Lines Matching refs:trusted

19 By default, trusted keys are sealed under the SRK, which has the default
24     keyctl add trusted name "new keylen [options]" ring
25     keyctl add trusted name "load hex_blob [pcrlock=pcrnum]" ring
50 'master' key can either be a trusted-key or user-key type.  The main
51 disadvantage of encrypted keys is that if they are not rooted in a trusted key,
67 key-type:= 'trusted' | 'user'
70 Examples of trusted and encrypted key usage:
72 Create and save a trusted key named "kmk" of length 32 bytes:
74     $ keyctl add trusted kmk "new 32" @u
81     440502848 --alswrv    500   500       \_ trusted: kmk
95 Load a trusted key from the saved blob:
97     $ keyctl add trusted kmk "load `cat kmk.blob`" @u
110 Reseal a trusted key under new pcr values:
124 The initial consumer of trusted keys is EVM, which at boot time needs a high
126 trusted key provides strong guarantees that the EVM key has not been
129 encrypted key "evm" using the above trusted key "kmk":
132     $ keyctl add encrypted evm "new trusted:kmk 32" @u
136     $ keyctl add encrypted evm "new default trusted:kmk 32" @u
140     default trusted:kmk 32 2375725ad57798846a9bbd240de8906f006e66c03af53b1b3
152     default trusted:kmk 32 2375725ad57798846a9bbd240de8906f006e66c03af53b1b3
156 Other uses for trusted and encrypted keys, such as for disk and file encryption