Lines Matching full:boot
15 //! Offer keys based on the "boot level" for superencryption.
31 /// Strategies used to prevent later boot stages from using the KM key that protects the level 0
36 /// itself, and therefore create artifacts which appear to come from early boot.
39 /// it ensures that the level 0 key was genuinely created in early boot
172 b"Create boot level key", in get_level_zero_key()
182 /// Holds the key for the current boot level, and a cache of future keys generated as required.
183 /// When the boot level advances, keys prior to the current boot level are securely dropped.
185 /// Least boot level currently accessible, if any is.
187 /// Invariant: cache entry *i*, if it exists, holds the HKDF key for boot level
208 // If the requested boot level is lower than the current boot level in level_accessible()
210 // the boot key. in level_accessible()
214 /// Get the HKDF key for boot level `boot_level`. The key for level *i*+1
221 // so `self.current + self.cache.len()` is the first boot level not in the cache. in get_hkdf_key()
224 // Grow the cache forwards until it contains the desired boot level. in get_hkdf_key()
238 /// Drop keys prior to the given boot level, while retaining the ability to generate keys for
243 "Failed to advance boot level to {}, current is {}, cache size {}", in advance_boot_level()
251 // We `get` the new boot level for the side effect of advancing the cache to a point in advance_boot_level()
252 // where the new boot level is present. in advance_boot_level()
255 // Then we split the queue at the index of the new boot level and discard the front, in advance_boot_level()
256 // keeping only the keys with the current boot level or higher. in advance_boot_level()
259 // The new cache has the new boot level at index 0, so we set `current` to in advance_boot_level()
266 /// Drop all keys, effectively raising the current boot level to infinity; no keys can
285 /// Return the AES-256-GCM key for the current boot level.