Searched refs:key (Results 1 – 25 of 294) sorted by relevance
12345678910>>...12
| /Documentation/security/keys/ |
| D | request-key.rst | 5 The key request service is part of the key retention service (refer to
12 struct key *request_key(const struct key_type *type,
18 struct key *request_key_tag(const struct key_type *type,
25 struct key *request_key_with_auxdata(const struct key_type *type,
34 struct key *request_key_rcu(const struct key_type *type,
46 does not need to link the key to a keyring to prevent it from being immediately
47 destroyed. The kernel interface returns a pointer directly to the key, and
48 it's up to the caller to destroy the key.
56 NULL). This is only useful for those key types that define their own upcall
57 mechanism rather than using /sbin/request-key.
[all …]
|
| D | core.rst | 9 Keyrings are permitted; these are a special type of key that can hold links to
13 The key service can be configured on by enabling:
15 "Security options"/"Enable access key retention support" (CONFIG_KEYS)
26 tokens, keyrings, etc.. These are represented in the kernel by struct key.
28 Each key has a number of attributes:
32 - A description (for matching a key in a search).
39 * Each key is issued a serial number of type key_serial_t that is unique for
40 the lifetime of that key. All serial numbers are positive non-zero 32-bit
43 Userspace programs can use a key's serial numbers as a way to gain access
46 * Each key is of a defined "type". Types must be registered inside the
[all …]
|
| D | ecryptfs.rst | 11 using a key, the FEKEK, derived from a user prompted passphrase; in the latter
13 to support other mechanisms like public key cryptography, PKCS#11 and TPM based
18 kernel key of the 'user' type, inserted in the user's session specific keyring
22 The 'encrypted' key type has been extended with the introduction of the new
26 kernel and protected by the parent master key.
34 required key can be securely generated by an Administrator and provided at boot
35 time after the unsealing of a 'trusted' key in order to perform the mount in a
36 controlled environment. Another advantage is that the key is not exposed to
42 keyctl add encrypted name "new ecryptfs key-type:master-key-name keylen" ring
44 keyctl update keyid "update key-type:master-key-name"
[all …]
|
| D | trusted-encrypted.rst | 5 Trusted and Encrypted Keys are two new key types added to the existing kernel
6 key ring service. Both of these new types are variable length symmetric keys,
57 such as when the kernel and initramfs are updated. The same key can
91 a child key in the storage key hierarchy. Encryption and decryption of the
92 child key must be protected by a strong access control policy within the
115 numbers, and are encrypted/decrypted using a specified ‘master’ key. The
116 ‘master’ key can either be a trusted-key or user-key type. The main disadvantage
117 of encrypted keys is that if they are not rooted in a trusted key, they are only
118 as secure as the user key encrypting them. The master user key should therefore
132 TPM 2.0: The user must first create a storage key and make it persistent, so the
[all …]
|
| /Documentation/crypto/ |
| D | asymmetric-keys.rst | 4 Asymmetric / Public-key Cryptography Key Type
13 - Asymmetric key subtypes.
21 The "asymmetric" key type is designed to be a container for the keys used in
22 public-key cryptography, without imposing any particular restrictions on the
23 form or mechanism of the cryptography or form of the key.
25 The asymmetric key is given a subtype that defines what sort of data is
26 associated with the key and provides operations to describe and destroy it.
27 However, no requirement is made that the key data actually be stored in the
28 key.
30 A completely in-kernel key retention and operation subtype can be defined, but
[all …]
|
| /Documentation/security/ |
| D | siphash.rst | 13 SipHash takes a secret key filled with randomly generated numbers and either
18 Generating a key
24 siphash_key_t key;
25 get_random_bytes(&key, sizeof(key));
27 If you're not deriving your key from here, you're doing it wrong.
35 u64 siphash(const void *data, size_t len, const siphash_key_t *key);
39 u64 siphash_1u64(u64, const siphash_key_t *key);
40 u64 siphash_2u64(u64, u64, const siphash_key_t *key);
41 u64 siphash_3u64(u64, u64, u64, const siphash_key_t *key);
42 u64 siphash_4u64(u64, u64, u64, u64, const siphash_key_t *key);
[all …]
|
| D | digsig.rst | 27 Public key and signature consist of header and MPIs::
30 uint8_t version; /* key format version */
31 time_t timestamp; /* key made, always 0 for now */
47 keyid equals to SHA1[12-19] over the total key content.
49 Such approach insures that key or signature header could not be changed.
58 digsig_verify() - digital signature verification with public key
62 * digsig_verify() - digital signature verification with public key
63 * @keyring: keyring to search key in
75 int digsig_verify(struct key *keyring, const char *sig, int siglen,
81 The signing and key management utilities evm-utils provide functionality
[all …]
|
| /Documentation/devicetree/bindings/input/ |
| D | pxa27x-keypad.txt | 7 - marvell,debounce-interval : How long time the key will be
9 is debounce interval for direct key and bit[15:0] is debounce
10 interval for matrix key. The value is in binary number of 2ms
16 - marvell,direct-key-count : How many direct keyes are used.
17 - marvell,direct-key-mask : The mask indicates which keyes
18 are used. If bit[X] of the mask is set, the direct key X
20 - marvell,direct-key-low-active : Direct key status register
23 is low, the key is pressed(active).
24 - marvell,direct-key-map : It is a u16 array. Each item indicates
25 the linux key-code for the direct key.
[all …]
|
| D | da9062-onkey.txt | 18 - dlg,disable-key-power : Disable power-down using a long key-press. If this
19 entry exists the OnKey driver will remove support for the KEY_POWER key
27 dlg,disable-key-power;
36 dlg,disable-key-power;
45 dlg,disable-key-power;
|
| D | samsung-keypad.txt | 5 A key can be placed at each intersection of a unique row and a unique column.
6 The keypad controller can sense a key-press and key-release and report the
28 - Keys represented as child nodes: Each key connected to the keypad
31 - keypad,row: the row number to which the key is connected.
32 - keypad,column: the column number to which the key is connected.
33 - linux,code: the key-code to be reported when the key is pressed
|
| D | lpc32xx-key.txt | 7 - compatible: Should be "nxp,lpc3220-key"
14 - linux,keymap: the key-code to be reported when the key is pressed
23 key@40050000 {
24 compatible = "nxp,lpc3220-key";
|
| D | adc-keys.txt | 16 Each button (key) is represented as a sub-node of "adc-keys":
19 - label: Descriptive name of the key.
21 - press-threshold-microvolt: voltage above or equal to which this key is
58 | 2.000.000 <= value | no key pressed |
66 | value < 500.000 | no key pressed |
|
| /Documentation/admin-guide/nfs/ |
| D | nfs-idmapper.rst | 8 ways NFS could obtain this information: placing a call to /sbin/request-key
11 NFS will attempt to call /sbin/request-key first. If this succeeds, the
12 result will be cached using the generic request-key cache. This call should
13 only fail if /etc/request-key.conf is not configured for the id_resolver key
14 type, see the "Configuring" section below if you wish to use the request-key
17 If the call to /sbin/request-key fails (if /etc/request-key.conf is not
18 configured with the id_resolver key type), then the idmapper will ask the
26 The file /etc/request-key.conf will need to be modified so /sbin/request-key can
35 The last parameter, 600, defines how many seconds into the future the key will
39 id mapper uses for key descriptions::
[all …]
|
| /Documentation/driver-api/nvdimm/ |
| D | security.rst | 29 disable <keyid> - disable enabled security and remove key.
31 erase <keyid> - delete existing user encryption key.
34 master_erase <keyid> - delete existing user encryption key.
39 The key is associated to the payload by the DIMM id. For example:
42 The DIMM id would be provided along with the key payload (passphrase) to
45 The security keys are managed on the basis of a single key per DIMM. The
46 key "passphrase" is expected to be 32bytes long. This is similar to the ATA
47 security specification [2]. A key is initially acquired via the request_key()
51 A nvdimm encrypted-key of format enc32 has the description format of:
55 encrypted-keys of enc32 format. TPM usage with a master trusted key is
[all …]
|
| /Documentation/admin-guide/ |
| D | bootconfig.rst | 15 additional key-value data when booting the kernel in an efficient way.
21 The boot config syntax is a simple structured key-value. Each key consists
22 of dot-connected-words, and key and value are connected by ``=``. The value
30 Each key word must contain only alphabets, numbers, dash (``-``) or underscore
39 There can be a key which doesn't have value or has an empty value. Those keys
40 are used for checking if the key exists or not (like a boolean).
62 In both styles, same key words are automatically merged when parsing it
63 at boot time. So you can append similar trees or key-values.
65 Same-key Values
68 It is prohibited that two or more values or arrays share a same-key.
[all …]
|
| D | module-signing.rst | 14 .. - Administering/protecting the private key.
24 or modules signed with an invalid key. Module signing increases security by
31 type. The facility currently only supports the RSA public key encryption
53 signature for which the key is not known or a module that is unsigned.
55 If this is off (ie. "permissive"), then modules for which the key is not
61 signature that can be verified by a public key in the kernel's possession
96 (4) :menuselection:`File name or PKCS#11 URI of module signing key`
101 and allow the kernel modules to be signed with a key of your choosing.
102 The string provided should identify a file containing both a private key
106 certificate and a private key.
[all …]
|
| D | sysrq.rst | 6 What is the magic SysRq key?
9 It is a 'magical' key combo you can hit which the kernel will respond to
12 How do I enable the magic SysRq key?
15 You need to say "yes" to 'Magic SysRq key (CONFIG_MAGIC_SYSRQ)' when
18 the SysRq key. The default value in this file is set by the
48 How do I use the magic SysRq key?
52 You press the key combo :kbd:`ALT-SysRq-<command key>`.
56 keyboards may not have a key labeled 'SysRq'. The 'SysRq' key is
57 also known as the 'Print Screen' key. Also some keyboards cannot
60 release :kbd:`SysRq`, press :kbd:`<command key>`, release everything.
[all …]
|
| /Documentation/process/ |
| D | maintainer-pgp-guide.rst | 99 of caching the private key passphrase. There are two options you should
102 - ``default-cache-ttl`` (seconds): If you use the same key again before
106 the key since initial passphrase entry, if the maximum time-to-live
138 Protect your master PGP key
141 This guide assumes that you already have a PGP key that you use for Linux
146 You should also make a new key if your current one is weaker than 2048 bits
149 Master key vs. Subkeys
153 key using certifying key signatures (certificates). It is important to
156 1. There are no technical differences between the "master key" and "subkeys."
157 2. At creation time, we assign functional limitations to each key by
[all …]
|
| /Documentation/RCU/ |
| D | rculist_nulls.rst | 30 obj = lockless_lookup(key);
37 * must check key after getting the reference on object
39 if (obj->key != key) { // not the object we expected
46 Beware that lockless_lookup(key) cannot use traditional hlist_for_each_entry_rcu()
51 lockless_lookup(key)
58 if (obj->key == key)
70 if (obj->key == key)
83 checking the key."
89 and previous value of 'obj->key'. Or else, an item could be deleted
102 obj->key = key;
[all …]
|
| /Documentation/filesystems/ |
| D | fscrypt.rst | 18 `fscryptctl <https://github.com/google/fscryptctl>`_ or `Android's key
46 userspace provides the key, all regular files, directories, and
56 Provided that userspace chooses a strong encryption key, fscrypt
89 After an encryption key has been added, fscrypt does not hide the
94 (For the reasoning behind this, understand that while the key is
115 encryption key from kernel memory. If it does so, it will also try to
116 evict all cached inodes which had been "unlocked" using the key,
124 encrypted files and directories before removing a master key, as
128 - The kernel cannot magically wipe copies of the master key(s) that
130 copies of the master key(s) it makes as well; normally this should
[all …]
|
| /Documentation/block/ |
| D | pr.rst | 34 Only initiators with a registered key can write to the device,
38 Only initiators with a registered key can access the device.
42 Only initiators with a registered key can write to the device,
44 All initiators with a registered key are considered reservation
50 Only initiators with a registered key can access the device.
51 All initiators with a registered key are considered reservation
66 the old reservation key.
76 devices based on the type argument. The key argument must be the existing
77 reservation key for the device as acquired by the IOC_PR_REGISTER,
84 This ioctl command releases the reservation specified by key and flags
[all …]
|
| /Documentation/networking/ |
| D | dns_resolver.rst | 21 by way of requesting a key of key type dns_resolver. These queries are
22 upcalled to userspace through /sbin/request-key.
25 request-key. It is under development and does not yet provide the full feature
48 To set up this facility, the /etc/request-key.conf file must be altered so that
49 /sbin/request-key can appropriately direct the upcalls. For example, to handle
79 may then be cached. The key description is constructed as a string of the
121 The dnsresolver module registers a key type called "dns_resolver". Keys of
129 directed by means of configuration lines in /etc/request-key.conf that tell
130 /sbin/request-key what program to run to instantiate the key.
136 remainder of the string to the key as its payload.
[all …]
|
| D | openvswitch.rst | 22 extracting its flow key and looking it up in the flow table. If there
29 Flow key compatibility
35 versions to parse additional protocols as part of the flow key. It
39 applications to work with any version of the flow key, past or future.
43 flow key that it parsed from the packet. Userspace then extracts its
44 own notion of a flow key from the packet and compares it against the
47 - If userspace's notion of the flow key for the packet matches the
50 - If the kernel's flow key includes more fields than the userspace
51 version of the flow key, for example if the kernel decoded IPv6
55 as long as it uses the kernel-provided flow key to do it.
[all …]
|
| D | fib_trie.rst | 10 An end node with data. This has a copy of the relevant key, along
16 indexed through a subset of the key. See Level Compression.
21 The number of bits in the key segment used for indexing into the
25 The position (in the key) of the key segment used for indexing into
30 a segment of the key specified by the parent's "pos" and "bits"
33 in the key skipped over because they represent a single path with no
37 verify that they actually do match the key we are searching for.
76 Looks up a key, deletes it and runs the level compression algorithm.
79 The key function for the dynamic trie after any change in the trie
124 trie, key segment by key segment, until we find a leaf. check_leaf() does
[all …]
|
| /Documentation/staging/ |
| D | static-keys.rst | 19 DEFINE_STATIC_KEY_TRUE(key);
20 DEFINE_STATIC_KEY_FALSE(key);
33 DEFINE_STATIC_KEY_FALSE(key);
37 if (static_branch_unlikely(&key))
43 static_branch_enable(&key);
45 static_branch_disable(&key);
82 if (static_branch_unlikely(&key))
96 Static key label API, usage and examples
100 In order to make use of this optimization you must first define a key::
102 DEFINE_STATIC_KEY_TRUE(key);
[all …]
|
12345678910>>...12