/linux-6.12.1/Documentation/security/keys/ |
D | ecryptfs.rst | 8 Each FEK is in turn encrypted with a File Encryption Key Encryption Key (FEKEK) 12 the FEK is encrypted by 'ecryptfsd' with the help of external libraries in order 22 The 'encrypted' key type has been extended with the introduction of the new 31 encrypted form. 33 The eCryptfs filesystem may really benefit from using encrypted keys in that the 42 keyctl add encrypted name "new ecryptfs key-type:master-key-name keylen" ring 43 keyctl add encrypted name "load hex_blob" ring 53 Example of encrypted key usage with the eCryptfs filesystem: 55 Create an encrypted key "1000100010001000" of length 64 bytes with format 58 $ keyctl add encrypted 1000100010001000 "new ecryptfs user:test 64" @u [all …]
|
D | trusted-encrypted.rst | 8 stores, and loads only encrypted blobs. Trusted Keys require the availability 133 New keys are created from random numbers. They are encrypted/decrypted using 171 random numbers or user-provided decrypted data, and are encrypted/decrypted 173 user-key type. The main disadvantage of encrypted keys is that if they are not 281 The decrypted portion of encrypted keys can contain either a simple symmetric 287 keyctl add encrypted name "new [format] key-type:master-key-name keylen" 289 keyctl add encrypted name "new [format] key-type:master-key-name keylen 291 keyctl add encrypted name "load hex_blob" ring 299 Examples of trusted and encrypted key usage 366 encrypted key "evm" using the above trusted key "kmk": [all …]
|
D | index.rst | 11 trusted-encrypted
|
/linux-6.12.1/security/keys/encrypted-keys/ |
D | Makefile | 6 obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys.o 8 encrypted-keys-y := encrypted.o ecryptfs_format.o 11 encrypted-keys-y += $(masterkey-y) $(masterkey-m-m)
|
/linux-6.12.1/Documentation/arch/x86/ |
D | amd-memory-encryption.rst | 10 SME provides the ability to mark individual pages of memory as encrypted using 11 the standard x86 page tables. A page that is marked encrypted will be 12 automatically decrypted when read from DRAM and encrypted when written to 16 SEV enables running encrypted virtual machines (VMs) in which the code and data 19 memory. Private memory is encrypted with the guest-specific key, while shared 20 memory may be encrypted with hypervisor key. When SME is enabled, the hypervisor 23 A page is encrypted when a page table entry has the encryption bit set (see 25 specified in the cr3 register, allowing the PGD table to be encrypted. Each 26 successive level of page tables can also be encrypted by setting the encryption 28 page table hierarchy to be encrypted. Note, this means that just because the [all …]
|
/linux-6.12.1/net/tls/ |
D | trace.h | 47 bool encrypted, bool decrypted), 49 TP_ARGS(sk, tcp_seq, rec_no, rec_len, encrypted, decrypted), 56 __field( bool, encrypted ) 65 __entry->encrypted = encrypted; 73 __entry->encrypted, __entry->decrypted
|
/linux-6.12.1/net/rxrpc/ |
D | rxkad.c | 754 response->encrypted.checksum = htonl(csum); in rxkad_calc_response_checksum() 776 sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted)); in rxkad_encrypt_response() 779 skcipher_request_set_crypt(req, sg, sg, sizeof(resp->encrypted), iv.x); in rxkad_encrypt_response() 836 resp->encrypted.epoch = htonl(conn->proto.epoch); in rxkad_respond_to_challenge() 837 resp->encrypted.cid = htonl(conn->proto.cid); in rxkad_respond_to_challenge() 838 resp->encrypted.securityIndex = htonl(conn->security_ix); in rxkad_respond_to_challenge() 839 resp->encrypted.inc_nonce = htonl(nonce + 1); in rxkad_respond_to_challenge() 840 resp->encrypted.level = htonl(conn->security_level); in rxkad_respond_to_challenge() 843 resp->encrypted.call_id[0] = htonl(conn->channels[0].call_counter); in rxkad_respond_to_challenge() 844 resp->encrypted.call_id[1] = htonl(conn->channels[1].call_counter); in rxkad_respond_to_challenge() [all …]
|
/linux-6.12.1/Documentation/filesystems/ |
D | fscrypt.rst | 35 and CephFS. This allows encrypted files to be read and written 36 without caching both the decrypted and encrypted pages in the 39 inodes are needed. eCryptfs also limits encrypted filenames to 143 45 supports marking an empty directory as encrypted. Then, after 48 encrypted. 118 "locked", i.e. in ciphertext or encrypted form. 124 encrypted files and directories before removing a master key, as 126 encrypted directory. 156 with another user's encrypted files to which they have read-only 169 policies on all new encrypted directories. [all …]
|
D | ecryptfs.rst | 44 Create a new directory into which eCryptfs will write its encrypted 59 host page size). This is the encrypted underlying file for what you
|
/linux-6.12.1/Documentation/virt/kvm/s390/ |
D | s390-pv-boot.rst | 12 Memory made accessible to the hypervisor will be encrypted. See 16 information about the encrypted components and necessary metadata to 27 switch into PV mode itself, the user can load encrypted guest 59 The components are for instance an encrypted kernel, kernel parameters 62 After the initial import of the encrypted data, all defined pages will 82 encrypted images.
|
D | s390-pv-dump.rst | 20 provides an interface to KVM over which encrypted CPU and memory data 34 and extracts dump keys with which the VM dump data will be encrypted. 46 write out the encrypted vcpu state, but also the unencrypted state 49 The memory state is further divided into the encrypted memory and its 51 encrypted memory can simply be read once it has been exported. The
|
/linux-6.12.1/Documentation/driver-api/nvdimm/ |
D | security.rst | 51 A nvdimm encrypted-key of format enc32 has the description format of: 54 See file ``Documentation/security/keys/trusted-encrypted.rst`` for creating 55 encrypted-keys of enc32 format. TPM usage with a master trusted key is 56 preferred for sealing the encrypted-keys. 64 relevant encrypted-keys into the kernel user keyring during the initramfs phase. 115 An encrypted-key with the current user passphrase that is tied to the nvdimm 125 is just another encrypted-key. 136 another encrypted-key.
|
/linux-6.12.1/Documentation/admin-guide/device-mapper/ |
D | dm-crypt.rst | 70 Either 'logon', 'user', 'encrypted' or 'trusted' kernel key type. 78 then sectors are encrypted according to their offsets (sector 0 uses key0; 87 encrypted data. You can specify it as a path like /dev/xxx or a device 91 Starting sector within the device where the encrypted data begins. 106 option. For example, allowing discards on encrypted devices may lead to 146 integrity for the encrypted device. The additional space is then 172 concurrency (the split requests could be encrypted in parallel by multiple 179 concurrency (the split requests could be encrypted in parallel by multiple
|
/linux-6.12.1/arch/x86/kernel/ |
D | crash_dump_64.c | 17 bool encrypted) in __copy_oldmem_page() argument 24 if (encrypted) in __copy_oldmem_page()
|
/linux-6.12.1/security/keys/ |
D | Kconfig | 78 Userspace will only ever see encrypted blobs. 99 encrypted/decrypted with a 'master' symmetric key. The 'master' 100 key can be either a trusted-key or user-key type. Only encrypted 106 bool "Allow encrypted keys with user decrypted data" 109 This option provides support for instantiating encrypted keys using
|
D | Makefile | 32 obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys/
|
/linux-6.12.1/include/linux/ |
D | crash_dump.h | 140 u64 *ppos, bool encrypted); 143 u64 *ppos, bool encrypted) in read_from_oldmem() argument
|
/linux-6.12.1/Documentation/power/ |
D | swsusp-dmcrypt.rst | 16 Now your system is properly set up, your disk is encrypted except for 26 up dm-crypt and then asks swsusp to resume from the encrypted 56 card contains at least the encrypted swap setup in a file 67 initrd that allows you to resume from encrypted swap and that 133 Otherwise we just remove the encrypted swap device and leave it to the
|
/linux-6.12.1/Documentation/networking/ |
D | tls.rst | 68 socket is encrypted using TLS and the parameters provided in the socket option. 69 For example, we can send an encrypted hello world record as follows: 76 send() data is directly encrypted from the userspace buffer provided 77 to the encrypted kernel send buffer if possible. 92 The kernel will need to allocate a buffer for the encrypted data. 162 encrypted by the kernel.
|
/linux-6.12.1/Documentation/ABI/testing/ |
D | evm | 13 trusted/encrypted key stored in the Kernel Key 90 creating and loading existing trusted/encrypted keys, 92 Documentation/security/keys/trusted-encrypted.rst. Both
|
D | sysfs-bus-papr-pmem | 25 * "encrypted" 26 NVDIMM contents are encrypted.
|
/linux-6.12.1/Documentation/security/secrets/ |
D | coco.rst | 55 Consider a guest performing computations on encrypted files. The Guest Owner 62 because they are encrypted. Host can't read the decryption key because 65 confidential (memory-encrypted) guest.
|
/linux-6.12.1/Documentation/process/ |
D | embargoed-hardware-issues.rst | 38 The list is encrypted and email to the list can be sent by either PGP or 39 S/MIME encrypted and must be signed with the reporter's PGP key or S/MIME 62 The encrypted mailing-lists which are used in our process are hosted on 135 The hardware security team will provide an incident-specific encrypted 172 team via the specific encrypted mailing-list. 181 The initial response team sets up an encrypted mailing-list or repurposes 322 We use encrypted mailing lists for communication. The operating principle 323 of these lists is that email sent to the list is encrypted either with the 357 can send encrypted email to the list.
|
/linux-6.12.1/Documentation/virt/hyperv/ |
D | coco.rst | 104 paravisor runs first and sets up the guest physical memory as encrypted. The 133 context), MMIO accesses to these devices must be encrypted references instead 136 check whether a particular address range should be treated as encrypted 140 memory between encrypted and decrypted requires coordinating with the 201 copied into a temporary (encrypted) buffer for further validation and 220 equivalent of bounce buffering between encrypted and decrypted memory is 237 When transitioning memory between encrypted and decrypted, the caller of 259 encrypted/decrypted transition is complete, the pages are marked as "present"
|
/linux-6.12.1/Documentation/virt/kvm/x86/ |
D | amd-memory-encryption.rst | 14 the memory contents of a VM will be transparently encrypted with a key 25 Bits[31:0] Number of encrypted guests supported simultaneously 165 that the memory was encrypted correctly by the firmware. 174 __u64 uaddr; /* userspace address to be encrypted (must be 16-byte aligned) */ 175 __u32 len; /* length of the data to be encrypted (must be 16-byte aligned) */ 184 data encrypted by the KVM_SEV_LAUNCH_UPDATE_DATA command. The guest owner may 384 __u64 guest_uaddr; /* the source memory region to be encrypted */ 526 __u64 uaddr; /* Userspace address of data to be loaded/encrypted. */
|