| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240403072131.54935-6-david@sigma-star.at> Date: Wed, 3 Apr 2024 09:21:21 +0200 From: David Gstir <david@...ma-star.at> To: Mimi Zohar <zohar@...ux.ibm.com>, James Bottomley <jejb@...ux.ibm.com>, Jarkko Sakkinen <jarkko@...nel.org>, Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net> Cc: David Gstir <david@...ma-star.at>, Shawn Guo <shawnguo@...nel.org>, Jonathan Corbet <corbet@....net>, Sascha Hauer <s.hauer@...gutronix.de>, Pengutronix Kernel Team <kernel@...gutronix.de>, Fabio Estevam <festevam@...il.com>, NXP Linux Team <linux-imx@....com>, Ahmad Fatoum <a.fatoum@...gutronix.de>, sigma star Kernel Team <upstream+dcp@...ma-star.at>, David Howells <dhowells@...hat.com>, Li Yang <leoyang.li@....com>, Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, "Paul E. McKenney" <paulmck@...nel.org>, Randy Dunlap <rdunlap@...radead.org>, Catalin Marinas <catalin.marinas@....com>, "Rafael J. Wysocki" <rafael.j.wysocki@...el.com>, Tejun Heo <tj@...nel.org>, "Steven Rostedt (Google)" <rostedt@...dmis.org>, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org, linux-integrity@...r.kernel.org, keyrings@...r.kernel.org, linux-crypto@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, linuxppc-dev@...ts.ozlabs.org, linux-security-module@...r.kernel.org, Richard Weinberger <richard@....at>, David Oberhollenzer <david.oberhollenzer@...ma-star.at> Subject: [PATCH v8 5/6] docs: document DCP-backed trusted keys kernel params Document the kernel parameters trusted.dcp_use_otp_key and trusted.dcp_skip_zk_test for DCP-backed trusted keys. Co-developed-by: Richard Weinberger <richard@....at> Signed-off-by: Richard Weinberger <richard@....at> Co-developed-by: David Oberhollenzer <david.oberhollenzer@...ma-star.at> Signed-off-by: David Oberhollenzer <david.oberhollenzer@...ma-star.at> Signed-off-by: David Gstir <david@...ma-star.at> Reviewed-by: Jarkko Sakkinen <jarkko@...nel.org> --- Documentation/admin-guide/kernel-parameters.txt | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 24c02c704049..3a59abf06039 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -6698,6 +6698,7 @@ - "tpm" - "tee" - "caam" + - "dcp" If not specified then it defaults to iterating through the trust source list starting with TPM and assigns the first trust source as a backend which is initialized @@ -6713,6 +6714,18 @@ If not specified, "default" is used. In this case, the RNG's choice is left to each individual trust source. + trusted.dcp_use_otp_key + This is intended to be used in combination with + trusted.source=dcp and will select the DCP OTP key + instead of the DCP UNIQUE key blob encryption. + + trusted.dcp_skip_zk_test + This is intended to be used in combination with + trusted.source=dcp and will disable the check if the + blob key is all zeros. This is helpful for situations where + having this key zero'ed is acceptable. E.g. in testing + scenarios. + tsc= Disable clocksource stability checks for TSC. Format: <string> [x86] reliable: mark tsc clocksource as reliable, this -- 2.35.3
Powered by blists - more mailing lists