| /linux/security/keys/trusted-keys/ |
| H A D | Makefile | 6 obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
7 trusted-y += trusted_core.o
8 trusted-$(CONFIG_TRUSTED_KEYS_TPM) += trusted_tpm1.o
11 trusted-$(CONFIG_TRUSTED_KEYS_TPM) += trusted_tpm2.o
12 trusted-$(CONFIG_TRUSTED_KEYS_TPM) += tpm2key.asn1.o
14 trusted-$(CONFIG_TRUSTED_KEYS_TEE) += trusted_tee.o
16 trusted-$(CONFIG_TRUSTED_KEYS_CAAM) += trusted_caam.o
18 trusted-$(CONFIG_TRUSTED_KEYS_DCP) += trusted_dcp.o
|
| H A D | Kconfig | 5 bool "TPM-based trusted keys"
17 Enable use of the Trusted Platform Module (TPM) as trusted key
24 bool "TEE-based trusted keys"
29 Enable use of the Trusted Execution Environment (TEE) as trusted
33 bool "CAAM-based trusted keys"
40 (CAAM) as trusted key backend.
43 bool "DCP-based trusted keys"
48 Enable use of NXP's DCP (Data Co-Processor) as trusted key backend.
|
| /linux/crypto/asymmetric_keys/ |
| H A D | restrict.c | 209 struct key *trusted, bool check_dest) in key_or_keyring_common() argument
222 if (!trusted && !check_dest) in key_or_keyring_common()
234 if (trusted) { in key_or_keyring_common()
235 if (trusted->type == &key_type_keyring) { in key_or_keyring_common()
242 } else if (trusted->type == &key_type_asymmetric) { in key_or_keyring_common()
246 asymmetric_key_ids(trusted)->id; in key_or_keyring_common()
270 key = __key_get(trusted); in key_or_keyring_common()
277 key = __key_get(trusted); in key_or_keyring_common()
283 key = __key_get(trusted); in key_or_keyring_common()
331 struct key *trusted) in restrict_link_by_key_or_keyring() argument
[all …]
|
| /linux/drivers/md/ |
| H A D | dm-verity-loadpin.c | 21 bool trusted = false; in is_trusted_verity_target() local
39 trusted = true; in is_trusted_verity_target()
46 return trusted; in is_trusted_verity_target()
59 bool trusted = false; in dm_verity_loadpin_is_bdev_trusted() local
79 trusted = true; in dm_verity_loadpin_is_bdev_trusted()
85 return trusted; in dm_verity_loadpin_is_bdev_trusted()
|
| /linux/Documentation/devicetree/bindings/arm/firmware/ |
| H A D | tlm,trusted-foundations.yaml | 4 $id: http://devicetree.org/schemas/arm/firmware/tlm,trusted-foundations.yaml#
18 const: trusted-foundations
21 const: tlm,trusted-foundations
41 trusted-foundations {
42 compatible = "tlm,trusted-foundations";
|
| /linux/Documentation/security/keys/ |
| H A D | trusted-encrypted.rst | 244 keyctl add trusted name "new keylen" ring
245 keyctl add trusted name "load hex_blob" ring
257 keyctl add trusted name "new keylen" ring
258 keyctl add trusted name "load hex_blob" ring
270 keyctl add trusted name "new keylen" ring
271 keyctl add trusted name "load hex_blob" ring
297 key-type:= 'trusted' | 'user'
299 Examples of trusted and encrypted key usage
310 $ keyctl add trusted kmk "new 32" @u
331 Load a trusted key from the saved blob::
[all …]
|
| H A D | index.rst | 11 trusted-encrypted
|
| H A D | ecryptfs.rst | 35 time after the unsealing of a 'trusted' key in order to perform the mount in a
49 key-type:= 'trusted' | 'user'
|
| /linux/certs/ |
| H A D | Kconfig | 45 bool "Provide system-wide ring of trusted keys"
50 Provide a system keyring to which trusted keys can be added. Keys in
51 the keyring are considered to be trusted. Keys may be added at will
63 containing trusted X.509 certificates to be included in the default
65 also trusted.
76 image. This allows introducing a trusted certificate to the default
94 secondary trusted keyring.
100 If set, only certificates signed by keys on the builtin trusted
101 keyring may be loaded onto the secondary trusted keyring.
107 trusted keyring.
[all …]
|
| /linux/Documentation/devicetree/bindings/tpm/ |
| H A D | microsoft,ftpm.yaml | 15 offer trusted computing features in their CPUs aimed at displacing dedicated
16 trusted hardware. Unfortunately, these CPU architectures raise serious
17 challenges to building trusted systems because they omit providing secure
22 those of dedicated trusted hardware.
|
| /linux/security/loadpin/ |
| H A D | Kconfig | 31 digests it considers trusted. A verity backed filesystem is
32 considered trusted if its root digest is found in the list
33 of trusted digests.
35 The list of trusted verity can be populated through an ioctl
|
| /linux/security/integrity/ima/ |
| H A D | Kconfig | 198 be signed and verified by a public key on the trusted IMA
211 and verified by a public key on the trusted IMA keyring.
223 and verified by a key on the trusted IMA keyring.
256 machine (if configured), or secondary trusted keyrings. The
262 built-in, machine (if configured) or secondary trusted keyrings.
276 bool "Load X509 certificate onto the '.ima' trusted keyring"
281 loaded on the .ima trusted keyring. These public keys are
282 X509 certificates signed by a trusted key on the
284 loading from the kernel onto the '.ima' trusted keyring.
316 trusted boot based on IMA runtime policies.
|
| /linux/Documentation/tee/ |
| H A D | ts-tee.rst | 59 [1] https://www.trustedfirmware.org/projects/trusted-services/
67 [5] https://trusted-services.readthedocs.io/en/v1.0.0/developer/service-access-protocols.html#abi
69 [6] https://git.trustedfirmware.org/TS/trusted-services.git/tree/components/rpc/ts_rpc/caller/linux…
71 [7] https://git.trustedfirmware.org/TS/trusted-services.git/tree/deployments/libts/arm-linux/CMakeL…
|
| H A D | tee.rst | 12 A TEE is a trusted OS running in some secure environment, for example,
|
| /linux/Documentation/admin-guide/hw-vuln/ |
| H A D | core-scheduling.rst | 21 user-designated trusted group can share a core. This increase in core sharing
101 trusted (same cookie) at any point in time. Kernel threads are assumed trusted.
110 the idle task is selected. Idle task is globally trusted.
126 priority task is not trusted with respect to the core wide highest priority
127 task. If a sibling does not have a trusted task to run, it will be forced idle
157 and are considered system-wide trusted. The forced-idling of siblings running
166 Core scheduling tries to guarantee that only trusted tasks run concurrently on a
168 concurrently or kernel could be running concurrently with a task not trusted by
173 Core scheduling selects only trusted tasks to run together. IPI is used to notify
207 allowing system processes (trusted tasks) to share a core.
|
| /linux/include/crypto/ |
| H A D | public_key.h | 70 struct key *trusted);
75 struct key *trusted);
|
| /linux/security/integrity/evm/ |
| H A D | Kconfig | 60 bool "Load an X509 certificate onto the '.evm' trusted keyring"
64 Load an X509 certificate onto the '.evm' trusted keyring.
67 onto the '.evm' trusted keyring. A public key can be used to
|
| /linux/Documentation/ABI/testing/ |
| H A D | evm | 13 trusted/encrypted key stored in the Kernel Key
89 as part of the trusted boot. For more information on
90 creating and loading existing trusted/encrypted keys,
92 Documentation/security/keys/trusted-encrypted.rst. Both
|
| H A D | sysfs-class-bdi | 71 be trusted to play fair.
84 which cannot be trusted to play fair.
112 trusted to play fair, or a nbd device.
|
| /linux/security/integrity/ |
| H A D | Kconfig | 52 .evm keyrings be signed by a key on the system trusted
56 bool "Provide keyring for platform/firmware trusted keys"
60 Provide a separate, distinct keyring for platform trusted keys, which
75 be trusted within the kernel.
|
| /linux/drivers/net/ethernet/intel/ice/ |
| H A D | ice_sriov.h | 46 int ice_set_vf_trust(struct net_device *netdev, int vf_id, bool trusted);
100 int __always_unused vf_id, bool __always_unused trusted) in ice_set_vf_trust() argument
|
| /linux/Documentation/filesystems/ |
| H A D | overlayfs.rst | 149 as a zero-size regular file with the xattr "trusted.overlay.whiteout".
155 A directory is made opaque by setting the xattr "trusted.overlay.opaque"
162 "trusted.overlay.opaque" to "x" on the merge directory itself.
445 digest of the lower file is added to the "trusted.overlay.metacopy"
463 layer is fully trusted (by using dm-verity or something similar), then
467 such file content, and the entire mount can be trusted to match the
631 attribute "trusted.overlay.origin" on the upper inode.
635 to by the "trusted.overlay.redirect" extended attribute, will verify
654 "trusted.overlay.upper" with an encoded file handle of the upper
672 are stored in extended attribute "trusted.overlay.origin".
[all …]
|
| /linux/Documentation/admin-guide/device-mapper/ |
| H A D | verity.rst | 64 and the salt. This hash should be trusted as there is no other authenticity
138 trusted keyring by default, or the secondary trusted keyring if
140 trusted keyring includes by default the builtin trusted keyring, and it can
142 already in the secondary trusted keyring.
|
| /linux/include/linux/ |
| H A D | if_link.h | 30 __u32 trusted; member
|
| /linux/security/keys/ |
| H A D | Makefile | 31 obj-$(CONFIG_TRUSTED_KEYS) += trusted-keys/
|