summaryrefslogtreecommitdiffstats
path: root/Documentation/security/keys-trusted-encrypted.txt
diff options
context:
space:
mode:
authorJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>2015-11-05 20:43:06 +0100
committerJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>2015-12-20 14:27:12 +0100
commit5ca4c20cfd37bac6486de040e9951b3b34755238 (patch)
tree1ee427b120ae979e1cd30b7bc47c31426066deae /Documentation/security/keys-trusted-encrypted.txt
parentkeys, trusted: fix: *do not* allow duplicate key options (diff)
downloadlinux-5ca4c20cfd37bac6486de040e9951b3b34755238.tar.xz
linux-5ca4c20cfd37bac6486de040e9951b3b34755238.zip
keys, trusted: select hash algorithm for TPM2 chips
Added 'hash=' option for selecting the hash algorithm for add_key() syscall and documentation for it. Added entry for sm3-256 to the following tables in order to support TPM_ALG_SM3_256: * hash_algo_name * hash_digest_size Includes support for the following hash algorithms: * sha1 * sha256 * sha384 * sha512 * sm3-256 Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Colin Ian King <colin.king@canonical.com> Reviewed-by: James Morris <james.l.morris@oracle.com> Reviewed-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: Peter Huewe <peterhuewe@gmx.de>
Diffstat (limited to 'Documentation/security/keys-trusted-encrypted.txt')
-rw-r--r--Documentation/security/keys-trusted-encrypted.txt3
1 files changed, 3 insertions, 0 deletions
diff --git a/Documentation/security/keys-trusted-encrypted.txt b/Documentation/security/keys-trusted-encrypted.txt
index e105ae97a4f5..fd2565b301e8 100644
--- a/Documentation/security/keys-trusted-encrypted.txt
+++ b/Documentation/security/keys-trusted-encrypted.txt
@@ -38,6 +38,9 @@ Usage:
pcrlock= pcr number to be extended to "lock" blob
migratable= 0|1 indicating permission to reseal to new PCR values,
default 1 (resealing allowed)
+ hash= hash algorithm name as a string. For TPM 1.x the only
+ allowed value is sha1. For TPM 2.x the allowed values
+ are sha1, sha256, sha384, sha512 and sm3-256.
"keyctl print" returns an ascii hex copy of the sealed key, which is in standard
TPM_STORED_DATA format. The key length for new keys are always in bytes.