| /linux/security/keys/trusted-keys/ ! |
| H A D | Makefile | 3 # Makefile for trusted keys
6 obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
7 trusted-y += trusted_core.o
8 trusted-$(CONFIG_TRUSTED_KEYS_TPM) += trusted_tpm1.o
11 trusted-$(CONFIG_TRUSTED_KEYS_TPM) += trusted_tpm2.o
12 trusted-$(CONFIG_TRUSTED_KEYS_TPM) += tpm2key.asn1.o
14 trusted-$(CONFIG_TRUSTED_KEYS_TEE) += trusted_tee.o
16 trusted-$(CONFIG_TRUSTED_KEYS_CAAM) += trusted_caam.o
18 trusted-$(CONFIG_TRUSTED_KEYS_DCP) += trusted_dcp.o
|
| H A D | Kconfig | 5 bool "TPM-based trusted keys"
17 Enable use of the Trusted Platform Module (TPM) as trusted key
24 bool "TEE-based trusted keys"
29 Enable use of the Trusted Execution Environment (TEE) as trusted
33 bool "CAAM-based trusted keys"
40 (CAAM) as trusted key backend.
43 bool "DCP-based trusted keys"
48 Enable use of NXP's DCP (Data Co-Processor) as trusted key backend.
|
| /linux/crypto/asymmetric_keys/ ! |
| H A D | restrict.c | 62 * new certificate as being trusted.
65 * matching parent certificate in the trusted list, -EKEYREJECTED if the
209 struct key *trusted, bool check_dest) in key_or_keyring_common() argument
222 if (!trusted && !check_dest) in key_or_keyring_common()
234 if (trusted) { in key_or_keyring_common()
235 if (trusted->type == &key_type_keyring) { in key_or_keyring_common()
237 key = find_asymmetric_key(trusted, sig->auth_ids[0], in key_or_keyring_common()
242 } else if (trusted->type == &key_type_asymmetric) { in key_or_keyring_common()
246 asymmetric_key_ids(trusted)->id; in key_or_keyring_common()
270 key = __key_get(trusted); in key_or_keyring_common()
331 restrict_link_by_key_or_keyring(struct key * dest_keyring,const struct key_type * type,const union key_payload * payload,struct key * trusted) restrict_link_by_key_or_keyring() argument
359 restrict_link_by_key_or_keyring_chain(struct key * dest_keyring,const struct key_type * type,const union key_payload * payload,struct key * trusted) restrict_link_by_key_or_keyring_chain() argument
[all...] |
| /linux/drivers/md/ |
| H A D | dm-verity-loadpin.c | 21 bool trusted = false; in is_trusted_verity_target() local
39 trusted = true; in is_trusted_verity_target()
46 return trusted; in is_trusted_verity_target()
51 * a verity device that is trusted by LoadPin.
59 bool trusted = false; in dm_verity_loadpin_is_bdev_trusted() local
79 trusted = true; in dm_verity_loadpin_is_bdev_trusted()
85 return trusted; in dm_verity_loadpin_is_bdev_trusted()
|
| /linux/Documentation/security/keys/ |
| H A D | trusted-encrypted.rst | 163 Users may override this by specifying ``trusted.rng=kernel`` on the kernel
172 using a specified ‘master’ key. The ‘master’ key can either be a trusted-key or
174 rooted in a trusted key, they are only as secure as the user key encrypting
185 TPM 1.2: By default, trusted keys are sealed under the SRK, which has the
207 keyctl add trusted name "new keylen [options]" ring
208 keyctl add trusted name "load hex_blob [pcrlock=pcrnum]" ring
244 keyctl add trusted name "new keylen" ring
245 keyctl add trusted name "load hex_blob" ring
257 keyctl add trusted name "new keylen" ring
258 keyctl add trusted nam
[all...] |
| H A D | index.rst | 11 trusted-encrypted
|
| H A D | ecryptfs.rst | 35 time after the unsealing of a 'trusted' key in order to perform the mount in a
49 key-type:= 'trusted' | 'user'
|
| /linux/Documentation/tee/ |
| H A D | ts-tee.rst | 59 [1] https://www.trustedfirmware.org/projects/trusted-services/
67 [5] https://trusted-services.readthedocs.io/en/v1.0.0/developer/service-access-protocols.html#abi
69 [6] https://git.trustedfirmware.org/TS/trusted-services.git/tree/components/rpc/ts_rpc/caller/linux/ts_rpc_caller_linux.c?h=v1.0.0
71 [7] https://git.trustedfirmware.org/TS/trusted-services.git/tree/deployments/libts/arm-linux/CMakeLists.txt?h=v1.0.0
|
| H A D | tee.rst | 12 A TEE is a trusted OS running in some secure environment, for example,
|
| /linux/security/integrity/ima/ |
| H A D | Kconfig | 198 be signed and verified by a public key on the trusted IMA
211 and verified by a public key on the trusted IMA keyring.
223 and verified by a key on the trusted IMA keyring.
256 machine (if configured), or secondary trusted keyrings. The
262 built-in, machine (if configured) or secondary trusted keyrings.
276 bool "Load X509 certificate onto the '.ima' trusted keyring"
281 loaded on the .ima trusted keyring. These public keys are
282 X509 certificates signed by a trusted key on the
284 loading from the kernel onto the '.ima' trusted keyring.
316 trusted boo
[all...] |
| /linux/include/crypto/ |
| H A D | public_key.h | 70 struct key *trusted);
75 struct key *trusted);
|
| /linux/Documentation/admin-guide/hw-vuln/ |
| H A D | core-scheduling.rst | 21 user-designated trusted group can share a core. This increase in core sharing
101 trusted (same cookie) at any point in time. Kernel threads are assumed trusted.
110 the idle task is selected. Idle task is globally trusted.
126 priority task is not trusted with respect to the core wide highest priority
127 task. If a sibling does not have a trusted task to run, it will be forced idle
157 and are considered system-wide trusted. The forced-idling of siblings running
166 Core scheduling tries to guarantee that only trusted tasks run concurrently on a
168 concurrently or kernel could be running concurrently with a task not trusted by
173 Core scheduling selects only trusted task
[all...] |
| /linux/security/integrity/evm/ |
| H A D | Kconfig | 60 bool "Load an X509 certificate onto the '.evm' trusted keyring"
64 Load an X509 certificate onto the '.evm' trusted keyring.
67 onto the '.evm' trusted keyring. A public key can be used to
|
| /linux/Documentation/ABI/testing/ |
| H A D | evm | 13 trusted/encrypted key stored in the Kernel Key
89 as part of the trusted boot. For more information on
90 creating and loading existing trusted/encrypted keys,
92 Documentation/security/keys/trusted-encrypted.rst. Both
|
| H A D | sysfs-class-bdi | 71 be trusted to play fair.
84 which cannot be trusted to play fair.
112 trusted to play fair, or a nbd device.
|
| /linux/security/integrity/ |
| H A D | Kconfig | 52 .evm keyrings be signed by a key on the system trusted
56 bool "Provide keyring for platform/firmware trusted keys"
60 Provide a separate, distinct keyring for platform trusted keys, which
75 be trusted within the kernel.
|
| /linux/Documentation/userspace-api/ |
| H A D | check_exec.rst | 57 For such secure execution environment to make sense, only trusted code should
109 No threat, everyone and everything is trusted, but we can get ahead of
121 The threat is (potential) malicious scripts run by trusted (and not fooled)
139 The threat is malicious scripts run by untrusted users (but trusted code).
140 This makes sense for system services that may only execute trusted scripts.
|
| /linux/Documentation/filesystems/ |
| H A D | overlayfs.rst | 103 creation of trusted.* and/or user.* extended attributes, and must provide
149 as a zero-size regular file with the xattr "trusted.overlay.whiteout".
155 A directory is made opaque by setting the xattr "trusted.overlay.opaque"
161 "trusted.overlay.whiteout", should be additionally marked by setting the xattr
162 "trusted.overlay.opaque" to "x" on the merge directory itself.
163 This is needed to avoid the overhead of checking the "trusted.overlay.whiteout"
211 copied up (but not the contents). Then the "trusted.overlay.redirect"
251 upper directory is stored in a "trusted.overlay.upper" extended attribute
385 "trusted.overlayfs.metacopy" xattr which indicates that the upper file
388 the "trusted
[all...] |
| /linux/Documentation/translations/zh_CN/security/keys/ |
| H A D | index.rst | 22 * trusted-encrypted
|
| /linux/include/linux/ |
| H A D | if_link.h | 30 __u32 trusted; member
|
| /linux/Documentation/admin-guide/device-mapper/ |
| H A D | verity.rst | 64 and the salt. This hash should be trusted as there is no other authenticity
147 trusted keyring by default, or the secondary trusted keyring if
149 trusted keyring includes by default the builtin trusted keyring, and it can
151 already in the secondary trusted keyring.
|
| /linux/security/keys/ |
| H A D | Makefile | 31 obj-$(CONFIG_TRUSTED_KEYS) += trusted-keys/
|
| /linux/drivers/net/ethernet/intel/ice/ |
| H A D | ice_vf_lib.h | 122 u8 trusted:1; member
192 return vf->num_mac_lldp && vf->trusted; in ice_vf_is_lldp_ena()
|
| /linux/drivers/net/ethernet/pensando/ionic/ |
| H A D | ionic.h | 34 u8 trusted; member
|
| /linux/drivers/net/ethernet/intel/ixgbe/ |
| H A D | ixgbe_sriov.c | 111 adapter->vfinfo[i].trusted = false; in __ixgbe_enable_sriov()
961 if (adapter->vfinfo[vf].pf_set_mac && !adapter->vfinfo[vf].trusted && in ixgbe_set_vf_mac_addr()
1002 if (adapter->vfinfo[vf].pf_set_mac && !adapter->vfinfo[vf].trusted && in ixgbe_set_vf_macvlan_msg()
1183 !adapter->vfinfo[vf].trusted) { in ixgbe_update_vf_xcast_mode()
1873 if (adapter->vfinfo[vf].trusted == setting) in ixgbe_ndo_set_vf_trust()
1876 adapter->vfinfo[vf].trusted = setting; in ixgbe_ndo_set_vf_trust()
1901 ivi->trusted = adapter->vfinfo[vf].trusted; in ixgbe_ndo_get_vf_config()
|