| /OK3568_Linux_fs/kernel/Documentation/security/keys/ |
| H A D | ecryptfs.rst | 8 Each FEK is in turn encrypted with a File Encryption Key Encryption Key (FEKEK)
12 the FEK is encrypted by 'ecryptfsd' with the help of external libraries in order
22 The 'encrypted' key type has been extended with the introduction of the new
31 encrypted form.
33 The eCryptfs filesystem may really benefit from using encrypted keys in that the
42 keyctl add encrypted name "new ecryptfs key-type:master-key-name keylen" ring
43 keyctl add encrypted name "load hex_blob" ring
53 Example of encrypted key usage with the eCryptfs filesystem:
55 Create an encrypted key "1000100010001000" of length 64 bytes with format
58 $ keyctl add encrypted 1000100010001000 "new ecryptfs user:test 64" @u
[all …]
|
| H A D | trusted-encrypted.rst | 8 stores, and loads only encrypted blobs. Trusted Keys require the availability
83 numbers, and are encrypted/decrypted using a specified 'master' key. The
85 disadvantage of encrypted keys is that if they are not rooted in a trusted key,
90 The decrypted portion of encrypted keys can contain either a simple symmetric
96 keyctl add encrypted name "new [format] key-type:master-key-name keylen"
98 keyctl add encrypted name "load hex_blob" ring
107 Examples of trusted and encrypted key usage:
172 encrypted key "evm" using the above trusted key "kmk":
176 $ keyctl add encrypted evm "new trusted:kmk 32" @u
181 $ keyctl add encrypted evm "new default trusted:kmk 32" @u
[all …]
|
| H A D | index.rst | 11 trusted-encrypted
|
| /OK3568_Linux_fs/kernel/Documentation/x86/ |
| H A D | amd-memory-encryption.rst | 10 SME provides the ability to mark individual pages of memory as encrypted using
11 the standard x86 page tables. A page that is marked encrypted will be
12 automatically decrypted when read from DRAM and encrypted when written to
16 SEV enables running encrypted virtual machines (VMs) in which the code and data
19 memory. Private memory is encrypted with the guest-specific key, while shared
20 memory may be encrypted with hypervisor key. When SME is enabled, the hypervisor
23 A page is encrypted when a page table entry has the encryption bit set (see
25 specified in the cr3 register, allowing the PGD table to be encrypted. Each
26 successive level of page tables can also be encrypted by setting the encryption
28 page table hierarchy to be encrypted. Note, this means that just because the
[all …]
|
| /OK3568_Linux_fs/kernel/security/keys/encrypted-keys/ |
| H A D | Makefile | 6 obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys.o
8 encrypted-keys-y := encrypted.o ecryptfs_format.o
11 encrypted-keys-y += $(masterkey-y) $(masterkey-m-m)
|
| /OK3568_Linux_fs/kernel/net/rxrpc/ |
| H A D | rxkad.c | 774 response->encrypted.checksum = htonl(csum); in rxkad_calc_response_checksum()
796 sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted)); in rxkad_encrypt_response()
799 skcipher_request_set_crypt(req, sg, sg, sizeof(resp->encrypted), iv.x); in rxkad_encrypt_response()
863 resp->encrypted.epoch = htonl(conn->proto.epoch); in rxkad_respond_to_challenge()
864 resp->encrypted.cid = htonl(conn->proto.cid); in rxkad_respond_to_challenge()
865 resp->encrypted.securityIndex = htonl(conn->security_ix); in rxkad_respond_to_challenge()
866 resp->encrypted.inc_nonce = htonl(nonce + 1); in rxkad_respond_to_challenge()
867 resp->encrypted.level = htonl(conn->params.security_level); in rxkad_respond_to_challenge()
870 resp->encrypted.call_id[0] = htonl(conn->channels[0].call_counter); in rxkad_respond_to_challenge()
871 resp->encrypted.call_id[1] = htonl(conn->channels[1].call_counter); in rxkad_respond_to_challenge()
[all …]
|
| /OK3568_Linux_fs/kernel/net/tls/ |
| H A D | trace.h | 47 bool encrypted, bool decrypted),
49 TP_ARGS(sk, tcp_seq, rec_no, rec_len, encrypted, decrypted),
56 __field( bool, encrypted )
65 __entry->encrypted = encrypted;
73 __entry->encrypted, __entry->decrypted
|
| /OK3568_Linux_fs/kernel/Documentation/filesystems/ |
| H A D | fscrypt.rst | 35 UBIFS. This allows encrypted files to be read and written without
36 caching both the decrypted and encrypted pages in the pagecache,
39 needed. eCryptfs also limits encrypted filenames to 143 bytes,
45 supports marking an empty directory as encrypted. Then, after
48 encrypted.
118 "locked", i.e. in ciphertext or encrypted form.
124 encrypted files and directories before removing a master key, as
126 encrypted directory.
156 with another user's encrypted files to which they have read-only
169 policies on all new encrypted directories.
[all …]
|
| /OK3568_Linux_fs/u-boot/doc/ |
| H A D | README.mxc_hab | 3 To enable the authenticated or encrypted boot mode of U-Boot, it is
58 Encrypted Boot. The image is encrypted by Freescale's Code
60 u-boot.imx with the encrypted data. The Initial Vector Table,
63 The image data is encrypted with a Encryption Key (DEK).
79 Note: The encrypted boot feature is only supported by HABv4 or
88 The resulting DEK blob then is used to construct the encrypted
98 cat u-boot-signed-pad.imx DEK_blob.bin > u-boot-encrypted.imx
|
| /OK3568_Linux_fs/kernel/Documentation/virt/kvm/ |
| H A D | s390-pv-boot.rst | 12 Memory made accessible to the hypervisor will be encrypted. See
16 information about the encrypted components and necessary metadata to
27 switch into PV mode itself, the user can load encrypted guest
59 The components are for instance an encrypted kernel, kernel parameters
62 After the initial import of the encrypted data, all defined pages will
82 encrypted images.
|
| H A D | amd-memory-encryption.rst | 12 the memory contents of a VM will be transparently encrypted with a key
23 Bits[31:0] Number of encrypted guests supported simultaneously
126 that the memory was encrypted correctly by the firmware.
135 __u64 uaddr; /* userspace address to be encrypted (must be 16-byte aligned) */
136 __u32 len; /* length of the data to be encrypted (must be 16-byte aligned) */
145 data encrypted by the KVM_SEV_LAUNCH_UPDATE_DATA command. The guest owner may
|
| /OK3568_Linux_fs/kernel/Documentation/driver-api/nvdimm/ |
| H A D | security.rst | 51 A nvdimm encrypted-key of format enc32 has the description format of:
54 See file ``Documentation/security/keys/trusted-encrypted.rst`` for creating
55 encrypted-keys of enc32 format. TPM usage with a master trusted key is
56 preferred for sealing the encrypted-keys.
64 relevant encrypted-keys into the kernel user keyring during the initramfs phase.
115 An encrypted-key with the current user passphrase that is tied to the nvdimm
125 is just another encrypted-key.
136 another encrypted-key.
|
| /OK3568_Linux_fs/buildroot/dl/rtmpdump/git/librtmp/ |
| H A D | handshake.h | 701 int encrypted = r->Link.protocol & RTMP_FEATURE_ENC; in HandShake() local
714 if (encrypted || r->Link.SWFSize) in HandShake()
721 if (encrypted) in HandShake()
735 if (encrypted) in HandShake()
769 if (encrypted) in HandShake()
884 if (encrypted) in HandShake()
1038 if (encrypted) in HandShake()
1080 int encrypted; in SHandShake() local
1100 encrypted = FALSE; in SHandShake()
1105 encrypted = TRUE; in SHandShake()
[all …]
|
| /OK3568_Linux_fs/buildroot/package/aespipe/ |
| H A D | Config.in | 7 used to create and restore encrypted tar or cpio archives.
9 encrypted disk images.
|
| H A D | Config.in.host | 6 can be used to create and restore encrypted tar or cpio
8 compatible encrypted disk images.
|
| /OK3568_Linux_fs/kernel/arch/x86/kernel/ |
| H A D | crash_dump_64.c | 16 bool encrypted) in __copy_oldmem_page() argument
23 if (encrypted) in __copy_oldmem_page()
|
| /OK3568_Linux_fs/kernel/Documentation/admin-guide/device-mapper/ |
| H A D | dm-crypt.rst | 70 Either 'logon', 'user' or 'encrypted' kernel key type.
78 then sectors are encrypted according to their offsets (sector 0 uses key0;
87 encrypted data. You can specify it as a path like /dev/xxx or a device
91 Starting sector within the device where the encrypted data begins.
106 option. For example, allowing discards on encrypted devices may lead to
141 integrity for the encrypted device. The additional space is then
|
| /OK3568_Linux_fs/kernel/include/linux/ |
| H A D | crash_dump.h | 121 bool encrypted);
125 bool encrypted) in read_from_oldmem() argument
|
| /OK3568_Linux_fs/yocto/meta-openembedded/meta-oe/recipes-extended/polkit/files/ |
| H A D | 50-org.freedesktop.udiskie.rules | 11 "org.freedesktop.udisks2.encrypted-unlock": YES,
17 "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES,
|
| /OK3568_Linux_fs/buildroot/package/ntfs-3g/ |
| H A D | Config.in | 20 bool "encrypted volumes"
25 Enable support for NTFS encrypted volumes.
|
| /OK3568_Linux_fs/kernel/Documentation/networking/ |
| H A D | tls.rst | 68 socket is encrypted using TLS and the parameters provided in the socket option.
69 For example, we can send an encrypted hello world record as follows:
76 send() data is directly encrypted from the userspace buffer provided
77 to the encrypted kernel send buffer if possible.
92 The kernel will need to allocate a buffer for the encrypted data.
162 encrypted by the kernel.
|
| /OK3568_Linux_fs/kernel/Documentation/power/ |
| H A D | swsusp-dmcrypt.rst | 16 Now your system is properly set up, your disk is encrypted except for
26 up dm-crypt and then asks swsusp to resume from the encrypted
56 card contains at least the encrypted swap setup in a file
67 initrd that allows you to resume from encrypted swap and that
133 Otherwise we just remove the encrypted swap device and leave it to the
|
| /OK3568_Linux_fs/kernel/Documentation/ABI/testing/ |
| H A D | evm | 12 trusted/encrypted key stored in the Kernel Key
83 creating and loading existing trusted/encrypted keys,
85 Documentation/security/keys/trusted-encrypted.rst. Both
|
| H A D | sysfs-bus-papr-pmem | 25 * "encrypted"
26 NVDIMM contents are encrypted.
|
| /OK3568_Linux_fs/kernel/Documentation/process/ |
| H A D | embargoed-hardware-issues.rst | 38 The list is encrypted and email to the list can be sent by either PGP or
39 S/MIME encrypted and must be signed with the reporter's PGP key or S/MIME
62 The encrypted mailing-lists which are used in our process are hosted on
133 The hardware security team will provide an incident-specific encrypted
170 team via the specific encrypted mailing-list.
179 The initial response team sets up an encrypted mailing-list or repurposes
276 We use encrypted mailing-lists for communication. The operating principle
277 of these lists is that email sent to the list is encrypted either with the
310 can send encrypted email to the list.
|