Lines Matching refs:trusted
112 ‘master’ key can either be a trusted-key or user-key type. The main disadvantage
113 of encrypted keys is that if they are not rooted in a trusted key, they are only
124 TPM 1.2: By default, trusted keys are sealed under the SRK, which has the
146 keyctl add trusted name "new keylen [options]" ring
147 keyctl add trusted name "load hex_blob [pcrlock=pcrnum]" ring
183 keyctl add trusted name "new keylen" ring
184 keyctl add trusted name "load hex_blob" ring
208 key-type:= 'trusted' | 'user'
210 Examples of trusted and encrypted key usage
213 Create and save a trusted key named "kmk" of length 32 bytes.
221 $ keyctl add trusted kmk "new 32" @u
228 440502848 --alswrv 500 500 \_ trusted: kmk
242 Load a trusted key from the saved blob::
244 $ keyctl add trusted kmk "load `cat kmk.blob`" @u
257 Reseal (TPM specific) a trusted key under new PCR values::
272 The initial consumer of trusted keys is EVM, which at boot time needs a high
274 trusted key provides strong guarantees that the EVM key has not been
277 encrypted key "evm" using the above trusted key "kmk":
281 $ keyctl add encrypted evm "new trusted:kmk 32" @u
286 $ keyctl add encrypted evm "new default trusted:kmk 32" @u
290 default trusted:kmk 32 2375725ad57798846a9bbd240de8906f006e66c03af53b1b3
302 default trusted:kmk 32 2375725ad57798846a9bbd240de8906f006e66c03af53b1b3
306 Other uses for trusted and encrypted keys, such as for disk and file encryption
351 The trusted key code only uses the TPM Sealed Data OID.