summaryrefslogtreecommitdiff
path: root/Documentation/security/keys/trusted-encrypted.rst
AgeCommit message (Collapse)Author
2020-09-09docs: trusted-encrypted.rst: update parameters for command examplesColy Li
The parameters in command examples for tpm2_createprimary and tpm2_evictcontrol are outdated, people (like me) are not able to create trusted key by these command examples. This patch updates the parameters of command example tpm2_createprimary and tpm2_evictcontrol in trusted-encrypted.rst. With Linux kernel v5.8 and tpm2-tools-4.1, people can create a trusted key by following the examples in this document. Signed-off-by: Coly Li <colyli@suse.de> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Cc: Dan Williams <dan.j.williams@intel.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jason Gunthorpe <jgg@ziepe.ca> Cc: Mimi Zohar <zohar@linux.ibm.com> Cc: Peter Huewe <peterhuewe@gmx.de> Link: https://lore.kernel.org/r/20200821135356.15737-1-colyli@suse.de Signed-off-by: Jonathan Corbet <corbet@lwn.net>
2020-07-13Documentation: security/keys: eliminate duplicated wordRandy Dunlap
Drop the doubled word "in". Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Cc: Jonathan Corbet <corbet@lwn.net> Cc: linux-doc@vger.kernel.org Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Cc: Mimi Zohar <zohar@linux.ibm.com> Cc: linux-integrity@vger.kernel.org Cc: keyrings@vger.kernel.org Link: https://lore.kernel.org/r/20200707180414.10467-19-rdunlap@infradead.org Signed-off-by: Jonathan Corbet <corbet@lwn.net>
2019-06-08docs: security: trusted-encrypted.rst: fix code-block tagMauro Carvalho Chehab
The code-block tag is at the wrong place, causing those warnings: Documentation/security/keys/trusted-encrypted.rst:112: WARNING: Literal block expected; none found. Documentation/security/keys/trusted-encrypted.rst:121: WARNING: Unexpected indentation. Documentation/security/keys/trusted-encrypted.rst:122: WARNING: Block quote ends without a blank line; unexpected unindent. Documentation/security/keys/trusted-encrypted.rst:123: WARNING: Block quote ends without a blank line; unexpected unindent. Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org> Acked-by: James Morris <jamorris@linux.microsoft.com> Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
2019-01-02Merge branch 'next-integrity' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull integrity updates from James Morris: "In Linux 4.19, a new LSM hook named security_kernel_load_data was upstreamed, allowing LSMs and IMA to prevent the kexec_load syscall. Different signature verification methods exist for verifying the kexec'ed kernel image. This adds additional support in IMA to prevent loading unsigned kernel images via the kexec_load syscall, independently of the IMA policy rules, based on the runtime "secure boot" flag. An initial IMA kselftest is included. In addition, this pull request defines a new, separate keyring named ".platform" for storing the preboot/firmware keys needed for verifying the kexec'ed kernel image's signature and includes the associated IMA kexec usage of the ".platform" keyring. (David Howell's and Josh Boyer's patches for reading the preboot/firmware keys, which were previously posted for a different use case scenario, are included here)" * 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: integrity: Remove references to module keyring ima: Use inode_is_open_for_write ima: Support platform keyring for kernel appraisal efi: Allow the "db" UEFI variable to be suppressed efi: Import certificates from UEFI Secure Boot efi: Add an EFI signature blob parser efi: Add EFI signature data types integrity: Load certs to the platform keyring integrity: Define a trusted platform keyring selftests/ima: kexec_load syscall test ima: don't measure/appraise files on efivarfs x86/ima: retry detecting secure boot mode docs: Extend trusted keys documentation for TPM 2.0 x86/ima: define arch_get_ima_policy() for x86 ima: add support for arch specific policies ima: refactor ima_init_policy() ima: prevent kexec_load syscall based on runtime secureboot flag x86/ima: define arch_ima_get_secureboot integrity: support new struct public_key_signature encoding field
2018-12-13keys-encrypted: add nvdimm key format type to encrypted keysDave Jiang
Adding nvdimm key format type to encrypted keys in order to limit the size of the key to 32bytes. Signed-off-by: Dave Jiang <dave.jiang@intel.com> Acked-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
2018-12-11docs: Extend trusted keys documentation for TPM 2.0Stefan Berger
Extend the documentation for trusted keys with documentation for how to set up a key for a TPM 2.0 so it can be used with a TPM 2.0 as well. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Dave Jiang <dave.jiang@intel.com> Acked-by: Dan Williams <dan.j.williams@intel.com> Acked-by: Jerry Snitselaar <jsnitsel@redhat.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2017-08-24docs: Fix paths in security/keysJosh Holland
Several paths in the security/keys documentation were incorrect. Signed-off-by: Josh Holland <anowlcalledjosh@gmail.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
2017-05-18doc: ReSTify keys-trusted-encrypted.txtKees Cook
Adjusts for ReST markup and moves under keys security devel index. Cc: David Howells <dhowells@redhat.com> Cc: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net>