Lines Matching +full:ascii +full:- +full:based
10 system. All user level blobs, are displayed and loaded in hex ASCII for
33 (2) TEE (Trusted Execution Environment: OP-TEE based on Arm TrustZone)
35 Rooted to Hardware Unique Key (HUK) which is generally burnt in on-chip
41 mode, trust is rooted to the OTPMK, a never-disclosed 256-bit key
45 (4) DCP (Data Co-Processor: crypto accelerator of various i.MX SoCs)
47 Rooted to a one-time programmable key (OTP) that is generally burnt
48 in the on-chip fuses and is accessible to the DCP encryption engine only.
89 be extended with TEE based measured boot process.
105 TPMs have well-documented, standardized interfaces and APIs.
109 TEEs have well-documented, standardized client interface and APIs. For
110 more details refer to ``Documentation/driver-api/tee.rst``.
118 Vendor-specific API that is implemented as part of the DCP crypto driver in
119 ``drivers/crypto/mxs-dcp.c``.
124 purpose must be assessed when using them to protect security-relevant data.
131 ------------
139 * TPM: hardware device based RNG
144 * TEE: OP-TEE based on Arm TrustZone based RNG
147 from platform specific hardware RNG or a software based Fortuna CSPRNG
156 * DCP (Data Co-Processor: crypto accelerator of various i.MX SoCs)
164 command-line to override the used RNG with the kernel's random number pool.
167 --------------
170 for encryption/decryption. New keys are created either from kernel-generated
171 random numbers or user-provided decrypted data, and are encrypted/decrypted
172 using a specified ‘master’ key. The ‘master’ key can either be a trusted-key or
173 user-key type. The main disadvantage of encrypted keys is that if they are not
183 -----------------------
187 time with the TrouSerS utility: "tpm_takeownership -u -z".
194 #> tsscreateprimary -hi o -st
196 #> tssevictcontrol -hi o -ho 80000000 -hp 81000001
200 #> tpm2_createprimary --hierarchy o -G rsa2048 -c key.ctxt
202 #> tpm2_evictcontrol -c key.ctxt 0x81000001
213 keyhandle= ascii hex value of sealing key
216 keyauth= ascii hex auth for sealing key default 0x00...i
217 (40 ascii zeros)
218 blobauth= ascii hex auth for sealed data default 0x00...
219 (40 ascii zeros)
220 pcrinfo= ascii hex of PCR_INFO or PCR_INFO_LONG (no default)
226 are sha1, sha256, sha384, sha512 and sm3-256.
234 "keyctl print" returns an ascii hex copy of the sealed key, which is in standard
236 Trusted Keys can be 32 - 128 bytes (256 - 1024 bits), the upper limit is to fit
240 -----------------------
248 "keyctl print" returns an ASCII hex copy of the sealed key, which is in format
250 in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
253 ------------------------
261 "keyctl print" returns an ASCII hex copy of the sealed key, which is in a
262 CAAM-specific format. The key length for new keys is always in bytes.
263 Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
266 -----------------------
274 "keyctl print" returns an ASCII hex copy of the sealed key, which is in format
275 specific to this DCP key-blob implementation. The key length for new keys is
276 always in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
279 --------------------
287 keyctl add encrypted name "new [format] key-type:master-key-name keylen"
289 keyctl add encrypted name "new [format] key-type:master-key-name keylen
290 decrypted-data" ring
292 keyctl update keyid "update key-type:master-key-name"
297 key-type:= 'trusted' | 'user'
300 -------------------------------------------
315 -3 --alswrv 500 500 keyring: _ses
316 97833714 --alswrv 500 -1 \_ keyring: _uid.500
317 440502848 --alswrv 500 500 \_ trusted: kmk
395 Instantiate an encrypted key "evm" using user-provided decrypted data::
397 $ evmkey=$(dd if=/dev/urandom bs=1 count=32 | xxd -c32 -p)
418 ------------------------
475 ---------------
477 .. kernel-doc:: security/keys/trusted-keys/trusted_dcp.c
480 .. kernel-doc:: security/keys/trusted-keys/trusted_dcp.c