Home
last modified time | relevance | path

Searched full:trusted (Results 1 – 25 of 437) sorted by relevance

12345678910>>...18

/linux-6.8/Documentation/security/keys/
Dtrusted-encrypted.rst2 Trusted and Encrypted Keys
5 Trusted and Encrypted Keys are two new key types added to the existing kernel
8 stores, and loads only encrypted blobs. Trusted Keys require the availability
17 A trust source provides the source of security for Trusted Keys. This
23 consumer of the Trusted Keys to determine if the trust source is sufficiently
28 (1) TPM (Trusted Platform Module: hardware device)
33 (2) TEE (Trusted Execution Environment: OP-TEE based on Arm TrustZone)
54 environment verified via Secure/Trusted boot process.
66 verifications match. A loaded Trusted Key can be updated with new
74 Relies on Secure/Trusted boot process for platform integrity. It can
[all …]
/linux-6.8/security/keys/trusted-keys/
DKconfig2 bool "TPM-based trusted keys"
13 Enable use of the Trusted Platform Module (TPM) as trusted key
14 backend. Trusted keys are random number symmetric keys,
20 bool "TEE-based trusted keys"
24 Enable use of the Trusted Execution Environment (TEE) as trusted
28 bool "CAAM-based trusted keys"
34 (CAAM) as trusted key backend.
DMakefile3 # Makefile for trusted keys
6 obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
7 trusted-y += trusted_core.o
8 trusted-$(CONFIG_TRUSTED_KEYS_TPM) += trusted_tpm1.o
11 trusted-$(CONFIG_TRUSTED_KEYS_TPM) += trusted_tpm2.o
12 trusted-$(CONFIG_TRUSTED_KEYS_TPM) += tpm2key.asn1.o
14 trusted-$(CONFIG_TRUSTED_KEYS_TEE) += trusted_tee.o
16 trusted-$(CONFIG_TRUSTED_KEYS_CAAM) += trusted_caam.o
Dtrusted_core.c6 * See Documentation/security/keys/trusted-encrypted.rst
10 #include <keys/trusted-type.h>
29 MODULE_PARM_DESC(rng, "Select trusted key RNG");
33 MODULE_PARM_DESC(source, "Select trusted keys source (tpm, tee or caam)");
138 * trusted_instantiate - create a new trusted key
140 * Unseal an existing trusted blob or, for a new key, get a
141 * random key, then seal and create a trusted key-type key,
284 * On success, return to userspace the trusted key datablob size.
314 .name = "trusted",
340 * We always support trusted.rng="kernel" and "default" as in init_trusted()
[all …]
/linux-6.8/Documentation/devicetree/bindings/arm/firmware/
Dtlm,trusted-foundations.yaml4 $id: http://devicetree.org/schemas/arm/firmware/tlm,trusted-foundations.yaml#
7 title: Trusted Foundations
10 Boards that use the Trusted Foundations secure monitor can signal its
18 const: trusted-foundations
21 const: tlm,trusted-foundations
25 description: major version number of Trusted Foundations firmware
29 description: minor version number of Trusted Foundations firmware
41 trusted-foundations {
42 compatible = "tlm,trusted-foundations";
/linux-6.8/crypto/asymmetric_keys/
Drestrict.c62 * new certificate as being trusted.
65 * matching parent certificate in the trusted list, -EKEYREJECTED if the
209 struct key *trusted, bool check_dest) in key_or_keyring_common() argument
222 if (!trusted && !check_dest) in key_or_keyring_common()
234 if (trusted) { in key_or_keyring_common()
235 if (trusted->type == &key_type_keyring) { in key_or_keyring_common()
237 key = find_asymmetric_key(trusted, sig->auth_ids[0], in key_or_keyring_common()
242 } else if (trusted->type == &key_type_asymmetric) { in key_or_keyring_common()
246 asymmetric_key_ids(trusted)->id; in key_or_keyring_common()
270 key = __key_get(trusted); in key_or_keyring_common()
[all …]
/linux-6.8/certs/
DKconfig45 bool "Provide system-wide ring of trusted keys"
50 Provide a system keyring to which trusted keys can be added. Keys in
51 the keyring are considered to be trusted. Keys may be added at will
63 containing trusted X.509 certificates to be included in the default
65 also trusted.
76 image. This allows introducing a trusted certificate to the default
94 secondary trusted keyring.
97 bool "Only allow additional certs signed by keys on the builtin trusted keyring"
100 If set, only certificates signed by keys on the builtin trusted
101 keyring may be loaded onto the secondary trusted keyring.
[all …]
Dsystem_keyring.c2 /* System trusted keyring for trusted public keys
93 /* If we have a secondary trusted keyring, then that contains a link in restrict_link_by_builtin_and_secondary_trusted()
122 /* If we have a secondary trusted keyring, then that contains a link in restrict_link_by_digsig_builtin_and_secondary()
146 panic("Can't allocate secondary trusted keyring restriction\n"); in get_builtin_and_secondary_restriction()
192 panic("Can't link (machine) trusted keyrings\n"); in set_machine_trusted_keys()
224 * Create the trusted keyrings
228 pr_notice("Initialise system trusted keyrings\n"); in system_trusted_keyring_init()
238 panic("Can't allocate builtin trusted keyring\n"); in system_trusted_keyring_init()
251 panic("Can't allocate secondary trusted keyring\n"); in system_trusted_keyring_init()
254 panic("Can't link trusted keyrings\n"); in system_trusted_keyring_init()
[all …]
/linux-6.8/drivers/md/
Ddm-verity-loadpin.c21 bool trusted = false; in is_trusted_verity_target() local
39 trusted = true; in is_trusted_verity_target()
46 return trusted; in is_trusted_verity_target()
51 * a verity device that is trusted by LoadPin.
59 bool trusted = false; in dm_verity_loadpin_is_bdev_trusted() local
79 trusted = true; in dm_verity_loadpin_is_bdev_trusted()
85 return trusted; in dm_verity_loadpin_is_bdev_trusted()
/linux-6.8/security/keys/encrypted-keys/
Dmasterkey_trusted.c11 * See Documentation/security/keys/trusted-encrypted.rst
16 #include <keys/trusted-type.h>
21 * request_trusted_key - request the trusted key
23 * Trusted keys are sealed to PCRs and other metadata. Although userspace
24 * manages both trusted/encrypted key-types, like the encrypted key type
25 * data, trusted key type data is not visible decrypted from userspace.
/linux-6.8/drivers/tee/optee/
Doptee_msg.h42 * to the Trusted Application.
193 * @func: Trusted Application function, specific to the Trusted Application,
203 * All normal calls to Trusted OS uses this struct. If cmd requires further
273 * Get UUID of Trusted OS.
275 * Used by non-secure world to figure out which Trusted OS is installed.
276 * Note that returned UUID is the UUID of the Trusted OS, not of the API.
288 * Get revision of Trusted OS.
290 * Used by non-secure world to figure out which version of the Trusted OS
292 * Trusted OS, not of the API.
303 * OPTEE_MSG_CMD_OPEN_SESSION opens a session to a Trusted Application.
[all …]
Doptee_smc.h73 * Get UUID of Trusted OS.
75 * Used by non-secure world to figure out which Trusted OS is installed.
76 * Note that returned UUID is the UUID of the Trusted OS, not of the API.
86 * Get revision of Trusted OS.
88 * Used by non-secure world to figure out which version of the Trusted OS
90 * Trusted OS, not of the API.
108 * Load Trusted OS from optee/tee.bin in the Linux firmware.
111 * Trusted OS.
112 * This SMC instructs EL3 to load a binary and execute it as the Trusted OS.
182 * OPTEE_SMC_RETURN_UNKNOWN_FUNCTION Trusted OS does not recognize this
[all …]
/linux-6.8/security/integrity/ima/
DKconfig17 The Trusted Computing Group(TCG) runtime Integrity
197 be signed and verified by a public key on the trusted IMA
210 and verified by a public key on the trusted IMA keyring.
222 and verified by a key on the trusted IMA keyring.
255 machine (if configured), or secondary trusted keyrings. The
261 built-in, machine (if configured) or secondary trusted keyrings.
275 bool "Load X509 certificate onto the '.ima' trusted keyring"
280 loaded on the .ima trusted keyring. These public keys are
281 X509 certificates signed by a trusted key on the
283 loading from the kernel onto the '.ima' trusted keyring.
[all …]
/linux-6.8/Documentation/tee/
Damd-tee.rst4 AMD-TEE (AMD's Trusted Execution Environment)
12 software-based Trusted Execution Environment (TEE) designed to enable
13 third-party Trusted Applications. This feature is currently enabled only for
25 | Client | | | Trusted |
37 | Client | | subsystem | driver | | Trusted |
53 The TEE commands supported by AMD-TEE Trusted OS are:
55 * TEE_CMD_ID_LOAD_TA - loads a Trusted Application (TA) binary into
64 AMD-TEE Trusted OS is the firmware running on AMD Secure Processor.
/linux-6.8/include/linux/
Dpsp-tee.h3 * AMD Trusted Execution Environment (TEE) interface
17 /* This file defines the Trusted Execution Environment (TEE) interface commands
19 * AMD-TEE Trusted OS.
24 * @TEE_CMD_ID_LOAD_TA: Load Trusted Application (TA) binary into
45 * psp_tee_process_cmd() - Process command in Trusted Execution Environment
52 * This function submits a command to the Trusted OS for processing in the
/linux-6.8/Documentation/devicetree/bindings/tpm/
Dmicrosoft,ftpm.yaml7 title: Microsoft firmware-based Trusted Platform Module (fTPM)
15 offer trusted computing features in their CPUs aimed at displacing dedicated
16 trusted hardware. Unfortunately, these CPU architectures raise serious
17 challenges to building trusted systems because they omit providing secure
22 those of dedicated trusted hardware.
/linux-6.8/tools/testing/selftests/bpf/progs/
Dcgrp_kfunc_failure.c32 __failure __msg("Possibly NULL pointer passed to trusted arg0")
51 __failure __msg("Possibly NULL pointer passed to trusted arg0")
100 /* Can't invoke bpf_cgroup_acquire() on a pointer obtained from walking a trusted cgroup. */ in BPF_PROG()
109 __failure __msg("Possibly NULL pointer passed to trusted arg0")
157 __failure __msg("must be referenced or trusted")
178 __failure __msg("Possibly NULL pointer passed to trusted arg0")
206 __failure __msg("Possibly NULL pointer passed to trusted arg0")
243 /* Cannot release trusted cgroup pointer which was not acquired. */ in BPF_PROG()
Dtask_kfunc_failure.c31 __failure __msg("Possibly NULL pointer passed to trusted arg0")
103 __failure __msg("Possibly NULL pointer passed to trusted arg0")
152 __failure __msg("Possibly NULL pointer passed to trusted arg0")
165 __failure __msg("Possibly NULL pointer passed to trusted arg0")
193 __failure __msg("Possibly NULL pointer passed to trusted arg0")
230 /* Cannot release trusted task pointer which was not acquired. */ in BPF_PROG()
237 __failure __msg("Possibly NULL pointer passed to trusted arg0")
302 __failure __msg("R1 must be referenced or trusted")
/linux-6.8/include/linux/firmware/
Dtrusted_foundations.h7 * Support for the Trusted Foundations secure monitor.
9 * Trusted Foundation comes active on some ARM consumer devices (most
13 * Trusted Foundations, and do *not* follow the SMC calling convention or the
60 pr_err("No support for Trusted Foundations, continuing in degraded mode.\n"); in register_trusted_foundations()
74 struct device_node *np = of_find_compatible_node(NULL, NULL, "tlm,trusted-foundations"); in of_register_trusted_foundations()
/linux-6.8/Documentation/admin-guide/hw-vuln/
Dcore-scheduling.rst21 user-designated trusted group can share a core. This increase in core sharing
101 trusted (same cookie) at any point in time. Kernel threads are assumed trusted.
110 the idle task is selected. Idle task is globally trusted.
126 priority task is not trusted with respect to the core wide highest priority
127 task. If a sibling does not have a trusted task to run, it will be forced idle
157 and are considered system-wide trusted. The forced-idling of siblings running
166 Core scheduling tries to guarantee that only trusted tasks run concurrently on a
168 concurrently or kernel could be running concurrently with a task not trusted by
173 Core scheduling selects only trusted tasks to run together. IPI is used to notify
207 allowing system processes (trusted tasks) to share a core.
/linux-6.8/security/loadpin/
DKconfig28 digests it considers trusted. A verity backed filesystem is
29 considered trusted if its root digest is found in the list
30 of trusted digests.
32 The list of trusted verity can be populated through an ioctl
/linux-6.8/Documentation/userspace-api/
Dtee.rst5 TEE (Trusted Execution Environment) Userspace API
22 - TEE_IOC_OPEN_SESSION opens a new session to a Trusted Application.
24 - TEE_IOC_INVOKE invokes a function in a Trusted Application.
28 - TEE_IOC_CLOSE_SESSION closes a session to a Trusted Application.
/linux-6.8/drivers/tee/
DKconfig2 # Generic Trusted Execution Environment Configuration
4 tristate "Trusted Execution Environment support"
11 This implements a generic interface towards a Trusted Execution
/linux-6.8/Documentation/driver-api/
Dtee.rst4 TEE (Trusted Execution Environment) driver API
7 Kernel provides a TEE bus infrastructure where a Trusted Application is
27 Then TEE client driver can talk to a matched Trusted Application using APIs
33 Suppose a TEE client driver needs to communicate with a Trusted Application
/linux-6.8/drivers/tee/amdtee/
Damdtee_private.h29 /* Maximum number of sessions which can be opened with a Trusted Application */
46 * struct amdtee_session - Trusted Application (TA) session related information.
47 * @ta_handle: handle to Trusted Application (TA) loaded in TEE environment
54 * subsequent operations with the Trusted Application.
113 * @ta_handle: [in] handle of the loaded Trusted Application (TA)

12345678910>>...18