Commit b85b253e authored by David Gstir's avatar David Gstir Committed by Jarkko Sakkinen
Browse files

docs: document DCP-backed trusted keys kernel params 



Document the kernel parameters trusted.dcp_use_otp_key
and trusted.dcp_skip_zk_test for DCP-backed trusted keys.

Co-developed-by: default avatarRichard Weinberger <richard@nod.at>
Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
Co-developed-by: default avatarDavid Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: default avatarDavid Oberhollenzer <david.oberhollenzer@sigma-star.at>
Signed-off-by: default avatarDavid Gstir <david@sigma-star.at>
Reviewed-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
parent df866688

Documentation/admin-guide/kernel-parameters.txt

+13 −0
Original line number Diff line number Diff line
@@ -6749,6 +6749,7 @@ 
			- "tpm"

			- "tee"

			- "caam"

			- "dcp"

			If not specified then it defaults to iterating through

			the trust source list starting with TPM and assigns the

			first trust source as a backend which is initialized
@@ -6764,6 +6765,18 @@ 
			If not specified, "default" is used. In this case,

			the RNG's choice is left to each individual trust source.



	trusted.dcp_use_otp_key

			This is intended to be used in combination with

			trusted.source=dcp and will select the DCP OTP key

			instead of the DCP UNIQUE key blob encryption.



	trusted.dcp_skip_zk_test

			This is intended to be used in combination with

			trusted.source=dcp and will disable the check if the

			blob key is all zeros. This is helpful for situations where

			having this key zero'ed is acceptable. E.g. in testing

			scenarios.



	tsc=		Disable clocksource stability checks for TSC.

			Format: <string>

			[x86] reliable: mark tsc clocksource as reliable, this