| /Linux-v5.4/crypto/asymmetric_keys/ |
| D | restrict.c | 121 struct key *trusted, bool check_dest) in key_or_keyring_common() argument
134 if (!trusted && !check_dest) in key_or_keyring_common()
146 if (trusted) { in key_or_keyring_common()
147 if (trusted->type == &key_type_keyring) { in key_or_keyring_common()
149 key = find_asymmetric_key(trusted, sig->auth_ids[0], in key_or_keyring_common()
153 } else if (trusted->type == &key_type_asymmetric) { in key_or_keyring_common()
156 signer_ids = asymmetric_key_ids(trusted); in key_or_keyring_common()
180 key = __key_get(trusted); in key_or_keyring_common()
186 key = __key_get(trusted); in key_or_keyring_common()
233 struct key *trusted) in restrict_link_by_key_or_keyring() argument
[all …]
|
| /Linux-v5.4/Documentation/security/keys/ |
| D | trusted-encrypted.rst | 24 By default, trusted keys are sealed under the SRK, which has the default
50 keyctl add trusted name "new keylen [options]" ring
51 keyctl add trusted name "load hex_blob [pcrlock=pcrnum]" ring
85 'master' key can either be a trusted-key or user-key type. The main
86 disadvantage of encrypted keys is that if they are not rooted in a trusted key,
105 key-type:= 'trusted' | 'user'
108 Examples of trusted and encrypted key usage:
110 Create and save a trusted key named "kmk" of length 32 bytes.
118 $ keyctl add trusted kmk "new 32" @u
125 440502848 --alswrv 500 500 \_ trusted: kmk
[all …]
|
| D | index.rst | 11 trusted-encrypted
|
| D | ecryptfs.rst | 35 time after the unsealing of a 'trusted' key in order to perform the mount in a
49 key-type:= 'trusted' | 'user'
|
| /Linux-v5.4/Documentation/devicetree/bindings/arm/firmware/ |
| D | tlm,trusted-foundations.txt | 5 presence by declaring a node compatible with "tlm,trusted-foundations"
9 - compatible: "tlm,trusted-foundations"
15 trusted-foundations {
16 compatible = "tlm,trusted-foundations";
|
| /Linux-v5.4/certs/ |
| D | Kconfig | 19 bool "Provide system-wide ring of trusted keys"
23 Provide a system keyring to which trusted keys can be added. Keys in
24 the keyring are considered to be trusted. Keys may be added at will
36 containing trusted X.509 certificates to be included in the default
38 also trusted.
49 image. This allows introducing a trusted certificate to the default
66 into the kernel or already in the secondary trusted keyring.
|
| /Linux-v5.4/include/crypto/ |
| D | public_key.h | 65 struct key *trusted);
70 struct key *trusted);
|
| /Linux-v5.4/Documentation/ABI/testing/ |
| D | evm | 12 trusted/encrypted key stored in the Kernel Key
53 as part of the trusted boot. For more information on
54 creating and loading existing trusted/encrypted keys,
56 Documentation/security/keys/trusted-encrypted.rst. Both
|
| D | sysfs-class-bdi | 50 be trusted to play fair.
|
| /Linux-v5.4/security/integrity/ima/ |
| D | Kconfig | 201 be signed and verified by a public key on the trusted IMA
214 and verified by a public key on the trusted IMA keyring.
226 and verified by a key on the trusted IMA keyring.
257 keyring be signed by a key on the system trusted keyring.
271 secondary trusted keyrings.
276 built-in or secondary trusted keyrings.
290 bool "Load X509 certificate onto the '.ima' trusted keyring"
295 loaded on the .ima trusted keyring. These public keys are
296 X509 certificates signed by a trusted key on the
298 loading from the kernel onto the '.ima' trusted keyring.
|
| /Linux-v5.4/drivers/net/ethernet/intel/ice/ |
| D | ice_virtchnl_pf.h | 75 u8 trusted:1; member
115 int ice_set_vf_trust(struct net_device *netdev, int vf_id, bool trusted);
163 int __always_unused vf_id, bool __always_unused trusted) in ice_set_vf_trust() argument
|
| D | ice_virtchnl_pf.c | 610 if (vf->trusted) in ice_alloc_vf_res()
3050 ivi->trusted = vf->trusted; in ice_get_vf_cfg()
3182 int ice_set_vf_trust(struct net_device *netdev, int vf_id, bool trusted) in ice_set_vf_trust() argument
3202 if (trusted == vf->trusted) in ice_set_vf_trust()
3205 vf->trusted = trusted; in ice_set_vf_trust()
3208 vf_id, trusted ? "" : "un"); in ice_set_vf_trust()
|
| /Linux-v5.4/security/integrity/evm/ |
| D | Kconfig | 59 bool "Load an X509 certificate onto the '.evm' trusted keyring"
63 Load an X509 certificate onto the '.evm' trusted keyring.
66 onto the '.evm' trusted keyring. A public key can be used to
|
| /Linux-v5.4/security/integrity/ |
| D | Kconfig | 52 .evm keyrings be signed by a key on the system trusted
56 bool "Provide keyring for platform/firmware trusted keys"
60 Provide a separate, distinct keyring for platform trusted keys, which
|
| /Linux-v5.4/include/linux/ |
| D | if_link.h | 30 __u32 trusted; member
|
| /Linux-v5.4/drivers/net/netdevsim/ |
| D | netdev.c | 155 nsim_bus_dev->vfconfigs[vf].trusted = val; in nsim_set_vf_trust()
178 ivi->trusted = nsim_bus_dev->vfconfigs[vf].trusted; in nsim_get_vf_config()
|
| D | netdevsim.h | 210 bool trusted; member
|
| /Linux-v5.4/security/keys/ |
| D | Makefile | 31 obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
|
| /Linux-v5.4/drivers/net/ethernet/intel/ixgbe/ |
| D | ixgbe_sriov.c | 108 adapter->vfinfo[i].trusted = false; in __ixgbe_enable_sriov()
930 if (adapter->vfinfo[vf].pf_set_mac && !adapter->vfinfo[vf].trusted && in ixgbe_set_vf_mac_addr()
972 if (adapter->vfinfo[vf].pf_set_mac && !adapter->vfinfo[vf].trusted && in ixgbe_set_vf_macvlan_msg()
1153 !adapter->vfinfo[vf].trusted) { in ixgbe_update_vf_xcast_mode()
1689 if (adapter->vfinfo[vf].trusted == setting) in ixgbe_ndo_set_vf_trust()
1692 adapter->vfinfo[vf].trusted = setting; in ixgbe_ndo_set_vf_trust()
1717 ivi->trusted = adapter->vfinfo[vf].trusted; in ixgbe_ndo_get_vf_config()
|
| /Linux-v5.4/Documentation/filesystems/ |
| D | overlayfs.txt | 68 is it must support the creation of trusted.* extended attributes, and
118 A directory is made opaque by setting the xattr "trusted.overlay.opaque"
167 copied up (but not the contents). Then the "trusted.overlay.redirect"
208 upper directory is stored in a "trusted.overlay.upper" extended attribute
286 "trusted." xattrs will require CAP_SYS_ADMIN. But it should be possible
317 filesystem, are encoded and stored in the "trusted.overlay.origin" extended
404 attribute "trusted.overlay.origin" on the upper inode.
408 to by the "trusted.overlay.redirect" extended attribute, will verify
427 "trusted.overlay.upper" with an encoded file handle of the upper
444 are stored in extended attribute "trusted.overlay.origin".
|
| /Linux-v5.4/drivers/net/ethernet/intel/i40e/ |
| D | i40e_virtchnl_pf.h | 81 bool trusted; member
|
| /Linux-v5.4/Documentation/crypto/ |
| D | asymmetric-keys.txt | 343 (1) Restrict using the kernel builtin trusted keyring
348 The kernel builtin trusted keyring will be searched for the signing key.
349 If the builtin trusted keyring is not configured, all links will be
353 (2) Restrict using the kernel builtin and secondary trusted keyrings
358 The kernel builtin and secondary trusted keyrings will be searched for the
359 signing key. If the secondary trusted keyring is not configured, this
|
| /Linux-v5.4/drivers/crypto/ccp/ |
| D | Kconfig | 48 enable third-party trusted applications.
|
| /Linux-v5.4/arch/arm/boot/dts/ |
| D | tegra114-tn7.dts | 24 trusted-foundations {
25 compatible = "tlm,trusted-foundations";
|
| /Linux-v5.4/Documentation/ABI/stable/ |
| D | sysfs-bus-usb | 126 be trusted, as the device may have a smaller config descriptor
128 can be trusted, and can be used to seek forward one (sub)
|
