Home
last modified time | relevance | path

Searched refs:trusted (Results 1 – 25 of 135) sorted by relevance

123456

/Linux-v6.6/security/keys/trusted-keys/
DMakefile6 obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
7 trusted-y += trusted_core.o
8 trusted-$(CONFIG_TRUSTED_KEYS_TPM) += trusted_tpm1.o
11 trusted-$(CONFIG_TRUSTED_KEYS_TPM) += trusted_tpm2.o
12 trusted-$(CONFIG_TRUSTED_KEYS_TPM) += tpm2key.asn1.o
14 trusted-$(CONFIG_TRUSTED_KEYS_TEE) += trusted_tee.o
16 trusted-$(CONFIG_TRUSTED_KEYS_CAAM) += trusted_caam.o
DKconfig2 bool "TPM-based trusted keys"
13 Enable use of the Trusted Platform Module (TPM) as trusted key
20 bool "TEE-based trusted keys"
24 Enable use of the Trusted Execution Environment (TEE) as trusted
28 bool "CAAM-based trusted keys"
34 (CAAM) as trusted key backend.
/Linux-v6.6/crypto/asymmetric_keys/
Drestrict.c205 struct key *trusted, bool check_dest) in key_or_keyring_common() argument
218 if (!trusted && !check_dest) in key_or_keyring_common()
230 if (trusted) { in key_or_keyring_common()
231 if (trusted->type == &key_type_keyring) { in key_or_keyring_common()
233 key = find_asymmetric_key(trusted, sig->auth_ids[0], in key_or_keyring_common()
238 } else if (trusted->type == &key_type_asymmetric) { in key_or_keyring_common()
242 asymmetric_key_ids(trusted)->id; in key_or_keyring_common()
266 key = __key_get(trusted); in key_or_keyring_common()
273 key = __key_get(trusted); in key_or_keyring_common()
279 key = __key_get(trusted); in key_or_keyring_common()
[all …]
/Linux-v6.6/drivers/md/
Ddm-verity-loadpin.c21 bool trusted = false; in is_trusted_verity_target() local
39 trusted = true; in is_trusted_verity_target()
46 return trusted; in is_trusted_verity_target()
59 bool trusted = false; in dm_verity_loadpin_is_bdev_trusted() local
79 trusted = true; in dm_verity_loadpin_is_bdev_trusted()
85 return trusted; in dm_verity_loadpin_is_bdev_trusted()
/Linux-v6.6/Documentation/security/keys/
Dtrusted-encrypted.rst132 Users may override this by specifying ``trusted.rng=kernel`` on the kernel
141 using a specified ‘master’ key. The ‘master’ key can either be a trusted-key or
143 rooted in a trusted key, they are only as secure as the user key encrypting
154 TPM 1.2: By default, trusted keys are sealed under the SRK, which has the
176 keyctl add trusted name "new keylen [options]" ring
177 keyctl add trusted name "load hex_blob [pcrlock=pcrnum]" ring
213 keyctl add trusted name "new keylen" ring
214 keyctl add trusted name "load hex_blob" ring
226 keyctl add trusted name "new keylen" ring
227 keyctl add trusted name "load hex_blob" ring
[all …]
Dindex.rst11 trusted-encrypted
Decryptfs.rst35 time after the unsealing of a 'trusted' key in order to perform the mount in a
49 key-type:= 'trusted' | 'user'
/Linux-v6.6/security/loadpin/
DKconfig28 digests it considers trusted. A verity backed filesystem is
29 considered trusted if its root digest is found in the list
30 of trusted digests.
32 The list of trusted verity can be populated through an ioctl
/Linux-v6.6/certs/
DKconfig43 bool "Provide system-wide ring of trusted keys"
48 Provide a system keyring to which trusted keys can be added. Keys in
49 the keyring are considered to be trusted. Keys may be added at will
61 containing trusted X.509 certificates to be included in the default
63 also trusted.
74 image. This allows introducing a trusted certificate to the default
91 into the kernel or already in the secondary trusted keyring.
137 they are signed and vouched by a certificate from the builtin trusted
/Linux-v6.6/security/integrity/ima/
DKconfig197 be signed and verified by a public key on the trusted IMA
210 and verified by a public key on the trusted IMA keyring.
222 and verified by a key on the trusted IMA keyring.
255 secondary trusted keyrings. The key must also have the
261 built-in or secondary trusted keyrings.
275 bool "Load X509 certificate onto the '.ima' trusted keyring"
280 loaded on the .ima trusted keyring. These public keys are
281 X509 certificates signed by a trusted key on the
283 loading from the kernel onto the '.ima' trusted keyring.
315 trusted boot based on IMA runtime policies.
/Linux-v6.6/Documentation/admin-guide/hw-vuln/
Dcore-scheduling.rst21 user-designated trusted group can share a core. This increase in core sharing
101 trusted (same cookie) at any point in time. Kernel threads are assumed trusted.
110 the idle task is selected. Idle task is globally trusted.
126 priority task is not trusted with respect to the core wide highest priority
127 task. If a sibling does not have a trusted task to run, it will be forced idle
157 and are considered system-wide trusted. The forced-idling of siblings running
166 Core scheduling tries to guarantee that only trusted tasks run concurrently on a
168 concurrently or kernel could be running concurrently with a task not trusted by
173 Core scheduling selects only trusted tasks to run together. IPI is used to notify
207 allowing system processes (trusted tasks) to share a core.
/Linux-v6.6/include/crypto/
Dpublic_key.h69 struct key *trusted);
74 struct key *trusted);
/Linux-v6.6/security/integrity/evm/
DKconfig59 bool "Load an X509 certificate onto the '.evm' trusted keyring"
63 Load an X509 certificate onto the '.evm' trusted keyring.
66 onto the '.evm' trusted keyring. A public key can be used to
/Linux-v6.6/Documentation/ABI/testing/
Devm13 trusted/encrypted key stored in the Kernel Key
89 as part of the trusted boot. For more information on
90 creating and loading existing trusted/encrypted keys,
92 Documentation/security/keys/trusted-encrypted.rst. Both
Dsysfs-class-bdi71 be trusted to play fair.
84 which cannot be trusted to play fair.
112 trusted to play fair, or a nbd device.
/Linux-v6.6/security/integrity/
DKconfig52 .evm keyrings be signed by a key on the system trusted
56 bool "Provide keyring for platform/firmware trusted keys"
60 Provide a separate, distinct keyring for platform trusted keys, which
77 be trusted within the kernel.
/Linux-v6.6/drivers/net/ethernet/intel/ice/
Dice_sriov.h46 int ice_set_vf_trust(struct net_device *netdev, int vf_id, bool trusted);
96 int __always_unused vf_id, bool __always_unused trusted) in ice_set_vf_trust() argument
Dice_sriov.c1203 ivi->trusted = vf->trusted; in ice_get_vf_cfg()
1288 int ice_set_vf_trust(struct net_device *netdev, int vf_id, bool trusted) in ice_set_vf_trust() argument
1308 if (trusted == vf->trusted) { in ice_set_vf_trust()
1315 vf->trusted = trusted; in ice_set_vf_trust()
1318 vf_id, trusted ? "" : "un"); in ice_set_vf_trust()
/Linux-v6.6/Documentation/admin-guide/device-mapper/
Dverity.rst64 and the salt. This hash should be trusted as there is no other authenticity
138 trusted keyring by default, or the secondary trusted keyring if
140 trusted keyring includes by default the builtin trusted keyring, and it can
142 already in the secondary trusted keyring.
/Linux-v6.6/include/linux/
Dif_link.h30 __u32 trusted; member
/Linux-v6.6/security/keys/
DMakefile31 obj-$(CONFIG_TRUSTED_KEYS) += trusted-keys/
/Linux-v6.6/Documentation/filesystems/
Doverlayfs.rst103 creation of trusted.* and/or user.* extended attributes, and must provide
153 A directory is made opaque by setting the xattr "trusted.overlay.opaque"
202 copied up (but not the contents). Then the "trusted.overlay.redirect"
242 upper directory is stored in a "trusted.overlay.upper" extended attribute
376 "trusted." xattrs will require CAP_SYS_ADMIN. But it should be possible
425 digest of the lower file is added to the "trusted.overlay.metacopy"
443 layer is fully trusted (by using dm-verity or something similar), then
447 such file content, and the entire mount can be trusted to match the
489 filesystem, are encoded and stored in the "trusted.overlay.origin" extended
584 attribute "trusted.overlay.origin" on the upper inode.
[all …]
/Linux-v6.6/drivers/net/netdevsim/
Dnetdev.c161 nsim_dev->vfconfigs[vf].trusted = val; in nsim_set_vf_trust()
184 ivi->trusted = nsim_dev->vfconfigs[vf].trusted; in nsim_get_vf_config()
/Linux-v6.6/drivers/net/ethernet/pensando/ionic/
Dionic.h34 u8 trusted; member
/Linux-v6.6/drivers/net/ethernet/intel/ixgbe/
Dixgbe_sriov.c110 adapter->vfinfo[i].trusted = false; in __ixgbe_enable_sriov()
959 if (adapter->vfinfo[vf].pf_set_mac && !adapter->vfinfo[vf].trusted && in ixgbe_set_vf_mac_addr()
1001 if (adapter->vfinfo[vf].pf_set_mac && !adapter->vfinfo[vf].trusted && in ixgbe_set_vf_macvlan_msg()
1182 !adapter->vfinfo[vf].trusted) { in ixgbe_update_vf_xcast_mode()
1825 if (adapter->vfinfo[vf].trusted == setting) in ixgbe_ndo_set_vf_trust()
1828 adapter->vfinfo[vf].trusted = setting; in ixgbe_ndo_set_vf_trust()
1853 ivi->trusted = adapter->vfinfo[vf].trusted; in ixgbe_ndo_get_vf_config()

123456