trusted-encrypted.rst - OpenGrok cross reference for /linux-6.14.4/Documentation/security/keys/trusted-encrypted.rst

Lines Matching full:keys
2 Trusted and Encrypted Keys
5 Trusted and Encrypted Keys are two new key types added to the existing kernel
6 key ring service.  Both of these new types are variable length symmetric keys,
7 and in both cases all keys are created in the kernel, and user space sees,
8 stores, and loads only encrypted blobs.  Trusted Keys require the availability
9 of a Trust Source for greater security, while Encrypted Keys can be used on any
17 A trust source provides the source of security for Trusted Keys.  This
23 consumer of the Trusted Keys to determine if the trust source is sufficiently
49          DCP provides two keys that can be used as root of trust: the OTP key
78          Keys can be optionally sealed to specified PCR (integrity measurement)
81          (future) PCR values, so keys are easily migrated to new PCR values,
130 Trusted Keys
133 New keys are created from random numbers. They are encrypted/decrypted using
141      Keys are generated within the TPM. Strength of random numbers may vary
166 Encrypted Keys
169 Encrypted keys do not depend on a trust source, and are faster, as they use AES
170 for encryption/decryption. New keys are created either from kernel-generated
173 user-key type. The main disadvantage of encrypted keys is that if they are not
182 Trusted Keys usage: TPM
185 TPM 1.2: By default, trusted keys are sealed under the SRK, which has the
235 TPM_STORED_DATA format.  The key length for new keys are always in bytes.
236 Trusted Keys can be 32 - 128 bytes (256 - 1024 bits), the upper limit is to fit
239 Trusted Keys usage: TEE
249 specific to TEE device implementation.  The key length for new keys is always
250 in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
252 Trusted Keys usage: CAAM
262 CAAM-specific format.  The key length for new keys is always in bytes.
263 Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
265 Trusted Keys usage: DCP
275 specific to this DCP key-blob implementation.  The key length for new keys is
276 always in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
278 Encrypted Keys usage
281 The decrypted portion of encrypted keys can contain either a simple symmetric
361 The initial consumer of trusted keys is EVM, which at boot time needs a high
406 Other uses for trusted and encrypted keys, such as for disk and file encryption
408 in order to use encrypted keys to mount an eCryptfs filesystem.  More details
410 ``Documentation/security/keys/ecryptfs.rst``.
412 Another new format 'enc32' has been defined in order to support encrypted keys
422 format) and to be extensible for additions like importable keys and
477 .. kernel-doc:: security/keys/trusted-keys/trusted_dcp.c
480 .. kernel-doc:: security/keys/trusted-keys/trusted_dcp.c