| /linux/Documentation/admin-guide/ |
| H A D | module-signing.rst | 1 Kernel module signing facility
7 .. - Configuring module signing.
8 .. - Generating signing keys.
10 .. - Manually signing modules.
21 The kernel module signing facility cryptographically signs modules during
24 or modules signed with an invalid key. Module signing increases security by
32 and NIST FIPS-204 ML-DSA public key signing standards (though it is pluggable
40 Configuring module signing
43 The module signing facility is enabled by going to the
99 (4) :menuselection:`File name or PKCS#11 URI of module signing key`
[all …]
|
| H A D | index.rst | 99 module-signing
|
| /linux/certs/ |
| H A D | Kconfig | 5 string "File name or PKCS#11 URI of module signing key"
16 certificate as described in Documentation/admin-guide/module-signing.rst
19 prompt "Type of module signing key to be generated"
22 The type of module signing key type to generate. This option
28 Use an RSA key for module signing.
35 Use an elliptic curve key (NIST P384) for module signing. Use
39 Note: Remove all ECDSA signing keys, e.g. certs/signing_key.pem,
47 Use an ML-DSA-44 key (NIST FIPS 204) for module signing. ML-DSA
58 Use an ML-DSA-65 key (NIST FIPS 204) for module signing. ML-DSA
69 Use an ML-DSA-87 key (NIST FIPS 204) for module signing. ML-DSA
[all …]
|
| /linux/Documentation/ABI/testing/ |
| H A D | sysfs-driver-intel-m10-bmc-sec-update | 36 signing keys for the static region. The standard bitmap
44 signing keys for the partial reconfiguration region. The
52 signing keys for the BMC. The standard bitmap list format
|
| H A D | sysfs-class-firmware-attributes | 271 used in conjunction with a signing server as an alternative to password
274 from the signing server.
327 It requires configuring an endorsement (kek) and signing certificate (sk).
439 signatures when setting the signing key. When written,
|
| /linux/Documentation/kbuild/ |
| H A D | reproducible-builds.rst | 77 Module signing
82 modules being unreproducible. However, including a signing key with
83 your source would presumably defeat the purpose of signing modules.
88 1. Generate a persistent signing key. Add the certificate for the key
92 signing key's certificate, set ``CONFIG_MODULE_SIG_KEY`` to an
|
| /linux/fs/smb/client/ |
| H A D | smb2transport.c | 307 struct derivation signing; member
348 rc = generate_key(ses, ptriplet->signing.label, in generate_smb3signingkey()
349 ptriplet->signing.context, in generate_smb3signingkey()
355 rc = generate_key(ses, ptriplet->signing.label, in generate_smb3signingkey()
356 ptriplet->signing.context, in generate_smb3signingkey()
419 d = &triplet.signing; in generate_smb30signingkey()
448 d = &triplet.signing; in generate_smb311signingkey()
|
| /linux/Documentation/crypto/ |
| H A D | asymmetric-keys.rst | 343 The kernel builtin trusted keyring will be searched for the signing key.
354 signing key. If the secondary trusted keyring is not configured, this
367 a group of keys may be searched for the signing key by providing the
371 within the destination keyring will also be searched for signing keys.
394 keyring, we can be certain that it has a valid signing chain going back to
415 keyring, we can be certain that there is a valid signing chain going back
419 In all of these cases, if the signing key is found the signature of the key to
420 be linked will be verified using the signing key. The requested key is added
|
| /linux/fs/smb/server/ |
| H A D | auth.c | 572 const struct derivation *signing) in generate_smb3signingkey() argument
581 if (conn->dialect >= SMB30_PROT_ID && signing->binding) in generate_smb3signingkey()
586 generate_key(conn, sess, signing->label, signing->context, key, in generate_smb3signingkey()
589 if (!(conn->dialect >= SMB30_PROT_ID && signing->binding)) in generate_smb3signingkey()
|
| H A D | server.h | 33 short signing; member
|
| H A D | Kconfig | 43 compound requests, multi-credit, packet signing, RDMA(smbdirect),
|
| H A D | ksmbd_netlink.h | 88 __s32 signing; /* Signing enabled */ member
|
| /linux/kernel/module/ |
| H A D | Makefile | 15 obj-$(CONFIG_MODULE_SIG) += signing.o
|
| /linux/drivers/platform/cznic/ |
| H A D | Makefile | 11 obj-$(CONFIG_TURRIS_SIGNING_KEY) += turris-signing-key.o
|
| H A D | Kconfig | 80 bool "Turris Omnia MCU ECDSA message signing"
87 Say Y here to add support for ECDSA message signing with board private
|
| /linux/crypto/asymmetric_keys/ |
| H A D | mscode.asn1 | 1 --- Microsoft individual code signing data blob parser
|
| /linux/Documentation/translations/zh_CN/admin-guide/ |
| H A D | index.rst | 109 * module-signing
|
| /linux/Documentation/translations/zh_TW/admin-guide/ |
| H A D | index.rst | 111 * module-signing
|
| /linux/Documentation/admin-guide/cifs/ |
| H A D | usage.rst | 82 and encrypted shares and stronger signing and authentication algorithms.
224 cifs signing enabled (and the physical network is insecure), consider use
644 Must use packet signing (helps avoid unwanted data modification
645 by intermediate systems in the route). Note that signing
675 Use Kerberos authentication and packet signing
679 Use NTLM password hashing with signing (if
681 server requires signing also can be the default)
685 Use NTLMv2 password hashing with packet signing
727 also packet signing. Authentication (may/must)
729 the signing flags. Specifying two different password
[all …]
|
| H A D | todo.rst | 18 support for faster packet signing (GMAC),
121 and when signing is disabled to request larger read sizes (larger than
|
| H A D | introduction.rst | 29 signing, large files, Unicode support and other internationalization
|
| /linux/Documentation/security/ |
| H A D | ipe.rst | 68 3. Simplicity of signing:
73 * The signature supports an x.509-based signing infrastructure.
181 signing as a process. Signing, as a process, is typically done with a
183 enforcement systems. It is also important that, when signing something, that
184 the signer is aware of what they are signing. A binary policy can cause
187 submitted for signing.
|
| H A D | digsig.rst | 81 The signing and key management utilities evm-utils provide functionality
|
| /linux/ |
| H A D | .gitignore | 158 # Leavings from module signing
|
| /linux/tools/bpf/bpftool/Documentation/ |
| H A D | bpftool-prog.rst | 252 Enable signing of the BPF program before loading. This option must be
257 Path to the private key file in PEM format, required when signing.
261 signing.
|