Lines Matching +full:op +full:- +full:tee
33 (2) TEE (Trusted Execution Environment: OP-TEE based on Arm TrustZone)
35 Rooted to Hardware Unique Key (HUK) which is generally burnt in on-chip
36 fuses and is accessible to TEE only.
41 mode, trust is rooted to the OTPMK, a never-disclosed 256-bit key
51 (2) TEE
72 (2) TEE
75 be extended with TEE based measured boot process.
86 TPMs have well-documented, standardized interfaces and APIs.
88 (2) TEE
90 TEEs have well-documented, standardized client interface and APIs. For
91 more details refer to ``Documentation/driver-api/tee.rst``.
100 purpose must be assessed when using them to protect security-relevant data.
107 ------------
120 * TEE: OP-TEE based on Arm TrustZone based RNG
133 command-line to override the used RNG with the kernel's random number pool.
136 --------------
139 for encryption/decryption. New keys are created either from kernel-generated
140 random numbers or user-provided decrypted data, and are encrypted/decrypted
141 using a specified ‘master’ key. The ‘master’ key can either be a trusted-key or
142 user-key type. The main disadvantage of encrypted keys is that if they are not
152 -----------------------
156 time with the TrouSerS utility: "tpm_takeownership -u -z".
163 #> tsscreateprimary -hi o -st
165 #> tssevictcontrol -hi o -ho 80000000 -hp 81000001
169 #> tpm2_createprimary --hierarchy o -G rsa2048 -c key.ctxt
171 #> tpm2_evictcontrol -c key.ctxt 0x81000001
195 are sha1, sha256, sha384, sha512 and sm3-256.
205 Trusted Keys can be 32 - 128 bytes (256 - 1024 bits), the upper limit is to fit
208 Trusted Keys usage: TEE
209 -----------------------
218 specific to TEE device implementation. The key length for new keys is always
219 in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
222 ------------------------
231 CAAM-specific format. The key length for new keys is always in bytes.
232 Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
235 --------------------
243 keyctl add encrypted name "new [format] key-type:master-key-name keylen"
245 keyctl add encrypted name "new [format] key-type:master-key-name keylen
246 decrypted-data" ring
248 keyctl update keyid "update key-type:master-key-name"
253 key-type:= 'trusted' | 'user'
256 -------------------------------------------
271 -3 --alswrv 500 500 keyring: _ses
272 97833714 --alswrv 500 -1 \_ keyring: _uid.500
273 440502848 --alswrv 500 500 \_ trusted: kmk
351 Instantiate an encrypted key "evm" using user-provided decrypted data::
353 $ evmkey=$(dd if=/dev/urandom bs=1 count=32 | xxd -c32 -p)
374 ------------------------