Home
last modified time | relevance | path

Searched +full:inside +full:- +full:secure (Results 1 – 24 of 24) sorted by relevance

/Documentation/devicetree/bindings/crypto/
Dinside-secure,safexcel.yaml1 # SPDX-License-Identifier: GPL-2.0-only OR BSD-2-Clause
3 ---
4 $id: http://devicetree.org/schemas/crypto/inside-secure,safexcel.yaml#
5 $schema: http://devicetree.org/meta-schemas/core.yaml#
7 title: Inside Secure SafeXcel cryptographic engine
10 - Antoine Tenart <atenart@kernel.org>
15 - const: inside-secure,safexcel-eip197b
16 - const: inside-secure,safexcel-eip197d
17 - const: inside-secure,safexcel-eip97ies
18 - const: inside-secure,safexcel-eip197
[all …]
/Documentation/devicetree/bindings/rng/
Domap_rng.yaml1 # SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
3 ---
5 $schema: http://devicetree.org/meta-schemas/core.yaml#
7 title: OMAP SoC and Inside-Secure HWRNG Module
10 - Jayesh Choudhary <j-choudhary@ti.com>
15 - ti,omap2-rng
16 - ti,omap4-rng
17 - inside-secure,safexcel-eip76
33 - description: EIP150 gateable clock
34 - description: Main gateable clock
[all …]
/Documentation/devicetree/bindings/arm/tegra/
Dnvidia,tegra194-cbb.yaml1 # SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
3 ---
4 $id: http://devicetree.org/schemas/arm/tegra/nvidia,tegra194-cbb.yaml#
5 $schema: http://devicetree.org/meta-schemas/core.yaml#
10 - Sumit Gupta <sumitg@nvidia.com>
15 multiple hierarchical sub-NOCs (Network-on-Chip) and connects various
19 by the NOCs inside the CBB. NOCs reporting errors are cluster NOCs
20 "AON-NOC, SCE-NOC, RCE-NOC, BPMP-NOC, CV-NOC" and "CBB Central NOC"
28 - For CCPLEX (CPU Complex) initiator, the driver sets ERD bit. So, the
31 - For other initiators, the ERD is disabled. So, the access issuing
[all …]
/Documentation/arch/x86/
Damd-memory-encryption.rst1 .. SPDX-License-Identifier: GPL-2.0
7 Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV) are
19 memory. Private memory is encrypted with the guest-specific key, while shared
37 as private. All the DMA operations inside the guest must be performed on shared
39 is operating in 64-bit or 32-bit PAE mode, in all other modes the SEV hardware
78 - Supported:
81 - Enabled:
84 - Active:
87 kernel is non-zero).
99 Secure Nested Paging (SNP)
[all …]
Dtdx.rst1 .. SPDX-License-Identifier: GPL-2.0
16 TDX introduces a new CPU mode called Secure Arbitration Mode (SEAM) and
18 CPU-attested software module called 'the TDX module' runs inside the new
22 TDX also leverages Intel Multi-Key Total Memory Encryption (MKTME) to
23 provide crypto-protection to the VMs. TDX reserves part of MKTME KeyIDs
32 TDX boot-time detection
33 -----------------------
41 ---------------------------------------
59 Besides initializing the TDX module, a per-cpu initialization SEAMCALL
103 ------------------------------------------
[all …]
/Documentation/devicetree/bindings/mfd/
Dnxp,bbnsm.yaml1 # SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
3 ---
5 $schema: http://devicetree.org/meta-schemas/core.yaml#
7 title: NXP Battery-Backed Non-Secure Module
10 - Jacky Bai <ping.bai@nxp.com>
13 NXP BBNSM serves as non-volatile logic and storage for the system.
17 significant 32 bits of the real-time counter match the value in the
19 The ON/OFF logic inside the BBNSM allows for connecting directly to
26 - enum:
27 - nxp,imx93-bbnsm
[all …]
/Documentation/arch/arm/
Dtcm.rst2 ARM TCM (Tightly-Coupled Memory) handling in Linux
7 Some ARM SoCs have a so-called TCM (Tightly-Coupled Memory).
8 This is usually just a few (4-64) KiB of RAM inside the ARM
11 Due to being embedded inside the CPU, the TCM has a
12 Harvard-architecture, so there is an ITCM (instruction TCM)
24 determine if ITCM (bits 1-0) and/or DTCM (bit 17-16) is present
47 be able to lock and hide one of the banks for use by the secure
52 - FIQ and other interrupt handlers that need deterministic
55 - Idle loops where all external RAM is set to self-refresh
56 retention mode, so only on-chip RAM is accessible by
[all …]
/Documentation/security/
Dipe.rst1 .. SPDX-License-Identifier: GPL-2.0
3 Integrity Policy Enforcement (IPE) - Kernel Documentation
10 :doc:`IPE admin guide </admin-guide/LSM/ipe>`.
13 ---------------------
16 of a locked-down system. This system would be born-secure, and have
27 2. DM-Verity
29 Both options were carefully considered, however the choice to use DM-Verity
46 modify filesystem offline, the attacker could wipe all the xattrs -
50 With DM-Verity, as the xattrs are saved as part of the Merkel tree, if
51 offline mount occurs against the filesystem protected by dm-verity, the
[all …]
Dsnp-tdx-threat-model.rst17 the kernel through various networking or limited HW-specific exposed
28 solutions provide a Trusted Execution Environment (TEE), where secure data
33 Machines (VM) inside TEE. From now on in this document will be referring
39 inside a CoCo VM. Namely, confidential computing allows its users to
48 additional mechanisms to control guest-host page mapping. More details on
49 the x86-specific solutions can be found in
51 …https://www.amd.com/system/files/techdocs/sev-snp-strengthening-vm-isolation-with-integrity-protec…
56 that acts as a security manager. The host-side virtual machine monitor
63 In the following diagram, the "<--->" lines represent bi-directional
67 +-------------------+ +-----------------------+
[all …]
Dcredentials.rst20 - Tasks
21 - Files/inodes
22 - Sockets
23 - Message queues
24 - Shared memory segments
25 - Semaphores
26 - Keys
44 the same set as in (2) - in standard UNIX files, for instance, this is the
71 group list for when it is acting upon a file - which are quite separate
103 ('read', 'write' and 'execute' - whatever those map to for the object
[all …]
/Documentation/virt/kvm/x86/
Drunning-nested-guests.rst1 .. SPDX-License-Identifier: GPL-2.0
7 A nested guest is the ability to run a guest inside another guest (it
8 can be KVM-based or a different hypervisor). The straightforward
12 .----------------. .----------------.
17 |----------------'--'----------------|
22 .------------------------------------------------------.
25 |------------------------------------------------------|
27 '------------------------------------------------------'
31 - L0 – level-0; the bare metal host, running KVM
33 - L1 – level-1 guest; a VM running on L0; also called the "guest
[all …]
Damd-memory-encryption.rst1 .. SPDX-License-Identifier: GPL-2.0
4 Secure Encrypted Virtualization (SEV)
10 Secure Encrypted Virtualization (SEV) is a feature found on AMD processors.
12 SEV is an extension to the AMD-V architecture which supports running
46 Hence, the ASID for the SEV-enabled guests must be from 1 to a maximum value
57 of zero if SEV is enabled). If non-NULL, the argument to
74 are defined in ``<linux/psp-dev.h>``.
80 ----------------
91 Returns: 0 on success, -negative on error
127 ``debug_swap`` parameter of ``kvm-amd.ko``.
[all …]
/Documentation/security/tpm/
Dtpm-security.rst1 .. SPDX-License-Identifier: GPL-2.0-only
12 ------------
16 PTT, which is a software TPM running inside a software environment
22 -----------------------------------------------
42 ---------------------------
68 ----------------
77 ---------------------------------------
104 name, which is what is exported via sysfs so user-space can run the
107 TPM transactions since start of day were secure and if it doesn't, you
112 --------------
[all …]
/Documentation/virt/coco/
Dsev-guest.rst1 .. SPDX-License-Identifier: GPL-2.0
14 - Hypervisor ioctls: These query and set global attributes which affect the
17 - Guest ioctls: These query and set attributes of the SEV virtual machine.
27 which SEV technology provides this ioctl. SEV, SEV-ES, SEV-SNP or all.
30 hypervisor or guest. The ioctl can be used inside the guest or the
37 the return value. General error numbers (-ENOMEM, -EINVAL)
40 The guest ioctl should be issued on a file descriptor of the /dev/sev-guest
44 the fw_error code will be set, otherwise fw_error will be set to -1.
48 counter (e.g. counter overflow), then -EIO will be returned.
60 /* bits[63:32]: VMM error code, bits[31:0] firmware error code (see psp-sev.h) */
[all …]
/Documentation/arch/s390/
Dvfio-ap.rst13 The AP adapter cards are exposed via the AP bus. The motivation for vfio-ap
45 sub-directory::
57 domain can be configured with a secure private key used for clear key
65 usage domain; for example, to set the secure private key for the control
76 significant bit, correspond to domains 0-255.
81 inside a specific adapter. An AP queue is identified by a tuple
111 * NQAP: to enqueue an AP command-request message to a queue
112 * DQAP: to dequeue an AP command-reply message from a queue
132 an APID from 0-255. If a bit is set, the corresponding adapter is valid for
137 corresponds to an AP queue index (APQI) from 0-255. If a bit is set, the
[all …]
/Documentation/process/
Dmanagement-style.rst8 mirror the :ref:`process/coding-style.rst <codingstyle>` document to some
18 lead persons, not the people who do traditional management inside
35 ------------
37 Everybody thinks managers make decisions, and that decision-making is
55 painful ones. Making small and non-consequential decisions is fine, and
65 **two** inconsequential decisions - the wrong one **and** the right one.
72 you cannot escape. A cornered rat may be dangerous - a cornered manager
80 back-tracking is very easy: just tell everybody that you were an
89 - admitting you were an idiot is harder than it looks. We all like to
92 - having somebody tell you that what you worked on for the last year
[all …]
Dmaintainer-pgp-guide.rst12 Linux Foundation. Please read that document for more in-depth discussion
15 .. _`Protecting Code Integrity`: https://github.com/lfit/itpol/blob/master/protecting-code-integrit…
22 communication channels between developers via PGP-signed email exchange.
26 - Distributed source repositories (git)
27 - Periodic release snapshots (tarballs)
35 - git repositories provide PGP signatures on all tags
36 - tarballs provide detached PGP signatures with all downloads
41 -------------------------------------------
55 a secure working environment and safeguard the PGP keys used to
64 ----------------------
[all …]
/Documentation/devicetree/bindings/
Dvendor-prefixes.yaml1 # SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause)
3 ---
4 $id: http://devicetree.org/schemas/vendor-prefixes.yaml#
5 $schema: http://devicetree.org/meta-schemas/core.yaml#
10 - Rob Herring <robh@kernel.org>
19 "^(at25|bm|devbus|dmacap|dsa|exynos|fsi[ab]|gpio-fan|gpio-key|gpio|gpmc|hdmi|i2c-gpio),.*": true
21 "^(pinctrl-single|#pinctrl-single|PowerPC),.*": true
22 "^(pl022|pxa-mmc|rcar_sound|rotary-encoder|s5m8767|sdhci),.*": true
23 "^(simple-audio-card|st-plgpio|st-spics|ts),.*": true
50 "^active-semi,.*":
[all …]
/Documentation/filesystems/
Doverlayfs.rst1 .. SPDX-License-Identifier: GPL-2.0
10 overlay-filesystem functionality in Linux (sometimes referred to as
11 union-filesystems). An overlay-filesystem tries to present a
17 ---------------
25 While directories will report an st_dev from the overlay-filesystem,
26 non-directory objects may report an st_dev from the lower filesystem or
29 over the lifetime of a non-directory object. Many applications and
48 The "xino" feature can be enabled with the "-o xino=on" overlay mount option.
51 the lifetime of the filesystem. The "-o xino=auto" overlay mount option
60 +--------------+------------+------------+-----------------+----------------+
[all …]
/Documentation/virt/kvm/
Dapi.rst1 .. SPDX-License-Identifier: GPL-2.0
4 The Definitive KVM (Kernel-based Virtual Machine) API Documentation
13 - System ioctls: These query and set global attributes which affect the
17 - VM ioctls: These query and set attributes that affect an entire virtual
24 - vcpu ioctls: These query and set attributes that control the operation
32 - device ioctls: These query and set attributes that control the operation
80 facility that allows backward-compatible extensions to the API to be
104 the ioctl returns -ENOTTY.
122 -----------------------
139 -----------------
[all …]
/Documentation/admin-guide/LSM/
Dipe.rst1 .. SPDX-License-Identifier: GPL-2.0
9 attempting to use IPE. If you're looking for more developer-focused
13 --------
17 mechanisms that rely on labels and paths for decision-making, IPE focuses
34 a file's origin, such as dm-verity or fs-verity, which provide a layer of
36 that trust files from a dm-verity protected device. dm-verity ensures the
38 of its contents. Similarly, fs-verity offers filesystem-level integrity
40 fs-verity. These two features cannot be turned off once established, so
50 property. The latter includes checking the roothash of a dm-verity
51 protected device, determining whether dm-verity possesses a valid
[all …]
/Documentation/admin-guide/sysctl/
Dkernel.rst5 .. See scripts/check-sysctl-docs to keep this up to date
13 Documentation/admin-guide/sysctl/index.rst.
15 ------------------------------------------------------------------------------
39 If BSD-style process accounting is enabled these values control
71 The machine hardware name, the same output as ``uname -m``
129 Ctrl-Alt-Delete). Writing a value to this file which doesn't
130 correspond to a running process will result in ``-ESRCH``.
132 See also `ctrl-alt-del`_.
236 ctrl-alt-del
239 When the value in this file is 0, ctrl-alt-del is trapped and
[all …]
/Documentation/networking/
Dbonding.rst1 .. SPDX-License-Identifier: GPL-2.0
11 Corrections, HA extensions: 2000/10/03-15:
13 - Willy Tarreau <willy at meta-x.org>
14 - Constantine Gavrilov <const-g at xpert.com>
15 - Chad N. Tindel <ctindel at ieee dot org>
16 - Janice Girouard <girouard at us dot ibm dot com>
17 - Jay Vosburgh <fubar at us dot ibm dot com>
22 - Mitch Williams <mitch.a.williams at intel.com>
35 the original tools from extreme-linux and beowulf sites will not work
59 3.7 Configuring LACP for 802.3ad mode in a more secure way
[all …]
/Documentation/admin-guide/
Dkernel-parameters.txt16 force -- enable ACPI if default was off
17 on -- enable ACPI but allow fallback to DT [arm64,riscv64]
18 off -- disable ACPI if default was on
19 noirq -- do not use ACPI for IRQ routing
20 strict -- Be less tolerant of platforms that are not
22 rsdt -- prefer RSDT over (default) XSDT
23 copy_dsdt -- copy DSDT to memory
24 nospcr -- disable console in ACPI SPCR table as
41 If set to vendor, prefer vendor-specific driver
73 Documentation/firmware-guide/acpi/debug.rst for more information about
[all …]