linux_dsm_epyc7002/Documentation/security
Jarkko Sakkinen 5beb0c435b keys, trusted: seal with a TPM2 authorization policy
TPM2 supports authorization policies, which are essentially
combinational logic statements repsenting the conditions where the data
can be unsealed based on the TPM state. This patch enables to use
authorization policies to seal trusted keys.

Two following new options have been added for trusted keys:

* 'policydigest=': provide an auth policy digest for sealing.
* 'policyhandle=': provide a policy session handle for unsealing.

If 'hash=' option is supplied after 'policydigest=' option, this
will result an error because the state of the option would become
mixed.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: Peter Huewe <peterhuewe@gmx.de>
2015-12-20 15:27:13 +02:00
..
00-INDEX ima: new templates management mechanism 2013-10-25 17:17:04 -04:00
apparmor.txt
credentials.txt
IMA-templates.txt ima: added support for new kernel cmdline parameter ima_template_fmt 2014-10-13 08:39:02 -04:00
keys-ecryptfs.txt
keys-request-key.txt
keys-trusted-encrypted.txt keys, trusted: seal with a TPM2 authorization policy 2015-12-20 15:27:13 +02:00
keys.txt KEYS: Merge the type-specific data with the payload data 2015-10-21 15:18:36 +01:00
LSM.txt doc: LSM: update reference, kerneltrap.org no longer works 2014-06-19 15:15:28 +02:00
SELinux.txt
Smack.txt Smack: limited capability for changing process label 2015-10-19 12:06:47 -07:00
tomoyo.txt
Yama.txt Yama: remove needless CONFIG_SECURITY_YAMA_STACKED 2015-07-28 13:18:19 +10:00