Lines Matching refs:trusted

132 Users may override this by specifying ``trusted.rng=kernel`` on the kernel
141 using a specified ‘master’ key. The ‘master’ key can either be a trusted-key or
143 rooted in a trusted key, they are only as secure as the user key encrypting
154 TPM 1.2: By default, trusted keys are sealed under the SRK, which has the
176     keyctl add trusted name "new keylen [options]" ring
177     keyctl add trusted name "load hex_blob [pcrlock=pcrnum]" ring
213     keyctl add trusted name "new keylen" ring
214     keyctl add trusted name "load hex_blob" ring
226     keyctl add trusted name "new keylen" ring
227     keyctl add trusted name "load hex_blob" ring
253 	key-type:= 'trusted' | 'user'
255 Examples of trusted and encrypted key usage
258 Create and save a trusted key named "kmk" of length 32 bytes.
266     $ keyctl add trusted kmk "new 32" @u
273     440502848 --alswrv    500   500       \_ trusted: kmk
287 Load a trusted key from the saved blob::
289     $ keyctl add trusted kmk "load `cat kmk.blob`" @u
302 Reseal (TPM specific) a trusted key under new PCR values::
317 The initial consumer of trusted keys is EVM, which at boot time needs a high
319 trusted key provides strong guarantees that the EVM key has not been
322 encrypted key "evm" using the above trusted key "kmk":
326     $ keyctl add encrypted evm "new trusted:kmk 32" @u
331     $ keyctl add encrypted evm "new default trusted:kmk 32" @u
335     default trusted:kmk 32 2375725ad57798846a9bbd240de8906f006e66c03af53b1b3
347     default trusted:kmk 32 2375725ad57798846a9bbd240de8906f006e66c03af53b1b3
362 Other uses for trusted and encrypted keys, such as for disk and file encryption
407 The trusted key code only uses the TPM Sealed Data OID.