linux/Documentation/security
Linus Torvalds b19239143e Hi,
These are the changes for the TPM driver with a single major new
 feature: TPM bus encryption and integrity protection. The key pair
 on TPM side is generated from so called null random seed per power
 on of the machine [1]. This supports the TPM encryption of the hard
 drive by adding layer of protection against bus interposer attacks.
 
 Other than the pull request a few minor fixes and documentation for
 tpm_tis to clarify basics of TPM localities for future patch review
 discussions (will be extended and refined over times, just a seed).
 
 [1] https://lore.kernel.org/linux-integrity/20240429202811.13643-1-James.Bottomley@HansenPartnership.com/
 
 BR, Jarkko
 -----BEGIN PGP SIGNATURE-----
 
 iJYEABYKAD4WIQRE6pSOnaBC00OEHEIaerohdGur0gUCZj0l2iAcamFya2tvLnNh
 a2tpbmVuQGxpbnV4LmludGVsLmNvbQAKCRAaerohdGur0m8yAP4hBjMtpgAJZ4eZ
 5o9tEQJrh/1JFZJ+8HU5IKPc4RU8BAEAyyYOCtxtS/C5B95iP+LvNla0KWi0pprU
 HsCLULnV2Aw=
 =RTXJ
 -----END PGP SIGNATURE-----

Merge tag 'tpmdd-next-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd

Pull TPM updates from Jarkko Sakkinen:
 "These are the changes for the TPM driver with a single major new
  feature: TPM bus encryption and integrity protection. The key pair on
  TPM side is generated from so called null random seed per power on of
  the machine [1]. This supports the TPM encryption of the hard drive by
  adding layer of protection against bus interposer attacks.

  Other than that, a few minor fixes and documentation for tpm_tis to
  clarify basics of TPM localities for future patch review discussions
  (will be extended and refined over times, just a seed)"

Link: https://lore.kernel.org/linux-integrity/20240429202811.13643-1-James.Bottomley@HansenPartnership.com/ [1]

* tag 'tpmdd-next-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd: (28 commits)
  Documentation: tpm: Add TPM security docs toctree entry
  tpm: disable the TPM if NULL name changes
  Documentation: add tpm-security.rst
  tpm: add the null key name as a sysfs export
  KEYS: trusted: Add session encryption protection to the seal/unseal path
  tpm: add session encryption protection to tpm2_get_random()
  tpm: add hmac checks to tpm2_pcr_extend()
  tpm: Add the rest of the session HMAC API
  tpm: Add HMAC session name/handle append
  tpm: Add HMAC session start and end functions
  tpm: Add TCG mandated Key Derivation Functions (KDFs)
  tpm: Add NULL primary creation
  tpm: export the context save and load commands
  tpm: add buffer function to point to returned parameters
  crypto: lib - implement library version of AES in CFB mode
  KEYS: trusted: tpm2: Use struct tpm_buf for sized buffers
  tpm: Add tpm_buf_read_{u8,u16,u32}
  tpm: TPM2B formatted buffers
  tpm: Store the length of the tpm_buf data separately.
  tpm: Update struct tpm_buf documentation comments
  ...
2024-05-13 10:40:15 -07:00
..
keys docs: trusted-encrypted: add DCP as new trust source 2024-05-09 18:29:03 +03:00
secrets Documentation: Fix typos 2023-08-18 11:29:03 -06:00
tpm Documentation: tpm: Add TPM security docs toctree entry 2024-05-09 22:30:52 +03:00
credentials.rst Documentation: remove current_security() reference 2020-09-09 11:33:59 -06:00
digsig.rst Documentation: Fix typos 2023-08-18 11:29:03 -06:00
IMA-templates.rst ima: support fs-verity file digest based version 3 signatures 2022-05-05 17:41:51 -04:00
index.rst docs: security: Confidential computing intro and threat model for x86 virtualization 2023-09-23 01:14:21 -06:00
landlock.rst landlock: Explain file descriptor access rights 2023-01-13 20:40:35 +01:00
lsm-development.rst lsm: move hook comments docs to security/security.c 2023-04-28 11:58:34 -04:00
lsm.rst lsm: move hook comments docs to security/security.c 2023-04-28 11:58:34 -04:00
sak.rst docs: security: move some books to it and update 2019-07-15 11:03:01 -03:00
SCTP.rst docs: fix 'make htmldocs' warning in SCTP.rst 2022-02-28 11:09:10 -05:00
self-protection.rst docs: update self-protection __ro_after_init status 2021-12-10 14:02:06 -07:00
siphash.rst Documentation: siphash: Fix typo in the name of offsetofend macro 2022-07-13 14:01:22 -06:00
snp-tdx-threat-model.rst docs: security: Confidential computing intro and threat model for x86 virtualization 2023-09-23 01:14:21 -06:00