Lines Matching +full:unlock +full:- +full:keys

6 ---------------
11 "unlock unit", "freeze lock", "secure erase", and "overwrite". A security_ops
16 ------------------
28 update <old_keyid> <new_keyid> - enable or update passphrase.
29 disable <keyid> - disable enabled security and remove key.
30 freeze - freeze changing of security states.
31 erase <keyid> - delete existing user encryption key.
32 overwrite <keyid> - wipe the entire nvdimm.
33 master_update <keyid> <new_keyid> - enable or update master passphrase.
34 master_erase <keyid> - delete existing user encryption key.
37 -----------------
41 8089-a2-1740-00000133
45 The security keys are managed on the basis of a single key per DIMM. The
48 kernel API call during nvdimm unlock. It is up to the user to make sure that
49 all the keys are in the kernel user keyring for unlock.
51 A nvdimm encrypted-key of format enc32 has the description format of:
52 nvdimm:<bus-provider-specific-unique-id>
54 See file ``Documentation/security/keys/trusted-encrypted.rst`` for creating
55 encrypted-keys of enc32 format. TPM usage with a master trusted key is
56 preferred for sealing the encrypted-keys.
59 ------------
64 relevant encrypted-keys into the kernel user keyring during the initramfs phase.
65 This provides the unlock function access to all the related keys that contain
67 keys are injected before libnvdimm is loaded by modprobe.
70 ---------
84 ---------
85 The freeze operation does not require any keys. The security config can be
89 ----------
97 ---------------
105 ------------
115 An encrypted-key with the current user passphrase that is tied to the nvdimm
119 -----------------
125 is just another encrypted-key.
130 ----------------
136 another encrypted-key.
141 [1]: https://pmem.io/documents/NVDIMM_DSM_Interface-V1.8.pdf
143 [2]: http://www.t13.org/documents/UploadedDocuments/docs2006/e05179r4-ACS-SecurityClarifications.pdf