[PATCH v5 5/6] docs: document DCP-backed trusted keys kernel params
David Gstir
david at sigma-star.at
Fri Dec 15 11:06:32 UTC 2023
Document the kernel parameters trusted.dcp_use_otp_key
and trusted.dcp_skip_zk_test for DCP-backed trusted keys.
Co-developed-by: Richard Weinberger <richard at nod.at>
Signed-off-by: Richard Weinberger <richard at nod.at>
Co-developed-by: David Oberhollenzer <david.oberhollenzer at sigma-star.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer at sigma-star.at>
Signed-off-by: David Gstir <david at sigma-star.at>
---
Documentation/admin-guide/kernel-parameters.txt | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 0a1731a0f0ef..c11eda8b38e0 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -6566,6 +6566,7 @@
- "tpm"
- "tee"
- "caam"
+ - "dcp"
If not specified then it defaults to iterating through
the trust source list starting with TPM and assigns the
first trust source as a backend which is initialized
@@ -6581,6 +6582,18 @@
If not specified, "default" is used. In this case,
the RNG's choice is left to each individual trust source.
+ trusted.dcp_use_otp_key
+ This is intended to be used in combination with
+ trusted.source=dcp and will select the DCP OTP key
+ instead of the DCP UNIQUE key blob encryption.
+
+ trusted.dcp_skip_zk_test
+ This is intended to be used in combination with
+ trusted.source=dcp and will disable the check if all
+ the blob key is zero'ed. This is helpful for situations where
+ having this key zero'ed is acceptable. E.g. in testing
+ scenarios.
+
tsc= Disable clocksource stability checks for TSC.
Format: <string>
[x86] reliable: mark tsc clocksource as reliable, this
--
2.35.3
More information about the Linux-security-module-archive
mailing list