Home
last modified time | relevance | path

Searched full:trusted (Results 1 – 25 of 754) sorted by relevance

12345678910>>...31

/kernel/linux/linux-5.10/Documentation/security/keys/
Dtrusted-encrypted.rst2 Trusted and Encrypted Keys
5 Trusted and Encrypted Keys are two new key types added to the existing kernel
8 stores, and loads only encrypted blobs. Trusted Keys require the availability
9 of a Trusted Platform Module (TPM) chip for greater security, while Encrypted
13 Trusted Keys use a TPM both to generate and to seal the keys. Keys are sealed
16 integrity verifications match. A loaded Trusted Key can be updated with new
24 By default, trusted keys are sealed under the SRK, which has the default
49 keyctl add trusted name "new keylen [options]" ring
50 keyctl add trusted name "load hex_blob [pcrlock=pcrnum]" ring
78 Trusted Keys can be 32 - 128 bytes (256 - 1024 bits), the upper limit is to fit
[all …]
/kernel/linux/linux-6.6/Documentation/security/keys/
Dtrusted-encrypted.rst2 Trusted and Encrypted Keys
5 Trusted and Encrypted Keys are two new key types added to the existing kernel
8 stores, and loads only encrypted blobs. Trusted Keys require the availability
17 A trust source provides the source of security for Trusted Keys. This
23 consumer of the Trusted Keys to determine if the trust source is sufficiently
28 (1) TPM (Trusted Platform Module: hardware device)
33 (2) TEE (Trusted Execution Environment: OP-TEE based on Arm TrustZone)
54 environment verified via Secure/Trusted boot process.
66 verifications match. A loaded Trusted Key can be updated with new
74 Relies on Secure/Trusted boot process for platform integrity. It can
[all …]
/kernel/linux/linux-6.6/security/keys/trusted-keys/
DKconfig2 bool "TPM-based trusted keys"
13 Enable use of the Trusted Platform Module (TPM) as trusted key
14 backend. Trusted keys are random number symmetric keys,
20 bool "TEE-based trusted keys"
24 Enable use of the Trusted Execution Environment (TEE) as trusted
28 bool "CAAM-based trusted keys"
34 (CAAM) as trusted key backend.
DMakefile3 # Makefile for trusted keys
6 obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
7 trusted-y += trusted_core.o
8 trusted-$(CONFIG_TRUSTED_KEYS_TPM) += trusted_tpm1.o
11 trusted-$(CONFIG_TRUSTED_KEYS_TPM) += trusted_tpm2.o
12 trusted-$(CONFIG_TRUSTED_KEYS_TPM) += tpm2key.asn1.o
14 trusted-$(CONFIG_TRUSTED_KEYS_TEE) += trusted_tee.o
16 trusted-$(CONFIG_TRUSTED_KEYS_CAAM) += trusted_caam.o
Dtrusted_core.c6 * See Documentation/security/keys/trusted-encrypted.rst
10 #include <keys/trusted-type.h>
29 MODULE_PARM_DESC(rng, "Select trusted key RNG");
33 MODULE_PARM_DESC(source, "Select trusted keys source (tpm, tee or caam)");
138 * trusted_instantiate - create a new trusted key
140 * Unseal an existing trusted blob or, for a new key, get a
141 * random key, then seal and create a trusted key-type key,
284 * On success, return to userspace the trusted key datablob size.
314 .name = "trusted",
340 * We always support trusted.rng="kernel" and "default" as in init_trusted()
[all …]
/kernel/linux/linux-6.6/Documentation/devicetree/bindings/arm/firmware/
Dtlm,trusted-foundations.yaml4 $id: http://devicetree.org/schemas/arm/firmware/tlm,trusted-foundations.yaml#
7 title: Trusted Foundations
10 Boards that use the Trusted Foundations secure monitor can signal its
18 const: trusted-foundations
21 const: tlm,trusted-foundations
25 description: major version number of Trusted Foundations firmware
29 description: minor version number of Trusted Foundations firmware
41 trusted-foundations {
42 compatible = "tlm,trusted-foundations";
/kernel/linux/linux-5.10/Documentation/devicetree/bindings/arm/firmware/
Dtlm,trusted-foundations.txt1 Trusted Foundations
4 Boards that use the Trusted Foundations secure monitor can signal its
5 presence by declaring a node compatible with "tlm,trusted-foundations"
9 - compatible: "tlm,trusted-foundations"
10 - tlm,version-major: major version number of Trusted Foundations firmware
11 - tlm,version-minor: minor version number of Trusted Foundations firmware
15 trusted-foundations {
16 compatible = "tlm,trusted-foundations";
/kernel/linux/linux-5.10/crypto/asymmetric_keys/
Drestrict.c62 * new certificate as being trusted.
65 * matching parent certificate in the trusted list, -EKEYREJECTED if the
121 struct key *trusted, bool check_dest) in key_or_keyring_common() argument
134 if (!trusted && !check_dest) in key_or_keyring_common()
146 if (trusted) { in key_or_keyring_common()
147 if (trusted->type == &key_type_keyring) { in key_or_keyring_common()
149 key = find_asymmetric_key(trusted, sig->auth_ids[0], in key_or_keyring_common()
153 } else if (trusted->type == &key_type_asymmetric) { in key_or_keyring_common()
156 signer_ids = asymmetric_key_ids(trusted); in key_or_keyring_common()
180 key = __key_get(trusted); in key_or_keyring_common()
[all …]
/kernel/linux/linux-5.10/certs/
Dsystem_keyring.c2 /* System trusted keyring for trusted public keys
61 /* If we have a secondary trusted keyring, then that contains a link in restrict_link_by_builtin_and_secondary_trusted()
85 panic("Can't allocate secondary trusted keyring restriction\n"); in get_builtin_and_secondary_restriction()
94 * Create the trusted keyrings
98 pr_notice("Initialise system trusted keyrings\n"); in system_trusted_keyring_init()
108 panic("Can't allocate builtin trusted keyring\n"); in system_trusted_keyring_init()
121 panic("Can't allocate secondary trusted keyring\n"); in system_trusted_keyring_init()
124 panic("Can't link trusted keyrings\n"); in system_trusted_keyring_init()
154 * @trusted_keys: Trusted keys to use (NULL for builtin trusted keys only,
155 * (void *)1UL for all trusted keys).
[all …]
/kernel/linux/common_modules/tzdriver/tui/
DKconfig2 bool "Trusted User Interface Driver"
6 Trusted user interface driver
9 bool "Trusted User Interface Driver for FP"
13 Trusted user interface driver
16 bool "Trusted User Interface Driver for DSS3.0"
20 Trusted user interface driver
/kernel/linux/linux-6.6/crypto/asymmetric_keys/
Drestrict.c62 * new certificate as being trusted.
65 * matching parent certificate in the trusted list, -EKEYREJECTED if the
205 struct key *trusted, bool check_dest) in key_or_keyring_common() argument
218 if (!trusted && !check_dest) in key_or_keyring_common()
230 if (trusted) { in key_or_keyring_common()
231 if (trusted->type == &key_type_keyring) { in key_or_keyring_common()
233 key = find_asymmetric_key(trusted, sig->auth_ids[0], in key_or_keyring_common()
238 } else if (trusted->type == &key_type_asymmetric) { in key_or_keyring_common()
242 asymmetric_key_ids(trusted)->id; in key_or_keyring_common()
266 key = __key_get(trusted); in key_or_keyring_common()
[all …]
/kernel/linux/linux-6.6/drivers/md/
Ddm-verity-loadpin.c21 bool trusted = false; in is_trusted_verity_target() local
39 trusted = true; in is_trusted_verity_target()
46 return trusted; in is_trusted_verity_target()
51 * a verity device that is trusted by LoadPin.
59 bool trusted = false; in dm_verity_loadpin_is_bdev_trusted() local
79 trusted = true; in dm_verity_loadpin_is_bdev_trusted()
85 return trusted; in dm_verity_loadpin_is_bdev_trusted()
/kernel/linux/linux-5.10/Documentation/staging/
Dtee.rst7 A TEE (Trusted Execution Environment) is a trusted OS running in some
37 - TEE_IOC_OPEN_SESSION opens a new session to a Trusted Application.
39 - TEE_IOC_INVOKE invokes a function in a Trusted Application.
43 - TEE_IOC_CLOSE_SESSION closes a session to a Trusted Application.
59 Kernel provides a TEE bus infrastructure where a Trusted Application is
79 Then TEE client driver can talk to a matched Trusted Application using APIs
85 Suppose a TEE client driver needs to communicate with a Trusted Application
155 | Client | | Trusted |
166 | API | \/ | subsys | driver | | Trusted OS |
182 OP-TEE provides a pseudo Trusted Application: drivers/tee/optee/device.c in
[all …]
/kernel/linux/linux-6.6/Documentation/staging/
Dtee.rst7 A TEE (Trusted Execution Environment) is a trusted OS running in some
37 - TEE_IOC_OPEN_SESSION opens a new session to a Trusted Application.
39 - TEE_IOC_INVOKE invokes a function in a Trusted Application.
43 - TEE_IOC_CLOSE_SESSION closes a session to a Trusted Application.
59 Kernel provides a TEE bus infrastructure where a Trusted Application is
79 Then TEE client driver can talk to a matched Trusted Application using APIs
85 Suppose a TEE client driver needs to communicate with a Trusted Application
155 | Client | | Trusted |
166 | API | \/ | subsys | driver | | Trusted OS |
182 OP-TEE provides a pseudo Trusted Application: drivers/tee/optee/device.c in
[all …]
/kernel/linux/linux-6.6/certs/
Dsystem_keyring.c2 /* System trusted keyring for trusted public keys
93 /* If we have a secondary trusted keyring, then that contains a link in restrict_link_by_builtin_and_secondary_trusted()
122 /* If we have a secondary trusted keyring, then that contains a link in restrict_link_by_digsig_builtin_and_secondary()
146 panic("Can't allocate secondary trusted keyring restriction\n"); in get_builtin_and_secondary_restriction()
192 panic("Can't link (machine) trusted keyrings\n"); in set_machine_trusted_keys()
224 * Create the trusted keyrings
228 pr_notice("Initialise system trusted keyrings\n"); in system_trusted_keyring_init()
238 panic("Can't allocate builtin trusted keyring\n"); in system_trusted_keyring_init()
251 panic("Can't allocate secondary trusted keyring\n"); in system_trusted_keyring_init()
254 panic("Can't link trusted keyrings\n"); in system_trusted_keyring_init()
[all …]
DKconfig43 bool "Provide system-wide ring of trusted keys"
48 Provide a system keyring to which trusted keys can be added. Keys in
49 the keyring are considered to be trusted. Keys may be added at will
61 containing trusted X.509 certificates to be included in the default
63 also trusted.
74 image. This allows introducing a trusted certificate to the default
91 into the kernel or already in the secondary trusted keyring.
137 they are signed and vouched by a certificate from the builtin trusted
/kernel/linux/linux-6.6/security/keys/encrypted-keys/
Dmasterkey_trusted.c11 * See Documentation/security/keys/trusted-encrypted.rst
16 #include <keys/trusted-type.h>
21 * request_trusted_key - request the trusted key
23 * Trusted keys are sealed to PCRs and other metadata. Although userspace
24 * manages both trusted/encrypted key-types, like the encrypted key type
25 * data, trusted key type data is not visible decrypted from userspace.
/kernel/linux/linux-5.10/security/keys/encrypted-keys/
Dmasterkey_trusted.c11 * See Documentation/security/keys/trusted-encrypted.rst
16 #include <keys/trusted-type.h>
21 * request_trusted_key - request the trusted key
23 * Trusted keys are sealed to PCRs and other metadata. Although userspace
24 * manages both trusted/encrypted key-types, like the encrypted key type
25 * data, trusted key type data is not visible decrypted from userspace.
/kernel/linux/linux-6.6/drivers/tee/optee/
Doptee_msg.h42 * to the Trusted Application.
193 * @func: Trusted Application function, specific to the Trusted Application,
203 * All normal calls to Trusted OS uses this struct. If cmd requires further
273 * Get UUID of Trusted OS.
275 * Used by non-secure world to figure out which Trusted OS is installed.
276 * Note that returned UUID is the UUID of the Trusted OS, not of the API.
288 * Get revision of Trusted OS.
290 * Used by non-secure world to figure out which version of the Trusted OS
292 * Trusted OS, not of the API.
303 * OPTEE_MSG_CMD_OPEN_SESSION opens a session to a Trusted Application.
[all …]
/kernel/linux/linux-6.6/security/integrity/ima/
DKconfig17 The Trusted Computing Group(TCG) runtime Integrity
197 be signed and verified by a public key on the trusted IMA
210 and verified by a public key on the trusted IMA keyring.
222 and verified by a key on the trusted IMA keyring.
255 secondary trusted keyrings. The key must also have the
261 built-in or secondary trusted keyrings.
275 bool "Load X509 certificate onto the '.ima' trusted keyring"
280 loaded on the .ima trusted keyring. These public keys are
281 X509 certificates signed by a trusted key on the
283 loading from the kernel onto the '.ima' trusted keyring.
[all …]
/kernel/linux/linux-5.10/security/integrity/ima/
DKconfig17 The Trusted Computing Group(TCG) runtime Integrity
197 be signed and verified by a public key on the trusted IMA
210 and verified by a public key on the trusted IMA keyring.
222 and verified by a key on the trusted IMA keyring.
255 secondary trusted keyrings.
260 built-in or secondary trusted keyrings.
274 bool "Load X509 certificate onto the '.ima' trusted keyring"
279 loaded on the .ima trusted keyring. These public keys are
280 X509 certificates signed by a trusted key on the
282 loading from the kernel onto the '.ima' trusted keyring.
[all …]
/kernel/linux/linux-5.10/security/keys/trusted-keys/
DMakefile3 # Makefile for trusted keys
6 obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
7 trusted-y += trusted_tpm1.o
8 trusted-y += trusted_tpm2.o
/kernel/linux/linux-5.10/include/linux/
Dpsp-tee.h3 * AMD Trusted Execution Environment (TEE) interface
17 /* This file defines the Trusted Execution Environment (TEE) interface commands
19 * AMD-TEE Trusted OS.
24 * @TEE_CMD_ID_LOAD_TA: Load Trusted Application (TA) binary into
45 * psp_tee_process_cmd() - Process command in Trusted Execution Environment
52 * This function submits a command to the Trusted OS for processing in the
/kernel/linux/linux-6.6/include/linux/
Dpsp-tee.h3 * AMD Trusted Execution Environment (TEE) interface
17 /* This file defines the Trusted Execution Environment (TEE) interface commands
19 * AMD-TEE Trusted OS.
24 * @TEE_CMD_ID_LOAD_TA: Load Trusted Application (TA) binary into
45 * psp_tee_process_cmd() - Process command in Trusted Execution Environment
52 * This function submits a command to the Trusted OS for processing in the
/kernel/linux/linux-5.10/drivers/tee/optee/
Doptee_msg.h41 * to the Trusted Application.
170 * @func: Trusted Application function, specific to the Trusted Application,
180 * All normal calls to Trusted OS uses this struct. If cmd requires further
185 * Temp memref parameters can be fragmented if supported by the Trusted OS
190 * it will still be presented as a single logical memref to the Trusted
246 * Get UUID of Trusted OS.
248 * Used by non-secure world to figure out which Trusted OS is installed.
249 * Note that returned UUID is the UUID of the Trusted OS, not of the API.
261 * Get revision of Trusted OS.
263 * Used by non-secure world to figure out which version of the Trusted OS
[all …]

12345678910>>...31