trusted-encrypted.rst - OpenGrok cross reference for /Linux-v5.15/Documentation/security/keys/trusted-encrypted.rst

Lines Matching full:keys
2 Trusted and Encrypted Keys
5 Trusted and Encrypted Keys are two new key types added to the existing kernel
6 key ring service.  Both of these new types are variable length symmetric keys,
7 and in both cases all keys are created in the kernel, and user space sees,
8 stores, and loads only encrypted blobs.  Trusted Keys require the availability
9 of a Trust Source for greater security, while Encrypted Keys can be used on any
17 A trust source provides the source of security for Trusted Keys.  This
23 consumer of the Trusted Keys to determine if the trust source is sufficiently
53          Keys can be optionally sealed to specified PCR (integrity measurement)
56          (future) PCR values, so keys are easily migrated to new PCR values,
87 Trusted Keys
90 New keys are created from random numbers generated in the trust source. They
106 Encrypted Keys
109 Encrypted keys do not depend on a trust source, and are faster, as they use AES
110 for encryption/decryption. New keys are created from kernel-generated random
113 of encrypted keys is that if they are not rooted in a trusted key, they are only
121 Trusted Keys usage: TPM
124 TPM 1.2: By default, trusted keys are sealed under the SRK, which has the
174 TPM_STORED_DATA format.  The key length for new keys are always in bytes.
175 Trusted Keys can be 32 - 128 bytes (256 - 1024 bits), the upper limit is to fit
178 Trusted Keys usage: TEE
188 specific to TEE device implementation.  The key length for new keys is always
189 in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
191 Encrypted Keys usage
194 The decrypted portion of encrypted keys can contain either a simple symmetric
272 The initial consumer of trusted keys is EVM, which at boot time needs a high
306 Other uses for trusted and encrypted keys, such as for disk and file encryption
308 in order to use encrypted keys to mount an eCryptfs filesystem.  More details
310 ``Documentation/security/keys/ecryptfs.rst``.
312 Another new format 'enc32' has been defined in order to support encrypted keys
322 format) and to be extensible for additions like importable keys and