From: David Gstir <david@sigma-star.at>
To: Mimi Zohar <zohar@linux.ibm.com>,
James Bottomley <jejb@linux.ibm.com>,
Jarkko Sakkinen <jarkko@kernel.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>
Cc: David Gstir <david@sigma-star.at>,
Shawn Guo <shawnguo@kernel.org>, Jonathan Corbet <corbet@lwn.net>,
Sascha Hauer <s.hauer@pengutronix.de>,
Pengutronix Kernel Team <kernel@pengutronix.de>,
Fabio Estevam <festevam@gmail.com>,
NXP Linux Team <linux-imx@nxp.com>,
Ahmad Fatoum <a.fatoum@pengutronix.de>,
sigma star Kernel Team <upstream+dcp@sigma-star.at>,
David Howells <dhowells@redhat.com>, Li Yang <leoyang.li@nxp.com>,
Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Paul E. McKenney" <paulmck@kernel.org>,
Randy Dunlap <rdunlap@infradead.org>,
Catalin Marinas <catalin.marinas@arm.com>,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
Tejun Heo <tj@kernel.org>,
"Steven Rostedt (Google)" <rostedt@goodmis.org>,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linuxppc-dev@lists.ozlabs.org,
linux-security-module@vger.kernel.org,
Richard Weinberger <richard@nod.at>,
David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Subject: [PATCH v5 5/6] docs: document DCP-backed trusted keys kernel params
Date: Fri, 15 Dec 2023 12:06:32 +0100 [thread overview]
Message-ID: <20231215110639.45522-6-david@sigma-star.at> (raw)
In-Reply-To: <20231215110639.45522-1-david@sigma-star.at>
Document the kernel parameters trusted.dcp_use_otp_key
and trusted.dcp_skip_zk_test for DCP-backed trusted keys.
Co-developed-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
Co-developed-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: David Gstir <david@sigma-star.at>
---
Documentation/admin-guide/kernel-parameters.txt | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 0a1731a0f0ef..c11eda8b38e0 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -6566,6 +6566,7 @@
- "tpm"
- "tee"
- "caam"
+ - "dcp"
If not specified then it defaults to iterating through
the trust source list starting with TPM and assigns the
first trust source as a backend which is initialized
@@ -6581,6 +6582,18 @@
If not specified, "default" is used. In this case,
the RNG's choice is left to each individual trust source.
+ trusted.dcp_use_otp_key
+ This is intended to be used in combination with
+ trusted.source=dcp and will select the DCP OTP key
+ instead of the DCP UNIQUE key blob encryption.
+
+ trusted.dcp_skip_zk_test
+ This is intended to be used in combination with
+ trusted.source=dcp and will disable the check if all
+ the blob key is zero'ed. This is helpful for situations where
+ having this key zero'ed is acceptable. E.g. in testing
+ scenarios.
+
tsc= Disable clocksource stability checks for TSC.
Format: <string>
[x86] reliable: mark tsc clocksource as reliable, this
--
2.35.3
WARNING: multiple messages have this Message-ID (diff)
From: David Gstir <david@sigma-star.at>
To: Mimi Zohar <zohar@linux.ibm.com>,
James Bottomley <jejb@linux.ibm.com>,
Jarkko Sakkinen <jarkko@kernel.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>
Cc: David Gstir <david@sigma-star.at>,
Shawn Guo <shawnguo@kernel.org>, Jonathan Corbet <corbet@lwn.net>,
Sascha Hauer <s.hauer@pengutronix.de>,
Pengutronix Kernel Team <kernel@pengutronix.de>,
Fabio Estevam <festevam@gmail.com>,
NXP Linux Team <linux-imx@nxp.com>,
Ahmad Fatoum <a.fatoum@pengutronix.de>,
sigma star Kernel Team <upstream+dcp@sigma-star.at>,
David Howells <dhowells@redhat.com>, Li Yang <leoyang.li@nxp.com>,
Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Paul E. McKenney" <paulmck@kernel.org>,
Randy Dunlap <rdunlap@infradead.org>,
Catalin Marinas <catalin.marinas@arm.com>,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
Tejun Heo <tj@kernel.org>,
"Steven Rostedt (Google)" <rostedt@goodmis.org>,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linuxppc-dev@lists.ozlabs.org,
linux-security-module@vger.kernel.org,
Richard Weinberger <richard@nod.at>,
David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Subject: [PATCH v5 5/6] docs: document DCP-backed trusted keys kernel params
Date: Fri, 15 Dec 2023 12:06:32 +0100 [thread overview]
Message-ID: <20231215110639.45522-6-david@sigma-star.at> (raw)
In-Reply-To: <20231215110639.45522-1-david@sigma-star.at>
Document the kernel parameters trusted.dcp_use_otp_key
and trusted.dcp_skip_zk_test for DCP-backed trusted keys.
Co-developed-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
Co-developed-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: David Gstir <david@sigma-star.at>
---
Documentation/admin-guide/kernel-parameters.txt | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 0a1731a0f0ef..c11eda8b38e0 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -6566,6 +6566,7 @@
- "tpm"
- "tee"
- "caam"
+ - "dcp"
If not specified then it defaults to iterating through
the trust source list starting with TPM and assigns the
first trust source as a backend which is initialized
@@ -6581,6 +6582,18 @@
If not specified, "default" is used. In this case,
the RNG's choice is left to each individual trust source.
+ trusted.dcp_use_otp_key
+ This is intended to be used in combination with
+ trusted.source=dcp and will select the DCP OTP key
+ instead of the DCP UNIQUE key blob encryption.
+
+ trusted.dcp_skip_zk_test
+ This is intended to be used in combination with
+ trusted.source=dcp and will disable the check if all
+ the blob key is zero'ed. This is helpful for situations where
+ having this key zero'ed is acceptable. E.g. in testing
+ scenarios.
+
tsc= Disable clocksource stability checks for TSC.
Format: <string>
[x86] reliable: mark tsc clocksource as reliable, this
--
2.35.3
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: David Gstir <david@sigma-star.at>
To: Mimi Zohar <zohar@linux.ibm.com>,
James Bottomley <jejb@linux.ibm.com>,
Jarkko Sakkinen <jarkko@kernel.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>
Cc: David Gstir <david@sigma-star.at>,
linux-doc@vger.kernel.org,
Catalin Marinas <catalin.marinas@arm.com>,
David Howells <dhowells@redhat.com>,
keyrings@vger.kernel.org, Fabio Estevam <festevam@gmail.com>,
Ahmad Fatoum <a.fatoum@pengutronix.de>,
Paul Moore <paul@paul-moore.com>,
Jonathan Corbet <corbet@lwn.net>,
Richard Weinberger <richard@nod.at>,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
James Morris <jmorris@namei.org>,
NXP Linux Team <linux-imx@nxp.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Paul E. McKenney" <paulmck@kernel.org>,
Sascha Hauer <s.hauer@pengutronix.de>,
sigma star Kernel Team <upstream+dcp@sigma-star.at>,
"Steven Rostedt \(Google\)" <rostedt@goodmis.org>,
David Oberhollenzer <david.oberhollenzer@sigma-star.at>,
linux-arm-kernel@lists.infradead.org,
linuxppc-dev@lists.ozlabs.org,
Randy Dunlap <rdunlap@infradead.org>,
linux-kernel@vger.kernel.org, Li Yang <leoyang.li@nxp.com>,
linux-security-module@vger.kernel.org,
linux-crypto@vger.kernel.org,
Pengutroni x Kernel Team <kernel@pengutronix.de>,
Tejun Heo <tj@kernel.org>,
linux-integrity@vger.kernel.org, Shawn Guo <shawnguo@kernel.org>
Subject: [PATCH v5 5/6] docs: document DCP-backed trusted keys kernel params
Date: Fri, 15 Dec 2023 12:06:32 +0100 [thread overview]
Message-ID: <20231215110639.45522-6-david@sigma-star.at> (raw)
In-Reply-To: <20231215110639.45522-1-david@sigma-star.at>
Document the kernel parameters trusted.dcp_use_otp_key
and trusted.dcp_skip_zk_test for DCP-backed trusted keys.
Co-developed-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
Co-developed-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: David Gstir <david@sigma-star.at>
---
Documentation/admin-guide/kernel-parameters.txt | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 0a1731a0f0ef..c11eda8b38e0 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -6566,6 +6566,7 @@
- "tpm"
- "tee"
- "caam"
+ - "dcp"
If not specified then it defaults to iterating through
the trust source list starting with TPM and assigns the
first trust source as a backend which is initialized
@@ -6581,6 +6582,18 @@
If not specified, "default" is used. In this case,
the RNG's choice is left to each individual trust source.
+ trusted.dcp_use_otp_key
+ This is intended to be used in combination with
+ trusted.source=dcp and will select the DCP OTP key
+ instead of the DCP UNIQUE key blob encryption.
+
+ trusted.dcp_skip_zk_test
+ This is intended to be used in combination with
+ trusted.source=dcp and will disable the check if all
+ the blob key is zero'ed. This is helpful for situations where
+ having this key zero'ed is acceptable. E.g. in testing
+ scenarios.
+
tsc= Disable clocksource stability checks for TSC.
Format: <string>
[x86] reliable: mark tsc clocksource as reliable, this
--
2.35.3
next prev parent reply other threads:[~2023-12-15 11:07 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-15 11:06 [PATCH v5 0/6] DCP as trusted keys backend David Gstir
2023-12-15 11:06 ` David Gstir
2023-12-15 11:06 ` David Gstir
2023-12-15 11:06 ` [PATCH v5 1/6] crypto: mxs-dcp: Add support for hardware-bound keys David Gstir
2023-12-15 11:06 ` David Gstir
2023-12-15 11:06 ` David Gstir
2024-03-04 22:15 ` Jarkko Sakkinen
2024-03-04 22:15 ` Jarkko Sakkinen
2024-03-04 22:15 ` Jarkko Sakkinen
2024-03-04 22:27 ` Jarkko Sakkinen
2024-03-04 22:27 ` Jarkko Sakkinen
2024-03-04 22:27 ` Jarkko Sakkinen
2023-12-15 11:06 ` [PATCH v5 2/6] KEYS: trusted: improve scalability of trust source config David Gstir
2023-12-15 11:06 ` David Gstir
2023-12-15 11:06 ` David Gstir
2024-03-04 22:35 ` Jarkko Sakkinen
2024-03-04 22:35 ` Jarkko Sakkinen
2024-03-04 22:35 ` Jarkko Sakkinen
2023-12-15 11:06 ` [PATCH v5 3/6] KEYS: trusted: Introduce NXP DCP-backed trusted keys David Gstir
2023-12-15 11:06 ` David Gstir
2023-12-15 11:06 ` David Gstir
2024-03-04 22:43 ` Jarkko Sakkinen
2024-03-04 22:43 ` Jarkko Sakkinen
2024-03-04 22:43 ` Jarkko Sakkinen
2023-12-15 11:06 ` [PATCH v5 4/6] MAINTAINERS: add entry for DCP-based " David Gstir
2023-12-15 11:06 ` David Gstir
2023-12-15 11:06 ` David Gstir
2024-03-04 22:48 ` Jarkko Sakkinen
2024-03-04 22:48 ` Jarkko Sakkinen
2024-03-04 22:48 ` Jarkko Sakkinen
2024-03-07 15:34 ` David Gstir
2024-03-07 15:34 ` David Gstir
2024-03-07 15:34 ` David Gstir
2023-12-15 11:06 ` David Gstir [this message]
2023-12-15 11:06 ` [PATCH v5 5/6] docs: document DCP-backed trusted keys kernel params David Gstir
2023-12-15 11:06 ` David Gstir
2023-12-15 11:06 ` [PATCH v5 6/6] docs: trusted-encrypted: add DCP as new trust source David Gstir
2023-12-15 11:06 ` David Gstir
2023-12-15 11:06 ` David Gstir
2023-12-19 0:45 ` [PATCH v5 0/6] DCP as trusted keys backend Paul Moore
2023-12-19 0:45 ` Paul Moore
2023-12-19 0:45 ` Paul Moore
2024-03-04 22:51 ` Jarkko Sakkinen
2024-03-04 22:51 ` Jarkko Sakkinen
2024-03-04 22:51 ` Jarkko Sakkinen
2024-02-05 8:39 ` David Gstir
2024-02-05 8:39 ` David Gstir
2024-02-05 8:39 ` David Gstir
2024-02-13 9:59 ` Richard Weinberger
2024-02-13 9:59 ` Richard Weinberger
2024-02-13 9:59 ` Richard Weinberger
2024-02-25 22:20 ` Richard Weinberger
2024-02-25 22:20 ` Richard Weinberger
2024-02-25 22:20 ` Richard Weinberger
2024-02-26 9:17 ` Jarkko Sakkinen
2024-02-26 9:17 ` Jarkko Sakkinen
2024-02-26 9:17 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231215110639.45522-6-david@sigma-star.at \
--to=david@sigma-star.at \
--cc=a.fatoum@pengutronix.de \
--cc=catalin.marinas@arm.com \
--cc=corbet@lwn.net \
--cc=davem@davemloft.net \
--cc=david.oberhollenzer@sigma-star.at \
--cc=dhowells@redhat.com \
--cc=festevam@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=jarkko@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=kernel@pengutronix.de \
--cc=keyrings@vger.kernel.org \
--cc=leoyang.li@nxp.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-imx@nxp.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=paul@paul-moore.com \
--cc=paulmck@kernel.org \
--cc=rafael.j.wysocki@intel.com \
--cc=rdunlap@infradead.org \
--cc=richard@nod.at \
--cc=rostedt@goodmis.org \
--cc=s.hauer@pengutronix.de \
--cc=serge@hallyn.com \
--cc=shawnguo@kernel.org \
--cc=tj@kernel.org \
--cc=upstream+dcp@sigma-star.at \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.