[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <CZNRO3HH6T0W.R91RSALY7S88@kernel.org>
Date: Thu, 07 Mar 2024 21:32:08 +0200
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "David Gstir" <david@...ma-star.at>, "Mimi Zohar" <zohar@...ux.ibm.com>,
"James Bottomley" <jejb@...ux.ibm.com>, "Herbert Xu"
<herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>
Cc: "Shawn Guo" <shawnguo@...nel.org>, "Jonathan Corbet" <corbet@....net>,
"Sascha Hauer" <s.hauer@...gutronix.de>, "Pengutronix Kernel Team"
<kernel@...gutronix.de>, "Fabio Estevam" <festevam@...il.com>, "NXP Linux
Team" <linux-imx@....com>, "Ahmad Fatoum" <a.fatoum@...gutronix.de>, "sigma
star Kernel Team" <upstream+dcp@...ma-star.at>, "David Howells"
<dhowells@...hat.com>, "Li Yang" <leoyang.li@....com>, "Paul Moore"
<paul@...l-moore.com>, "James Morris" <jmorris@...ei.org>, "Serge E.
Hallyn" <serge@...lyn.com>, "Paul E. McKenney" <paulmck@...nel.org>, "Randy
Dunlap" <rdunlap@...radead.org>, "Catalin Marinas"
<catalin.marinas@....com>, "Rafael J. Wysocki"
<rafael.j.wysocki@...el.com>, "Tejun Heo" <tj@...nel.org>, "Steven Rostedt
(Google)" <rostedt@...dmis.org>, <linux-doc@...r.kernel.org>,
<linux-kernel@...r.kernel.org>, <linux-integrity@...r.kernel.org>,
<keyrings@...r.kernel.org>, <linux-crypto@...r.kernel.org>,
<linux-arm-kernel@...ts.infradead.org>, <linuxppc-dev@...ts.ozlabs.org>,
<linux-security-module@...r.kernel.org>, "Richard Weinberger"
<richard@....at>, "David Oberhollenzer" <david.oberhollenzer@...ma-star.at>
Subject: Re: [PATCH v6 5/6] docs: document DCP-backed trusted keys kernel
params
On Thu Mar 7, 2024 at 5:38 PM EET, David Gstir wrote:
> Document the kernel parameters trusted.dcp_use_otp_key
> and trusted.dcp_skip_zk_test for DCP-backed trusted keys.
>
> Co-developed-by: Richard Weinberger <richard@....at>
> Signed-off-by: Richard Weinberger <richard@....at>
> Co-developed-by: David Oberhollenzer <david.oberhollenzer@...ma-star.at>
> Signed-off-by: David Oberhollenzer <david.oberhollenzer@...ma-star.at>
> Signed-off-by: David Gstir <david@...ma-star.at>
> ---
> Documentation/admin-guide/kernel-parameters.txt | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 24c02c704049..b6944e57768a 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -6698,6 +6698,7 @@
> - "tpm"
> - "tee"
> - "caam"
> + - "dcp"
> If not specified then it defaults to iterating through
> the trust source list starting with TPM and assigns the
> first trust source as a backend which is initialized
> @@ -6713,6 +6714,18 @@
> If not specified, "default" is used. In this case,
> the RNG's choice is left to each individual trust source.
>
> + trusted.dcp_use_otp_key
> + This is intended to be used in combination with
> + trusted.source=dcp and will select the DCP OTP key
> + instead of the DCP UNIQUE key blob encryption.
> +
> + trusted.dcp_skip_zk_test
> + This is intended to be used in combination with
> + trusted.source=dcp and will disable the check if all
> + the blob key is zero'ed. This is helpful for situations where
> + having this key zero'ed is acceptable. E.g. in testing
> + scenarios.
> +
> tsc= Disable clocksource stability checks for TSC.
> Format: <string>
> [x86] reliable: mark tsc clocksource as reliable, this
I don't disagree with the API part.
Mimi?
BR, Jarkko
Powered by blists - more mailing lists