security.rst - OpenGrok cross reference for /linux/Documentation/driver-api/nvdimm/security.rst

Lines Matching +full:master +full:- +full:kernel
6 ---------------
16 ------------------
28 update <old_keyid> <new_keyid> - enable or update passphrase.
29 disable <keyid> - disable enabled security and remove key.
30 freeze - freeze changing of security states.
31 erase <keyid> - delete existing user encryption key.
32 overwrite <keyid> - wipe the entire nvdimm.
33 master_update <keyid> <new_keyid> - enable or update master passphrase.
34 master_erase <keyid> - delete existing user encryption key.
37 -----------------
41 8089-a2-1740-00000133
43 the kernel.
48 kernel API call during nvdimm unlock. It is up to the user to make sure that
49 all the keys are in the kernel user keyring for unlock.
51 A nvdimm encrypted-key of format enc32 has the description format of:
52 nvdimm:<bus-provider-specific-unique-id>
54 See file ``Documentation/security/keys/trusted-encrypted.rst`` for creating
55 encrypted-keys of enc32 format. TPM usage with a master trusted key is
56 preferred for sealing the encrypted-keys.
59 ------------
60 When the DIMMs are being enumerated by the kernel, the kernel will attempt to
61 retrieve the key from the kernel user keyring. This is the only time
64 relevant encrypted-keys into the kernel user keyring during the initramfs phase.
70 ---------
72 the kernel user keyring and reinjected as different (old) key. It's irrelevant
84 ---------
89 ----------
94 in the kernel user keyring.
97 ---------------
102 in the kernel user keyring.
105 ------------
115 An encrypted-key with the current user passphrase that is tied to the nvdimm
118 10. Master Update
119 -----------------
120 The command format for doing a master update is:
123 The operating mechanism for master update is identical to update except the
124 master passphrase key is passed to the kernel. The master passphrase key
125 is just another encrypted-key.
129 11. Master Erase
130 ----------------
131 The command format for doing a master erase is:
134 This command has the same operating mechanism as erase except the master
135 passphrase key is passed to the kernel. The master passphrase key is just
136 another encrypted-key.
138 This command is only available when the master security is enabled, indicated
141 [1]: https://pmem.io/documents/NVDIMM_DSM_Interface-V1.8.pdf
143 [2]: http://www.t13.org/documents/UploadedDocuments/docs2006/e05179r4-ACS-SecurityClarifications.pdf