Home
last modified time | relevance | path

Searched full:trusted (Results 1 – 25 of 339) sorted by relevance

12345678910>>...14

/Linux-v5.15/Documentation/security/keys/
Dtrusted-encrypted.rst2 Trusted and Encrypted Keys
5 Trusted and Encrypted Keys are two new key types added to the existing kernel
8 stores, and loads only encrypted blobs. Trusted Keys require the availability
17 A trust source provides the source of security for Trusted Keys. This
23 consumer of the Trusted Keys to determine if the trust source is sufficiently
28 (1) TPM (Trusted Platform Module: hardware device)
33 (2) TEE (Trusted Execution Environment: OP-TEE based on Arm TrustZone)
47 environment verified via Secure/Trusted boot process.
55 verifications match. A loaded Trusted Key can be updated with new
63 Relies on Secure/Trusted boot process for platform integrity. It can
[all …]
/Linux-v5.15/Documentation/devicetree/bindings/arm/firmware/
Dtlm,trusted-foundations.txt1 Trusted Foundations
4 Boards that use the Trusted Foundations secure monitor can signal its
5 presence by declaring a node compatible with "tlm,trusted-foundations"
9 - compatible: "tlm,trusted-foundations"
10 - tlm,version-major: major version number of Trusted Foundations firmware
11 - tlm,version-minor: minor version number of Trusted Foundations firmware
15 trusted-foundations {
16 compatible = "tlm,trusted-foundations";
/Linux-v5.15/security/keys/trusted-keys/
DMakefile3 # Makefile for trusted keys
6 obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
7 trusted-y += trusted_core.o
8 trusted-y += trusted_tpm1.o
11 trusted-y += trusted_tpm2.o
12 trusted-y += tpm2key.asn1.o
14 trusted-$(CONFIG_TEE) += trusted_tee.o
Dtrusted_core.c6 * See Documentation/security/keys/trusted-encrypted.rst
10 #include <keys/trusted-type.h>
27 MODULE_PARM_DESC(source, "Select trusted keys source (tpm or tee)");
130 * trusted_instantiate - create a new trusted key
132 * Unseal an existing trusted blob or, for a new key, get a
133 * random key, then seal and create a trusted key-type key,
276 * On success, return to userspace the trusted key datablob size.
306 .name = "trusted",
344 * trusted key implementation is not found. in init_trusted()
Dtrusted_tee.c19 #define DRIVER_NAME "trusted-key-tee"
29 * Seal trusted key using hardware unique key
37 * Unseal trusted key using hardware unique key
45 * struct trusted_key_tee_private - TEE Trusted key private data
46 * @dev: TEE based Trusted key device.
48 * @session_id: Trusted key TA session identifier.
/Linux-v5.15/crypto/asymmetric_keys/
Drestrict.c62 * new certificate as being trusted.
65 * matching parent certificate in the trusted list, -EKEYREJECTED if the
121 struct key *trusted, bool check_dest) in key_or_keyring_common() argument
134 if (!trusted && !check_dest) in key_or_keyring_common()
146 if (trusted) { in key_or_keyring_common()
147 if (trusted->type == &key_type_keyring) { in key_or_keyring_common()
149 key = find_asymmetric_key(trusted, sig->auth_ids[0], in key_or_keyring_common()
153 } else if (trusted->type == &key_type_asymmetric) { in key_or_keyring_common()
156 signer_ids = asymmetric_key_ids(trusted); in key_or_keyring_common()
180 key = __key_get(trusted); in key_or_keyring_common()
[all …]
/Linux-v5.15/certs/
Dsystem_keyring.c2 /* System trusted keyring for trusted public keys
63 /* If we have a secondary trusted keyring, then that contains a link in restrict_link_by_builtin_and_secondary_trusted()
87 panic("Can't allocate secondary trusted keyring restriction\n"); in get_builtin_and_secondary_restriction()
96 * Create the trusted keyrings
100 pr_notice("Initialise system trusted keyrings\n"); in system_trusted_keyring_init()
110 panic("Can't allocate builtin trusted keyring\n"); in system_trusted_keyring_init()
123 panic("Can't allocate secondary trusted keyring\n"); in system_trusted_keyring_init()
126 panic("Can't link trusted keyrings\n"); in system_trusted_keyring_init()
176 * @trusted_keys: Trusted keys to use (NULL for builtin trusted keys only,
177 * (void *)1UL for all trusted keys).
[all …]
DKconfig45 bool "Provide system-wide ring of trusted keys"
49 Provide a system keyring to which trusted keys can be added. Keys in
50 the keyring are considered to be trusted. Keys may be added at will
62 containing trusted X.509 certificates to be included in the default
64 also trusted.
75 image. This allows introducing a trusted certificate to the default
92 into the kernel or already in the secondary trusted keyring.
/Linux-v5.15/Documentation/staging/
Dtee.rst7 A TEE (Trusted Execution Environment) is a trusted OS running in some
37 - TEE_IOC_OPEN_SESSION opens a new session to a Trusted Application.
39 - TEE_IOC_INVOKE invokes a function in a Trusted Application.
43 - TEE_IOC_CLOSE_SESSION closes a session to a Trusted Application.
59 Kernel provides a TEE bus infrastructure where a Trusted Application is
79 Then TEE client driver can talk to a matched Trusted Application using APIs
85 Suppose a TEE client driver needs to communicate with a Trusted Application
155 | Client | | Trusted |
166 | API | \/ | subsys | driver | | Trusted OS |
182 OP-TEE provides a pseudo Trusted Application: drivers/tee/optee/device.c in
[all …]
/Linux-v5.15/drivers/tee/optee/
Doptee_msg.h39 * to the Trusted Application.
168 * @func: Trusted Application function, specific to the Trusted Application,
178 * All normal calls to Trusted OS uses this struct. If cmd requires further
236 * Get UUID of Trusted OS.
238 * Used by non-secure world to figure out which Trusted OS is installed.
239 * Note that returned UUID is the UUID of the Trusted OS, not of the API.
251 * Get revision of Trusted OS.
253 * Used by non-secure world to figure out which version of the Trusted OS
255 * Trusted OS, not of the API.
266 * OPTEE_MSG_CMD_OPEN_SESSION opens a session to a Trusted Application.
[all …]
Doptee_smc.h73 * Get UUID of Trusted OS.
75 * Used by non-secure world to figure out which Trusted OS is installed.
76 * Note that returned UUID is the UUID of the Trusted OS, not of the API.
86 * Get revision of Trusted OS.
88 * Used by non-secure world to figure out which version of the Trusted OS
90 * Trusted OS, not of the API.
135 * OPTEE_SMC_RETURN_UNKNOWN_FUNCTION Trusted OS does not recognize this
140 * OPTEE_SMC_RETURN_ETHREAD_LIMIT Number of Trusted OS threads exceeded,
333 * OPTEE_SMC_RETURN_UNKNOWN_FUNCTION Trusted OS does not recognize this
454 /* Returned in a0 only from Trusted OS functions */
/Linux-v5.15/security/keys/encrypted-keys/
Dmasterkey_trusted.c11 * See Documentation/security/keys/trusted-encrypted.rst
16 #include <keys/trusted-type.h>
21 * request_trusted_key - request the trusted key
23 * Trusted keys are sealed to PCRs and other metadata. Although userspace
24 * manages both trusted/encrypted key-types, like the encrypted key type
25 * data, trusted key type data is not visible decrypted from userspace.
/Linux-v5.15/security/integrity/ima/
DKconfig17 The Trusted Computing Group(TCG) runtime Integrity
205 be signed and verified by a public key on the trusted IMA
218 and verified by a public key on the trusted IMA keyring.
230 and verified by a key on the trusted IMA keyring.
261 keyring be signed by a key on the system trusted keyring.
275 secondary trusted keyrings.
280 built-in or secondary trusted keyrings.
294 bool "Load X509 certificate onto the '.ima' trusted keyring"
299 loaded on the .ima trusted keyring. These public keys are
300 X509 certificates signed by a trusted key on the
[all …]
/Linux-v5.15/include/linux/
Dpsp-tee.h3 * AMD Trusted Execution Environment (TEE) interface
17 /* This file defines the Trusted Execution Environment (TEE) interface commands
19 * AMD-TEE Trusted OS.
24 * @TEE_CMD_ID_LOAD_TA: Load Trusted Application (TA) binary into
45 * psp_tee_process_cmd() - Process command in Trusted Execution Environment
52 * This function submits a command to the Trusted OS for processing in the
/Linux-v5.15/include/linux/firmware/
Dtrusted_foundations.h7 * Support for the Trusted Foundations secure monitor.
9 * Trusted Foundation comes active on some ARM consumer devices (most
13 * Trusted Foundations, and do *not* follow the SMC calling convention or the
60 pr_err("No support for Trusted Foundations, continuing in degraded mode.\n"); in register_trusted_foundations()
78 if (of_find_compatible_node(NULL, NULL, "tlm,trusted-foundations")) in of_register_trusted_foundations()
/Linux-v5.15/Documentation/admin-guide/hw-vuln/
Dcore-scheduling.rst21 user-designated trusted group can share a core. This increase in core sharing
100 trusted (same cookie) at any point in time. Kernel threads are assumed trusted.
109 the idle task is selected. Idle task is globally trusted.
125 priority task is not trusted with respect to the core wide highest priority
126 task. If a sibling does not have a trusted task to run, it will be forced idle
156 and are considered system-wide trusted. The forced-idling of siblings running
165 Core scheduling tries to guarantee that only trusted tasks run concurrently on a
167 concurrently or kernel could be running concurrently with a task not trusted by
172 Core scheduling selects only trusted tasks to run together. IPI is used to notify
206 allowing system processes (trusted tasks) to share a core.
/Linux-v5.15/drivers/tee/
DKconfig2 # Generic Trusted Execution Environment Configuration
4 tristate "Trusted Execution Environment support"
11 This implements a generic interface towards a Trusted Execution
/Linux-v5.15/drivers/tee/amdtee/
Damdtee_private.h29 /* Maximum number of sessions which can be opened with a Trusted Application */
46 * struct amdtee_session - Trusted Application (TA) session related information.
47 * @ta_handle: handle to Trusted Application (TA) loaded in TEE environment
54 * subsequent operations with the Trusted Application.
113 * @ta_handle: [in] handle of the loaded Trusted Application (TA)
/Linux-v5.15/arch/powerpc/kernel/
Dsecure_boot.c51 enabled = of_property_read_bool(node, "trusted-enabled"); in is_ppc_trustedboot_enabled()
57 if (!of_property_read_u32(of_root, "ibm,trusted-boot", &trustedboot)) in is_ppc_trustedboot_enabled()
61 pr_info("Trusted boot mode %s\n", enabled ? "enabled" : "disabled"); in is_ppc_trustedboot_enabled()
/Linux-v5.15/drivers/firmware/
Dtrusted_foundations.c3 * Trusted Foundations support for ARM CPUs
166 node = of_find_compatible_node(NULL, NULL, "tlm,trusted-foundations"); in of_register_trusted_foundations()
173 panic("Trusted Foundation: missing version-major property\n"); in of_register_trusted_foundations()
177 panic("Trusted Foundation: missing version-minor property\n"); in of_register_trusted_foundations()
/Linux-v5.15/security/integrity/evm/
DKconfig59 bool "Load an X509 certificate onto the '.evm' trusted keyring"
63 Load an X509 certificate onto the '.evm' trusted keyring.
66 onto the '.evm' trusted keyring. A public key can be used to
/Linux-v5.15/Documentation/ABI/testing/
Devm12 trusted/encrypted key stored in the Kernel Key
88 as part of the trusted boot. For more information on
89 creating and loading existing trusted/encrypted keys,
91 Documentation/security/keys/trusted-encrypted.rst. Both
/Linux-v5.15/Documentation/x86/
Dintel_txt.rst5 Intel's technology for safer computing, Intel(R) Trusted Execution
7 provide the building blocks for creating trusted platforms.
35 3_David-Grawrock_The-Front-Door-of-Trusted-Computing.pdf
43 Trusted Boot Project Overview
46 Trusted Boot (tboot) is an open source, pre-kernel/VMM module that
211 Security top-level menu and is called "Enable Intel(R) Trusted
220 system and can also be found on the Trusted Boot site. It is an
/Linux-v5.15/security/integrity/
DKconfig52 .evm keyrings be signed by a key on the system trusted
56 bool "Provide keyring for platform/firmware trusted keys"
60 Provide a separate, distinct keyring for platform trusted keys, which
/Linux-v5.15/Documentation/admin-guide/device-mapper/
Dverity.rst64 and the salt. This hash should be trusted as there is no other authenticity
138 trusted keyring by default, or the secondary trusted keyring if
140 trusted keyring includes by default the builtin trusted keyring, and it can
142 already in the secondary trusted keyring.

12345678910>>...14