| /linux/security/keys/trusted-keys/ |
| H A D | Makefile | 3 # Makefile for trusted keys
6 obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
7 trusted-y += trusted_core.o
8 trusted-$(CONFIG_TRUSTED_KEYS_TPM) += trusted_tpm1.o
11 trusted-$(CONFIG_TRUSTED_KEYS_TPM) += trusted_tpm2.o
12 trusted-$(CONFIG_TRUSTED_KEYS_TPM) += tpm2key.asn1.o
14 trusted-$(CONFIG_TRUSTED_KEYS_TEE) += trusted_tee.o
16 trusted-$(CONFIG_TRUSTED_KEYS_CAAM) += trusted_caam.o
18 trusted-$(CONFIG_TRUSTED_KEYS_DCP) += trusted_dcp.o
20 trusted
[all...] |
| H A D | trusted_core.c | 6 * See Documentation/security/keys/trusted-encrypted.rst
10 #include <keys/trusted-type.h>
32 MODULE_PARM_DESC(rng, "Select trusted key RNG");
36 MODULE_PARM_DESC(source, "Select trusted keys source (tpm, tee, caam, dcp or pkwm)");
147 * trusted_instantiate - create a new trusted key
149 * Unseal an existing trusted blob or, for a new key, get a
150 * random key, then seal and create a trusted key-type key,
293 * On success, return to userspace the trusted key datablob size.
323 .name = "trusted",
349 * We always support trusted.rng="kernel" and "default" as in init_trusted()
[all …]
|
| /linux/Documentation/tee/ |
| H A D | ts-tee.rst | 4 TS-TEE (Trusted Services project)
7 This driver provides access to secure services implemented by Trusted Services.
9 Trusted Services [1] is a TrustedFirmware.org project that provides a framework
15 provides the low level communication for this driver. On top of that the Trusted
17 implementation is provided at [6], which is part of the Trusted Services client
20 All Trusted Services (TS) SPs have the same FF-A UUID; it identifies the TS RPC
26 The generic TEE design is to share memory at once with the Trusted OS, which can
27 then be reused to communicate with multiple applications running on the Trusted
36 Overview of a system with Trusted Services components::
41 | Client | | Trusted |
[all …]
|
| H A D | amd-tee.rst | 4 AMD-TEE (AMD's Trusted Execution Environment)
12 software-based Trusted Execution Environment (TEE) designed to enable
13 third-party Trusted Applications. This feature is currently enabled only for
25 | Client | | | Trusted |
37 | Client | | subsystem | driver | | Trusted |
53 The TEE commands supported by AMD-TEE Trusted OS are:
55 * TEE_CMD_ID_LOAD_TA - loads a Trusted Application (TA) binary into
64 AMD-TEE Trusted OS is the firmware running on AMD Secure Processor.
|
| H A D | op-tee.rst | 4 OP-TEE (Open Portable Trusted Execution Environment)
39 | Client | | Trusted |
50 | API | \/ | subsys | driver | | Trusted OS |
66 OP-TEE provides a pseudo Trusted Application: drivers/tee/optee/device.c in
68 application to retrieve a list of Trusted Applications which can be registered
107 corresponding option in Trusted Firmware for Arm. The Trusted Firmware for Arm
|
| /linux/Documentation/devicetree/bindings/arm/firmware/ |
| H A D | tlm,trusted-foundations.yaml | 4 $id: http://devicetree.org/schemas/arm/firmware/tlm,trusted-foundations.yaml#
7 title: Trusted Foundations
10 Boards that use the Trusted Foundations secure monitor can signal its
18 const: trusted-foundations
21 const: tlm,trusted-foundations
25 description: major version number of Trusted Foundations firmware
29 description: minor version number of Trusted Foundations firmware
41 trusted-foundations {
42 compatible = "tlm,trusted-foundations";
|
| /linux/crypto/asymmetric_keys/ |
| H A D | restrict.c | 65 * new certificate as being trusted.
68 * matching parent certificate in the trusted list, -EKEYREJECTED if the
212 struct key *trusted, bool check_dest) in key_or_keyring_common() argument
225 if (!trusted && !check_dest) in key_or_keyring_common()
237 if (trusted) { in key_or_keyring_common()
238 if (trusted->type == &key_type_keyring) { in key_or_keyring_common()
240 key = find_asymmetric_key(trusted, sig->auth_ids[0], in key_or_keyring_common()
245 } else if (trusted->type == &key_type_asymmetric) { in key_or_keyring_common()
249 asymmetric_key_ids(trusted)->id; in key_or_keyring_common()
273 key = __key_get(trusted); in key_or_keyring_common()
[all …]
|
| /linux/certs/ |
| H A D | system_keyring.c | 2 /* System trusted keyring for trusted public keys
93 /* If we have a secondary trusted keyring, then that contains a link in restrict_link_by_builtin_and_secondary_trusted()
122 /* If we have a secondary trusted keyring, then that contains a link in restrict_link_by_digsig_builtin_and_secondary()
146 panic("Can't allocate secondary trusted keyring restriction\n"); in get_builtin_and_secondary_restriction()
192 panic("Can't link (machine) trusted keyrings\n"); in set_machine_trusted_keys()
224 * Create the trusted keyrings
228 pr_notice("Initialise system trusted keyrings\n"); in system_trusted_keyring_init()
238 panic("Can't allocate builtin trusted keyring\n"); in system_trusted_keyring_init()
251 panic("Can't allocate secondary trusted keyring\n"); in system_trusted_keyring_init()
254 panic("Can't link trusted keyrings\n"); in system_trusted_keyring_init()
[all …]
|
| /linux/drivers/md/ |
| H A D | dm-verity-loadpin.c | 21 bool trusted = false; in is_trusted_verity_target() local
39 trusted = true; in is_trusted_verity_target()
46 return trusted; in is_trusted_verity_target()
51 * a verity device that is trusted by LoadPin.
59 bool trusted = false; in dm_verity_loadpin_is_bdev_trusted() local
79 trusted = true; in dm_verity_loadpin_is_bdev_trusted()
85 return trusted; in dm_verity_loadpin_is_bdev_trusted()
|
| /linux/tools/testing/selftests/pidfd/ |
| H A D | pidfd_xattr_test.c | 57 snprintf(xattr_name, sizeof(xattr_name), "trusted.testattr%d", i); in TEST_F()
64 snprintf(xattr_name, sizeof(xattr_name), "trusted.testattr%d", i); in TEST_F()
75 snprintf(xattr_name, sizeof(xattr_name), "trusted.testattr%d", i); in TEST_F()
87 snprintf(xattr_name, sizeof(xattr_name), "trusted.testattr%d", i); in TEST_F()
103 …ret = fsetxattr(self->child_pidfd, "trusted.persistent", "persistent value", strlen("persistent va… in TEST_F()
107 ret = fgetxattr(self->child_pidfd, "trusted.persistent", buf, sizeof(buf)); in TEST_F()
113 ASSERT_EQ(strcmp(list, "trusted.persistent"), 0) in TEST_F()
123 ret = fgetxattr(self->child_pidfd, "trusted.persistent", buf, sizeof(buf)); in TEST_F()
129 ASSERT_EQ(strcmp(list, "trusted.persistent"), 0); in TEST_F()
|
| /linux/security/keys/encrypted-keys/ |
| H A D | masterkey_trusted.c | 11 * See Documentation/security/keys/trusted-encrypted.rst
16 #include <keys/trusted-type.h>
21 * request_trusted_key - request the trusted key
23 * Trusted keys are sealed to PCRs and other metadata. Although userspace
24 * manages both trusted/encrypted key-types, like the encrypted key type
25 * data, trusted key type data is not visible decrypted from userspace.
|
| /linux/security/integrity/ima/ |
| H A D | Kconfig | 18 The Trusted Computing Group(TCG) runtime Integrity
198 be signed and verified by a public key on the trusted IMA
211 and verified by a public key on the trusted IMA keyring.
223 and verified by a key on the trusted IMA keyring.
256 machine (if configured), or secondary trusted keyrings. The
262 built-in, machine (if configured) or secondary trusted keyrings.
276 bool "Load X509 certificate onto the '.ima' trusted keyring"
281 loaded on the .ima trusted keyring. These public keys are
282 X509 certificates signed by a trusted key on the
284 loading from the kernel onto the '.ima' trusted keyrin
[all...] |
| /linux/tools/testing/selftests/bpf/progs/ |
| H A D | verifier_vfs_reject.c | 16 __failure __msg("Possibly NULL pointer passed to trusted arg0")
49 __failure __msg("R1 must be referenced or trusted")
55 /* Walking a trusted struct task_struct returned from in BPF_PROG()
92 __failure __msg("Possibly NULL pointer passed to trusted arg0")
101 __failure __msg("R1 must be referenced or trusted")
106 /* Walking a trusted argument typically yields an untrusted in BPF_PROG()
115 __failure __msg("R1 must be referenced or trusted")
122 /* Walking a trusted pointer returned from bpf_get_current_task_btf() in BPF_PROG()
|
| H A D | cgrp_kfunc_failure.c | 32 __failure __msg("Possibly NULL pointer passed to trusted arg0")
51 __failure __msg("Possibly NULL pointer passed to trusted arg0")
100 /* Can't invoke bpf_cgroup_acquire() on a pointer obtained from walking a trusted cgroup. */ in BPF_PROG()
109 __failure __msg("Possibly NULL pointer passed to trusted arg0")
157 __failure __msg("must be referenced or trusted")
178 __failure __msg("Possibly NULL pointer passed to trusted arg0")
206 __failure __msg("Possibly NULL pointer passed to trusted arg0")
243 /* Cannot release trusted cgroup pointer which was not acquired. */ in BPF_PROG()
|
| /linux/include/linux/ |
| H A D | psp-tee.h | 3 * AMD Trusted Execution Environment (TEE) interface
17 /* This file defines the Trusted Execution Environment (TEE) interface commands
19 * AMD-TEE Trusted OS.
24 * @TEE_CMD_ID_LOAD_TA: Load Trusted Application (TA) binary into
45 * psp_tee_process_cmd() - Process command in Trusted Execution Environment
52 * This function submits a command to the Trusted OS for processing in the
|
| /linux/Documentation/devicetree/bindings/tpm/ |
| H A D | microsoft,ftpm.yaml | 7 title: Microsoft firmware-based Trusted Platform Module (fTPM)
15 offer trusted computing features in their CPUs aimed at displacing dedicated
16 trusted hardware. Unfortunately, these CPU architectures raise serious
17 challenges to building trusted systems because they omit providing secure
22 those of dedicated trusted hardware.
|
| /linux/Documentation/admin-guide/hw-vuln/ |
| H A D | core-scheduling.rst | 21 user-designated trusted group can share a core. This increase in core sharing
101 trusted (same cookie) at any point in time. Kernel threads are assumed trusted.
110 the idle task is selected. Idle task is globally trusted.
126 priority task is not trusted with respect to the core wide highest priority
127 task. If a sibling does not have a trusted task to run, it will be forced idle
157 and are considered system-wide trusted. The forced-idling of siblings running
166 Core scheduling tries to guarantee that only trusted tasks run concurrently on a
168 concurrently or kernel could be running concurrently with a task not trusted by
173 Core scheduling selects only trusted tasks to run together. IPI is used to notify
207 allowing system processes (trusted tasks) to share a core.
|
| /linux/include/linux/firmware/ |
| H A D | trusted_foundations.h | 7 * Support for the Trusted Foundations secure monitor.
9 * Trusted Foundation comes active on some ARM consumer devices (most
13 * Trusted Foundations, and do *not* follow the SMC calling convention or the
60 pr_err("No support for Trusted Foundations, continuing in degraded mode.\n"); in register_trusted_foundations()
74 struct device_node *np = of_find_compatible_node(NULL, NULL, "tlm,trusted-foundations"); in of_register_trusted_foundations()
|
| /linux/Documentation/userspace-api/ |
| H A D | tee.rst | 5 TEE (Trusted Execution Environment) Userspace API
22 - TEE_IOC_OPEN_SESSION opens a new session to a Trusted Application.
24 - TEE_IOC_INVOKE invokes a function in a Trusted Application.
28 - TEE_IOC_CLOSE_SESSION closes a session to a Trusted Application.
|
| /linux/drivers/tee/tstee/ |
| H A D | Kconfig | 3 tristate "Arm Trusted Services TEE driver"
7 The Trusted Services project provides a framework for developing and
9 This driver provides an interface to make Trusted Services Secure
|
| /linux/drivers/tee/amdtee/ |
| H A D | amdtee_private.h | 29 /* Maximum number of sessions which can be opened with a Trusted Application */
46 * struct amdtee_session - Trusted Application (TA) session related information.
47 * @ta_handle: handle to Trusted Application (TA) loaded in TEE environment
54 * subsequent operations with the Trusted Application.
113 * @ta_handle: [in] handle of the loaded Trusted Application (TA)
|
| /linux/drivers/tee/qcomtee/ |
| H A D | Kconfig | 2 # Qualcomm Trusted Execution Environment Configuration
10 This option enables the Qualcomm Trusted Execution Environment (QTEE)
12 its loaded Trusted Applications (TAs). Additionally, it facilitates
|
| /linux/security/integrity/ |
| H A D | Kconfig | 53 .evm keyrings be signed by a key on the system trusted
57 bool "Provide keyring for platform/firmware trusted keys"
61 Provide a separate, distinct keyring for platform trusted keys, which
76 be trusted within the kernel.
|
| /linux/Documentation/arch/x86/ |
| H A D | intel_txt.rst | 5 Intel's technology for safer computing, Intel(R) Trusted Execution
7 provide the building blocks for creating trusted platforms.
35 3_David-Grawrock_The-Front-Door-of-Trusted-Computing.pdf
43 Trusted Boot Project Overview
46 Trusted Boot (tboot) is an open source, pre-kernel/VMM module that
211 Security top-level menu and is called "Enable Intel(R) Trusted
220 system and can also be found on the Trusted Boot site. It is an
|
| /linux/drivers/firmware/ |
| H A D | trusted_foundations.c | 3 * Trusted Foundations support for ARM CPUs
166 node = of_find_compatible_node(NULL, NULL, "tlm,trusted-foundations"); in of_register_trusted_foundations()
173 panic("Trusted Foundation: missing version-major property\n"); in of_register_trusted_foundations()
177 panic("Trusted Foundation: missing version-minor property\n"); in of_register_trusted_foundations()
|