| /kernel/linux/linux-6.6/tools/perf/pmu-events/arch/s390/cf_z16/ |
| D | pai_crypto.json | 34 "BriefDescription": "KM ENCRYPTED DEA",
35 "PublicDescription": "KM-Encrypted-DEA function ending with CC=0"
41 "BriefDescription": "KM ENCRYPTED TDEA 128",
42 "PublicDescription": "KM-Encrypted-TDEA-128 function ending with CC=0"
48 "BriefDescription": "KM ENCRYPTED TDEA 192",
49 "PublicDescription": "KM-Encrypted-TDEA-192 function ending with CC=0"
76 "BriefDescription": "KM ENCRYPTED AES 128",
77 "PublicDescription": "KM-Encrypted-AES-128 function ending with CC=0"
83 "BriefDescription": "KM ENCRYPTED AES 192",
84 "PublicDescription": "KM-Encrypted-AES-192 function ending with CC=0"
[all …]
|
| /kernel/linux/linux-5.10/Documentation/security/keys/ |
| D | ecryptfs.rst | 2 Encrypted keys for the eCryptfs filesystem
8 Each FEK is in turn encrypted with a File Encryption Key Encryption Key (FEKEK)
12 the FEK is encrypted by 'ecryptfsd' with the help of external libraries in order
22 The 'encrypted' key type has been extended with the introduction of the new
24 filesystem. Encrypted keys of the newly introduced format store an
31 encrypted form.
33 The eCryptfs filesystem may really benefit from using encrypted keys in that the
42 keyctl add encrypted name "new ecryptfs key-type:master-key-name keylen" ring
43 keyctl add encrypted name "load hex_blob" ring
53 Example of encrypted key usage with the eCryptfs filesystem:
[all …]
|
| D | trusted-encrypted.rst | 2 Trusted and Encrypted Keys
5 Trusted and Encrypted Keys are two new key types added to the existing kernel
8 stores, and loads only encrypted blobs. Trusted Keys require the availability
9 of a Trusted Platform Module (TPM) chip for greater security, while Encrypted
81 Encrypted keys do not depend on a TPM, and are faster, as they use AES for
83 numbers, and are encrypted/decrypted using a specified 'master' key. The
85 disadvantage of encrypted keys is that if they are not rooted in a trusted key,
90 The decrypted portion of encrypted keys can contain either a simple symmetric
96 keyctl add encrypted name "new [format] key-type:master-key-name keylen"
98 keyctl add encrypted name "load hex_blob" ring
[all …]
|
| /kernel/linux/linux-6.6/Documentation/security/keys/ |
| D | ecryptfs.rst | 2 Encrypted keys for the eCryptfs filesystem
8 Each FEK is in turn encrypted with a File Encryption Key Encryption Key (FEKEK)
12 the FEK is encrypted by 'ecryptfsd' with the help of external libraries in order
22 The 'encrypted' key type has been extended with the introduction of the new
24 filesystem. Encrypted keys of the newly introduced format store an
31 encrypted form.
33 The eCryptfs filesystem may really benefit from using encrypted keys in that the
42 keyctl add encrypted name "new ecryptfs key-type:master-key-name keylen" ring
43 keyctl add encrypted name "load hex_blob" ring
53 Example of encrypted key usage with the eCryptfs filesystem:
[all …]
|
| D | trusted-encrypted.rst | 2 Trusted and Encrypted Keys
5 Trusted and Encrypted Keys are two new key types added to the existing kernel
8 stores, and loads only encrypted blobs. Trusted Keys require the availability
9 of a Trust Source for greater security, while Encrypted Keys can be used on any
109 New keys are created from random numbers. They are encrypted/decrypted using
135 Encrypted Keys
138 Encrypted keys do not depend on a trust source, and are faster, as they use AES
140 random numbers or user-provided decrypted data, and are encrypted/decrypted
142 user-key type. The main disadvantage of encrypted keys is that if they are not
234 Encrypted Keys usage
[all …]
|
| /kernel/linux/linux-5.10/Documentation/x86/ |
| D | amd-memory-encryption.rst | 7 Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV) are
10 SME provides the ability to mark individual pages of memory as encrypted using
11 the standard x86 page tables. A page that is marked encrypted will be
12 automatically decrypted when read from DRAM and encrypted when written to
16 SEV enables running encrypted virtual machines (VMs) in which the code and data
19 memory. Private memory is encrypted with the guest-specific key, while shared
20 memory may be encrypted with hypervisor key. When SME is enabled, the hypervisor
23 A page is encrypted when a page table entry has the encryption bit set (see
25 specified in the cr3 register, allowing the PGD table to be encrypted. Each
26 successive level of page tables can also be encrypted by setting the encryption
[all …]
|
| /kernel/linux/linux-5.10/Documentation/filesystems/ |
| D | fscrypt.rst | 35 UBIFS. This allows encrypted files to be read and written without
36 caching both the decrypted and encrypted pages in the pagecache,
39 needed. eCryptfs also limits encrypted filenames to 143 bytes,
45 supports marking an empty directory as encrypted. Then, after
48 encrypted.
118 "locked", i.e. in ciphertext or encrypted form.
124 encrypted files and directories before removing a master key, as
126 encrypted directory.
156 with another user's encrypted files to which they have read-only
169 policies on all new encrypted directories.
[all …]
|
| /kernel/linux/linux-5.10/arch/x86/mm/ |
| D | mem_encrypt_boot.S | 23 * RDI - virtual address for the encrypted mapping
36 /* Set up a one page stack in the non-encrypted memory area */
42 movq %rdi, %r10 /* Encrypted area */
53 movq %r10, %rdi /* Encrypted area */
78 * the kernel will be encrypted during the process. So this
84 * RDI - virtual address for the encrypted mapping
92 * The area will be encrypted by copying from the non-encrypted
94 * intermediate buffer back to the encrypted memory space. The physical
96 * being encrypted "in place".
112 movq %rdi, %r10 /* Save encrypted area address */
[all …]
|
| /kernel/linux/linux-6.6/arch/x86/mm/ |
| D | mem_encrypt_boot.S | 23 * RDI - virtual address for the encrypted mapping
36 /* Set up a one page stack in the non-encrypted memory area */
42 movq %rdi, %r10 /* Encrypted area */
53 movq %r10, %rdi /* Encrypted area */
78 * the kernel will be encrypted during the process. So this
84 * RDI - virtual address for the encrypted mapping
92 * The area will be encrypted by copying from the non-encrypted
94 * intermediate buffer back to the encrypted memory space. The physical
96 * being encrypted "in place".
112 movq %rdi, %r10 /* Save encrypted area address */
[all …]
|
| /kernel/linux/linux-5.10/fs/crypto/ |
| D | hooks.c | 11 * fscrypt_file_open() - prepare to open a possibly-encrypted regular file
15 * Currently, an encrypted regular file can only be opened if its encryption key
16 * is available; access to the raw encrypted contents is not supported.
21 * is being opened) is encrypted, then the inode being opened uses the same
23 * in an encrypted directory tree use the same encryption policy, as a
26 * an unencrypted file in an encrypted directory.
144 * When the CASEFOLD flag is set on an encrypted directory, we must in fscrypt_prepare_setflags()
168 * fscrypt_prepare_symlink() - prepare to create a possibly-encrypted symlink
177 * encrypted symlink may be longer than the original.
180 * unencrypted, but left NULL if the symlink will be encrypted. For encrypted
[all …]
|
| /kernel/linux/linux-6.6/Documentation/filesystems/ |
| D | fscrypt.rst | 35 UBIFS. This allows encrypted files to be read and written without
36 caching both the decrypted and encrypted pages in the pagecache,
39 needed. eCryptfs also limits encrypted filenames to 143 bytes,
45 supports marking an empty directory as encrypted. Then, after
48 encrypted.
118 "locked", i.e. in ciphertext or encrypted form.
124 encrypted files and directories before removing a master key, as
126 encrypted directory.
156 with another user's encrypted files to which they have read-only
169 policies on all new encrypted directories.
[all …]
|
| /kernel/linux/linux-6.6/Documentation/arch/x86/ |
| D | amd-memory-encryption.rst | 7 Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV) are
10 SME provides the ability to mark individual pages of memory as encrypted using
11 the standard x86 page tables. A page that is marked encrypted will be
12 automatically decrypted when read from DRAM and encrypted when written to
16 SEV enables running encrypted virtual machines (VMs) in which the code and data
19 memory. Private memory is encrypted with the guest-specific key, while shared
20 memory may be encrypted with hypervisor key. When SME is enabled, the hypervisor
23 A page is encrypted when a page table entry has the encryption bit set (see
25 specified in the cr3 register, allowing the PGD table to be encrypted. Each
26 successive level of page tables can also be encrypted by setting the encryption
[all …]
|
| /kernel/linux/linux-6.6/fs/crypto/ |
| D | hooks.c | 11 * fscrypt_file_open() - prepare to open a possibly-encrypted regular file
15 * Currently, an encrypted regular file can only be opened if its encryption key
16 * is available; access to the raw encrypted contents is not supported.
21 * is being opened) is encrypted, then the inode being opened uses the same
23 * in an encrypted directory tree use the same encryption policy, as a
26 * an unencrypted file in an encrypted directory.
116 * @dir: the encrypted directory being searched
177 * When the CASEFOLD flag is set on an encrypted directory, we must in fscrypt_prepare_setflags()
201 * fscrypt_prepare_symlink() - prepare to create a possibly-encrypted symlink
210 * encrypted symlink may be longer than the original.
[all …]
|
| /kernel/linux/linux-6.6/security/keys/encrypted-keys/ |
| D | Makefile | 3 # Makefile for encrypted keys
6 obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys.o
8 encrypted-keys-y := encrypted.o ecryptfs_format.o
11 encrypted-keys-y += $(masterkey-y) $(masterkey-m-m)
|
| D | masterkey_trusted.c | 11 * See Documentation/security/keys/trusted-encrypted.rst
17 #include <keys/encrypted-type.h>
18 #include "encrypted.h"
24 * manages both trusted/encrypted key-types, like the encrypted key type
|
| D | encrypted.c | 11 * See Documentation/security/keys/trusted-encrypted.rst
23 #include <keys/encrypted-type.h>
35 #include "encrypted.h"
84 "Allow instantiation of encrypted keys using provided decrypted data");
103 * valid_ecryptfs_desc - verify the description of a new/loaded encrypted key
105 * The description of a encrypted key with format 'ecryptfs' must contain
168 * <encrypted iv + data>
294 /* convert the hex encoded iv, encrypted-data and HMAC to ascii */ in datablob_format()
305 * Use a user provided key to encrypt/decrypt an encrypted-key.
515 /* verify HMAC before decrypting encrypted key */
[all …]
|
| /kernel/linux/linux-5.10/security/keys/encrypted-keys/ |
| D | Makefile | 3 # Makefile for encrypted keys
6 obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys.o
8 encrypted-keys-y := encrypted.o ecryptfs_format.o
11 encrypted-keys-y += $(masterkey-y) $(masterkey-m-m)
|
| D | masterkey_trusted.c | 11 * See Documentation/security/keys/trusted-encrypted.rst
17 #include <keys/encrypted-type.h>
18 #include "encrypted.h"
24 * manages both trusted/encrypted key-types, like the encrypted key type
|
| /kernel/linux/linux-6.6/security/keys/ |
| D | Kconfig | 78 Userspace will only ever see encrypted blobs.
87 tristate "ENCRYPTED KEYS"
97 in the kernel. Encrypted keys are instantiated using kernel
99 encrypted/decrypted with a 'master' symmetric key. The 'master'
100 key can be either a trusted-key or user-key type. Only encrypted
106 bool "Allow encrypted keys with user decrypted data"
109 This option provides support for instantiating encrypted keys using
|
| /kernel/linux/linux-5.10/Documentation/driver-api/nvdimm/ |
| D | security.rst | 51 A nvdimm encrypted-key of format enc32 has the description format of:
54 See file ``Documentation/security/keys/trusted-encrypted.rst`` for creating
55 encrypted-keys of enc32 format. TPM usage with a master trusted key is
56 preferred for sealing the encrypted-keys.
64 relevant encrypted-keys into the kernel user keyring during the initramfs phase.
115 An encrypted-key with the current user passphrase that is tied to the nvdimm
125 is just another encrypted-key.
136 another encrypted-key.
|
| /kernel/linux/linux-6.6/Documentation/driver-api/nvdimm/ |
| D | security.rst | 51 A nvdimm encrypted-key of format enc32 has the description format of:
54 See file ``Documentation/security/keys/trusted-encrypted.rst`` for creating
55 encrypted-keys of enc32 format. TPM usage with a master trusted key is
56 preferred for sealing the encrypted-keys.
64 relevant encrypted-keys into the kernel user keyring during the initramfs phase.
115 An encrypted-key with the current user passphrase that is tied to the nvdimm
125 is just another encrypted-key.
136 another encrypted-key.
|
| /kernel/linux/linux-6.6/Documentation/virt/kvm/s390/ |
| D | s390-pv-boot.rst | 12 Memory made accessible to the hypervisor will be encrypted. See
16 information about the encrypted components and necessary metadata to
27 switch into PV mode itself, the user can load encrypted guest
59 The components are for instance an encrypted kernel, kernel parameters
62 After the initial import of the encrypted data, all defined pages will
82 encrypted images.
|
| /kernel/linux/linux-5.10/Documentation/virt/kvm/ |
| D | s390-pv-boot.rst | 12 Memory made accessible to the hypervisor will be encrypted. See
16 information about the encrypted components and necessary metadata to
27 switch into PV mode itself, the user can load encrypted guest
59 The components are for instance an encrypted kernel, kernel parameters
62 After the initial import of the encrypted data, all defined pages will
82 encrypted images.
|
| /kernel/linux/linux-5.10/net/tls/ |
| D | trace.h | 47 bool encrypted, bool decrypted),
49 TP_ARGS(sk, tcp_seq, rec_no, rec_len, encrypted, decrypted),
56 __field( bool, encrypted )
65 __entry->encrypted = encrypted;
70 "sk=%p tcp_seq=%u rec_no=%llu len=%u encrypted=%d decrypted=%d",
73 __entry->encrypted, __entry->decrypted
|
| /kernel/linux/linux-6.6/net/tls/ |
| D | trace.h | 47 bool encrypted, bool decrypted),
49 TP_ARGS(sk, tcp_seq, rec_no, rec_len, encrypted, decrypted),
56 __field( bool, encrypted )
65 __entry->encrypted = encrypted;
70 "sk=%p tcp_seq=%u rec_no=%llu len=%u encrypted=%d decrypted=%d",
73 __entry->encrypted, __entry->decrypted
|