rhcmdl dF9kYXRhX3Jvd19uXSk7CisgICAgICAgICAgICAgIGN1cnJlbnRfZGV2aWNlX2NhcGFjaXR5PTxO PjsKKworRS5nLgorKGNvbnZlcnRlZCBmcm9tIEFTQ0lJIHRvIHRleHQgZm9yIHJlYWRhYmlsaXR5 KQorMTAgNTZjMDBjYzA2MmZmYzI0Y2NkOWFjMmQ2N2QxOTRhZjMyODJiOTM0ZSBpbWEtYnVmIHNo YTI1NjplN2QxMmMwM2I5NThiNGUwZTUzZTczNjNhMDYzNzZiZTg4ZDk4YTFhYzE5MWZkYmQzYmFm NWU0Yjc3ZjMyOWI2CitkZXZpY2VfcmVzdW1lCituYW1lPWxpbmVhcjEsdXVpZD0sbWFqb3I9MjUz LG1pbm9yPTAsbWlub3JfY291bnQ9MSxudW1fdGFyZ2V0cz00OworYWN0aXZlX3RhYmxlX2hhc2g9 NGQ3MzQ4MWVjY2U1ZWFkYmE4YWIwODQ2NDBkODViYjljYTg5OWFmNGQwYTEyMjk4OTI1MmE3NmVm YWRjNWI3MjtjdXJyZW50X2RldmljZV9jYXBhY2l0eT04OworCiswMy4gRGV2aWNlIHJlbW92ZToK Ky0tLS0tLS0tLS0tLS0tLS0tLQorV2hlbiBhIGRldmljZSBpcyByZW1vdmVkLCB0aGUgZGV2aWNl IGluZm9ybWF0aW9uIGFuZCBhIHNoYTI1NiBoYXNoIG9mIHRoZQorZGF0YSBmcm9tIGFuIGFjdGl2 ZSBhbmQgaW5hY3RpdmUgdGFibGUgYXJlIG1lYXN1cmVkLgorCitGb3IgaW5zdGFuY2UsIGlmIGEg bGluZWFyIGRldmljZSBpcyByZW1vdmVkIHdpdGggdGhlIGZvbGxvd2luZyBjb21tYW5kLAorIyBk bXNldHVwIHJlbW92ZSBsaW5lYXIxCisKK1RoZW4gSU1BIEFTQ0lJIG1lYXN1cmVtZW50IGxvZyB3 aWxsIGhhdmUgYW4gZW50cnkgd2l0aDoKK0VWRU5UX05BTUUgOj0gZGV2aWNlX3JlbW92ZQorRVZF TlRfREFUQSA6PSBbZGV2aWNlX2FjdGl2ZV9tZXRhZGF0YV07W2RldmljZV9pbmFjdGl2ZV9tZXRh ZGF0YV07CisgICAgICAgICAgICAgIFthY3RpdmVfdGFibGVfaGFzaD0oc2hhMjU2aGFzaChbZGV2 aWNlX2FjdGl2ZV9tZXRhZGF0YV07W2FjdGl2ZV90YWJsZV9yb3dfMV07Li4uW2FjdGl2ZV90YWJs ZV9yb3dfbl0pLAorICAgICAgICAgICAgICBbaW5hY3RpdmVfdGFibGVfaGFzaD0oc2hhMjU2aGFz aChbZGV2aWNlX2luYWN0aXZlX21ldGFkYXRhXTtbaW5hY3RpdmVfdGFibGVfcm93XzFdOy4uLltp bmFjdGl2ZV90YWJsZV9yb3dfbl0pLAorICAgICAgICAgICAgICByZW1vdmVfYWxsPVt5fG5dO2N1 cnJlbnRfZGV2aWNlX2NhcGFjaXR5PTxOPjsKKworRS5nCisoY29udmVydGVkIGZyb20gQVNDSUkg dG8gdGV4dCBmb3IgcmVhZGFiaWxpdHkpCisxMCA0OTk4MTJiNjIxYjcwNTA2MWM0NTE0ZDY0Mzg5 NDQ4M2UxNmQyNjE5IGltYS1idWYgc2hhMjU2OmMzZjI2YjAyZjA5YmY1YjQ2NDkyNTU4OTQ1NGJk ZDRkMzU0MDc3Y2U0MzBmZDFlNzVjOWU5NmNlMjljZDFjYWQKK2RldmljZV9yZW1vdmUKK2Rldmlj ZV9hY3RpdmVfbWV0YWRhdGE9bmFtZT1saW5lYXIxLHV1aWQ9LG1ham9yPTI1MyxtaW5vcj0wLG1p bm9yX2NvdW50PTEsbnVtX3RhcmdldHM9NDsKK2RldmljZV9pbmFjdGl2ZV9tZXRhZGF0YT1uYW1l PWxpbmVhcjEsdXVpZD0sbWFqb3I9MjUzLG1pbm9yPTAsbWlub3JfY291bnQ9MSxudW1fdGFyZ2V0 cz0yOworYWN0aXZlX3RhYmxlX2hhc2g9NGQ3MzQ4MWVjY2U1ZWFkYmE4YWIwODQ2NDBkODViYjlj YTg5OWFmNGQwYTEyMjk4OTI1MmE3NmVmYWRjNWI3MiwKK2luYWN0aXZlX3RhYmxlX2hhc2g9NTU5 NmNjODU3YjBlODg3ZmQwYzVkNThkYzYzODI1MTMyODQ1OTZiMDdmMDlmZDM3ZWZhZTJkYTIyNGJk NTIxZCxyZW1vdmVfYWxsPW47CitjdXJyZW50X2RldmljZV9jYXBhY2l0eT04OworCisKKzA0LiBU YWJsZSBjbGVhcjoKKy0tLS0tLS0tLS0tLS0tLS0KK1doZW4gYW4gaW5hY3RpdmUgdGFibGUgaXMg Y2xlYXJlZCBmcm9tIHRoZSBkZXZpY2UsIHRoZSBkZXZpY2UgaW5mb3JtYXRpb24gYW5kIGEgc2hh MjU2IGhhc2ggb2YgdGhlCitkYXRhIGZyb20gYW4gaW5hY3RpdmUgdGFibGUgYXJlIG1lYXN1cmVk LgorCitGb3IgaW5zdGFuY2UsIGlmIGEgbGluZWFyIGRldmljZSdzIGluYWN0aXZlIHRhYmxlIGlz IGNsZWFyZWQgd2l0aCB0aGUgZm9sbG93aW5nIGNvbW1hbmQsCisKKyMgZG1zZXR1cCBjbGVhciBs aW5lYXIxCisKK1RoZW4gSU1BIEFTQ0lJIG1lYXN1cmVtZW50IGxvZyB3aWxsIGhhdmUgYW4gZW50 cnkgd2l0aDoKK0VWRU5UX05BTUUgOj0gdGFibGVfY2xlYXIKK0VWRU5UX0RBVEEgOj0gW2Rldmlj ZV9kYXRhXTtpbmFjdGl2ZV90YWJsZV9oYXNoPShzaGEyNTZoYXNoKFtkZXZpY2VfZGF0YV07W2lu YWN0aXZlX3RhYmxlX3Jvd18xXTsuLi5baW5hY3RpdmVfdGFibGVfcm93X25dKTsKK2N1cnJlbnRf ZGV2aWNlX2NhcGFjaXR5PTxOPjsKKworRS5nLgorKGNvbnZlcnRlZCBmcm9tIEFTQ0lJIHRvIHRl eHQgZm9yIHJlYWRhYmlsaXR5KQorMTAgOWMxMWUyODRkNzkyODc1MzUyZDUxYzA5ZjY2NDNjOTY2 NDk0ODRiZSBpbWEtYnVmIHNoYTI1Njo4NGIyMmIzNjRlYTRkODI2NGZhMzNjMzg2MzVjMThlZjQ0 OGZhOTA3NzczMWZhN2U1Zjk2OWIxZGEyMDAzZWE0Cit0YWJsZV9jbGVhcgorbmFtZT1saW5lYXIx LHV1aWQ9LG1ham9yPTI1MyxtaW5vcj0wLG1pbm9yX2NvdW50PTEsbnVtX3RhcmdldHM9MjsKK2lu YWN0aXZlX3RhYmxlX2hhc2g9NTU5NmNjODU3YjBlODg3ZmQwYzVkNThkYzYzODI1MTMyODQ1OTZi MDdmMDlmZDM3ZWZhZTJkYTIyNGJkNTIxZDtjdXJyZW50X2RldmljZV9jYXBhY2l0eT0wOworCisK KzA1LiBEZXZpY2UgcmVuYW1lOgorLS0tLS0tLS0tLS0tLS0tLS0tCitXaGVuIGFuIGRldmljZSdz IE5BTUUgb3IgVVVJRCBpcyBjaGFuZ2VkLCB0aGUgZGV2aWNlIGluZm9ybWF0aW9uIGFuZCB0aGUg bmV3IE5BTUUgYW5kIFVVSUQKK2FyZSBtZWFzdXJlZC4KKworRm9yIGluc3RhbmNlLCBpZiBhIGxp bmVhciBkZXZpY2UncyBuYW1lIGlzIGNoYW5nZWQgd2l0aCB0aGUgZm9sbG93aW5nIGNvbW1hbmQs CisKKyNkbXNldHVwIHJlbmFtZSBsaW5lYXIxIGxpbmVhcj0yCitUaGVuIElNQSBBU0NJSSBtZWFz dXJlbWVudCBsb2cgd2lsbCBoYXZlIGFuIGVudHJ5IHdpdGg6CitFVkVOVF9OQU1FIDo9IGRldmlj ZV9yZW5hbWUKK0VWRU5UX0RBVEEgOj0gW2N1cnJlbnRfZGV2aWNlX2RhdGFdO25ld19uYW1lPTxu ZXdfbmFtZV92YWx1ZT47bmV3X3V1aWQ9PG5ld191dWlkX3ZhbHVlPjtjdXJyZW50X2RldmljZV9j YXBhY2l0eT08Tj47CisKK0UuZyAxOgorI2Rtc2V0dXAgcmVuYW1lIGxpbmVhcjEgLS1zZXR1dWlk IDEyMzQtNTY3OAorCitJTUEgTG9nIGVudHJ5OgorKGNvbnZlcnRlZCBmcm9tIEFTQ0lJIHRvIHRl eHQgZm9yIHJlYWRhYmlsaXR5KQorMTAgNzM4MGVmNGQxMzQ5ZmUxZWJkNzRhZmZhNTRlOWZjYzk2 MGUzY2JmNSBpbWEtYnVmIHNoYTI1Njo5NzU5ZTM2YTE3YTk2N2VhNDNjMWJmMzQ1NTI3OTM5NWE0 MGJkMDQwMTEwNWVjNWFkOGVkYjlhNTIwNTRlZmM3CitkZXZpY2VfcmVuYW1lCituYW1lPWxpbmVh cjEsdXVpZD0sbWFqb3I9MjUzLG1pbm9yPTAsbWlub3JfY291bnQ9MSxudW1fdGFyZ2V0cz0xO25l d19uYW1lPWxpbmVhcjEsbmV3X3V1aWQ9MTIzNC01Njc4O2N1cnJlbnRfZGV2aWNlX2NhcGFjaXR5 PTI7CisKK0UuZyAyOgorIyBkbXNldHVwIHJlbmFtZSBsaW5lYXIxIGxpbmVhcj0yCisxMCAwOTJj ODI2NmZjMzZlNDRmNzRjNTlmMTIzZWNmZTE1MzEwZjI0OWY0IGltYS1idWYgc2hhMjU2OjRjZjhi ODVjODFmYTZmZWRhZWI2MDJiMDUwMTkxMjRkYmJiMDYwNWRjZTU4ZmNkZWVhNTY4ODdhOGEzODc0 Y2QKK2RldmljZV9yZW5hbWUKK25hbWU9bGluZWFyMSx1dWlkPTEyMzQtNTY3OCxtYWpvcj0yNTMs bWlub3I9MCxtaW5vcl9jb3VudD0xLG51bV90YXJnZXRzPTE7bmV3X25hbWU9bGluZWFyXD0yLG5l d191dWlkPTEyMzQtNTY3ODtjdXJyZW50X2RldmljZV9jYXBhY2l0eT0yOworCisKK1N1cHBvcnRl ZCB0YXJnZXRzOgorPT09PT09PT09PT09PT09PT09CitGb2xsb3dpbmcgdGFyZ2V0cyBhcmUgc3Vw cG9ydGVkIHRvIG1lYXN1cmUgdGhlaXIgZGF0YSB1c2luZyBJTUEuCisKKzAxLiBjYWNoZQorMDIu IGNyeXB0CiswMy4gaW50ZWdyaXR5CiswNC4gbGluZWFyCiswNS4gbWlycm9yCiswNi4gbXVsdGlw YXRoCiswNy4gcmFpZAorMDguIHNuYXBzaG90CiswOS4gc3RyaXBlZAorMTAuIHZlcml0eQorCisw MS4gY2FjaGUKKy0tLS0tLS0tLQorPDxkb2N1bWVuYXRhdGlvbiBpbiBwcm9ncmVzcz4+CisKKzAy LiBjcnlwdAorLS0tLS0KK1doZW4gYSBjcnlwdCB0YXJnZXQgaXMgbG9hZGVkLCB0aGVuIElNQSBB U0NJSSBtZWFzdXJlbWVudCBsb2cgd2lsbCBoYXZlIGFuIGVudHJ5CitzaW1pbGFyIHRvIHRoZSBm b2xsb3dpbmcsIGRlcGljdGluZyB3aGF0IGNyeXB0IGF0dHJpYnV0ZXMgYXJlIG1lYXN1cmVkIGlu IEVWRU5UX0RBVEEuCisKKyhjb252ZXJ0ZWQgZnJvbSBBU0NJSSB0byB0ZXh0IGZvciByZWFkYWJp bGl0eSkKKzEwIGZlM2I4MGEzNWIxNTViZDI4MmRmNzc4ZTI2MjUwNjZjMDVmYzA2OGMgaW1hLWJ1 ZiBzaGEyNTY6MmQ4NmNlOWQ2ZjE2YTRhOTc2MDczMThhYTEyM2FlODE2ZTBjZWFkZWZlZWE3OTAz YWJmN2Y3ODJmMmNiNzhhZAordGFibGVfbG9hZAorbmFtZT10ZXN0LWNyeXB0LHV1aWQ9LG1ham9y PTI1MyxtaW5vcj0wLG1pbm9yX2NvdW50PTEsbnVtX3RhcmdldHM9MTsKK3RhcmdldF9pbmRleD0w LHRhcmdldF9iZWdpbj0wLHRhcmdldF9sZW49MTk1MzEyNSx0YXJnZXRfdHlwZV9uYW1lPWNyeXB0 LHRhcmdldF90eXBlX3ZlcnNpb249MS4yMy4wLAorYWxsb3dfZGlzY2FyZHM9eSxzYW1lX2NwdT1u LHN1Ym1pdF9mcm9tX2NyeXB0X2NwdXM9bixub19yZWFkX3dvcmtxdWV1ZT1uLG5vX3dyaXRlX3dv cmtxdWV1ZT1uLAoraXZfbGFyZ2Vfc2VjdG9ycz1uLGNpcGhlcl9zdHJpbmc9YWVzLXh0cy1wbGFp bjY0LGtleV9zaXplPTMyLGtleV9wYXJ0cz0xLGtleV9leHRyYV9zaXplPTAsa2V5X21hY19zaXpl PTA7CisKKzAzLiBpbnRlZ3JpdHkKKy0tLS0tLS0tLS0tLS0KKzw8ZG9jdW1lbmF0YXRpb24gaW4g cHJvZ3Jlc3M+PgorCisKKzA0LiBsaW5lYXIKKy0tLS0tLS0tLS0KK1doZW4gYSBsaW5lYXIgdGFy Z2V0IGlzIGxvYWRlZCwgdGhlbiBJTUEgQVNDSUkgbWVhc3VyZW1lbnQgbG9nIHdpbGwgaGF2ZSBh biBlbnRyeQorc2ltaWxhciB0byB0aGUgZm9sbG93aW5nLCBkZXBpY3Rpbmcgd2hhdCBsaW5lYXIg YXR0cmlidXRlcyBhcmUgbWVhc3VyZWQgaW4gRVZFTlRfREFUQS4KKworKGNvbnZlcnRlZCBmcm9t IEFTQ0lJIHRvIHRleHQgZm9yIHJlYWRhYmlsaXR5KQorMTAgYThjNWZmNzU1NTYxYzdhMjgxNDYz ODlkMTUxNGMzMTg1OTJhZjQ5YSBpbWEtYnVmIHNoYTI1Njo0ZDczNDgxZWNjZTVlYWRiYThhYjA4 NDY0MGQ4NWJiOWNhODk5YWY0ZDBhMTIyOTg5MjUyYTc2ZWZhZGM1YjcyCit0YWJsZV9sb2FkCitu YW1lPWxpbmVhcjEsdXVpZD0sbWFqb3I9MjUzLG1pbm9yPTAsbWlub3JfY291bnQ9MSxudW1fdGFy Z2V0cz00OwordGFyZ2V0X2luZGV4PTAsdGFyZ2V0X2JlZ2luPTAsdGFyZ2V0X2xlbj0yLHRhcmdl dF90eXBlX25hbWU9bGluZWFyLHRhcmdldF90eXBlX3ZlcnNpb249MS40LjAsZGV2aWNlX25hbWU9 NzowLHN0YXJ0PTUxMjsKK3RhcmdldF9pbmRleD0xLHRhcmdldF9iZWdpbj0yLHRhcmdldF9sZW49 Mix0YXJnZXRfdHlwZV9uYW1lPWxpbmVhcix0YXJnZXRfdHlwZV92ZXJzaW9uPTEuNC4wLGRldmlj ZV9uYW1lPTc6MCxzdGFydD01MTI7Cit0YXJnZXRfaW5kZXg9Mix0YXJnZXRfYmVnaW49NCx0YXJn ZXRfbGVuPTIsdGFyZ2V0X3R5cGVfbmFtZT1saW5lYXIsdGFyZ2V0X3R5cGVfdmVyc2lvbj0xLjQu MCxkZXZpY2VfbmFtZT03OjAsc3RhcnQ9NTEyOwordGFyZ2V0X2luZGV4PTMsdGFyZ2V0X2JlZ2lu PTYsdGFyZ2V0X2xlbj0yLHRhcmdldF90eXBlX25hbWU9bGluZWFyLHRhcmdldF90eXBlX3ZlcnNp b249MS40LjAsZGV2aWNlX25hbWU9NzowLHN0YXJ0PTUxMjsKKworMDUuIG1pcnJvcgorLS0tLS0t LS0tLQorV2hlbiBhIG1pcnJvciB0YXJnZXQgaXMgbG9hZGVkLCB0aGVuIElNQSBBU0NJSSBtZWFz dXJlbWVudCBsb2cgd2lsbCBoYXZlIGFuIGVudHJ5CitzaW1pbGFyIHRvIHRoZSBmb2xsb3dpbmcs IGRlcGljdGluZyB3aGF0IG1pcnJvciBhdHRyaWJ1dGVzIGFyZSBtZWFzdXJlZCBpbiBFVkVOVF9E QVRBLgorCisoY29udmVydGVkIGZyb20gQVNDSUkgdG8gdGV4dCBmb3IgcmVhZGFiaWxpdHkpCisx MCA5MGZmOTExM2EwMGMzNjdkZjgyMzU5NWRjMzQ3NDI1Y2UzYmZjNTBhIGltYS1idWYgc2hhMjU2 OjhkYTA2NzhlZDNiZjYxNjUzMzU3M2Q5ZTYxZTUzNDJmMmJkMTZjYjBiMzE0NWEwODI2MjY0MWE3 NDM4MDZjMmUKK3RhYmxlX2xvYWQKK25hbWU9dGVzdC1taXJyb3IsdXVpZD0sbWFqb3I9MjUzLG1p bm9yPTQsbWlub3JfY291bnQ9MSxudW1fdGFyZ2V0cz0xOwordGFyZ2V0X2luZGV4PTAsdGFyZ2V0 X2JlZ2luPTAsdGFyZ2V0X2xlbj0xOTUzMTI1LHRhcmdldF90eXBlX25hbWU9bWlycm9yLHRhcmdl dF90eXBlX3ZlcnNpb249MS4xNC4wLAorbWlycm9ycz0yLG1pcnJvcl9kZXZpY2VfMD0yNTM6Mixt aXJyb3JfZGV2aWNlXzBfc3RhdHVzPUEsbWlycm9yX2RldmljZV8xPTI1MzozLG1pcnJvcl9kZXZp Y2VfMV9zdGF0dXM9QSwKK2hhbmRsZV9lcnJvcnM9eSxrZWVwX2xvZz1uLGxvZ190eXBlX3N0YXR1 cz07CisKKzA2LiBtdWx0aXBhdGgKKy0tLS0tLS0tLS0tLS0KKzw8ZG9jdW1lbmF0YXRpb24gaW4g cHJvZ3Jlc3M+PgorCiswNy4gcmFpZAorLS0tLS0tLS0KK1doZW4gYSByYWlkIHRhcmdldCBpcyBs b2FkZWQsIHRoZW4gSU1BIEFTQ0lJIG1lYXN1cmVtZW50IGxvZyB3aWxsIGhhdmUgYW4gZW50cnkK K3NpbWlsYXIgdG8gdGhlIGZvbGxvd2luZywgZGVwaWN0aW5nIHdoYXQgcmFpZCBhdHRyaWJ1dGVz IGFyZSBtZWFzdXJlZCBpbiBFVkVOVF9EQVRBLgorCisoY29udmVydGVkIGZyb20gQVNDSUkgdG8g dGV4dCBmb3IgcmVhZGFiaWxpdHkpCisxMCA3NmNiMzBkMGNkMGZlMDk5OTY2ZjIwZjVjODJlM2Ey YWMyOWIyMWEwIGltYS1idWYgc2hhMjU2OjUyMjUwZjIwYjI3Mzc2ZmNmYjM0OGJkZmExZTFjZjVh Y2ZkNjY0NmUwZjNhZDFhNzI5NTJjZmZkOWY4MTg3NTMKK3RhYmxlX2xvYWQKK25hbWU9dGVzdC1y YWlkMSx1dWlkPSxtYWpvcj0yNTMsbWlub3I9MixtaW5vcl9jb3VudD0xLG51bV90YXJnZXRzPTE7 Cit0YXJnZXRfaW5kZXg9MCx0YXJnZXRfYmVnaW49MCx0YXJnZXRfbGVuPTE5NTMxMjUsdGFyZ2V0 X3R5cGVfbmFtZT1yYWlkLHRhcmdldF90eXBlX3ZlcnNpb249MS4xNS4xLAorcmFpZF90eXBlPXJh aWQxLHJhaWRfZGlza3M9MixyYWlkX3N0YXRlPWlkbGUscmFpZF9kZXZpY2VfMF9zdGF0dXM9QSxy YWlkX2RldmljZV8xX3N0YXR1cz1BOworCiswOC4gc25hcHNob3QKKy0tLS0tLS0tLS0tLQorPDxk b2N1bWVuYXRhdGlvbiBpbiBwcm9ncmVzcz4+CisKKzA5LiBzdHJpcGVkCistLS0tLS0tLS0tCitX aGVuIGEgbGluZWFyIHRhcmdldCBpcyBsb2FkZWQsIHRoZW4gSU1BIEFTQ0lJIG1lYXN1cmVtZW50 IGxvZyB3aWxsIGhhdmUgYW4gZW50cnkKK3NpbWlsYXIgdG8gdGhlIGZvbGxvd2luZywgZGVwaWN0 aW5nIHdoYXQgbGluZWFyIGF0dHJpYnV0ZXMgYXJlIG1lYXN1cmVkIGluIEVWRU5UX0RBVEEuCisK Kyhjb252ZXJ0ZWQgZnJvbSBBU0NJSSB0byB0ZXh0IGZvciByZWFkYWJpbGl0eSkKKzEwIDdiZDk0 ZmE4Zjc5OTE2OWI5ZjEyZDk3YjlkYmRjZTRkYzU1MDkyMzMgaW1hLWJ1ZiBzaGEyNTY6MGQxNDhl ZGE2OTg4N2Y3ODMzZjFhNjA0Mjc2N2I1NDM1OWNkMjNiNjRmYTk0MWI5ZTE4NTY4NzllZWUxZjc3 OAordGFibGVfbG9hZAorbmFtZT10ZXN0LXJhaWQwLHV1aWQ9LG1ham9yPTI1MyxtaW5vcj04LG1p bm9yX2NvdW50PTEsbnVtX3RhcmdldHM9MTsKK3RhcmdldF9pbmRleD0wLHRhcmdldF9iZWdpbj0w LHRhcmdldF9sZW49NzgxMjA5Nix0YXJnZXRfdHlwZV9uYW1lPXN0cmlwZWQsdGFyZ2V0X3R5cGVf dmVyc2lvbj0xLjYuMCxzdHJpcGVzPTQsY2h1bmtfc2l6ZT0xMjgsCitzdHJpcGVfMF9kZXZpY2Vf bmFtZT0yNTM6MSxzdHJpcGVfMF9waHlzaWNhbF9zdGFydD0wLHN0cmlwZV8wX3N0YXR1cz1BLAor c3RyaXBlXzFfZGV2aWNlX25hbWU9MjUzOjMsc3RyaXBlXzFfcGh5c2ljYWxfc3RhcnQ9MCxzdHJp cGVfMV9zdGF0dXM9QSwKK3N0cmlwZV8yX2RldmljZV9uYW1lPTI1Mzo1LHN0cmlwZV8yX3BoeXNp Y2FsX3N0YXJ0PTAsc3RyaXBlXzJfc3RhdHVzPUEsCitzdHJpcGVfM19kZXZpY2VfbmFtZT0yNTM6 NyxzdHJpcGVfM19waHlzaWNhbF9zdGFydD0wLHN0cmlwZV8zX3N0YXR1cz1BOworCisxMC4gdmVy aXR5CistLS0tLS0tLS0tCitXaGVuIGEgdmVyaXR5IHRhcmdldCBpcyBsb2FkZWQsIHRoZW4gSU1B IEFTQ0lJIG1lYXN1cmVtZW50IGxvZyB3aWxsIGhhdmUgYW4gZW50cnkKK3NpbWlsYXIgdG8gdGhl IGZvbGxvd2luZywgZGVwaWN0aW5nIHdoYXQgdmVyaXR5IGF0dHJpYnV0ZXMgYXJlIG1lYXN1cmVk IGluIEVWRU5UX0RBVEEuCisKKyhjb252ZXJ0ZWQgZnJvbSBBU0NJSSB0byB0ZXh0IGZvciByZWFk YWJpbGl0eSkKKzEwIGZjZWQ1ZjU3NWIxNDBmYzBlZmFjMzAyYzg4YTYzNTE3NGNkNjYzZGEgaW1h LWJ1ZiBzaGEyNTY6MDIxMzcwYzFjYzkzOTI5NDYwYjA2OTIyYzYwNjMzNGZiMWQ3ZWE1ZWNmMDRm MjM4NGYzMTU3YTQ0Njg5NDI4MwordGFibGVfbG9hZAorbmFtZT10ZXN0LXZlcml0eSx1dWlkPSxt YWpvcj0yNTMsbWlub3I9MixtaW5vcl9jb3VudD0xLG51bV90YXJnZXRzPTE7Cit0YXJnZXRfaW5k ZXg9MCx0YXJnZXRfYmVnaW49MCx0YXJnZXRfbGVuPTE5NTMxMjAsdGFyZ2V0X3R5cGVfbmFtZT12 ZXJpdHksdGFyZ2V0X3R5cGVfdmVyc2lvbj0xLjguMCxoYXNoX2ZhaWxlZD1WLAordmVyaXR5X3Zl cnNpb249MSxkYXRhX2RldmljZV9uYW1lPTI1MzoxLGhhc2hfZGV2aWNlX25hbWU9MjUzOjAsdmVy aXR5X2FsZ29yaXRobT1zaGEyNTYsCityb290X2RpZ2VzdD0yOWNiODdlNjBjZTdiMTJiNDQzYmE2 MDA4MjY2ZjNlNDFlOTNlNDAzZDdmMjk4ZjhlM2YzMTZiMjlmZjg5YzVlLAorc2FsdD1lNDhkYTYw OTA1NTIwNGU4OWFlNTNiNjU1Y2EyMjE2ZGQ5ODNjZjNjYjgyOWYzNGY2M2EyOTdkMTA2ZDUzZTJk LAoraWdub3JlX3plcm9fYmxvY2tzPW4sY2hlY2tfYXRfbW9zdF9vbmNlPW47CmRpZmYgLS1naXQg YS9Eb2N1bWVudGF0aW9uL2FkbWluLWd1aWRlL2RldmljZS1tYXBwZXIvaW5kZXgucnN0IGIvRG9j dW1lbnRhdGlvbi9hZG1pbi1ndWlkZS9kZXZpY2UtbWFwcGVyL2luZGV4LnJzdAppbmRleCA2Y2Y4 YWRjODZmYTguLmNkZTUyY2MwOTY0NSAxMDA2NDQKLS0tIGEvRG9jdW1lbnRhdGlvbi9hZG1pbi1n dWlkZS9kZXZpY2UtbWFwcGVyL2luZGV4LnJzdAorKysgYi9Eb2N1bWVudGF0aW9uL2FkbWluLWd1 aWRlL2RldmljZS1tYXBwZXIvaW5kZXgucnN0CkBAIC0xMyw2ICsxMyw3IEBAIERldmljZSBNYXBw ZXIKICAgICBkbS1kdXN0CiAgICAgZG0tZWJzCiAgICAgZG0tZmxha2V5CisgICAgZG0taW1hCiAg ICAgZG0taW5pdAogICAgIGRtLWludGVncml0eQogICAgIGRtLWlvCi0tIAoyLjI1LjEKCgotLQpk bS1kZXZlbCBtYWlsaW5nIGxpc3QKZG0tZGV2ZWxAcmVkaGF0LmNvbQpodHRwczovL2xpc3RtYW4u cmVkaGF0LmNvbS9tYWlsbWFuL2xpc3RpbmZvL2RtLWRldmVs