| /OK3568_Linux_fs/kernel/Documentation/x86/ |
| H A D | amd-memory-encryption.rst | 23 A page is encrypted when a page table entry has the encryption bit set (see
24 below on how to determine its position). The encryption bit can also be
26 successive level of page tables can also be encrypted by setting the encryption
29 encryption bit is set in cr3, doesn't imply the full hierarchy is encrypted.
30 Each page table entry in the hierarchy needs to have the encryption bit set to
31 achieve that. So, theoretically, you could have the encryption bit set in cr3
32 so that the PGD is encrypted, but not set the encryption bit in the PGD entry
38 memory. Since the memory encryption bit is controlled by the guest OS when it
40 forces the memory encryption bit to 1.
50 encryption
[all …]
|
| /OK3568_Linux_fs/kernel/Documentation/block/ |
| H A D | inline-encryption.rst | 10 Inline encryption hardware sits logically between memory and the disk, and can
11 en/decrypt data as it goes in/out of the disk. Inline encryption hardware has a
12 fixed number of "keyslots" - slots into which encryption contexts (i.e. the
13 encryption key, encryption algorithm, data unit size) can be programmed by the
15 of a keyslot (and also a data unit number to act as an encryption tweak), and
16 the inline encryption hardware will en/decrypt the data in the request with the
17 encryption context programmed into that keyslot. This is very different from
18 full disk encryption solutions like self encrypting drives/TCG OPAL/ATA
19 Security standards, since with inline encryption, any block on disk could be
20 encrypted with any encryption context the kernel chooses.
[all …]
|
| /OK3568_Linux_fs/kernel/Documentation/filesystems/ |
| H A D | fscrypt.rst | 2 Filesystem-level encryption (fscrypt)
9 transparent encryption of files and directories.
15 use encryption, see the documentation for the userspace tool `fscrypt
20 <https://source.android.com/security/encryption/file-based>`_, over
56 Provided that userspace chooses a strong encryption key, fscrypt
72 fscrypt (and storage encryption in general) can only provide limited
89 After an encryption key has been added, fscrypt does not hide the
97 encryption but rather only by the correctness of the kernel.
98 Therefore, any encryption-specific access control checks would merely
107 security vulnerability, can compromise all encryption keys that are
[all …]
|
| H A D | ubifs-authentication.rst | 20 At the current state, UBIFS encryption however does not prevent attacks where
28 Other full disk encryption systems like dm-crypt cover all filesystem metadata,
38 name encryption, the authentication system could be tied into fscrypt such that
40 be possible to use UBIFS authentication without using encryption.
394 UBIFS authentication is intended to operate side-by-side with UBIFS encryption
395 (fscrypt) to provide confidentiality and authenticity. Since UBIFS encryption
396 has a different approach of encryption policies per directory, there can be
397 multiple fscrypt master keys and there might be folders without encryption.
401 encryption, it does not share the same master key with fscrypt, but manages
411 or key in userspace that covers UBIFS authentication and encryption. This can
[all …]
|
| /OK3568_Linux_fs/kernel/fs/crypto/ |
| H A D | Kconfig | 3 bool "FS Encryption (Per-file encryption)"
10 Enable encryption of files and directories. This
16 # Filesystems supporting encryption must select this if FS_ENCRYPTION. This
20 # Note: this option only pulls in the algorithms that filesystem encryption
21 # needs "by default". If userspace will use "non-default" encryption modes such
22 # as Adiantum encryption, then those other modes need to be explicitly enabled
46 Enable fscrypt to use inline encryption hardware if available.
|
| /OK3568_Linux_fs/kernel/Documentation/admin-guide/device-mapper/ |
| H A D | dm-crypt.rst | 5 Device-Mapper's "crypt" target provides transparent encryption of block devices
17 Encryption cipher, encryption mode and Initial Vector (IV) generator.
52 Key used for encryption. It is encoded either as a hexadecimal number
66 The encryption key size in bytes. The kernel key payload size must match
112 Perform encryption using the same cpu that IO was submitted on.
113 The default is to use an unbound workqueue so that encryption work
117 Disable offloading writes to a separate thread after encryption.
119 encryption threads to a single thread degrades performance
145 Use <bytes> as the encryption unit instead of 512 bytes sectors.
161 encryption with dm-crypt using the 'cryptsetup' utility, see
[all …]
|
| /OK3568_Linux_fs/buildroot/package/python3/ |
| H A D | 0033-lib-crypt-uClibc-ng-doesn-t-set-errno-when-encryptio.patch | 4 Subject: [PATCH] lib/crypt: uClibc-ng doesn't set errno when encryption method
7 Since commit [1] in cpython, an exception is raised when an encryption method
30 # Not all libc libraries support all encryption methods.
32 + # Not all libc libraries set errno when encryption method is not
|
| /OK3568_Linux_fs/kernel/net/sunrpc/ |
| H A D | Kconfig | 38 bool "Secure RPC: Disable insecure Kerberos encryption types"
42 Choose Y here to disable the use of deprecated encryption types
44 deprecated encryption types include DES-CBC-MD5, DES-CBC-CRC,
49 keytabs that contain only these deprecated encryption types.
50 Choosing Y prevents the use of known-insecure encryption types
|
| /OK3568_Linux_fs/buildroot/package/unbound/ |
| H A D | Config.in | 25 of proposed standard for DNS encryption (RFC 7858).
32 Here is some suggestions how to handle SNI encryption:
34 https://tools.ietf.org/html/draft-ietf-tls-sni-encryption-00
|
| /OK3568_Linux_fs/buildroot/package/shadow/ |
| H A D | Config.in | 42 Allow the SHA256 and SHA512 password encryption algorithms.
47 Allow the bcrypt password encryption algorithm.
52 Allow the yescrypt password encryption algorithm.
|
| /OK3568_Linux_fs/kernel/Documentation/crypto/ |
| H A D | descore-readme.rst | 5 Fast & Portable DES encryption & decryption
15 des - fast & portable DES encryption & decryption.
41 1. Highest possible encryption/decryption PERFORMANCE.
62 - 30us per encryption (options: 64k tables, no IP/FP)
63 - 33us per encryption (options: 64k tables, FIPS standard bit ordering)
64 - 45us per encryption (options: 2k tables, no IP/FP)
65 - 48us per encryption (options: 2k tables, FIPS standard bit ordering)
68 this has the quickest encryption/decryption routines i've seen.
80 - 53us per encryption (uses 2k of tables)
85 encryption/decryption is still slower on the sparc and 68000.
[all …]
|
| H A D | api-samples.rst | 8 all inputs are random bytes, the encryption is done in-place, and it's
29 * encryption/decryption operations. But in this example, we'll just do a
30 * single encryption operation with it (which is not very efficient).
|
| H A D | userspace-if.rst | 95 to provide different memory pointers for the encryption and decryption
159 should be processed for encryption or decryption. In addition, the IV is
170 - ALG_OP_ENCRYPT - encryption of data
218 should be processed for encryption or decryption. In addition, the IV is
229 - ALG_OP_ENCRYPT - encryption of data
277 - AEAD encryption input: AAD \|\| plaintext
284 - AEAD encryption output: ciphertext \|\| authentication tag
386 AEAD ciphers. For a encryption operation, the authentication tag of
|
| /OK3568_Linux_fs/buildroot/package/fscryptctl/ |
| H A D | Config.in | 5 keys and manages policies for Linux filesystem encryption.
9 encryption option and block size equal to CPU page size
|
| /OK3568_Linux_fs/kernel/Documentation/virt/kvm/ |
| H A D | amd-memory-encryption.rst | 29 Bit[23] 1 = memory encryption can be enabled
30 0 = memory encryption can not be enabled
33 Bit[0] 1 = memory encryption can be enabled
34 0 = memory encryption can not be enabled
43 SEV hardware uses ASIDs to associate a memory encryption key with a VM.
93 The KVM_SEV_LAUNCH_START command is used for creating the memory encryption
94 context. To create the encryption context, user must provide a guest policy,
|
| /OK3568_Linux_fs/kernel/drivers/gpu/drm/amd/display/modules/hdcp/ |
| H A D | hdcp1_transition.c | 81 } else if (!conn->is_repeater && input->encryption != PASS) { in mod_hdcp_hdcp1_transition()
131 input->encryption != PASS) { in mod_hdcp_hdcp1_transition()
229 } else if ((!conn->is_repeater && input->encryption != PASS) || in mod_hdcp_hdcp1_dp_transition()
308 } else if (input->encryption != PASS || in mod_hdcp_hdcp1_dp_transition()
|
| H A D | hdcp1_execution.c | 227 &input->encryption, &status, in computations_validate_rx_test_for_repeater()
232 &input->encryption, &status, in computations_validate_rx_test_for_repeater()
354 if (input->encryption != PASS) in read_ksv_list()
356 &input->encryption, &status, in read_ksv_list()
|
| /OK3568_Linux_fs/buildroot/package/weston/ |
| H A D | 0087-backend-vnc-enable-TLS-support.patch | 6 Add TLS key and certificate parameters to enable encryption support.
26 + " --vnc-tls-cert=FILE\tThe file containing the certificate for TLS encryption\n"
27 + " --vnc-tls-key=FILE\tThe file containing the private key for TLS encryption\n"
105 -Note that authentication and encryption are not supported yet. Anyone with
|
| /OK3568_Linux_fs/yocto/meta-rockchip/recipes-graphics/wayland/weston_11.0.1/ |
| H A D | 0088-backend-vnc-enable-TLS-support.patch | 6 Add TLS key and certificate parameters to enable encryption support.
26 + " --vnc-tls-cert=FILE\tThe file containing the certificate for TLS encryption\n"
27 + " --vnc-tls-key=FILE\tThe file containing the private key for TLS encryption\n"
105 -Note that authentication and encryption are not supported yet. Anyone with
|
| /OK3568_Linux_fs/u-boot/tools/ |
| H A D | zynqimage.c | 75 uint32_t encryption; /* 0x28 */ member
100 checksum += le32_to_cpu(ptr->encryption); in zynqimage_checksum()
122 ptr->encryption = cpu_to_le32(ENCRYPTION_NONE); in zynqimage_default_header()
|
| H A D | zynqmpimage.c | 87 uint32_t encryption; /* 0x28 */ member
114 checksum += le32_to_cpu(ptr->encryption); in zynqmpimage_checksum()
137 ptr->encryption = cpu_to_le32(ENCRYPTION_NONE); in zynqmpimage_default_header()
|
| /OK3568_Linux_fs/yocto/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/ |
| H A D | long-help | 77 enables weak single DES encryption
80 --enable-no-encryption
81 enables using no encryption for data traffic (key exchanged must be encrypted)
82 conf-variable: Enable no encryption
|
| /OK3568_Linux_fs/kernel/block/ |
| H A D | Kconfig | 198 bool "Enable inline encryption support in block layer"
201 block layer handle encryption, so users can take
202 advantage of inline encryption hardware if present.
210 Enabling this lets the block layer handle inline encryption
212 encryption hardware is not present.
|
| /OK3568_Linux_fs/kernel/net/tipc/ |
| H A D | Kconfig | 40 bool "TIPC encryption support"
46 Saying Y here will enable support for TIPC encryption.
|
| /OK3568_Linux_fs/buildroot/package/dropbear/ |
| H A D | Config.in | 63 3DES encryption
65 CBC encryption mode
|