Home
last modified time | relevance | path

Searched full:encrypted (Results 1 – 25 of 423) sorted by relevance

12345678910>>...17

/linux-6.14.4/tools/perf/pmu-events/arch/s390/cf_z16/
Dpai_crypto.json34 "BriefDescription": "KM ENCRYPTED DEA",
35 "PublicDescription": "KM-Encrypted-DEA function ending with CC=0"
41 "BriefDescription": "KM ENCRYPTED TDEA 128",
42 "PublicDescription": "KM-Encrypted-TDEA-128 function ending with CC=0"
48 "BriefDescription": "KM ENCRYPTED TDEA 192",
49 "PublicDescription": "KM-Encrypted-TDEA-192 function ending with CC=0"
76 "BriefDescription": "KM ENCRYPTED AES 128",
77 "PublicDescription": "KM-Encrypted-AES-128 function ending with CC=0"
83 "BriefDescription": "KM ENCRYPTED AES 192",
84 "PublicDescription": "KM-Encrypted-AES-192 function ending with CC=0"
[all …]
/linux-6.14.4/Documentation/security/keys/
Decryptfs.rst2 Encrypted keys for the eCryptfs filesystem
8 Each FEK is in turn encrypted with a File Encryption Key Encryption Key (FEKEK)
12 the FEK is encrypted by 'ecryptfsd' with the help of external libraries in order
22 The 'encrypted' key type has been extended with the introduction of the new
24 filesystem. Encrypted keys of the newly introduced format store an
31 encrypted form.
33 The eCryptfs filesystem may really benefit from using encrypted keys in that the
42 keyctl add encrypted name "new ecryptfs key-type:master-key-name keylen" ring
43 keyctl add encrypted name "load hex_blob" ring
53 Example of encrypted key usage with the eCryptfs filesystem:
[all …]
Dtrusted-encrypted.rst2 Trusted and Encrypted Keys
5 Trusted and Encrypted Keys are two new key types added to the existing kernel
8 stores, and loads only encrypted blobs. Trusted Keys require the availability
9 of a Trust Source for greater security, while Encrypted Keys can be used on any
133 New keys are created from random numbers. They are encrypted/decrypted using
166 Encrypted Keys
169 Encrypted keys do not depend on a trust source, and are faster, as they use AES
171 random numbers or user-provided decrypted data, and are encrypted/decrypted
173 user-key type. The main disadvantage of encrypted keys is that if they are not
278 Encrypted Keys usage
[all …]
/linux-6.14.4/fs/crypto/
Dhooks.c11 * fscrypt_file_open() - prepare to open a possibly-encrypted regular file
15 * Currently, an encrypted regular file can only be opened if its encryption key
16 * is available; access to the raw encrypted contents is not supported.
21 * is being opened) is encrypted, then the inode being opened uses the same
23 * in an encrypted directory tree use the same encryption policy, as a
26 * an unencrypted file in an encrypted directory.
48 * unencrypted, or encrypted with any policy). Only continue on to the in fscrypt_file_open()
49 * full policy check if the parent directory is actually encrypted. in fscrypt_file_open()
133 * @dir: the encrypted directory being searched
192 * When the CASEFOLD flag is set on an encrypted directory, we must in fscrypt_prepare_setflags()
[all …]
Dfname.c24 * before being encrypted.
31 * When userspace lists an encrypted directory without access to the key, the
86 * @out: (output) the encrypted filename
87 * @olen: size of the encrypted filename. It must be at least @iname->len.
141 * @iname: the encrypted filename to decrypt
280 * fscrypt_fname_encrypted_size() - calculate length of encrypted filename
281 * @inode: parent inode of dentry name being encrypted. Key must
304 * @max_encrypted_len: maximum length of encrypted filenames the buffer will be
309 * filename (null-terminated), for the given maximum encrypted filename length.
343 * fscrypt_fname_disk_to_usr() - convert an encrypted filename to
[all …]
/linux-6.14.4/Documentation/filesystems/
Dfscrypt.rst35 and CephFS. This allows encrypted files to be read and written
36 without caching both the decrypted and encrypted pages in the
39 inodes are needed. eCryptfs also limits encrypted filenames to 143
45 supports marking an empty directory as encrypted. Then, after
48 encrypted.
118 "locked", i.e. in ciphertext or encrypted form.
124 encrypted files and directories before removing a master key, as
126 encrypted directory.
156 with another user's encrypted files to which they have read-only
169 policies on all new encrypted directories.
[all …]
/linux-6.14.4/arch/x86/mm/
Dmem_encrypt_boot.S23 * RDI - virtual address for the encrypted mapping
36 /* Set up a one page stack in the non-encrypted memory area */
42 movq %rdi, %r10 /* Encrypted area */
53 movq %r10, %rdi /* Encrypted area */
78 * the kernel will be encrypted during the process. So this
84 * RDI - virtual address for the encrypted mapping
92 * The area will be encrypted by copying from the non-encrypted
94 * intermediate buffer back to the encrypted memory space. The physical
96 * being encrypted "in place".
112 movq %rdi, %r10 /* Save encrypted area address */
[all …]
Dmem_encrypt_identity.c88 * By using this section, the kernel can be encrypted in place and it
312 * by the kernel and initrd as encrypted. in sme_encrypt_kernel()
353 * One PGD for both encrypted and decrypted mappings and a set of in sme_encrypt_kernel()
354 * PUDs and PMDs for each of the encrypted and decrypted mappings. in sme_encrypt_kernel()
378 * pagetables and when the new encrypted and decrypted kernel in sme_encrypt_kernel()
398 * and initrd to be encrypted. It starts with an empty PGD that will in sme_encrypt_kernel()
399 * then be populated with new PUDs and PMDs as the encrypted and in sme_encrypt_kernel()
421 /* Add encrypted kernel (identity) mappings */ in sme_encrypt_kernel()
434 /* Add encrypted initrd (identity) mappings */ in sme_encrypt_kernel()
469 * At this point we are running encrypted. Remove the mappings for in sme_encrypt_kernel()
[all …]
/linux-6.14.4/security/keys/encrypted-keys/
DMakefile3 # Makefile for encrypted keys
6 obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys.o
8 encrypted-keys-y := encrypted.o ecryptfs_format.o
11 encrypted-keys-y += $(masterkey-y) $(masterkey-m-m)
Dmasterkey_trusted.c11 * See Documentation/security/keys/trusted-encrypted.rst
17 #include <keys/encrypted-type.h>
18 #include "encrypted.h"
24 * manages both trusted/encrypted key-types, like the encrypted key type
Dencrypted.c11 * See Documentation/security/keys/trusted-encrypted.rst
23 #include <keys/encrypted-type.h>
35 #include "encrypted.h"
84 "Allow instantiation of encrypted keys using provided decrypted data");
103 * valid_ecryptfs_desc - verify the description of a new/loaded encrypted key
105 * The description of a encrypted key with format 'ecryptfs' must contain
168 * <encrypted iv + data>
294 /* convert the hex encoded iv, encrypted-data and HMAC to ascii */ in datablob_format()
305 * Use a user provided key to encrypt/decrypt an encrypted-key.
515 /* verify HMAC before decrypting encrypted key */
[all …]
/linux-6.14.4/security/keys/
DKconfig78 Userspace will only ever see encrypted blobs.
87 tristate "ENCRYPTED KEYS"
97 in the kernel. Encrypted keys are instantiated using kernel
99 encrypted/decrypted with a 'master' symmetric key. The 'master'
100 key can be either a trusted-key or user-key type. Only encrypted
106 bool "Allow encrypted keys with user decrypted data"
109 This option provides support for instantiating encrypted keys using
/linux-6.14.4/Documentation/arch/x86/
Damd-memory-encryption.rst7 Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV) are
10 SME provides the ability to mark individual pages of memory as encrypted using
11 the standard x86 page tables. A page that is marked encrypted will be
12 automatically decrypted when read from DRAM and encrypted when written to
16 SEV enables running encrypted virtual machines (VMs) in which the code and data
19 memory. Private memory is encrypted with the guest-specific key, while shared
20 memory may be encrypted with hypervisor key. When SME is enabled, the hypervisor
23 A page is encrypted when a page table entry has the encryption bit set (see
25 specified in the cr3 register, allowing the PGD table to be encrypted. Each
26 successive level of page tables can also be encrypted by setting the encryption
[all …]
/linux-6.14.4/Documentation/driver-api/nvdimm/
Dsecurity.rst51 A nvdimm encrypted-key of format enc32 has the description format of:
54 See file ``Documentation/security/keys/trusted-encrypted.rst`` for creating
55 encrypted-keys of enc32 format. TPM usage with a master trusted key is
56 preferred for sealing the encrypted-keys.
64 relevant encrypted-keys into the kernel user keyring during the initramfs phase.
115 An encrypted-key with the current user passphrase that is tied to the nvdimm
125 is just another encrypted-key.
136 another encrypted-key.
/linux-6.14.4/Documentation/virt/kvm/s390/
Ds390-pv-boot.rst12 Memory made accessible to the hypervisor will be encrypted. See
16 information about the encrypted components and necessary metadata to
27 switch into PV mode itself, the user can load encrypted guest
59 The components are for instance an encrypted kernel, kernel parameters
62 After the initial import of the encrypted data, all defined pages will
82 encrypted images.
Ds390-pv-dump.rst20 provides an interface to KVM over which encrypted CPU and memory data
34 and extracts dump keys with which the VM dump data will be encrypted.
46 write out the encrypted vcpu state, but also the unencrypted state
49 The memory state is further divided into the encrypted memory and its
51 encrypted memory can simply be read once it has been exported. The
/linux-6.14.4/net/tls/
Dtrace.h47 bool encrypted, bool decrypted),
49 TP_ARGS(sk, tcp_seq, rec_no, rec_len, encrypted, decrypted),
56 __field( bool, encrypted )
65 __entry->encrypted = encrypted;
70 "sk=%p tcp_seq=%u rec_no=%llu len=%u encrypted=%d decrypted=%d",
73 __entry->encrypted, __entry->decrypted
/linux-6.14.4/arch/x86/crypto/
Dcast5-avx-x86_64-asm_64.S227 * RL1: encrypted blocks 1 and 2
228 * RR1: encrypted blocks 3 and 4
229 * RL2: encrypted blocks 5 and 6
230 * RR2: encrypted blocks 7 and 8
231 * RL3: encrypted blocks 9 and 10
232 * RR3: encrypted blocks 11 and 12
233 * RL4: encrypted blocks 13 and 14
234 * RR4: encrypted blocks 15 and 16
291 * RL1: encrypted blocks 1 and 2
292 * RR1: encrypted blocks 3 and 4
[all …]
/linux-6.14.4/Documentation/admin-guide/device-mapper/
Ddm-crypt.rst70 Either 'logon', 'user', 'encrypted' or 'trusted' kernel key type.
78 then sectors are encrypted according to their offsets (sector 0 uses key0;
87 encrypted data. You can specify it as a path like /dev/xxx or a device
91 Starting sector within the device where the encrypted data begins.
106 option. For example, allowing discards on encrypted devices may lead to
146 integrity for the encrypted device. The additional space is then
172 concurrency (the split requests could be encrypted in parallel by multiple
179 concurrency (the split requests could be encrypted in parallel by multiple
/linux-6.14.4/include/linux/
Dfscrypt.h179 * filesystem may write encrypted file contents, NULL if the filesystem
187 * devices that aren't used for encrypted file contents, such as
215 * Return: %true iff the inode is an encrypted regular file and the kernel was
257 * dentry that was created in an encrypted directory that hasn't had its
260 * When a filesystem is asked to create a new filename in an encrypted directory
299 * Unencrypted dentries and encrypted dentries where the in fscrypt_prepare_dentry()
899 * @inode: an inode. If encrypted, its key must be set up.
914 * @inode: an inode. If encrypted, its key must be set up.
941 * fscrypt_prepare_link() - prepare to link an inode into a possibly-encrypted
947 * A new link can only be added to an encrypted directory if the directory's
[all …]
/linux-6.14.4/arch/x86/kvm/
DKconfig142 bool "AMD Secure Encrypted Virtualization (SEV) support"
151 Provides support for launching encrypted VMs which use Secure
152 Encrypted Virtualization (SEV), Secure Encrypted Virtualization with
153 Encrypted State (SEV-ES), and Secure Encrypted Virtualization with
/linux-6.14.4/Documentation/process/
Dembargoed-hardware-issues.rst38 The list is encrypted and email to the list can be sent by either PGP or
39 S/MIME encrypted and must be signed with the reporter's PGP key or S/MIME
62 The encrypted mailing-lists which are used in our process are hosted on
120 other factors and should be only used when absolutely necessary. Encrypted
135 The hardware security team will provide an incident-specific encrypted
172 team via the specific encrypted mailing-list.
181 The initial response team sets up an encrypted mailing-list or repurposes
319 Encrypted mailing-lists
322 We use encrypted mailing lists for communication. The operating principle
323 of these lists is that email sent to the list is encrypted either with the
[all …]
/linux-6.14.4/net/rxrpc/
Drxkad.c768 response->encrypted.checksum = htonl(csum); in rxkad_calc_response_checksum()
790 sg_set_buf(sg, &resp->encrypted, sizeof(resp->encrypted)); in rxkad_encrypt_response()
793 skcipher_request_set_crypt(req, sg, sg, sizeof(resp->encrypted), iv.x); in rxkad_encrypt_response()
850 resp->encrypted.epoch = htonl(conn->proto.epoch); in rxkad_respond_to_challenge()
851 resp->encrypted.cid = htonl(conn->proto.cid); in rxkad_respond_to_challenge()
852 resp->encrypted.securityIndex = htonl(conn->security_ix); in rxkad_respond_to_challenge()
853 resp->encrypted.inc_nonce = htonl(nonce + 1); in rxkad_respond_to_challenge()
854 resp->encrypted.level = htonl(conn->security_level); in rxkad_respond_to_challenge()
857 resp->encrypted.call_id[0] = htonl(conn->channels[0].call_counter); in rxkad_respond_to_challenge()
858 resp->encrypted.call_id[1] = htonl(conn->channels[1].call_counter); in rxkad_respond_to_challenge()
[all …]
/linux-6.14.4/arch/x86/coco/
Dcore.c64 * will access all memory as encrypted. So, when APs are being brought
65 * up under SME the trampoline area cannot be encrypted, whereas under SEV
66 * the trampoline area must be encrypted.
132 * - for AMD, bit *set* means the page is encrypted in cc_mkenc()
133 * - for AMD with vTOM and for Intel, *clear* means encrypted in cc_mkenc()
/linux-6.14.4/Documentation/power/
Dswsusp-dmcrypt.rst16 Now your system is properly set up, your disk is encrypted except for
26 up dm-crypt and then asks swsusp to resume from the encrypted
56 card contains at least the encrypted swap setup in a file
67 initrd that allows you to resume from encrypted swap and that
133 Otherwise we just remove the encrypted swap device and leave it to the

12345678910>>...17