1

docs: document DCP-backed trusted keys kernel params

Document the kernel parameters trusted.dcp_use_otp_key
and trusted.dcp_skip_zk_test for DCP-backed trusted keys.

Co-developed-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
Co-developed-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: David Gstir <david@sigma-star.at>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
This commit is contained in:
David Gstir 2024-04-03 09:21:21 +02:00 committed by Jarkko Sakkinen
parent df866688d4
commit b85b253e23

View File

@ -6749,6 +6749,7 @@
- "tpm"
- "tee"
- "caam"
- "dcp"
If not specified then it defaults to iterating through
the trust source list starting with TPM and assigns the
first trust source as a backend which is initialized
@ -6764,6 +6765,18 @@
If not specified, "default" is used. In this case,
the RNG's choice is left to each individual trust source.
trusted.dcp_use_otp_key
This is intended to be used in combination with
trusted.source=dcp and will select the DCP OTP key
instead of the DCP UNIQUE key blob encryption.
trusted.dcp_skip_zk_test
This is intended to be used in combination with
trusted.source=dcp and will disable the check if the
blob key is all zeros. This is helpful for situations where
having this key zero'ed is acceptable. E.g. in testing
scenarios.
tsc= Disable clocksource stability checks for TSC.
Format: <string>
[x86] reliable: mark tsc clocksource as reliable, this