| /openbmc/linux/security/keys/encrypted-keys/ |
| H A D | Makefile | 6 obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys.o
8 encrypted-keys-y := encrypted.o ecryptfs_format.o
11 encrypted-keys-y += $(masterkey-y) $(masterkey-m-m)
|
| /openbmc/linux/Documentation/security/keys/ |
| H A D | ecryptfs.rst | 8 Each FEK is in turn encrypted with a File Encryption Key Encryption Key (FEKEK)
12 the FEK is encrypted by 'ecryptfsd' with the help of external libraries in order
22 The 'encrypted' key type has been extended with the introduction of the new
31 encrypted form.
33 The eCryptfs filesystem may really benefit from using encrypted keys in that the
42 keyctl add encrypted name "new ecryptfs key-type:master-key-name keylen" ring
43 keyctl add encrypted name "load hex_blob" ring
53 Example of encrypted key usage with the eCryptfs filesystem:
55 Create an encrypted key "1000100010001000" of length 64 bytes with format
58 $ keyctl add encrypted 1000100010001000 "new ecryptfs user:test 64" @u
[all …]
|
| H A D | trusted-encrypted.rst | 8 stores, and loads only encrypted blobs. Trusted Keys require the availability
140 random numbers or user-provided decrypted data, and are encrypted/decrypted
247 keyctl add encrypted name "load hex_blob" ring
255 Examples of trusted and encrypted key usage
322 encrypted key "evm" using the above trusted key "kmk":
326 $ keyctl add encrypted evm "new trusted:kmk 32" @u
331 $ keyctl add encrypted evm "new default trusted:kmk 32" @u
341 Load an encrypted key "evm" from saved blob::
343 $ keyctl add encrypted evm "load `cat evm.blob`" @u
351 Instantiate an encrypted key "evm" using user-provided decrypted data::
[all …]
|
| /openbmc/linux/Documentation/arch/x86/ |
| H A D | amd-memory-encryption.rst | 10 SME provides the ability to mark individual pages of memory as encrypted using
11 the standard x86 page tables. A page that is marked encrypted will be
12 automatically decrypted when read from DRAM and encrypted when written to
16 SEV enables running encrypted virtual machines (VMs) in which the code and data
19 memory. Private memory is encrypted with the guest-specific key, while shared
23 A page is encrypted when a page table entry has the encryption bit set (see
25 specified in the cr3 register, allowing the PGD table to be encrypted. Each
28 page table hierarchy to be encrypted. Note, this means that just because the
29 encryption bit is set in cr3, doesn't imply the full hierarchy is encrypted.
34 encrypted.
[all …]
|
| /openbmc/u-boot/doc/imx/habv4/guides/ |
| H A D | encrypted_boot.txt | 4 Encrypted Boot. The image is encrypted by i.MX Code Signing
6 u-boot-dtb.imx with the encrypted data. The Initial Vector Table,
9 The image data is encrypted with a Encryption Key (DEK).
22 Note: The encrypted boot feature is only supported by HABv4 or
31 The resulting DEK blob then is used to construct the encrypted
39 cat u-boot-signed-pad.imx DEK_blob.bin > u-boot-encrypted.imx
|
| /openbmc/linux/net/tls/ |
| H A D | trace.h | 47 bool encrypted, bool decrypted),
49 TP_ARGS(sk, tcp_seq, rec_no, rec_len, encrypted, decrypted),
56 __field( bool, encrypted )
65 __entry->encrypted = encrypted;
73 __entry->encrypted, __entry->decrypted
|
| /openbmc/estoraged/ |
| H A D | README.md | 3 This daemon serves as an abstraction for an encrypted storage device,
5 manage the encrypted filesystem on the device. Using the D-Bus interface, other
7 encrypted filesystem, wipe its contents, lock/unlock the device, or change the
|
| /openbmc/linux/net/rxrpc/ |
| H A D | rxkad.c | 753 response->encrypted.checksum = htonl(csum); in rxkad_calc_response_checksum()
775 sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted)); in rxkad_encrypt_response()
835 resp->encrypted.epoch = htonl(conn->proto.epoch); in rxkad_respond_to_challenge()
836 resp->encrypted.cid = htonl(conn->proto.cid); in rxkad_respond_to_challenge()
838 resp->encrypted.inc_nonce = htonl(nonce + 1); in rxkad_respond_to_challenge()
839 resp->encrypted.level = htonl(conn->security_level); in rxkad_respond_to_challenge()
1006 sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted)); in rxkad_decrypt_response()
1118 csum = response->encrypted.checksum; in rxkad_verify_response()
1119 response->encrypted.checksum = 0; in rxkad_verify_response()
1121 if (response->encrypted.checksum != csum) { in rxkad_verify_response()
[all …]
|
| /openbmc/qemu/tests/qemu-iotests/ |
| H A D | 191.out | 145 "encrypted": false,
173 "encrypted": false,
214 "encrypted": false,
242 "encrypted": false,
283 "encrypted": false,
311 "encrypted": false,
340 "encrypted": false,
368 "encrypted": false,
552 "encrypted": false,
580 "encrypted": false,
[all …]
|
| H A D | 273.out | 64 "encrypted": false,
92 "encrypted": false,
132 "encrypted": false,
160 "encrypted": false,
188 "encrypted": false,
|
| /openbmc/linux/Documentation/virt/kvm/s390/ |
| H A D | s390-pv-boot.rst | 12 Memory made accessible to the hypervisor will be encrypted. See
16 information about the encrypted components and necessary metadata to
27 switch into PV mode itself, the user can load encrypted guest
59 The components are for instance an encrypted kernel, kernel parameters
62 After the initial import of the encrypted data, all defined pages will
82 encrypted images.
|
| H A D | s390-pv-dump.rst | 20 provides an interface to KVM over which encrypted CPU and memory data
34 and extracts dump keys with which the VM dump data will be encrypted.
46 write out the encrypted vcpu state, but also the unencrypted state
49 The memory state is further divided into the encrypted memory and its
51 encrypted memory can simply be read once it has been exported. The
|
| /openbmc/linux/Documentation/filesystems/ |
| H A D | fscrypt.rst | 48 encrypted.
118 "locked", i.e. in ciphertext or encrypted form.
126 encrypted directory.
169 policies on all new encrypted directories.
327 encrypted directories use this style of hashing.
710 - ``ENODATA``: the file is not encrypted
900 access encrypted files.
1132 encrypted files can be renamed within an encrypted directory, or
1186 present and are not encrypted or encoded.
1219 not be encrypted.
[all …]
|
| /openbmc/linux/Documentation/driver-api/nvdimm/ |
| H A D | security.rst | 51 A nvdimm encrypted-key of format enc32 has the description format of:
54 See file ``Documentation/security/keys/trusted-encrypted.rst`` for creating
55 encrypted-keys of enc32 format. TPM usage with a master trusted key is
56 preferred for sealing the encrypted-keys.
64 relevant encrypted-keys into the kernel user keyring during the initramfs phase.
115 An encrypted-key with the current user passphrase that is tied to the nvdimm
125 is just another encrypted-key.
136 another encrypted-key.
|
| /openbmc/linux/arch/x86/kernel/ |
| H A D | crash_dump_64.c | 17 bool encrypted) in __copy_oldmem_page() argument
24 if (encrypted) in __copy_oldmem_page()
|
| /openbmc/qemu/docs/system/i386/ |
| H A D | amd-memory-encryption.rst | 6 SEV is an extension to the AMD-V architecture which supports running encrypted
9 unencrypted version. Each encrypted VM is associated with a unique encryption
11 encrypted guests data will be incorrectly decrypted, leading to unintelligible
18 encrypted guest. These SEV commands can be issued via KVM_MEMORY_ENCRYPT_OP
31 Boot images (such as bios) must be encrypted before a guest can be booted. The
82 ``LAUNCH_MEASURE`` can be used to retrieve the measurement of encrypted memory and,
83 for a SEV-ES guest, encrypted VMSAs. This measurement is a signature of the
85 to the guest owner as an attestation that the memory and VMSAs were encrypted
111 guest register state is encrypted and cannot be updated by the VMM/hypervisor,
167 Since the memory contents of a SEV guest are encrypted, hypervisor access to
|
| /openbmc/docs/designs/ |
| H A D | estoraged.md | 12 This daemon will serve as an abstraction for an encrypted storage device,
14 manage the encrypted filesystem on the device. Using the D-Bus interface, other
16 encrypted filesystem, wipe its contents, lock/unlock the device, or change the
54 - Create a new LUKS encrypted filesystem on the device
73 client daemon on the BMC will interact with eStoraged to set up a new encrypted
105 To manage the encrypted filesystem, we will make use of the
131 encrypted filesystem), the D-Bus interface will be asynchronous, with the
140 is often used to unlock an encrypted block device, where it takes the password
147 for each storage device in a system. It is capable of setting up an encrypted
|
| /openbmc/u-boot/board/xilinx/zynq/ |
| H A D | Kconfig | 14 bool "Enable zynq aes command for decryption of encrypted images"
18 Decrypts the encrypted image present in source address
|
| /openbmc/openbmc/meta-openembedded/meta-oe/recipes-extended/polkit/files/ |
| H A D | 50-org.freedesktop.udiskie.rules | 11 "org.freedesktop.udisks2.encrypted-unlock": YES,
17 "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES,
|
| /openbmc/linux/include/linux/ |
| H A D | crash_dump.h | 138 u64 *ppos, bool encrypted);
141 u64 *ppos, bool encrypted) in read_from_oldmem() argument
|
| /openbmc/linux/security/keys/ |
| H A D | Kconfig | 78 Userspace will only ever see encrypted blobs.
99 encrypted/decrypted with a 'master' symmetric key. The 'master'
100 key can be either a trusted-key or user-key type. Only encrypted
106 bool "Allow encrypted keys with user decrypted data"
109 This option provides support for instantiating encrypted keys using
|
| /openbmc/qemu/docs/specs/ |
| H A D | ppc-spapr-uv-hcalls.rst | 32 SVM file systems are encrypted using a symmetric key. This key is then
33 wrapped/encrypted using the public key of a trusted system which has the private
39 host system boot. All sensitive in and out values will be encrypted using the
41 any sensitive contents will generally be encrypted using this session key.
|
| /openbmc/linux/Documentation/admin-guide/device-mapper/ |
| H A D | dm-crypt.rst | 70 Either 'logon', 'user', 'encrypted' or 'trusted' kernel key type.
78 then sectors are encrypted according to their offsets (sector 0 uses key0;
87 encrypted data. You can specify it as a path like /dev/xxx or a device
91 Starting sector within the device where the encrypted data begins.
106 option. For example, allowing discards on encrypted devices may lead to
141 integrity for the encrypted device. The additional space is then
|
| /openbmc/qemu/docs/system/s390x/ |
| H A D | protvirt.rst | 5 (PVMs) are encrypted or inaccessible to the hypervisor, effectively
7 encrypted and can only be decrypted by the firmware, represented by an
62 from the disk boot. This memory layout includes the encrypted
|
| /openbmc/linux/Documentation/power/ |
| H A D | swsusp-dmcrypt.rst | 16 Now your system is properly set up, your disk is encrypted except for
26 up dm-crypt and then asks swsusp to resume from the encrypted
56 card contains at least the encrypted swap setup in a file
67 initrd that allows you to resume from encrypted swap and that
133 Otherwise we just remove the encrypted swap device and leave it to the
|