| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <D04N3769KDZ2.3SYZTF7EJ68MG@kernel.org> Date: Wed, 27 Mar 2024 17:32:06 +0200 From: "Jarkko Sakkinen" <jarkko@...nel.org> To: "David Gstir" <david@...ma-star.at>, "Mimi Zohar" <zohar@...ux.ibm.com>, "James Bottomley" <jejb@...ux.ibm.com>, "Herbert Xu" <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net> Cc: "Shawn Guo" <shawnguo@...nel.org>, "Jonathan Corbet" <corbet@....net>, "Sascha Hauer" <s.hauer@...gutronix.de>, "Pengutronix Kernel Team" <kernel@...gutronix.de>, "Fabio Estevam" <festevam@...il.com>, "NXP Linux Team" <linux-imx@....com>, "Ahmad Fatoum" <a.fatoum@...gutronix.de>, "sigma star Kernel Team" <upstream+dcp@...ma-star.at>, "David Howells" <dhowells@...hat.com>, "Li Yang" <leoyang.li@....com>, "Paul Moore" <paul@...l-moore.com>, "James Morris" <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, "Paul E. McKenney" <paulmck@...nel.org>, "Randy Dunlap" <rdunlap@...radead.org>, "Catalin Marinas" <catalin.marinas@....com>, "Rafael J. Wysocki" <rafael.j.wysocki@...el.com>, "Tejun Heo" <tj@...nel.org>, "Steven Rostedt (Google)" <rostedt@...dmis.org>, <linux-doc@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <linux-integrity@...r.kernel.org>, <keyrings@...r.kernel.org>, <linux-crypto@...r.kernel.org>, <linux-arm-kernel@...ts.infradead.org>, <linuxppc-dev@...ts.ozlabs.org>, <linux-security-module@...r.kernel.org>, "Richard Weinberger" <richard@....at>, "David Oberhollenzer" <david.oberhollenzer@...ma-star.at> Subject: Re: [PATCH v7 5/6] docs: document DCP-backed trusted keys kernel params On Wed Mar 27, 2024 at 10:24 AM EET, David Gstir wrote: > Document the kernel parameters trusted.dcp_use_otp_key > and trusted.dcp_skip_zk_test for DCP-backed trusted keys. > > Co-developed-by: Richard Weinberger <richard@....at> > Signed-off-by: Richard Weinberger <richard@....at> > Co-developed-by: David Oberhollenzer <david.oberhollenzer@...ma-star.at> > Signed-off-by: David Oberhollenzer <david.oberhollenzer@...ma-star.at> > Signed-off-by: David Gstir <david@...ma-star.at> > --- > Documentation/admin-guide/kernel-parameters.txt | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt > index 24c02c704049..b6944e57768a 100644 > --- a/Documentation/admin-guide/kernel-parameters.txt > +++ b/Documentation/admin-guide/kernel-parameters.txt > @@ -6698,6 +6698,7 @@ > - "tpm" > - "tee" > - "caam" > + - "dcp" > If not specified then it defaults to iterating through > the trust source list starting with TPM and assigns the > first trust source as a backend which is initialized > @@ -6713,6 +6714,18 @@ > If not specified, "default" is used. In this case, > the RNG's choice is left to each individual trust source. > > + trusted.dcp_use_otp_key > + This is intended to be used in combination with > + trusted.source=dcp and will select the DCP OTP key > + instead of the DCP UNIQUE key blob encryption. > + > + trusted.dcp_skip_zk_test > + This is intended to be used in combination with > + trusted.source=dcp and will disable the check if all > + the blob key is zero'ed. This is helpful for situations where > + having this key zero'ed is acceptable. E.g. in testing > + scenarios. > + > tsc= Disable clocksource stability checks for TSC. > Format: <string> > [x86] reliable: mark tsc clocksource as reliable, this Nicely documented, i.e. even I can understand what is said here :-) Reviewed-by: Jarkko Sakkinen <jarkko@...nel.org> BR, Jarkko
Powered by blists - more mailing lists