Home
last modified time | relevance | path

Searched +full:- +full:- +full:disable +full:- +full:keyring (Results 1 – 25 of 27) sorted by relevance

12

/openbmc/linux/Documentation/driver-api/nvdimm/
H A Dsecurity.rst6 ---------------
10 security DSMs: "get security state", "set passphrase", "disable passphrase",
16 ------------------
28 update <old_keyid> <new_keyid> - enable or update passphrase.
29 disable <keyid> - disable enabled security and remove key.
30 freeze - freeze changing of security states.
31 erase <keyid> - delete existing user encryption key.
32 overwrite <keyid> - wipe the entire nvdimm.
33 master_update <keyid> <new_keyid> - enable or update master passphrase.
34 master_erase <keyid> - delete existing user encryption key.
[all …]
/openbmc/openbmc/meta-openembedded/meta-gnome/recipes-gnome/gnome-keyring/
H A Dgnome-keyring_46.2.bb1 SUMMARY = "Password and keyring managing daemon"
6 LICENSE = "GPL-2.0-or-later & LGPL-2.0-or-later & LGPL-2.1-or-later"
13 glib-2.0-native \
27 file://0001-Set-paths-to-ssh-agent-and-ssh-add-by-configure-opti.patch \
31 PACKAGECONFIG ??= "ssh-agent"
32 …FIG[ssh-agent] = "--enable-ssh-agent --with-ssh-agent-path=${bindir}/ssh-agent --with-ssh-add-path…
35 --disable-doc \
36 …b.utils.contains('DISTRO_FEATURES', 'pam', '--enable-pam --with-pam-dir=${base_libdir}/security', …
40 ${datadir}/dbus-1/services \
41 ${datadir}/p11-kit \
[all …]
/openbmc/openbmc/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/
H A Dcryptsetup_2.7.5.bb1 SUMMARY = "Manage plain dm-crypt and LUKS encrypted volumes"
2 DESCRIPTION = "Cryptsetup is used to conveniently setup dm-crypt managed \
3 device-mapper mappings. These include plain dm-crypt volumes and \
5 and can hence offer more features than plain dm-crypt. On the other \
9 LICENSE = "GPL-2.0-with-OpenSSL-exception"
13 json-c \
16 util-linux-libuuid \
19 DEPENDS:append:libc-musl = " argp-standalone"
20 LDFLAGS:append:libc-musl = " -largp"
30 keyring \
[all …]
/openbmc/linux/security/integrity/ima/
H A DKconfig1 # SPDX-License-Identifier: GPL-2.0-only
70 limited to 255 characters. The 'ima-ng' measurement list
76 bool "ima-ng (default)"
78 bool "ima-sig"
83 default "ima-ng" if IMA_NG_TEMPLATE
84 default "ima-sig" if IMA_SIG_TEMPLATE
154 <http://linux-ima.sourceforge.net>
198 keyring.
210 and verified by a public key on the trusted IMA keyring.
212 Kernel module signatures can only be verified by IMA-appraisal,
[all …]
/openbmc/linux/security/keys/
H A Dkey.c1 // SPDX-License-Identifier: GPL-2.0-or-later
4 * Copyright (C) 2004-2008 Red Hat, Inc. All Rights Reserved.
42 key, key->magic, KEY_DEBUG_MAGIC); in __key_check()
66 if (uid_lt(uid, user->uid)) in key_user_lookup()
67 p = &(*p)->rb_left; in key_user_lookup()
68 else if (uid_gt(uid, user->uid)) in key_user_lookup()
69 p = &(*p)->rb_right; in key_user_lookup()
92 * second pass - so we use the candidate record */ in key_user_lookup()
93 refcount_set(&candidate->usage, 1); in key_user_lookup()
94 atomic_set(&candidate->nkeys, 0); in key_user_lookup()
[all …]
H A DKconfig1 # SPDX-License-Identifier: GPL-2.0-only
17 Furthermore, a special type of key is available that acts as keyring:
19 to five standard keyrings: UID-specific, GID-specific, session,
43 bool "Enable register of persistent per-UID keyrings"
46 This option provides a register of persistent per-UID keyrings,
51 A particular keyring may be accessed by either the user whose keyring
53 LSMs gets to rule on which admin-level processes get to access the
77 generated and sealed by a trust source selected at kernel boot-time.
83 source "security/keys/trusted-keys/Kconfig"
100 key can be either a trusted-key or user-key type. Only encrypted
[all …]
H A Dgc.c1 // SPDX-License-Identifier: GPL-2.0-or-later
4 * Copyright (C) 2009-2011 Red Hat, Inc. All Rights Reserved.
10 #include <keys/keyring-type.h>
40 * Any key whose type gets unregistered will be re-typed to this if it can't be
49 * - time precision isn't particularly important
56 kenter("%lld", gc_at - now); in key_schedule_gc()
64 expires = jiffies + (gc_at - now) * HZ; in key_schedule_gc()
74 key->expiry = expiry; in key_set_expiry()
76 if (!(key->type->flags & KEY_TYPE_INSTANT_REAP)) in key_set_expiry()
114 kenter("%s", ktype->name); in key_gc_keytype()
[all …]
/openbmc/openbmc/poky/meta/recipes-devtools/subversion/
H A Dsubversion_1.14.5.bb5 LICENSE = "Apache-2.0 & MIT"
8 DEPENDS = "apr-util serf sqlite3 file lz4 expat"
9 DEPENDS:append:class-native = " file-replacement-native"
11 SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
23 PACKAGECONFIG[boost] = "--with-boost=${RECIPE_SYSROOT}${exec_prefix},--without-boost,boost"
24 PACKAGECONFIG[sasl] = "--with-sasl,--without-sasl,cyrus-sasl"
25 PACKAGECONFIG[gnome-keyring] = "--with-gnome-keyring,--without-gnome-keyring,glib-2.0 gnome-keyring"
28 --with-apr=${STAGING_BINDIR_CROSS} \
29 --with-apr-util=${STAGING_BINDIR_CROSS} \
30 --without-apxs \
[all …]
/openbmc/linux/Documentation/admin-guide/device-mapper/
H A Ddm-crypt.rst2 dm-crypt
5 Device-Mapper's "crypt" target provides transparent encryption of block devices
21 cipher[:keycount]-chainmode-ivmode[:ivopts]
25 aes-cbc-essiv:sha256
26 aes-xts-plain64
27 serpent-xts-plain64
36 capi:cipher_api_spec-ivmode[:ivopts]
40 capi:cbc(aes)-essiv:sha256
41 capi:xts(aes)-plain64
45 capi:gcm(aes)-random
[all …]
/openbmc/openbmc/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/
H A D0003-Add-config-option-without-valgrind.patch4 Subject: [PATCH] Add config option without-valgrind
6 Upstream-Status: Pending
8 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
11 Signed-off-by: Changqing Li <changqing.li@windriver.com>
14 Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
15 ---
16 lib/replace/wscript | 5 +++--
18 2 files changed, 10 insertions(+), 2 deletions(-)
20 diff --git a/lib/replace/wscript b/lib/replace/wscript
22 --- a/lib/replace/wscript
[all …]
/openbmc/linux/Documentation/ABI/testing/
H A Devm8 HMAC-sha1 value across the extended attributes, storing the
12 an HMAC-sha1 generated locally with a
17 keyring using keyctl, and EVM is then enabled by
26 2 Permit modification of EVM-protected metadata at
29 31 Disable further runtime modification of EVM policy
43 HMAC creation and disable all further modification of policy.
50 modification of EVM-protected metadata and
51 disable all further modification of policy. This option is now
81 Loading an HMAC key is the only way to disable metadata
92 Documentation/security/keys/trusted-encrypted.rst. Both
[all …]
/openbmc/linux/Documentation/admin-guide/
H A Dmodule-signing.rst2 ------------------------------
6 .. - Overview.
7 .. - Configuring module signing.
8 .. - Generating signing keys.
9 .. - Public keys in the kernel.
10 .. - Manually signing modules.
11 .. - Signed modules and stripping.
12 .. - Loading signed modules.
13 .. - Non-valid signatures and unsigned modules.
14 .. - Administering/protecting the private key.
[all …]
H A Dkernel-parameters.txt5 force -- enable ACPI if default was off
6 on -- enable ACPI but allow fallback to DT [arm64,riscv64]
7 off -- disable ACPI if default was on
8 noirq -- do not use ACPI for IRQ routing
9 strict -- Be less tolerant of platforms that are not
11 rsdt -- prefer RSDT over (default) XSDT
12 copy_dsdt -- copy DSDT to memory
26 If set to vendor, prefer vendor-specific driver
31 If set to none, disable the ACPI backlight interface.
40 Disable AML predefined validation mechanism
[all …]
/openbmc/qemu/scripts/
H A Dmeson-buildoptions.sh1 # This file is generated by meson-buildoptions.py, do not edit!
3 printf "%s\n" ' --audio-drv-list=CHOICES Set audio driver list [default] (choices: alsa/co'
6 printf "%s\n" ' --bindir=VALUE Executable directory [bin]'
7 printf "%s\n" ' --block-drv-ro-whitelist=VALUE'
8 printf "%s\n" ' set block driver read-only whitelist (by default'
9 printf "%s\n" ' affects only QEMU, not tools like qemu-img)'
10 printf "%s\n" ' --block-drv-rw-whitelist=VALUE'
11 printf "%s\n" ' set block driver read-write whitelist (by default'
12 printf "%s\n" ' affects only QEMU, not tools like qemu-img)'
13 printf "%s\n" ' --datadir=VALUE Data file directory [share]'
[all …]
/openbmc/linux/Documentation/filesystems/
H A Dfscrypt.rst2 Filesystem-level encryption (fscrypt)
11 Note: "fscrypt" in this document refers to the kernel-level portion,
14 covers the kernel-level portion. For command-line examples of how to
20 <https://source.android.com/security/encryption/file-based>`_, over
25 Unlike dm-crypt, fscrypt operates at the filesystem level rather than
28 filesystem. This is useful for multi-user systems where each user's
29 data-at-rest needs to be cryptographically isolated from the others.
34 directly into supported filesystems --- currently ext4, F2FS, and
44 fscrypt does not support encrypting files in-place. Instead, it
54 ---------------
[all …]
H A Dfsverity.rst1 .. SPDX-License-Identifier: GPL-2.0
6 fs-verity: read-only file-based authenticity protection
12 fs-verity (``fs/verity/``) is a support layer that filesystems can
14 of read-only files. Currently, it is supported by the ext4, f2fs, and
15 btrfs filesystems. Like fscrypt, not too much filesystem-specific
16 code is needed to support fs-verity.
18 fs-verity is similar to `dm-verity
19 <https://www.kernel.org/doc/Documentation/device-mapper/verity.txt>`_
21 filesystems supporting fs-verity, userspace can execute an ioctl that
23 it to a filesystem-specific location associated with the file.
[all …]
/openbmc/qemu/
H A Dmeson_options.txt1 # These options do not correspond to a --enable/--disable-* option
3 # scripts/meson-buildoptions.py's SKIP_OPTIONS constant too.
9 option('qemu_firmwarepath', type : 'array', value : ['share/qemu-firmware'],
12 description: 'use specified string as sub-version of the package')
25 …description: 'set block driver read-write whitelist (by default affects only QEMU, not tools like …
27 …description: 'set block driver read-only whitelist (by default affects only QEMU, not tools like q…
28 option('interp_prefix', type : 'string', value : '/usr/gnemul/qemu-%M',
33 description: 'fuzzing engine library for OSS-Fuzz')
40 # Everything else can be set via --enable/--disable-* option
42 # here make sure to run "make update-buildoptions".
[all …]
H A Dmeson.build10 meson.add_postconf_script(find_program('scripts/symlink-install-tree.py'))
23 config_host = keyval.load(meson.current_build_dir() / 'config-host.mak')
30 tmpdir = meson.current_build_dir() / 'meson-private/temp'
61 have_linux_user = have_linux_user or target.endswith('linux-user')
62 have_bsd_user = have_bsd_user or target.endswith('bsd-user')
63 have_system = have_system or target.endswith('-softmmu')
107 …dgen.version() + ' is unsupported. You can install a new version with "cargo install bindgen-cli"')
114 message('To use Rust you can install a new version with "cargo install bindgen-cli"')
132 # instead. QEMU --enable-modules depends on this because the SystemTap
135 add_global_arguments('-DSTAP_SDT_V2',
[all …]
/openbmc/linux/init/
H A DKconfig1 # SPDX-License-Identifier: GPL-2.0-only
8 - Re-run Kconfig when the compiler is updated
13 - Ensure full rebuild when the compiler is updated
14 include/linux/compiler-version.h contains this option in the comment
16 auto-generated dependency. When the compiler is updated, syncconfig
20 def_bool $(success,test "$(cc-nam
[all...]
/openbmc/qemu/docs/devel/testing/
H A Dmain.rst7 everything from unit testing and exercising specific sub-systems all
9 tests you can run ``make check-help`` from either the source or build
17 [./pyvenv/bin/]meson test --suite qemu:softfloat
25 -------------------------
36 Different sub-types of "make check" tests will be explained below.
45 Unit tests, which can be invoked with ``make check-unit``, are simple C tests
53 1. Create a new source file. For example, ``tests/unit/foo-test.c``.
63 is in ``tests/unit/foo-test.c``, it is enough to add an entry like::
67 'foo-test': [],
80 make check-unit V=1
[all …]
/openbmc/linux/drivers/md/
H A Ddm-crypt.c1 // SPDX-License-Identifier: GPL-2.0-only
5 * Copyright (C) 2006-2020 Red Hat, Inc. All rights reserved.
6 * Copyright (C) 2013-2020 Milan Broz <gmazyland@gmail.com>
19 #include <linux/blk-integrity.h>
25 #include <linux/backing-dev.h>
39 #include <linux/key-type.h>
40 #include <keys/user-type.h>
41 #include <keys/encrypted-type.h>
42 #include <keys/trusted-type.h>
44 #include <linux/device-mapper.h>
[all …]
/openbmc/linux/security/
H A Dsecurity.c1 // SPDX-License-Identifier: GPL-2.0-or-later
6 * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com>
9 * Copyright (C) 2023 Microsoft Corporation <paul@paul-moore.com>
29 #include <linux/backing-dev.h>
35 #define LSM_COUNT (__end_lsm_info - __start_lsm_info)
85 /* Boot-time LSM user choice */
104 if (!lsm->enabled) in is_enabled()
107 return *lsm->enabled; in is_enabled()
117 * a hard-coded location for storing the default enabled state. in set_enabled()
119 if (!lsm->enabled) { in set_enabled()
[all …]
/openbmc/linux/fs/smb/client/
H A Dconnect.c1 // SPDX-License-Identifier: LGPL-2.1
31 #include <keys/user-type.h>
71 * This should be called with server->srv_mutex held.
80 if (!server->hostname) in reconn_set_ipaddr_from_hostname()
81 return -EINVAL; in reconn_set_ipaddr_from_hostname()
84 if (server->hostname[0] == '\0') in reconn_set_ipaddr_from_hostname()
87 len = strlen(server->hostname) + 3; in reconn_set_ipaddr_from_hostname()
92 return -ENOME in reconn_set_ipaddr_from_hostname()
[all...]
/openbmc/
Dopengrok1.0.log1 2025-03-24 03:00:46.525-0500 FINE t1 Executor.registerErrorHandler: Installing default uncaught exception handler
2 2025-03-24 03:00:46.643-0500 INFO t1 Indexer.parseOptions: Indexer options: [-c, /usr/local/bin/ctags, -T, 12, -s, /opengrok/src, -
[all...]
Dopengrok2.0.log1 2025-03-23 03:00:33.620-0500 FINE t1 Executor.registerErrorHandler: Installing default uncaught exception handler
2 2025-03-23 03:00:33.720-0500 INFO t1 Indexer.parseOptions: Indexer options: [-c, /usr/local/bin/ctags, -T, 12, -s, /opengrok/src, -
[all...]

12