| /openbmc/qemu/tests/qemu-iotests/ |
| H A D | 295 | 58 self.secrets = [ Secret(i) for i in range(0, 6) ]
59 for secret in self.secrets:
200 self.createImg(test_img, self.secrets[0]);
201 self.openImageQmp("testdev", test_img, self.secrets[0])
204 self.addKeyQmp("testdev", new_secret = self.secrets[1])
207 self.addKeyQmp("testdev", new_secret = self.secrets[2], slot=5)
210 self.eraseKeyQmp("testdev", old_secret = self.secrets[0])
214 self.openImageQmp("testdev", test_img, self.secrets[1])
225 self.createImg(test_img, self.secrets[0]);
226 self.openImageQmp("testdev", test_img, self.secrets[0])
[all …]
|
| H A D | 296 | 62 self.secrets = [ Secret(i) for i in range(0, 4) ]
63 for secret in self.secrets:
182 self.createImg(test_img, self.secrets[0]);
185 self.openImageQmp(self.vm1, "testdev", test_img, self.secrets[0])
186 self.addKeyQmp(self.vm1, "testdev", new_secret = self.secrets[1])
190 self.openImageQmp(self.vm2, "testdev", test_img, self.secrets[0])
194 self.addKeyQmp(self.vm1, "testdev", new_secret = self.secrets[2])
195 self.addKeyQmp(self.vm2, "testdev", new_secret = self.secrets[2])
203 self.addKeyQmp(self.vm2, "testdev", new_secret = self.secrets[2])
207 self.addKey(test_img, self.secrets[0], self.secrets[2])
[all …]
|
| H A D | 293.out | 15 == all secrets should work ==
40 == all secrets should work again ==
88 == erase non existing secrets (should fail) ==
94 == we have no secrets now, data is lost forever ==
|
| /openbmc/linux/Documentation/ABI/testing/ |
| H A D | securityfs-secrets-coco | 1 What: security/secrets/coco
5 Exposes confidential computing (coco) EFI secrets to
10 the Guest Owner during VM's launch. The secrets are encrypted
14 The efi_secret module exposes the secrets to userspace. Each
15 secret appears as a file under <securityfs>/secrets/coco,
16 where the filename is the GUID of the entry in the secrets
26 For example, listing the available secrets::
29 # ls -l /sys/kernel/security/secrets/coco
37 # cat /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910
42 # rm /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910
[all …]
|
| /openbmc/linux/Documentation/security/secrets/ |
| H A D | coco.rst | 4 Confidential Computing secrets
16 Virtualization) allows guest owners to inject secrets into the VMs
22 secrets via securityfs.
48 secrets to userspace applications via securityfs. The details of the
49 efi_secret filesystem interface are in [secrets-coco-abi]_.
68 to which an EFI secret area with 4 secrets was injected during launch::
70 # ls -la /sys/kernel/security/secrets/coco
79 # hd /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910
81 00000010 74 61 2d 73 65 63 72 65 74 73 00 01 02 03 04 05 |ta-secrets......|
85 # rm /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910
[all …]
|
| /openbmc/qemu/docs/system/ |
| H A D | secrets.rst | 21 INSECURE: Passing secrets as clear text inline
28 logged and attached to bug reports. This all risks compromising secrets that
50 Passing secrets as clear text via a file
83 Passing secrets as cipher text inline
86 To address the insecurity of passing secrets inline as clear text, it is
113 A single master key can be used to encrypt all subsequent secrets, **but it is
116 Passing secrets via the Linux keyring
120 host, it is further possible to pass secrets to QEMU using the Linux keyring:
147 then pass all subsequent inline secrets encrypted with the master key.
156 The secrets for individual QEMU device backends must all then be encrypted
[all …]
|
| H A D | index.rst | 29 secrets
|
| /openbmc/linux/drivers/s390/char/ |
| H A D | uvdevice.c | 322 void *secrets = NULL; in uvio_list_secrets() local
328 secrets = kvzalloc(UVIO_LIST_SECRETS_LEN, GFP_KERNEL); in uvio_list_secrets()
329 if (!secrets) in uvio_list_secrets()
332 uvcb.addr = (u64)secrets; in uvio_list_secrets()
337 if (copy_to_user(user_buf_arg, secrets, UVIO_LIST_SECRETS_LEN)) in uvio_list_secrets()
340 kvfree(secrets); in uvio_list_secrets()
|
| /openbmc/linux/drivers/virt/coco/efi_secret/ |
| H A D | Kconfig | 11 guests). The driver exposes the secrets as files in
12 <securityfs>/secrets/coco. Files can be read and deleted (deleting
|
| /openbmc/openbmc/poky/meta/recipes-gnome/libsecret/ |
| H A D | libsecret_0.21.4.bb | 1 SUMMARY = "libsecret is a library for storing and retrieving passwords and other secrets"
4 tokens and other types of secrets. libsecret provides a convenient wrapper \
|
| /openbmc/openbmc/poky/meta/recipes-connectivity/ppp/ppp/ |
| H A D | provider | 8 # There should be a matching entry with the password in /etc/ppp/pap-secrets
9 # and/or /etc/ppp/chap-secrets.
|
| /openbmc/linux/drivers/firmware/efi/ |
| H A D | Kconfig | 183 still contains secrets in RAM, booting another OS and extracting the
184 secrets. This should only be enabled when userland is configured to
185 clear the MemoryOverwriteRequest flag on clean shutdown after secrets
261 Guest Owner to securely inject secrets during guest VM launch.
262 The secrets are placed in a designated EFI reserved memory area.
264 In order to use the secrets in the kernel, the location of the secret
269 virt/coco/efi_secret module to access the secrets, which in turn
270 allows userspace programs to access the injected secrets.
|
| /openbmc/linux/Documentation/security/ |
| H A D | index.rst | 20 secrets/index
|
| /openbmc/openbmc-test-automation/lib/ |
| H A D | redfish_request.py | 4 import secrets
26 secrets.choice(string.ascii_letters + string.digits)
|
| /openbmc/openbmc/poky/meta/files/common-licenses/ |
| H A D | xlock | 12 trade secrets or any patents by this file or any part thereof. In no event
|
| H A D | AMPAS | 9 … be deemed to grant any rights to trademarks, copyrights, patents, trade secrets or any other inte…
|
| H A D | DOC | 7 … have no liability with respect to the infringement of copyrights, trade secrets or any patents by…
|
| /openbmc/openbmc/poky/meta/recipes-connectivity/ppp/ |
| H A D | ppp_2.5.2.bb | 59 CONFFILES:${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/o…
|
| /openbmc/openbmc/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump/ |
| H A D | add-ptest.patch | 37 + rm $(DESTDIR)/tests/setkey2esp-secrets.pl
|
| /openbmc/linux/Documentation/security/tpm/ |
| H A D | xen-tpmfront.rst | 18 of the vTPM's secrets (Keys, NVRAM, etc) are managed by a vTPM Manager domain,
19 which seals the secrets to the Physical TPM. If the process of creating each of
|
| /openbmc/openbmc/poky/meta/recipes-extended/xdg-utils/xdg-utils/ |
| H A D | 1f199813e0eb0246f63b54e9e154970e609575af.patch | 9 This allows attacker to extract secrets from users:
|
| /openbmc/linux/Documentation/admin-guide/hw-vuln/ |
| H A D | reg-file-data-sampling.rst | 45 attacker can extract the secrets. This is achieved by using the otherwise
|
| H A D | processor_mmio_stale_data.rst | 154 an attacker can extract the secrets.
190 MDS/TAA, guest without MMIO access cannot extract secrets using Processor MMIO
|
| /openbmc/qemu/docs/tools/ |
| H A D | qemu-storage-daemon.rst | 27 * Crypto and secrets
150 authz-* secrets (see below).
|
| /openbmc/linux/security/keys/ |
| H A D | Kconfig | 123 public keys and shared secrets using values stored as keys
|