Lines Matching full:keys

2 Trusted and Encrypted Keys
5 Trusted and Encrypted Keys are two new key types added to the existing kernel
6 key ring service.  Both of these new types are variable length symmetric keys,
7 and in both cases all keys are created in the kernel, and user space sees,
8 stores, and loads only encrypted blobs.  Trusted Keys require the availability
9 of a Trust Source for greater security, while Encrypted Keys can be used on any
17 A trust source provides the source of security for Trusted Keys.  This
23 consumer of the Trusted Keys to determine if the trust source is sufficiently
64          Keys can be optionally sealed to specified PCR (integrity measurement)
67          (future) PCR values, so keys are easily migrated to new PCR values,
106 Trusted Keys
109 New keys are created from random numbers. They are encrypted/decrypted using
117      Keys are generated within the TPM. Strength of random numbers may vary
135 Encrypted Keys
138 Encrypted keys do not depend on a trust source, and are faster, as they use AES
139 for encryption/decryption. New keys are created either from kernel-generated
142 user-key type. The main disadvantage of encrypted keys is that if they are not
151 Trusted Keys usage: TPM
154 TPM 1.2: By default, trusted keys are sealed under the SRK, which has the
204 TPM_STORED_DATA format.  The key length for new keys are always in bytes.
205 Trusted Keys can be 32 - 128 bytes (256 - 1024 bits), the upper limit is to fit
208 Trusted Keys usage: TEE
218 specific to TEE device implementation.  The key length for new keys is always
219 in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
221 Trusted Keys usage: CAAM
231 CAAM-specific format.  The key length for new keys is always in bytes.
232 Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
234 Encrypted Keys usage
237 The decrypted portion of encrypted keys can contain either a simple symmetric
317 The initial consumer of trusted keys is EVM, which at boot time needs a high
362 Other uses for trusted and encrypted keys, such as for disk and file encryption
364 in order to use encrypted keys to mount an eCryptfs filesystem.  More details
366 ``Documentation/security/keys/ecryptfs.rst``.
368 Another new format 'enc32' has been defined in order to support encrypted keys
378 format) and to be extensible for additions like importable keys and