linux/security/keys
Ahmad Fatoum fcd7c26901 KEYS: trusted: allow use of kernel RNG for key material
The two existing trusted key sources don't make use of the kernel RNG,
but instead let the hardware doing the sealing/unsealing also
generate the random key material. However, both users and future
backends may want to place less trust into the quality of the trust
source's random number generator and instead reuse the kernel entropy
pool, which can be seeded from multiple entropy sources.

Make this possible by adding a new trusted.rng parameter,
that will force use of the kernel RNG. In its absence, it's up
to the trust source to decide, which random numbers to use,
maintaining the existing behavior.

Suggested-by: Jarkko Sakkinen <jarkko@kernel.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Reviewed-by: David Gstir <david@sigma-star.at>
Reviewed-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Tested-by: Michael Walle <michael@walle.cc> # on ls1028a (non-E and E)
Tested-by: John Ernberg <john.ernberg@actia.se> # iMX8QXP
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
2022-05-23 18:47:50 +03:00
..
encrypted-keys KEYS: encrypted: Instantiate key with user-provided decrypted data 2022-02-21 19:47:45 -05:00
trusted-keys KEYS: trusted: allow use of kernel RNG for key material 2022-05-23 18:47:50 +03:00
big_key.c security/keys: use kvfree_sensitive() 2021-01-21 16:16:09 +00:00
compat_dh.c
compat.c security/keys: remove compat_keyctl_instantiate_key_iov 2020-10-03 00:02:16 -04:00
dh.c crypto: dh - constify struct dh's pointer members 2022-03-03 10:47:50 +12:00
gc.c watch_queue: Add a key/keyring notification facility 2020-05-19 15:19:06 +01:00
internal.h security/keys: remove compat_keyctl_instantiate_key_iov 2020-10-03 00:02:16 -04:00
Kconfig KEYS: trusted: allow use of TEE as backend without TCG_TPM support 2022-05-23 18:47:50 +03:00
key.c certs: Fix blacklist flag type confusion 2021-01-21 16:16:10 +00:00
keyctl_pkey.c KEYS: fix length validation in keyctl_pkey_params_get_2() 2022-03-08 10:33:18 +02:00
keyctl.c security: keys: delete repeated words in comments 2021-01-21 16:16:09 +00:00
keyring.c security: keys: delete repeated words in comments 2021-01-21 16:16:09 +00:00
Makefile
permission.c keys: Make the KEY_NEED_* perms an enum rather than a mask 2020-05-19 15:42:22 +01:00
persistent.c
proc.c
process_keys.c ucounts: Move get_ucounts from cred_alloc_blank to key_change_session_keyring 2021-10-20 10:34:20 -05:00
request_key_auth.c
request_key.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
sysctl.c
user_defined.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00