/linux/Documentation/ABI/testing/ |
H A D | securityfs-secrets-coco | 1 What: security/secrets/coco 5 Exposes confidential computing (coco) EFI secrets to 10 the Guest Owner during VM's launch. The secrets are encrypted 14 The efi_secret module exposes the secrets to userspace. Each 15 secret appears as a file under <securityfs>/secrets/coco, 16 where the filename is the GUID of the entry in the secrets 26 For example, listing the available secrets:: 29 # ls -l /sys/kernel/security/secrets/coco 37 # cat /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910 42 # rm /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910 [all …]
|
/linux/Documentation/security/secrets/ |
H A D | coco.rst | 4 Confidential Computing secrets 16 Virtualization) allows guest owners to inject secrets into the VMs 22 secrets via securityfs. 48 secrets to userspace applications via securityfs. The details of the 49 efi_secret filesystem interface are in [secrets-coco-abi]_. 68 to which an EFI secret area with 4 secrets was injected during launch:: 70 # ls -la /sys/kernel/security/secrets/coco 79 # hd /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910 81 00000010 74 61 2d 73 65 63 72 65 74 73 00 01 02 03 04 05 |ta-secrets......| 85 # rm /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910 [all …]
|
/linux/drivers/virt/coco/sev-guest/ |
H A D | sev-guest.c | 661 static u8 *get_vmpck(int id, struct snp_secrets_page *secrets, u32 **seqno) in get_vmpck() argument 667 *seqno = &secrets->os_area.msg_seqno_0; in get_vmpck() 668 key = secrets->vmpck0; in get_vmpck() 671 *seqno = &secrets->os_area.msg_seqno_1; in get_vmpck() 672 key = secrets->vmpck1; in get_vmpck() 675 *seqno = &secrets->os_area.msg_seqno_2; in get_vmpck() 676 key = secrets->vmpck2; in get_vmpck() 679 *seqno = &secrets->os_area.msg_seqno_3; in get_vmpck() 680 key = secrets->vmpck3; in get_vmpck() 983 struct snp_secrets_page *secrets; in sev_guest_probe() local [all …]
|
/linux/drivers/virt/coco/efi_secret/ |
H A D | Kconfig | 11 guests). The driver exposes the secrets as files in 12 <securityfs>/secrets/coco. Files can be read and deleted (deleting
|
/linux/drivers/firmware/efi/ |
H A D | Kconfig | 177 still contains secrets in RAM, booting another OS and extracting the 178 secrets. This should only be enabled when userland is configured to 179 clear the MemoryOverwriteRequest flag on clean shutdown after secrets 255 Guest Owner to securely inject secrets during guest VM launch. 256 The secrets are placed in a designated EFI reserved memory area. 258 In order to use the secrets in the kernel, the location of the secret 263 virt/coco/efi_secret module to access the secrets, which in turn 264 allows userspace programs to access the injected secrets.
|
/linux/Documentation/security/ |
H A D | index.rst | 21 secrets/index
|
H A D | self-protection.rst | 204 Canaries, blinding, and other secrets
|
/linux/drivers/s390/char/ |
H A D | uvdevice.c | 309 const size_t data_off = offsetof(struct uv_secret_list, secrets); in uvio_get_list() 323 copy_len = sizeof(list->secrets[0]) * list->num_secr_stored; in uvio_get_list() 324 if (copy_to_user(user_buf + user_off, list->secrets, copy_len)) in uvio_get_list()
|
/linux/Documentation/security/tpm/ |
H A D | xen-tpmfront.rst | 18 of the vTPM's secrets (Keys, NVRAM, etc) are managed by a vTPM Manager domain, 19 which seals the secrets to the Physical TPM. If the process of creating each of
|
H A D | tpm-security.rst | 33 secrets and integrity as far as we are able in this environment and to 53 a trusted state and release secrets 97 Obviously using the null seed without any other prior shared secrets,
|
/linux/arch/s390/kernel/ |
H A D | uv.c | 908 if (memcmp(secret_id, list->secrets[i].id, UV_SECRET_ID_LEN) == 0) { in find_secret_in_page() 909 *secret = list->secrets[i].hdr; in find_secret_in_page()
|
/linux/Documentation/admin-guide/hw-vuln/ |
H A D | reg-file-data-sampling.rst | 45 attacker can extract the secrets. This is achieved by using the otherwise
|
H A D | processor_mmio_stale_data.rst | 154 an attacker can extract the secrets. 190 MDS/TAA, guest without MMIO access cannot extract secrets using Processor MMIO
|
H A D | l1tf.rst | 193 paths have been verified that they cannot expose secrets or other 563 nested virtual machine, so that the nested hypervisor's secrets are not 568 cache avoids that the bare metal hypervisor's secrets are exposed to the
|
/linux/arch/x86/include/asm/ |
H A D | sev.h | 247 struct snp_secrets_page *secrets; member
|
/linux/security/keys/ |
H A D | Kconfig | 123 public keys and shared secrets using values stored as keys
|
/linux/arch/s390/include/asm/ |
H A D | uv.h | 431 struct uv_secret_list_item secrets[85]; member
|
/linux/arch/x86/coco/sev/ |
H A D | core.c | 703 struct snp_secrets_page *secrets; in get_snp_jump_table_addr() local 713 secrets = (__force struct snp_secrets_page *)mem; in get_snp_jump_table_addr() 715 addr = secrets->os_area.ap_jump_table_pa; in get_snp_jump_table_addr()
|
/linux/drivers/crypto/ |
H A D | Kconfig | 164 keys from secrets stored within the Ultravisor (UV). 167 retrieval of protected keys from secrets stored within the 174 secrets via PKEY API.
|
/linux/Documentation/ABI/stable/ |
H A D | sysfs-class-tpm | 117 secrets, it can't authorize its own request for the pubek,
|
/linux/Documentation/virt/coco/ |
H A D | sev-guest.rst | 188 Endorsement Key (VCEK), which is derived from chip-unique secrets, or a
|
/linux/Documentation/networking/device_drivers/cable/ |
H A D | sb1000.rst | 93 phone number, and frequency for the cable modem. Also edit pap-secrets
|
/linux/Documentation/virt/kvm/x86/ |
H A D | amd-memory-encryption.rst | 502 secrets.
|
/linux/Documentation/arch/x86/ |
H A D | tdx.rst | 402 entities before provisioning secrets to the guest. For example, a key
|
/linux/Documentation/networking/ |
H A D | tls-offload.rst | 133 * crypto secrets (key, iv, salt)
|