~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/security/keys/trusted-encrypted.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/security/keys/trusted-encrypted.rst (Architecture ppc) and /Documentation/security/keys/trusted-encrypted.rst (Architecture sparc64)


  1 ==========================                          1 ==========================
  2 Trusted and Encrypted Keys                          2 Trusted and Encrypted Keys
  3 ==========================                          3 ==========================
  4                                                     4 
  5 Trusted and Encrypted Keys are two new key typ      5 Trusted and Encrypted Keys are two new key types added to the existing kernel
  6 key ring service.  Both of these new types are      6 key ring service.  Both of these new types are variable length symmetric keys,
  7 and in both cases all keys are created in the       7 and in both cases all keys are created in the kernel, and user space sees,
  8 stores, and loads only encrypted blobs.  Trust      8 stores, and loads only encrypted blobs.  Trusted Keys require the availability
  9 of a Trust Source for greater security, while       9 of a Trust Source for greater security, while Encrypted Keys can be used on any
 10 system. All user level blobs, are displayed an     10 system. All user level blobs, are displayed and loaded in hex ASCII for
 11 convenience, and are integrity verified.           11 convenience, and are integrity verified.
 12                                                    12 
 13                                                    13 
 14 Trust Source                                       14 Trust Source
 15 ============                                       15 ============
 16                                                    16 
 17 A trust source provides the source of security     17 A trust source provides the source of security for Trusted Keys.  This
 18 section lists currently supported trust source     18 section lists currently supported trust sources, along with their security
 19 considerations.  Whether or not a trust source     19 considerations.  Whether or not a trust source is sufficiently safe depends
 20 on the strength and correctness of its impleme     20 on the strength and correctness of its implementation, as well as the threat
 21 environment for a specific use case.  Since th     21 environment for a specific use case.  Since the kernel doesn't know what the
 22 environment is, and there is no metric of trus     22 environment is, and there is no metric of trust, it is dependent on the
 23 consumer of the Trusted Keys to determine if t     23 consumer of the Trusted Keys to determine if the trust source is sufficiently
 24 safe.                                              24 safe.
 25                                                    25 
 26   *  Root of trust for storage                     26   *  Root of trust for storage
 27                                                    27 
 28      (1) TPM (Trusted Platform Module: hardwar     28      (1) TPM (Trusted Platform Module: hardware device)
 29                                                    29 
 30          Rooted to Storage Root Key (SRK) whic     30          Rooted to Storage Root Key (SRK) which never leaves the TPM that
 31          provides crypto operation to establis     31          provides crypto operation to establish root of trust for storage.
 32                                                    32 
 33      (2) TEE (Trusted Execution Environment: O     33      (2) TEE (Trusted Execution Environment: OP-TEE based on Arm TrustZone)
 34                                                    34 
 35          Rooted to Hardware Unique Key (HUK) w     35          Rooted to Hardware Unique Key (HUK) which is generally burnt in on-chip
 36          fuses and is accessible to TEE only.      36          fuses and is accessible to TEE only.
 37                                                    37 
 38      (3) CAAM (Cryptographic Acceleration and      38      (3) CAAM (Cryptographic Acceleration and Assurance Module: IP on NXP SoCs)
 39                                                    39 
 40          When High Assurance Boot (HAB) is ena     40          When High Assurance Boot (HAB) is enabled and the CAAM is in secure
 41          mode, trust is rooted to the OTPMK, a     41          mode, trust is rooted to the OTPMK, a never-disclosed 256-bit key
 42          randomly generated and fused into eac     42          randomly generated and fused into each SoC at manufacturing time.
 43          Otherwise, a common fixed test key is     43          Otherwise, a common fixed test key is used instead.
 44                                                    44 
 45      (4) DCP (Data Co-Processor: crypto accele     45      (4) DCP (Data Co-Processor: crypto accelerator of various i.MX SoCs)
 46                                                    46 
 47          Rooted to a one-time programmable key     47          Rooted to a one-time programmable key (OTP) that is generally burnt
 48          in the on-chip fuses and is accessibl     48          in the on-chip fuses and is accessible to the DCP encryption engine only.
 49          DCP provides two keys that can be use     49          DCP provides two keys that can be used as root of trust: the OTP key
 50          and the UNIQUE key. Default is to use     50          and the UNIQUE key. Default is to use the UNIQUE key, but selecting
 51          the OTP key can be done via a module      51          the OTP key can be done via a module parameter (dcp_use_otp_key).
 52                                                    52 
 53   *  Execution isolation                           53   *  Execution isolation
 54                                                    54 
 55      (1) TPM                                       55      (1) TPM
 56                                                    56 
 57          Fixed set of operations running in is     57          Fixed set of operations running in isolated execution environment.
 58                                                    58 
 59      (2) TEE                                       59      (2) TEE
 60                                                    60 
 61          Customizable set of operations runnin     61          Customizable set of operations running in isolated execution
 62          environment verified via Secure/Trust     62          environment verified via Secure/Trusted boot process.
 63                                                    63 
 64      (3) CAAM                                      64      (3) CAAM
 65                                                    65 
 66          Fixed set of operations running in is     66          Fixed set of operations running in isolated execution environment.
 67                                                    67 
 68      (4) DCP                                       68      (4) DCP
 69                                                    69 
 70          Fixed set of cryptographic operations     70          Fixed set of cryptographic operations running in isolated execution
 71          environment. Only basic blob key encr     71          environment. Only basic blob key encryption is executed there.
 72          The actual key sealing/unsealing is d     72          The actual key sealing/unsealing is done on main processor/kernel space.
 73                                                    73 
 74   * Optional binding to platform integrity sta     74   * Optional binding to platform integrity state
 75                                                    75 
 76      (1) TPM                                       76      (1) TPM
 77                                                    77 
 78          Keys can be optionally sealed to spec     78          Keys can be optionally sealed to specified PCR (integrity measurement)
 79          values, and only unsealed by the TPM,     79          values, and only unsealed by the TPM, if PCRs and blob integrity
 80          verifications match. A loaded Trusted     80          verifications match. A loaded Trusted Key can be updated with new
 81          (future) PCR values, so keys are easi     81          (future) PCR values, so keys are easily migrated to new PCR values,
 82          such as when the kernel and initramfs     82          such as when the kernel and initramfs are updated. The same key can
 83          have many saved blobs under different     83          have many saved blobs under different PCR values, so multiple boots are
 84          easily supported.                         84          easily supported.
 85                                                    85 
 86      (2) TEE                                       86      (2) TEE
 87                                                    87 
 88          Relies on Secure/Trusted boot process     88          Relies on Secure/Trusted boot process for platform integrity. It can
 89          be extended with TEE based measured b     89          be extended with TEE based measured boot process.
 90                                                    90 
 91      (3) CAAM                                      91      (3) CAAM
 92                                                    92 
 93          Relies on the High Assurance Boot (HA     93          Relies on the High Assurance Boot (HAB) mechanism of NXP SoCs
 94          for platform integrity.                   94          for platform integrity.
 95                                                    95 
 96      (4) DCP                                       96      (4) DCP
 97                                                    97 
 98          Relies on Secure/Trusted boot process     98          Relies on Secure/Trusted boot process (called HAB by vendor) for
 99          platform integrity.                       99          platform integrity.
100                                                   100 
101   *  Interfaces and APIs                          101   *  Interfaces and APIs
102                                                   102 
103      (1) TPM                                      103      (1) TPM
104                                                   104 
105          TPMs have well-documented, standardiz    105          TPMs have well-documented, standardized interfaces and APIs.
106                                                   106 
107      (2) TEE                                      107      (2) TEE
108                                                   108 
109          TEEs have well-documented, standardiz    109          TEEs have well-documented, standardized client interface and APIs. For
110          more details refer to ``Documentation    110          more details refer to ``Documentation/driver-api/tee.rst``.
111                                                   111 
112      (3) CAAM                                     112      (3) CAAM
113                                                   113 
114          Interface is specific to silicon vend    114          Interface is specific to silicon vendor.
115                                                   115 
116      (4) DCP                                      116      (4) DCP
117                                                   117 
118          Vendor-specific API that is implement    118          Vendor-specific API that is implemented as part of the DCP crypto driver in
119          ``drivers/crypto/mxs-dcp.c``.            119          ``drivers/crypto/mxs-dcp.c``.
120                                                   120 
121   *  Threat model                                 121   *  Threat model
122                                                   122 
123      The strength and appropriateness of a par    123      The strength and appropriateness of a particular trust source for a given
124      purpose must be assessed when using them     124      purpose must be assessed when using them to protect security-relevant data.
125                                                   125 
126                                                   126 
127 Key Generation                                    127 Key Generation
128 ==============                                    128 ==============
129                                                   129 
130 Trusted Keys                                      130 Trusted Keys
131 ------------                                      131 ------------
132                                                   132 
133 New keys are created from random numbers. They    133 New keys are created from random numbers. They are encrypted/decrypted using
134 a child key in the storage key hierarchy. Encr    134 a child key in the storage key hierarchy. Encryption and decryption of the
135 child key must be protected by a strong access    135 child key must be protected by a strong access control policy within the
136 trust source. The random number generator in u    136 trust source. The random number generator in use differs according to the
137 selected trust source:                            137 selected trust source:
138                                                   138 
139   *  TPM: hardware device based RNG               139   *  TPM: hardware device based RNG
140                                                   140 
141      Keys are generated within the TPM. Streng    141      Keys are generated within the TPM. Strength of random numbers may vary
142      from one device manufacturer to another.     142      from one device manufacturer to another.
143                                                   143 
144   *  TEE: OP-TEE based on Arm TrustZone based     144   *  TEE: OP-TEE based on Arm TrustZone based RNG
145                                                   145 
146      RNG is customizable as per platform needs    146      RNG is customizable as per platform needs. It can either be direct output
147      from platform specific hardware RNG or a     147      from platform specific hardware RNG or a software based Fortuna CSPRNG
148      which can be seeded via multiple entropy     148      which can be seeded via multiple entropy sources.
149                                                   149 
150   *  CAAM: Kernel RNG                             150   *  CAAM: Kernel RNG
151                                                   151 
152      The normal kernel random number generator    152      The normal kernel random number generator is used. To seed it from the
153      CAAM HWRNG, enable CRYPTO_DEV_FSL_CAAM_RN    153      CAAM HWRNG, enable CRYPTO_DEV_FSL_CAAM_RNG_API and ensure the device
154      is probed.                                   154      is probed.
155                                                   155 
156   *  DCP (Data Co-Processor: crypto accelerato    156   *  DCP (Data Co-Processor: crypto accelerator of various i.MX SoCs)
157                                                   157 
158      The DCP hardware device itself does not p    158      The DCP hardware device itself does not provide a dedicated RNG interface,
159      so the kernel default RNG is used. SoCs w    159      so the kernel default RNG is used. SoCs with DCP like the i.MX6ULL do have
160      a dedicated hardware RNG that is independ    160      a dedicated hardware RNG that is independent from DCP which can be enabled
161      to back the kernel RNG.                      161      to back the kernel RNG.
162                                                   162 
163 Users may override this by specifying ``truste    163 Users may override this by specifying ``trusted.rng=kernel`` on the kernel
164 command-line to override the used RNG with the    164 command-line to override the used RNG with the kernel's random number pool.
165                                                   165 
166 Encrypted Keys                                    166 Encrypted Keys
167 --------------                                    167 --------------
168                                                   168 
169 Encrypted keys do not depend on a trust source    169 Encrypted keys do not depend on a trust source, and are faster, as they use AES
170 for encryption/decryption. New keys are create    170 for encryption/decryption. New keys are created either from kernel-generated
171 random numbers or user-provided decrypted data    171 random numbers or user-provided decrypted data, and are encrypted/decrypted
172 using a specified ‘master’ key. The ‘mas    172 using a specified ‘master’ key. The ‘master’ key can either be a trusted-key or
173 user-key type. The main disadvantage of encryp    173 user-key type. The main disadvantage of encrypted keys is that if they are not
174 rooted in a trusted key, they are only as secu    174 rooted in a trusted key, they are only as secure as the user key encrypting
175 them. The master user key should therefore be     175 them. The master user key should therefore be loaded in as secure a way as
176 possible, preferably early in boot.               176 possible, preferably early in boot.
177                                                   177 
178                                                   178 
179 Usage                                             179 Usage
180 =====                                             180 =====
181                                                   181 
182 Trusted Keys usage: TPM                           182 Trusted Keys usage: TPM
183 -----------------------                           183 -----------------------
184                                                   184 
185 TPM 1.2: By default, trusted keys are sealed u    185 TPM 1.2: By default, trusted keys are sealed under the SRK, which has the
186 default authorization value (20 bytes of 0s).     186 default authorization value (20 bytes of 0s).  This can be set at takeownership
187 time with the TrouSerS utility: "tpm_takeowner    187 time with the TrouSerS utility: "tpm_takeownership -u -z".
188                                                   188 
189 TPM 2.0: The user must first create a storage     189 TPM 2.0: The user must first create a storage key and make it persistent, so the
190 key is available after reboot. This can be don    190 key is available after reboot. This can be done using the following commands.
191                                                   191 
192 With the IBM TSS 2 stack::                        192 With the IBM TSS 2 stack::
193                                                   193 
194   #> tsscreateprimary -hi o -st                   194   #> tsscreateprimary -hi o -st
195   Handle 80000000                                 195   Handle 80000000
196   #> tssevictcontrol -hi o -ho 80000000 -hp 81    196   #> tssevictcontrol -hi o -ho 80000000 -hp 81000001
197                                                   197 
198 Or with the Intel TSS 2 stack::                   198 Or with the Intel TSS 2 stack::
199                                                   199 
200   #> tpm2_createprimary --hierarchy o -G rsa20    200   #> tpm2_createprimary --hierarchy o -G rsa2048 -c key.ctxt
201   [...]                                           201   [...]
202   #> tpm2_evictcontrol -c key.ctxt 0x81000001     202   #> tpm2_evictcontrol -c key.ctxt 0x81000001
203   persistentHandle: 0x81000001                    203   persistentHandle: 0x81000001
204                                                   204 
205 Usage::                                           205 Usage::
206                                                   206 
207     keyctl add trusted name "new keylen [optio    207     keyctl add trusted name "new keylen [options]" ring
208     keyctl add trusted name "load hex_blob [pc    208     keyctl add trusted name "load hex_blob [pcrlock=pcrnum]" ring
209     keyctl update key "update [options]"          209     keyctl update key "update [options]"
210     keyctl print keyid                            210     keyctl print keyid
211                                                   211 
212     options:                                      212     options:
213        keyhandle=    ascii hex value of sealin    213        keyhandle=    ascii hex value of sealing key
214                        TPM 1.2: default 0x4000    214                        TPM 1.2: default 0x40000000 (SRK)
215                        TPM 2.0: no default; mu    215                        TPM 2.0: no default; must be passed every time
216        keyauth=      ascii hex auth for sealin    216        keyauth=      ascii hex auth for sealing key default 0x00...i
217                      (40 ascii zeros)             217                      (40 ascii zeros)
218        blobauth=     ascii hex auth for sealed    218        blobauth=     ascii hex auth for sealed data default 0x00...
219                      (40 ascii zeros)             219                      (40 ascii zeros)
220        pcrinfo=      ascii hex of PCR_INFO or     220        pcrinfo=      ascii hex of PCR_INFO or PCR_INFO_LONG (no default)
221        pcrlock=      pcr number to be extended    221        pcrlock=      pcr number to be extended to "lock" blob
222        migratable=   0|1 indicating permission    222        migratable=   0|1 indicating permission to reseal to new PCR values,
223                      default 1 (resealing allo    223                      default 1 (resealing allowed)
224        hash=         hash algorithm name as a     224        hash=         hash algorithm name as a string. For TPM 1.x the only
225                      allowed value is sha1. Fo    225                      allowed value is sha1. For TPM 2.x the allowed values
226                      are sha1, sha256, sha384,    226                      are sha1, sha256, sha384, sha512 and sm3-256.
227        policydigest= digest for the authorizat    227        policydigest= digest for the authorization policy. must be calculated
228                      with the same hash algori    228                      with the same hash algorithm as specified by the 'hash='
229                      option.                      229                      option.
230        policyhandle= handle to an authorizatio    230        policyhandle= handle to an authorization policy session that defines the
231                      same policy and with the     231                      same policy and with the same hash algorithm as was used to
232                      seal the key.                232                      seal the key.
233                                                   233 
234 "keyctl print" returns an ascii hex copy of th    234 "keyctl print" returns an ascii hex copy of the sealed key, which is in standard
235 TPM_STORED_DATA format.  The key length for ne    235 TPM_STORED_DATA format.  The key length for new keys are always in bytes.
236 Trusted Keys can be 32 - 128 bytes (256 - 1024    236 Trusted Keys can be 32 - 128 bytes (256 - 1024 bits), the upper limit is to fit
237 within the 2048 bit SRK (RSA) keylength, with     237 within the 2048 bit SRK (RSA) keylength, with all necessary structure/padding.
238                                                   238 
239 Trusted Keys usage: TEE                           239 Trusted Keys usage: TEE
240 -----------------------                           240 -----------------------
241                                                   241 
242 Usage::                                           242 Usage::
243                                                   243 
244     keyctl add trusted name "new keylen" ring     244     keyctl add trusted name "new keylen" ring
245     keyctl add trusted name "load hex_blob" ri    245     keyctl add trusted name "load hex_blob" ring
246     keyctl print keyid                            246     keyctl print keyid
247                                                   247 
248 "keyctl print" returns an ASCII hex copy of th    248 "keyctl print" returns an ASCII hex copy of the sealed key, which is in format
249 specific to TEE device implementation.  The ke    249 specific to TEE device implementation.  The key length for new keys is always
250 in bytes. Trusted Keys can be 32 - 128 bytes (    250 in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
251                                                   251 
252 Trusted Keys usage: CAAM                          252 Trusted Keys usage: CAAM
253 ------------------------                          253 ------------------------
254                                                   254 
255 Usage::                                           255 Usage::
256                                                   256 
257     keyctl add trusted name "new keylen" ring     257     keyctl add trusted name "new keylen" ring
258     keyctl add trusted name "load hex_blob" ri    258     keyctl add trusted name "load hex_blob" ring
259     keyctl print keyid                            259     keyctl print keyid
260                                                   260 
261 "keyctl print" returns an ASCII hex copy of th    261 "keyctl print" returns an ASCII hex copy of the sealed key, which is in a
262 CAAM-specific format.  The key length for new     262 CAAM-specific format.  The key length for new keys is always in bytes.
263 Trusted Keys can be 32 - 128 bytes (256 - 1024    263 Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
264                                                   264 
265 Trusted Keys usage: DCP                           265 Trusted Keys usage: DCP
266 -----------------------                           266 -----------------------
267                                                   267 
268 Usage::                                           268 Usage::
269                                                   269 
270     keyctl add trusted name "new keylen" ring     270     keyctl add trusted name "new keylen" ring
271     keyctl add trusted name "load hex_blob" ri    271     keyctl add trusted name "load hex_blob" ring
272     keyctl print keyid                            272     keyctl print keyid
273                                                   273 
274 "keyctl print" returns an ASCII hex copy of th    274 "keyctl print" returns an ASCII hex copy of the sealed key, which is in format
275 specific to this DCP key-blob implementation.     275 specific to this DCP key-blob implementation.  The key length for new keys is
276 always in bytes. Trusted Keys can be 32 - 128     276 always in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
277                                                   277 
278 Encrypted Keys usage                              278 Encrypted Keys usage
279 --------------------                              279 --------------------
280                                                   280 
281 The decrypted portion of encrypted keys can co    281 The decrypted portion of encrypted keys can contain either a simple symmetric
282 key or a more complex structure. The format of    282 key or a more complex structure. The format of the more complex structure is
283 application specific, which is identified by '    283 application specific, which is identified by 'format'.
284                                                   284 
285 Usage::                                           285 Usage::
286                                                   286 
287     keyctl add encrypted name "new [format] ke    287     keyctl add encrypted name "new [format] key-type:master-key-name keylen"
288         ring                                      288         ring
289     keyctl add encrypted name "new [format] ke    289     keyctl add encrypted name "new [format] key-type:master-key-name keylen
290         decrypted-data" ring                      290         decrypted-data" ring
291     keyctl add encrypted name "load hex_blob"     291     keyctl add encrypted name "load hex_blob" ring
292     keyctl update keyid "update key-type:maste    292     keyctl update keyid "update key-type:master-key-name"
293                                                   293 
294 Where::                                           294 Where::
295                                                   295 
296         format:= 'default | ecryptfs | enc32'     296         format:= 'default | ecryptfs | enc32'
297         key-type:= 'trusted' | 'user'             297         key-type:= 'trusted' | 'user'
298                                                   298 
299 Examples of trusted and encrypted key usage       299 Examples of trusted and encrypted key usage
300 -------------------------------------------       300 -------------------------------------------
301                                                   301 
302 Create and save a trusted key named "kmk" of l    302 Create and save a trusted key named "kmk" of length 32 bytes.
303                                                   303 
304 Note: When using a TPM 2.0 with a persistent k    304 Note: When using a TPM 2.0 with a persistent key with handle 0x81000001,
305 append 'keyhandle=0x81000001' to statements be    305 append 'keyhandle=0x81000001' to statements between quotes, such as
306 "new 32 keyhandle=0x81000001".                    306 "new 32 keyhandle=0x81000001".
307                                                   307 
308 ::                                                308 ::
309                                                   309 
310     $ keyctl add trusted kmk "new 32" @u          310     $ keyctl add trusted kmk "new 32" @u
311     440502848                                     311     440502848
312                                                   312 
313     $ keyctl show                                 313     $ keyctl show
314     Session Keyring                               314     Session Keyring
315            -3 --alswrv    500   500  keyring:     315            -3 --alswrv    500   500  keyring: _ses
316      97833714 --alswrv    500    -1   \_ keyri    316      97833714 --alswrv    500    -1   \_ keyring: _uid.500
317     440502848 --alswrv    500   500       \_ t    317     440502848 --alswrv    500   500       \_ trusted: kmk
318                                                   318 
319     $ keyctl print 440502848                      319     $ keyctl print 440502848
320     0101000000000000000001005d01b7e3f4a6be5709    320     0101000000000000000001005d01b7e3f4a6be5709930f3b70a743cbb42e0cc95e18e915
321     3f60da455bbf1144ad12e4f92b452f966929f6105f    321     3f60da455bbf1144ad12e4f92b452f966929f6105fd29ca28e4d4d5a031d068478bacb0b
322     27351119f822911b0a11ba3d3498ba6a32e50dac7f    322     27351119f822911b0a11ba3d3498ba6a32e50dac7f32894dd890eb9ad578e4e292c83722
323     a52e56a097e6a68b3f56f7a52ece0cdccba1eb62ca    323     a52e56a097e6a68b3f56f7a52ece0cdccba1eb62cad7d817f6dc58898b3ac15f36026fec
324     d568bd4a706cb60bb37be6d8f1240661199d640b66    324     d568bd4a706cb60bb37be6d8f1240661199d640b66fb0fe3b079f97f450b9ef9c22c6d5d
325     dd379f0facd1cd020281dfa3c70ba21a3fa6fc2471    325     dd379f0facd1cd020281dfa3c70ba21a3fa6fc2471dc6d13ecf8298b946f65345faa5ef0
326     f1f8fff03ad0acb083725535636addb08d73dedb98    326     f1f8fff03ad0acb083725535636addb08d73dedb9832da198081e5deae84bfaf0409c22b
327     e4a8aea2b607ec96931e6f4d4fe563ba              327     e4a8aea2b607ec96931e6f4d4fe563ba
328                                                   328 
329     $ keyctl pipe 440502848 > kmk.blob            329     $ keyctl pipe 440502848 > kmk.blob
330                                                   330 
331 Load a trusted key from the saved blob::          331 Load a trusted key from the saved blob::
332                                                   332 
333     $ keyctl add trusted kmk "load `cat kmk.bl    333     $ keyctl add trusted kmk "load `cat kmk.blob`" @u
334     268728824                                     334     268728824
335                                                   335 
336     $ keyctl print 268728824                      336     $ keyctl print 268728824
337     0101000000000000000001005d01b7e3f4a6be5709    337     0101000000000000000001005d01b7e3f4a6be5709930f3b70a743cbb42e0cc95e18e915
338     3f60da455bbf1144ad12e4f92b452f966929f6105f    338     3f60da455bbf1144ad12e4f92b452f966929f6105fd29ca28e4d4d5a031d068478bacb0b
339     27351119f822911b0a11ba3d3498ba6a32e50dac7f    339     27351119f822911b0a11ba3d3498ba6a32e50dac7f32894dd890eb9ad578e4e292c83722
340     a52e56a097e6a68b3f56f7a52ece0cdccba1eb62ca    340     a52e56a097e6a68b3f56f7a52ece0cdccba1eb62cad7d817f6dc58898b3ac15f36026fec
341     d568bd4a706cb60bb37be6d8f1240661199d640b66    341     d568bd4a706cb60bb37be6d8f1240661199d640b66fb0fe3b079f97f450b9ef9c22c6d5d
342     dd379f0facd1cd020281dfa3c70ba21a3fa6fc2471    342     dd379f0facd1cd020281dfa3c70ba21a3fa6fc2471dc6d13ecf8298b946f65345faa5ef0
343     f1f8fff03ad0acb083725535636addb08d73dedb98    343     f1f8fff03ad0acb083725535636addb08d73dedb9832da198081e5deae84bfaf0409c22b
344     e4a8aea2b607ec96931e6f4d4fe563ba              344     e4a8aea2b607ec96931e6f4d4fe563ba
345                                                   345 
346 Reseal (TPM specific) a trusted key under new     346 Reseal (TPM specific) a trusted key under new PCR values::
347                                                   347 
348     $ keyctl update 268728824 "update pcrinfo=    348     $ keyctl update 268728824 "update pcrinfo=`cat pcr.blob`"
349     $ keyctl print 268728824                      349     $ keyctl print 268728824
350     010100000000002c0002800093c35a09b70fff26e7    350     010100000000002c0002800093c35a09b70fff26e7a98ae786c641e678ec6ffb6b46d805
351     77c8a6377aed9d3219c6dfec4b23ffe3000001005d    351     77c8a6377aed9d3219c6dfec4b23ffe3000001005d37d472ac8a44023fbb3d18583a4f73
352     d3a076c0858f6f1dcaa39ea0f119911ff03f5406df    352     d3a076c0858f6f1dcaa39ea0f119911ff03f5406df4f7f27f41da8d7194f45c9f4e00f2e
353     df449f266253aa3f52e55c53de147773e00f0f9aca    353     df449f266253aa3f52e55c53de147773e00f0f9aca86c64d94c95382265968c354c5eab4
354     9638c5ae99c89de1e0997242edfb0b501744e11ff9    354     9638c5ae99c89de1e0997242edfb0b501744e11ff9762dfd951cffd93227cc513384e7e6
355     e782c29435c7ec2edafaa2f4c1fe6e7a781b59549f    355     e782c29435c7ec2edafaa2f4c1fe6e7a781b59549ff5296371b42133777dcc5b8b971610
356     94bc67ede19e43ddb9dc2baacad374a36feaf0314d    356     94bc67ede19e43ddb9dc2baacad374a36feaf0314d700af0a65c164b7082401740e489c9
357     7ef6a24defe4846104209bf0c3eced7fa1a672ed5b    357     7ef6a24defe4846104209bf0c3eced7fa1a672ed5b125fc9d8cd88b476a658a4434644ef
358     df8ae9a178e9f83ba9f08d10fa47e4226b98b0702f    358     df8ae9a178e9f83ba9f08d10fa47e4226b98b0702f06b3b8
359                                                   359 
360                                                   360 
361 The initial consumer of trusted keys is EVM, w    361 The initial consumer of trusted keys is EVM, which at boot time needs a high
362 quality symmetric key for HMAC protection of f    362 quality symmetric key for HMAC protection of file metadata. The use of a
363 trusted key provides strong guarantees that th    363 trusted key provides strong guarantees that the EVM key has not been
364 compromised by a user level problem, and when     364 compromised by a user level problem, and when sealed to a platform integrity
365 state, protects against boot and offline attac    365 state, protects against boot and offline attacks. Create and save an
366 encrypted key "evm" using the above trusted ke    366 encrypted key "evm" using the above trusted key "kmk":
367                                                   367 
368 option 1: omitting 'format'::                     368 option 1: omitting 'format'::
369                                                   369 
370     $ keyctl add encrypted evm "new trusted:km    370     $ keyctl add encrypted evm "new trusted:kmk 32" @u
371     159771175                                     371     159771175
372                                                   372 
373 option 2: explicitly defining 'format' as 'def    373 option 2: explicitly defining 'format' as 'default'::
374                                                   374 
375     $ keyctl add encrypted evm "new default tr    375     $ keyctl add encrypted evm "new default trusted:kmk 32" @u
376     159771175                                     376     159771175
377                                                   377 
378     $ keyctl print 159771175                      378     $ keyctl print 159771175
379     default trusted:kmk 32 2375725ad57798846a9    379     default trusted:kmk 32 2375725ad57798846a9bbd240de8906f006e66c03af53b1b3
380     82dbbc55be2a44616e4959430436dc4f2a7a9659aa    380     82dbbc55be2a44616e4959430436dc4f2a7a9659aa60bb4652aeb2120f149ed197c564e0
381     24717c64 5972dcb82ab2dde83376d82b2e3c09ffc    381     24717c64 5972dcb82ab2dde83376d82b2e3c09ffc
382                                                   382 
383     $ keyctl pipe 159771175 > evm.blob            383     $ keyctl pipe 159771175 > evm.blob
384                                                   384 
385 Load an encrypted key "evm" from saved blob::     385 Load an encrypted key "evm" from saved blob::
386                                                   386 
387     $ keyctl add encrypted evm "load `cat evm.    387     $ keyctl add encrypted evm "load `cat evm.blob`" @u
388     831684262                                     388     831684262
389                                                   389 
390     $ keyctl print 831684262                      390     $ keyctl print 831684262
391     default trusted:kmk 32 2375725ad57798846a9    391     default trusted:kmk 32 2375725ad57798846a9bbd240de8906f006e66c03af53b1b3
392     82dbbc55be2a44616e4959430436dc4f2a7a9659aa    392     82dbbc55be2a44616e4959430436dc4f2a7a9659aa60bb4652aeb2120f149ed197c564e0
393     24717c64 5972dcb82ab2dde83376d82b2e3c09ffc    393     24717c64 5972dcb82ab2dde83376d82b2e3c09ffc
394                                                   394 
395 Instantiate an encrypted key "evm" using user-    395 Instantiate an encrypted key "evm" using user-provided decrypted data::
396                                                   396 
397     $ evmkey=$(dd if=/dev/urandom bs=1 count=3    397     $ evmkey=$(dd if=/dev/urandom bs=1 count=32 | xxd -c32 -p)
398     $ keyctl add encrypted evm "new default us    398     $ keyctl add encrypted evm "new default user:kmk 32 $evmkey" @u
399     794890253                                     399     794890253
400                                                   400 
401     $ keyctl print 794890253                      401     $ keyctl print 794890253
402     default user:kmk 32 2375725ad57798846a9bbd    402     default user:kmk 32 2375725ad57798846a9bbd240de8906f006e66c03af53b1b382d
403     bbc55be2a44616e4959430436dc4f2a7a9659aa60b    403     bbc55be2a44616e4959430436dc4f2a7a9659aa60bb4652aeb2120f149ed197c564e0247
404     17c64 5972dcb82ab2dde83376d82b2e3c09ffc       404     17c64 5972dcb82ab2dde83376d82b2e3c09ffc
405                                                   405 
406 Other uses for trusted and encrypted keys, suc    406 Other uses for trusted and encrypted keys, such as for disk and file encryption
407 are anticipated.  In particular the new format    407 are anticipated.  In particular the new format 'ecryptfs' has been defined
408 in order to use encrypted keys to mount an eCr    408 in order to use encrypted keys to mount an eCryptfs filesystem.  More details
409 about the usage can be found in the file          409 about the usage can be found in the file
410 ``Documentation/security/keys/ecryptfs.rst``.     410 ``Documentation/security/keys/ecryptfs.rst``.
411                                                   411 
412 Another new format 'enc32' has been defined in    412 Another new format 'enc32' has been defined in order to support encrypted keys
413 with payload size of 32 bytes. This will initi    413 with payload size of 32 bytes. This will initially be used for nvdimm security
414 but may expand to other usages that require 32    414 but may expand to other usages that require 32 bytes payload.
415                                                   415 
416                                                   416 
417 TPM 2.0 ASN.1 Key Format                          417 TPM 2.0 ASN.1 Key Format
418 ------------------------                          418 ------------------------
419                                                   419 
420 The TPM 2.0 ASN.1 key format is designed to be    420 The TPM 2.0 ASN.1 key format is designed to be easily recognisable,
421 even in binary form (fixing a problem we had w    421 even in binary form (fixing a problem we had with the TPM 1.2 ASN.1
422 format) and to be extensible for additions lik    422 format) and to be extensible for additions like importable keys and
423 policy::                                          423 policy::
424                                                   424 
425     TPMKey ::= SEQUENCE {                         425     TPMKey ::= SEQUENCE {
426         type            OBJECT IDENTIFIER         426         type            OBJECT IDENTIFIER
427         emptyAuth       [0] EXPLICIT BOOLEAN O    427         emptyAuth       [0] EXPLICIT BOOLEAN OPTIONAL
428         parent          INTEGER                   428         parent          INTEGER
429         pubkey          OCTET STRING              429         pubkey          OCTET STRING
430         privkey         OCTET STRING              430         privkey         OCTET STRING
431     }                                             431     }
432                                                   432 
433 type is what distinguishes the key even in bin    433 type is what distinguishes the key even in binary form since the OID
434 is provided by the TCG to be unique and thus f    434 is provided by the TCG to be unique and thus forms a recognizable
435 binary pattern at offset 3 in the key.  The OI    435 binary pattern at offset 3 in the key.  The OIDs currently made
436 available are::                                   436 available are::
437                                                   437 
438     2.23.133.10.1.3 TPM Loadable key.  This is    438     2.23.133.10.1.3 TPM Loadable key.  This is an asymmetric key (Usually
439                     RSA2048 or Elliptic Curve)    439                     RSA2048 or Elliptic Curve) which can be imported by a
440                     TPM2_Load() operation.        440                     TPM2_Load() operation.
441                                                   441 
442     2.23.133.10.1.4 TPM Importable Key.  This     442     2.23.133.10.1.4 TPM Importable Key.  This is an asymmetric key (Usually
443                     RSA2048 or Elliptic Curve)    443                     RSA2048 or Elliptic Curve) which can be imported by a
444                     TPM2_Import() operation.      444                     TPM2_Import() operation.
445                                                   445 
446     2.23.133.10.1.5 TPM Sealed Data.  This is     446     2.23.133.10.1.5 TPM Sealed Data.  This is a set of data (up to 128
447                     bytes) which is sealed by     447                     bytes) which is sealed by the TPM.  It usually
448                     represents a symmetric key    448                     represents a symmetric key and must be unsealed before
449                     use.                          449                     use.
450                                                   450 
451 The trusted key code only uses the TPM Sealed     451 The trusted key code only uses the TPM Sealed Data OID.
452                                                   452 
453 emptyAuth is true if the key has well known au    453 emptyAuth is true if the key has well known authorization "".  If it
454 is false or not present, the key requires an e    454 is false or not present, the key requires an explicit authorization
455 phrase.  This is used by most user space consu    455 phrase.  This is used by most user space consumers to decide whether
456 to prompt for a password.                         456 to prompt for a password.
457                                                   457 
458 parent represents the parent key handle, eithe    458 parent represents the parent key handle, either in the 0x81 MSO space,
459 like 0x81000001 for the RSA primary storage ke    459 like 0x81000001 for the RSA primary storage key.  Userspace programmes
460 also support specifying the primary handle in     460 also support specifying the primary handle in the 0x40 MSO space.  If
461 this happens the Elliptic Curve variant of the    461 this happens the Elliptic Curve variant of the primary key using the
462 TCG defined template will be generated on the     462 TCG defined template will be generated on the fly into a volatile
463 object and used as the parent.  The current ke    463 object and used as the parent.  The current kernel code only supports
464 the 0x81 MSO form.                                464 the 0x81 MSO form.
465                                                   465 
466 pubkey is the binary representation of TPM2B_P    466 pubkey is the binary representation of TPM2B_PRIVATE excluding the
467 initial TPM2B header, which can be reconstruct    467 initial TPM2B header, which can be reconstructed from the ASN.1 octet
468 string length.                                    468 string length.
469                                                   469 
470 privkey is the binary representation of TPM2B_    470 privkey is the binary representation of TPM2B_PUBLIC excluding the
471 initial TPM2B header which can be reconstructe    471 initial TPM2B header which can be reconstructed from the ASN.1 octed
472 string length.                                    472 string length.
473                                                   473 
474 DCP Blob Format                                   474 DCP Blob Format
475 ---------------                                   475 ---------------
476                                                   476 
477 .. kernel-doc:: security/keys/trusted-keys/tru    477 .. kernel-doc:: security/keys/trusted-keys/trusted_dcp.c
478    :doc: dcp blob format                          478    :doc: dcp blob format
479                                                   479 
480 .. kernel-doc:: security/keys/trusted-keys/tru    480 .. kernel-doc:: security/keys/trusted-keys/trusted_dcp.c
481    :identifiers: struct dcp_blob_fmt              481    :identifiers: struct dcp_blob_fmt
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php