修改4g拨号为QMI,需要在系统里后台执行quectel-CM

hc

2024-10-22 8ac6c7a54ed1b98d142dce24b11c6de6a1e239a5

 kernel/Documentation/security/keys/trusted-encrypted.rst
..
..
@@ -18,9 +18,31 @@
18
18
 when the kernel and initramfs are updated.  The same key can have many saved
19
19
 blobs under different PCR values, so multiple boots are easily supported.
20
20
 
21
+TPM 1.2
22
+-------
23
+
21
24
 By default, trusted keys are sealed under the SRK, which has the default
22
25
 authorization value (20 zeros).  This can be set at takeownership time with the
23
26
 trouser's utility: "tpm_takeownership -u -z".
27
+
28
+TPM 2.0
29
+-------
30
+
31
+The user must first create a storage key and make it persistent, so the key is
32
+available after reboot. This can be done using the following commands.
33
+
34
+With the IBM TSS 2 stack::
35
+
36
+  #> tsscreateprimary -hi o -st
37
+  Handle 80000000
38
+  #> tssevictcontrol -hi o -ho 80000000 -hp 81000001
39
+
40
+Or with the Intel TSS 2 stack::
41
+
42
+  #> tpm2_createprimary --hierarchy o -G rsa2048 -c key.ctxt
43
+  [...]
44
+  #> tpm2_evictcontrol -c key.ctxt 0x81000001
45
+  persistentHandle: 0x81000001
24
46
 
25
47
 Usage::
26
48
 
..
..
@@ -30,7 +52,9 @@
30
52
     keyctl print keyid
31
53
 
32
54
     options:
33
-       keyhandle=    ascii hex value of sealing key default 0x40000000 (SRK)
55
+       keyhandle=    ascii hex value of sealing key
56
+                       TPM 1.2: default 0x40000000 (SRK)
57
+                       TPM 2.0: no default; must be passed every time
34
58
        keyauth=	     ascii hex auth for sealing key default 0x00...i
35
59
                      (40 ascii zeros)
36
60
        blobauth=     ascii hex auth for sealed data default 0x00...
..
..
@@ -76,13 +100,19 @@
76
100
 
77
101
 Where::
78
102
 
79
-	format:= 'default | ecryptfs'
103
+	format:= 'default | ecryptfs | enc32'
80
104
 	key-type:= 'trusted' | 'user'
81
105
 
82
106
 
83
107
 Examples of trusted and encrypted key usage:
84
108
 
85
-Create and save a trusted key named "kmk" of length 32 bytes::
109
+Create and save a trusted key named "kmk" of length 32 bytes.
110
+
111
+Note: When using a TPM 2.0 with a persistent key with handle 0x81000001,
112
+append 'keyhandle=0x81000001' to statements between quotes, such as
113
+"new 32 keyhandle=0x81000001".
114
+
115
+::
86
116
 
87
117
     $ keyctl add trusted kmk "new 32" @u
88
118
     440502848
..
..
@@ -169,7 +199,11 @@
169
199
     24717c64 5972dcb82ab2dde83376d82b2e3c09ffc
170
200
 
171
201
 Other uses for trusted and encrypted keys, such as for disk and file encryption
172
-are anticipated.  In particular the new format 'ecryptfs' has been defined in
202
+are anticipated.  In particular the new format 'ecryptfs' has been defined
173
203
 in order to use encrypted keys to mount an eCryptfs filesystem.  More details
174
204
 about the usage can be found in the file
175
205
 ``Documentation/security/keys/ecryptfs.rst``.
206
+
207
+Another new format 'enc32' has been defined in order to support encrypted keys
208
+with payload size of 32 bytes. This will initially be used for nvdimm security
209
+but may expand to other usages that require 32 bytes payload.