Home
last modified time | relevance | path

Searched refs:secrets (Results 1 – 25 of 26) sorted by relevance

12

/linux/Documentation/ABI/testing/
H A Dsecurityfs-secrets-coco1 What: security/secrets/coco
5 Exposes confidential computing (coco) EFI secrets to
10 the Guest Owner during VM's launch. The secrets are encrypted
14 The efi_secret module exposes the secrets to userspace. Each
15 secret appears as a file under <securityfs>/secrets/coco,
16 where the filename is the GUID of the entry in the secrets
26 For example, listing the available secrets::
29 # ls -l /sys/kernel/security/secrets/coco
37 # cat /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910
42 # rm /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910
[all …]
/linux/Documentation/translations/zh_CN/security/secrets/
H A Dcoco.rst4 :Original: Documentation/security/secrets/coco.rst
45 暴露给用户空间应用程序。efi_secret文件系统接口的详细信息请参考 [secrets-coco-abi_CN]_ 。
62 # ls -la /sys/kernel/security/secrets/coco
71 # hd /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910
73 00000010 74 61 2d 73 65 63 72 65 74 73 00 01 02 03 04 05 |ta-secrets......|
77 # rm /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910
79 # ls -la /sys/kernel/security/secrets/coco
94 .. [secrets-coco-abi_CN] Documentation/ABI/testing/securityfs-secrets-coco
H A Dindex.rst4 :Original: Documentation/security/secrets/index.rst
/linux/Documentation/security/secrets/
H A Dcoco.rst4 Confidential Computing secrets
16 Virtualization) allows guest owners to inject secrets into the VMs
22 secrets via securityfs.
48 secrets to userspace applications via securityfs. The details of the
49 efi_secret filesystem interface are in [secrets-coco-abi]_.
68 to which an EFI secret area with 4 secrets was injected during launch::
70 # ls -la /sys/kernel/security/secrets/coco
79 # hd /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910
81 00000010 74 61 2d 73 65 63 72 65 74 73 00 01 02 03 04 05 |ta-secrets......|
85 # rm /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910
[all …]
/linux/drivers/virt/coco/efi_secret/
H A DKconfig11 guests). The driver exposes the secrets as files in
12 <securityfs>/secrets/coco. Files can be read and deleted (deleting
/linux/arch/x86/coco/sev/
H A Dcore.c169 struct snp_secrets_page *secrets; in get_snp_jump_table_addr() local
179 secrets = (__force struct snp_secrets_page *)mem; in get_snp_jump_table_addr()
181 addr = secrets->os_area.ap_jump_table_pa; in get_snp_jump_table_addr()
1889 static u8 *get_vmpck(int id, struct snp_secrets_page *secrets, u32 **seqno) in get_vmpck() argument
1895 *seqno = &secrets->os_area.msg_seqno_0; in get_vmpck()
1896 key = secrets->vmpck0; in get_vmpck()
1899 *seqno = &secrets->os_area.msg_seqno_1; in get_vmpck()
1900 key = secrets->vmpck1; in get_vmpck()
1903 *seqno = &secrets->os_area.msg_seqno_2; in get_vmpck()
1904 key = secrets->vmpck2; in get_vmpck()
[all …]
/linux/arch/x86/boot/startup/
H A Dsev-startup.c154 struct snp_secrets_page *secrets = (void *)cc_info->secrets_phys; in svsm_setup() local
183 call.caa = (struct svsm_ca *)secrets->svsm_caa; in svsm_setup()
/linux/Documentation/security/
H A Dindex.rst21 secrets/index
H A Dself-protection.rst204 Canaries, blinding, and other secrets
/linux/drivers/firmware/efi/
H A DKconfig177 still contains secrets in RAM, booting another OS and extracting the
178 secrets. This should only be enabled when userland is configured to
179 clear the MemoryOverwriteRequest flag on clean shutdown after secrets
255 Guest Owner to securely inject secrets during guest VM launch.
256 The secrets are placed in a designated EFI reserved memory area.
258 In order to use the secrets in the kernel, the location of the secret
263 virt/coco/efi_secret module to access the secrets, which in turn
264 allows userspace programs to access the injected secrets.
/linux/Documentation/translations/zh_CN/security/
H A Dindex.rst33 * secrets/index
/linux/drivers/s390/char/
H A Duvdevice.c309 const size_t data_off = offsetof(struct uv_secret_list, secrets); in uvio_get_list()
323 copy_len = sizeof(list->secrets[0]) * list->num_secr_stored; in uvio_get_list()
324 if (copy_to_user(user_buf + user_off, list->secrets, copy_len)) in uvio_get_list()
/linux/Documentation/security/tpm/
H A Dxen-tpmfront.rst18 of the vTPM's secrets (Keys, NVRAM, etc) are managed by a vTPM Manager domain,
19 which seals the secrets to the Physical TPM. If the process of creating each of
H A Dtpm-security.rst33 secrets and integrity as far as we are able in this environment and to
53 a trusted state and release secrets
97 Obviously using the null seed without any other prior shared secrets,
/linux/Documentation/admin-guide/hw-vuln/
H A Dprocessor_mmio_stale_data.rst154 an attacker can extract the secrets.
188 MDS/TAA, guest without MMIO access cannot extract secrets using Processor MMIO
H A Dl1tf.rst193 paths have been verified that they cannot expose secrets or other
563 nested virtual machine, so that the nested hypervisor's secrets are not
568 cache avoids that the bare metal hypervisor's secrets are exposed to the
H A Dspectre.rst622 For security-sensitive programs that have secrets (e.g. crypto
/linux/arch/x86/include/asm/
H A Dsev.h315 struct snp_secrets_page *secrets; member
/linux/arch/powerpc/platforms/pseries/
H A DKconfig186 # used to store asymmetric public keys or secrets as required
/linux/Documentation/ABI/stable/
H A Dsysfs-class-tpm117 secrets, it can't authorize its own request for the pubek,
/linux/drivers/crypto/
H A DKconfig164 keys from secrets stored within the Ultravisor (UV).
167 retrieval of protected keys from secrets stored within the
174 secrets via PKEY API.
/linux/Documentation/virt/coco/
H A Dsev-guest.rst188 Endorsement Key (VCEK), which is derived from chip-unique secrets, or a
/linux/Documentation/virt/kvm/x86/
H A Damd-memory-encryption.rst502 secrets.
/linux/Documentation/networking/
H A Dtls-offload.rst133 * crypto secrets (key, iv, salt)
/linux/Documentation/block/
H A Dinline-encryption.rst535 algorithms that don't depend on any secrets other than the unwrapped key.

12