Lines Matching full:policies

148 Limitations of v1 policies
151 v1 encryption policies have some weaknesses with respect to online
167 All the above problems are fixed with v2 encryption policies.  For
169 policies on all new encrypted directories.
212 the key is used for v1 encryption policies or for v2 encryption
213 policies.  Users **must not** use the same key for both v1 and v2
214 encryption policies.  (No real-world attack is currently known on this
218 For v1 encryption policies, the KDF only supports deriving per-file
224 For v2 encryption policies, the KDF is HKDF-SHA512.  The master key is
259 DIRECT_KEY policies
275 - For v1 encryption policies, the encryption is done directly with the
277   key for any other purpose, even for other v1 policies.
279 - For v2 encryption policies, the encryption is done with a per-mode
281   other v2 encryption policies.
283 IV_INO_LBLK_64 policies
298 IV_INO_LBLK_32 policies
301 IV_INO_LBLK_32 policies work like IV_INO_LBLK_64, except that for
315 For master keys used for v2 encryption policies, a unique 16-byte "key
491 - With `DIRECT_KEY policies`_, the data unit index is placed in bits
494 - With `IV_INO_LBLK_64 policies`_, the data unit index is placed in
499 - With `IV_INO_LBLK_32 policies`_, the file's inode number is hashed
520 alternatively has the file's nonce (for `DIRECT_KEY policies`_) or
521 inode number (for `IV_INO_LBLK_64 policies`_) included in the IVs.
589   For new encrypted directories, use v2 policies.
598   v1 encryption policies only support three combinations of modes:
601   (FSCRYPT_MODE_ADIANTUM, FSCRYPT_MODE_ADIANTUM).  v2 policies support
609   - FSCRYPT_POLICY_FLAG_DIRECT_KEY: See `DIRECT_KEY policies`_.
611     policies`_.
613     policies`_.
615   v1 encryption policies only support the PAD_* and DIRECT_KEY flags.
616   The other flags are only supported by v2 encryption policies.
644 - For v2 encryption policies, ``__reserved`` must be zeroed.
646 - For v1 encryption policies, ``master_key_descriptor`` specifies how
655   For v2 encryption policies, ``master_key_descriptor`` has been
701   flag enabled (casefolding is incompatible with v1 policies).
862 - If the key is being added for use by v1 encryption policies, then
871   policies, then ``key_spec.type`` must contain
940 For v1 encryption policies, a master encryption key can also be
946 policies) for several reasons.  First, it cannot be used in
1024     - To remove a key used by v1 encryption policies, set
1030     - To remove a key used by v2 encryption policies, set
1126     - To get the status of a key for v1 encryption policies, set
1130     - To get the status of a key for v2 encryption policies, set
1169 encryption policies using the legacy mechanism involving
1284 this by validating all top-level encryption policies prior to access.
1396 keys`_ and `DIRECT_KEY policies`_.