Home
last modified time | relevance | path

Searched full:trusted (Results 1 – 25 of 780) sorted by relevance

12345678910>>...32

/openbmc/linux/Documentation/security/keys/
H A Dtrusted-encrypted.rst2 Trusted and Encrypted Keys
5 Trusted and Encrypted Keys are two new key types added to the existing kernel
8 stores, and loads only encrypted blobs. Trusted Keys require the availability
17 A trust source provides the source of security for Trusted Keys. This
23 consumer of the Trusted Keys to determine if the trust source is sufficiently
28 (1) TPM (Trusted Platform Module: hardware device)
33 (2) TEE (Trusted Execution Environment: OP-TEE based on Arm TrustZone)
54 environment verified via Secure/Trusted boot process.
66 verifications match. A loaded Trusted Key can be updated with new
74 Relies on Secure/Trusted boot process for platform integrity. It can
[all …]
/openbmc/bmcweb/redfish-core/schema/dmtf/json-schema/
H A DTrustedComponent.v1_3_1.json58 …software inventory resource that represents the active firmware image for this trusted component.",
59 …of type `SoftwareInventory` that represents the active firmware image for this trusted component.",
63 …ption": "An array of links to ComponentIntegrity resources for which the trusted component is resp…
67trusted component by other resources. The `TargetComponentURI` property in the referenced `Compo…
79 … an array of links to resources whose integrity is measured or reported by the trusted component.",
88 … "description": "A link to a resource to which this trusted component is integrated.",
89 …iption": "This property shall contain a link to a resource to which this trusted component is phys…
106 "description": "A link to the resource that owns this trusted component.",
107 …ion": "This property shall contain a link to the resource that owns this trusted component. In th…
112 "description": "The images that are associated with this trusted component.",
[all …]
/openbmc/openbmc/meta-arm/documentation/
H A Dtrusted-services.md1 # The Trusted Services: framework for developing root-of-trust services
3 meta-arm layer includes recipes for [Trusted Services][^1] Secure Partitions and Normal World appli…
4 in `meta-arm/recipes-security/trusted-services`
8 We define dedicated recipes for all supported Trusted Services (TS) Secure Partitions.
42 3. trusted-firmware-a might require platform specific TF-A build parameters (SPD and SPMC details o…
43 …See `meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend` for qemuarm64-securebo…
44 …and in `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc` for theCo…
46 4. Trusted Services supports an SPMC agonistic binary format. To build SPs to this format the `TS_E…
53 [Trusted Services test and demo tools][^3] and [xtest][^4] configured to include the `ffa_spmc` tes…
55 ## OEQA Trusted Services tests
[all …]
H A Dquick-start.md44 If, as an example, we’re wanting to develop trusted-firmware-a; then fvp-base will work for us. 
55 …ware being used on the machine above (in the above example, this will be trusted-firmware-a for fv…
58 $ devtool modify trusted-firmware-a
61 …d print a path at the end where the source code was checked out.  In the trusted-firmware-a exampl…
63 > /builder/meta-arm/build/workspace/sources/trusted-firmware-a
70 $ devtool build trusted-firmware-a
88 $ mv 0001-example.patch ~/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/files/
90 $ devtool reset trusted-firmware-a
91 …:append = " file://0001-example.patch" >> meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware…
/openbmc/linux/security/keys/trusted-keys/
H A DKconfig2 bool "TPM-based trusted keys"
13 Enable use of the Trusted Platform Module (TPM) as trusted key
14 backend. Trusted keys are random number symmetric keys,
20 bool "TEE-based trusted keys"
24 Enable use of the Trusted Execution Environment (TEE) as trusted
28 bool "CAAM-based trusted keys"
34 (CAAM) as trusted key backend.
H A DMakefile3 # Makefile for trusted keys
6 obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
7 trusted-y += trusted_core.o
8 trusted-$(CONFIG_TRUSTED_KEYS_TPM) += trusted_tpm1.o
11 trusted-$(CONFIG_TRUSTED_KEYS_TPM) += trusted_tpm2.o
12 trusted-$(CONFIG_TRUSTED_KEYS_TPM) += tpm2key.asn1.o
14 trusted-$(CONFIG_TRUSTED_KEYS_TEE) += trusted_tee.o
16 trusted-$(CONFIG_TRUSTED_KEYS_CAAM) += trusted_caam.o
/openbmc/bmcweb/redfish-core/schema/dmtf/csdl/
H A DTrustedComponent_v1.xml45 …"OData.Description" String="The `TrustedComponent` resource represents a trusted device, such as a…
46 …<Annotation Term="OData.LongDescription" String="This resource shall represent a trusted component…
96 <Annotation Term="OData.Description" String="The UUID for this trusted component."/>
97 …g="This property shall contain a universally unique identifier number for the trusted component."/>
105 …m="OData.Description" String="The type of trusted component, such as any physical distinction abou…
106 … Term="OData.LongDescription" String="This property shall contain the type of trusted component."/>
111 …tion" String="The link to a collection of device identity certificates of the trusted component."/>
112 …ype `CertificateCollection` that contains device identity certificates of the trusted component."/>
121 … <Annotation Term="OData.Description" String="The manufacturer of this trusted component."/>
122 …ization responsible for producing the trusted component. This organization may be the entity from…
[all …]
/openbmc/linux/Documentation/devicetree/bindings/arm/firmware/
H A Dtlm,trusted-foundations.yaml4 $id: http://devicetree.org/schemas/arm/firmware/tlm,trusted-foundations.yaml#
7 title: Trusted Foundations
10 Boards that use the Trusted Foundations secure monitor can signal its
18 const: trusted-foundations
21 const: tlm,trusted-foundations
25 description: major version number of Trusted Foundations firmware
29 description: minor version number of Trusted Foundations firmware
41 trusted-foundations {
42 compatible = "tlm,trusted-foundations";
/openbmc/phosphor-dbus-interfaces/yaml/xyz/openbmc_project/Inventory/Item/
H A DTrustedComponent.interface.yaml2 Interface to query trusted component info.
11 The type of trusted component, such as any physical distinction about
12 the trusted component.
19 object that the trusted component is reported by.
36 The type of trusted component, such as any physical distinction about
37 the trusted component.
41 A discrete trusted component. It is "discrete" when basic
46 An integrated trusted component.
/openbmc/phosphor-fan-presence/monitor/
H A Dtrust_manager.hpp21 * reading can be trusted or not, based on the trust groups the sensor
64 * Checks if a sensor value can be trusted
66 * Checks if the sensor is trusted in each group
67 * it belongs to. Only considered trusted if it is
68 * trusted in all groups it belongs to.
78 * make one group change to trusted and another to untrusted.
82 * @return bool - if sensor is trusted in all groups or not
86 auto trusted = true; in checkTrust() local
97 trusted = false; in checkTrust()
114 return trusted; in checkTrust()
H A Dtrust_group.hpp29 * be trusted or not, where if it isn't trusted then it shouldn't
35 * then no sensor in the group is trusted. All sensors in the group
100 * Called when the group just changed to not trusted,
114 * Called when the group just changed to trusted.
130 * it will be considered trusted.
153 * Says if all sensors in the group are currently trusted,
156 * @return bool - if the group's sensors are trusted or not
184 * Checks if the group's sensors are trusted.
189 * @return bool - if group is trusted or not
/openbmc/linux/crypto/asymmetric_keys/
H A Drestrict.c62 * new certificate as being trusted.
65 * matching parent certificate in the trusted list, -EKEYREJECTED if the
205 struct key *trusted, bool check_dest) in key_or_keyring_common() argument
218 if (!trusted && !check_dest) in key_or_keyring_common()
230 if (trusted) { in key_or_keyring_common()
231 if (trusted->type == &key_type_keyring) { in key_or_keyring_common()
233 key = find_asymmetric_key(trusted, sig->auth_ids[0], in key_or_keyring_common()
238 } else if (trusted->type == &key_type_asymmetric) { in key_or_keyring_common()
242 asymmetric_key_ids(trusted)->id; in key_or_keyring_common()
266 key = __key_get(trusted); in key_or_keyring_common()
[all …]
/openbmc/u-boot/include/
H A Dtee.h55 * struct tee_optee_ta_uuid - OP-TEE Trusted Application (TA) UUID format
86 * struct tee_param_memref - memory reference for a Trusted Application
100 * struct tee_param_value - value parameter for a Trusted Application
112 * struct tee_param - invoke parameter for a Trusted Application
132 * @uuid: [in] UUID of the Trusted Application
150 * @func: [in] Trusted Application function, specific to the TA
173 * @open_session: Opens a session to a Trusted Application in the TEE,
174 * @close_session: Closes a session to Trusted Application,
175 * @invoke_func: Invokes a function in a Trusted Application,
187 * open_session() - Open a session to a Trusted Application
[all …]
/openbmc/linux/drivers/md/
H A Ddm-verity-loadpin.c21 bool trusted = false; in is_trusted_verity_target() local
39 trusted = true; in is_trusted_verity_target()
46 return trusted; in is_trusted_verity_target()
51 * a verity device that is trusted by LoadPin.
59 bool trusted = false; in dm_verity_loadpin_is_bdev_trusted() local
79 trusted = true; in dm_verity_loadpin_is_bdev_trusted()
85 return trusted; in dm_verity_loadpin_is_bdev_trusted()
/openbmc/u-boot/doc/
H A DREADME.armada-secureboot1 The trusted boot framework on Marvell Armada 38x
6 1. Overview of the trusted boot
15 1. Overview of the trusted boot
18 The Armada's trusted boot framework enables the SoC to cryptographically verify
48 image, which employs this trusted boot framework, the following tasks need to
61 The documentation of the trusted boot mode is contained in part 1, chapter
88 trusted boot (also known as "security header")
92 Trusted debug mode - A special mode for the trusted boot that allows
93 debugging of devices employing the trusted boot
96 Trusted boot framework - The ARMADA SoC's implementation of a secure verified
[all …]
/openbmc/linux/Documentation/staging/
H A Dtee.rst7 A TEE (Trusted Execution Environment) is a trusted OS running in some
37 - TEE_IOC_OPEN_SESSION opens a new session to a Trusted Application.
39 - TEE_IOC_INVOKE invokes a function in a Trusted Application.
43 - TEE_IOC_CLOSE_SESSION closes a session to a Trusted Application.
59 Kernel provides a TEE bus infrastructure where a Trusted Application is
79 Then TEE client driver can talk to a matched Trusted Application using APIs
85 Suppose a TEE client driver needs to communicate with a Trusted Application
155 | Client | | Trusted |
166 | API | \/ | subsys | driver | | Trusted OS |
182 OP-TEE provides a pseudo Trusted Application: drivers/tee/optee/device.c in
[all …]
/openbmc/linux/security/keys/encrypted-keys/
H A Dmasterkey_trusted.c11 * See Documentation/security/keys/trusted-encrypted.rst
16 #include <keys/trusted-type.h>
21 * request_trusted_key - request the trusted key
23 * Trusted keys are sealed to PCRs and other metadata. Although userspace
24 * manages both trusted/encrypted key-types, like the encrypted key type
25 * data, trusted key type data is not visible decrypted from userspace.
/openbmc/qemu/tests/functional/
H A Dtest_aarch64_sbsaref.py28 - Trusted Firmware v2.11.0
83 # https://github.com/ARM-software/arm-trusted-firmware/blob/v2.8.0/\
84 # docs/design/trusted-board-boot.rst#trusted-board-boot-sequence
88 # AP Trusted ROM
89 wait_for_console_pattern(self, "Booting Trusted Firmware")
93 # Trusted Boot Firmware
100 # Non-trusted Firmware
/openbmc/openbmc/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/
H A Dtrusted-firmware-a_%.bbappend6 MACHINE_TFA_REQUIRE:corstone1000 = "trusted-firmware-a-corstone1000.inc"
7 MACHINE_TFA_REQUIRE:fvp-base = "trusted-firmware-a-fvp-base.inc"
8 MACHINE_TFA_REQUIRE:juno = "trusted-firmware-a-juno.inc"
9 MACHINE_TFA_REQUIRE:sbsa-ref = "trusted-firmware-a-sbsa-ref.inc"
10 MACHINE_TFA_REQUIRE:sgi575 = "trusted-firmware-a-sgi575.inc"
/openbmc/linux/certs/
H A Dsystem_keyring.c2 /* System trusted keyring for trusted public keys
93 /* If we have a secondary trusted keyring, then that contains a link in restrict_link_by_builtin_and_secondary_trusted()
122 /* If we have a secondary trusted keyring, then that contains a link in restrict_link_by_digsig_builtin_and_secondary()
146 panic("Can't allocate secondary trusted keyring restriction\n"); in get_builtin_and_secondary_restriction()
192 panic("Can't link (machine) trusted keyrings\n"); in set_machine_trusted_keys()
224 * Create the trusted keyrings
228 pr_notice("Initialise system trusted keyrings\n"); in system_trusted_keyring_init()
238 panic("Can't allocate builtin trusted keyring\n"); in system_trusted_keyring_init()
251 panic("Can't allocate secondary trusted keyring\n"); in system_trusted_keyring_init()
254 panic("Can't link trusted keyrings\n"); in system_trusted_keyring_init()
[all …]
H A DKconfig43 bool "Provide system-wide ring of trusted keys"
48 Provide a system keyring to which trusted keys can be added. Keys in
49 the keyring are considered to be trusted. Keys may be added at will
61 containing trusted X.509 certificates to be included in the default
63 also trusted.
74 image. This allows introducing a trusted certificate to the default
91 into the kernel or already in the secondary trusted keyring.
137 they are signed and vouched by a certificate from the builtin trusted
/openbmc/linux/drivers/tee/optee/
H A Doptee_msg.h42 * to the Trusted Application.
193 * @func: Trusted Application function, specific to the Trusted Application,
203 * All normal calls to Trusted OS uses this struct. If cmd requires further
273 * Get UUID of Trusted OS.
275 * Used by non-secure world to figure out which Trusted OS is installed.
276 * Note that returned UUID is the UUID of the Trusted OS, not of the API.
288 * Get revision of Trusted OS.
290 * Used by non-secure world to figure out which version of the Trusted OS
292 * Trusted OS, not of the API.
303 * OPTEE_MSG_CMD_OPEN_SESSION opens a session to a Trusted Application.
[all …]
/openbmc/u-boot/drivers/tee/optee/
H A Doptee_msg.h44 * to the Trusted Application.
171 * @func: Trusted Application function, specific to the Trusted Application,
181 * All normal calls to Trusted OS uses this struct. If cmd requires further
186 * Temp memref parameters can be fragmented if supported by the Trusted OS
191 * it will still be presented as a single logical memref to the Trusted
247 * Get UUID of Trusted OS.
249 * Used by non-secure world to figure out which Trusted OS is installed.
250 * Note that returned UUID is the UUID of the Trusted OS, not of the API.
262 * Get revision of Trusted OS.
264 * Used by non-secure world to figure out which version of the Trusted OS
[all …]
/openbmc/linux/security/integrity/ima/
H A DKconfig17 The Trusted Computing Group(TCG) runtime Integrity
197 be signed and verified by a public key on the trusted IMA
210 and verified by a public key on the trusted IMA keyring.
222 and verified by a key on the trusted IMA keyring.
255 secondary trusted keyrings. The key must also have the
261 built-in or secondary trusted keyrings.
275 bool "Load X509 certificate onto the '.ima' trusted keyring"
280 loaded on the .ima trusted keyring. These public keys are
281 X509 certificates signed by a trusted key on the
283 loading from the kernel onto the '.ima' trusted keyring.
[all …]
/openbmc/openbmc/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/
H A Dtrusted-firmware-m_2.1.0.bb1 require recipes-bsp/trusted-firmware-m/trusted-firmware-m-${PV}-src.inc
2 require recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc

12345678910>>...32