Home
last modified time | relevance | path

Searched refs:encrypted (Results 1 – 25 of 69) sorted by relevance

123

/Linux-v4.19/Documentation/security/keys/
Decryptfs.rst8 Each FEK is in turn encrypted with a File Encryption Key Encryption Key (FEFEK)
12 the FEK is encrypted by 'ecryptfsd' with the help of external libraries in order
22 The 'encrypted' key type has been extended with the introduction of the new
31 encrypted form.
33 The eCryptfs filesystem may really benefit from using encrypted keys in that the
42 keyctl add encrypted name "new ecryptfs key-type:master-key-name keylen" ring
43 keyctl add encrypted name "load hex_blob" ring
53 Example of encrypted key usage with the eCryptfs filesystem:
55 Create an encrypted key "1000100010001000" of length 64 bytes with format
58 $ keyctl add encrypted 1000100010001000 "new ecryptfs user:test 64" @u
[all …]
Dtrusted-encrypted.rst8 stores, and loads only encrypted blobs. Trusted Keys require the availability
59 numbers, and are encrypted/decrypted using a specified 'master' key. The
61 disadvantage of encrypted keys is that if they are not rooted in a trusted key,
66 The decrypted portion of encrypted keys can contain either a simple symmetric
72 keyctl add encrypted name "new [format] key-type:master-key-name keylen"
74 keyctl add encrypted name "load hex_blob" ring
83 Examples of trusted and encrypted key usage:
142 encrypted key "evm" using the above trusted key "kmk":
146 $ keyctl add encrypted evm "new trusted:kmk 32" @u
151 $ keyctl add encrypted evm "new default trusted:kmk 32" @u
[all …]
Dindex.rst11 trusted-encrypted
/Linux-v4.19/security/keys/encrypted-keys/
DMakefile6 obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys.o
8 encrypted-keys-y := encrypted.o ecryptfs_format.o
11 encrypted-keys-y += $(masterkey-y) $(masterkey-m-m)
/Linux-v4.19/Documentation/x86/
Damd-memory-encryption.txt4 SME provides the ability to mark individual pages of memory as encrypted using
5 the standard x86 page tables. A page that is marked encrypted will be
6 automatically decrypted when read from DRAM and encrypted when written to
10 SEV enables running encrypted virtual machines (VMs) in which the code and data
13 memory. Private memory is encrypted with the guest-specific key, while shared
14 memory may be encrypted with hypervisor key. When SME is enabled, the hypervisor
17 A page is encrypted when a page table entry has the encryption bit set (see
19 specified in the cr3 register, allowing the PGD table to be encrypted. Each
20 successive level of page tables can also be encrypted by setting the encryption
22 page table hierarchy to be encrypted. Note, this means that just because the
[all …]
/Linux-v4.19/Documentation/filesystems/
Dfscrypt.rst35 UBIFS. This allows encrypted files to be read and written without
36 caching both the decrypted and encrypted pages in the pagecache,
39 needed. eCryptfs also limits encrypted filenames to 143 bytes,
45 supports marking an empty directory as encrypted. Then, after
48 encrypted.
94 recently accessed encrypted files will remain accessible at least
104 an incorrect key for another user's existing encrypted files. A
113 Each encrypted directory tree is protected by a *master key*. Master
121 To "unlock" an encrypted directory tree, userspace must provide the
136 Instead, a unique key is derived for each encrypted file, including
[all …]
Decryptfs.txt38 Create a new directory into which eCryptfs will write its encrypted
53 host page size). This is the encrypted underlying file for what you
/Linux-v4.19/net/rxrpc/
Drxkad.c748 response->encrypted.checksum = htonl(csum); in rxkad_calc_response_checksum()
766 sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted)); in rxkad_encrypt_response()
769 skcipher_request_set_crypt(req, sg, sg, sizeof(resp->encrypted), iv.x); in rxkad_encrypt_response()
832 resp->encrypted.epoch = htonl(conn->proto.epoch); in rxkad_respond_to_challenge()
833 resp->encrypted.cid = htonl(conn->proto.cid); in rxkad_respond_to_challenge()
834 resp->encrypted.securityIndex = htonl(conn->security_ix); in rxkad_respond_to_challenge()
835 resp->encrypted.inc_nonce = htonl(nonce + 1); in rxkad_respond_to_challenge()
836 resp->encrypted.level = htonl(conn->params.security_level); in rxkad_respond_to_challenge()
839 resp->encrypted.call_id[0] = htonl(conn->channels[0].call_counter); in rxkad_respond_to_challenge()
840 resp->encrypted.call_id[1] = htonl(conn->channels[1].call_counter); in rxkad_respond_to_challenge()
[all …]
Dprotocol.h175 } encrypted; member
/Linux-v4.19/Documentation/networking/
Dtls.txt58 socket is encrypted using TLS and the parameters provided in the socket option.
59 For example, we can send an encrypted hello world record as follows:
64 send() data is directly encrypted from the userspace buffer provided
65 to the encrypted kernel send buffer if possible.
78 The kernel will need to allocate a buffer for the encrypted data.
144 encrypted by the kernel.
/Linux-v4.19/Documentation/ABI/testing/
Devm12 trusted/encrypted key stored in the Kernel Key
54 creating and loading existing trusted/encrypted keys,
56 Documentation/security/keys/trusted-encrypted.rst. Both
Ddebugfs-pfo-nx-crypto29 - The total number of bytes encrypted using AES in any of the driver's
/Linux-v4.19/Documentation/virtual/kvm/
Damd-memory-encryption.rst12 the memory contents of a VM will be transparently encrypted with a key
23 Bits[31:0] Number of encrypted guests supported simultaneously
101 that the memory was encrypted correctly by the firmware.
110 __u64 uaddr; /* userspace address to be encrypted (must be 16-byte aligned) */
111 __u32 len; /* length of the data to be encrypted (must be 16-byte aligned) */
120 data encrypted by the KVM_SEV_LAUNCH_UPDATE_DATA command. The guest owner may
/Linux-v4.19/Documentation/power/
Dswsusp-dmcrypt.txt14 Now your system is properly set up, your disk is encrypted except for
24 up dm-crypt and then asks swsusp to resume from the encrypted
54 card contains at least the encrypted swap setup in a file
65 initrd that allows you to resume from encrypted swap and that
131 Otherwise we just remove the encrypted swap device and leave it to the
/Linux-v4.19/Documentation/device-mapper/
Ddm-crypt.txt67 then sectors are encrypted according to their offsets (sector 0 uses key0;
76 encrypted data. You can specify it as a path like /dev/xxx or a device
80 Starting sector within the device where the encrypted data begins.
95 option. For example, allowing discards on encrypted devices may lead to
122 integrity for the encrypted device. The additional space is then
/Linux-v4.19/security/keys/
DKconfig70 see encrypted blobs.
86 which are encrypted/decrypted with a 'master' symmetric key. The
88 Userspace only ever sees/stores encrypted blobs.
DMakefile31 obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys/
/Linux-v4.19/fs/ubifs/
Ddir.c94 bool encrypted = false; in ubifs_new_inode() local
106 encrypted = true; in ubifs_new_inode()
146 encrypted = false; in ubifs_new_inode()
185 if (encrypted) { in ubifs_new_inode()
186 err = fscrypt_inherit_context(dir, inode, &encrypted, true); in ubifs_new_inode()
516 bool encrypted = ubifs_crypt_is_encrypted(dir); in ubifs_readdir() local
527 if (encrypted) { in ubifs_readdir()
561 if (encrypted) in ubifs_readdir()
606 if (encrypted) { in ubifs_readdir()
623 if (encrypted) in ubifs_readdir()
[all …]
Dsb.c480 if (c->encrypted && c->fmt_version < 5) { in validate_sb()
641 c->encrypted = !!(sup_flags & UBIFS_FLG_ENCRYPTION); in ubifs_read_superblock()
651 if (c->encrypted) { in ubifs_read_superblock()
851 if (c->encrypted) in ubifs_enable_encryption()
870 c->encrypted = 1; in ubifs_enable_encryption()
/Linux-v4.19/fs/crypto/
DKconfig15 efficient since it avoids caching the encrypted and
/Linux-v4.19/arch/arm/boot/dts/
Dberlin2cd-google-chromecast.dts27 * because the (signed and encrypted) bootloader that shipped
/Linux-v4.19/arch/powerpc/boot/dts/fsl/
Dc293pcie.dts101 /* 1MB for blob encrypted key */
103 label = "NOR blob encrypted key";
/Linux-v4.19/drivers/staging/rtl8192e/
Drtllib_tx.c625 txb->encrypted = 0; in rtllib_xmit_inter()
788 txb->encrypted = encrypt; in rtllib_xmit_inter()
893 txb->encrypted = 0; in rtllib_xmit_inter()
/Linux-v4.19/Documentation/
Ddigsig.txt94 891974900 --alswrv 0 0 \_ encrypted: evm-key
/Linux-v4.19/Documentation/devicetree/bindings/soc/mediatek/
Dpwrap.txt8 optionally be encrypted. Also a non standard Dual IO SPI mode can be

123