linux/Documentation/security, branch v6.15

Merge tag 'tpmdd-next-6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd

2025-03-28T19:42:53Z

Pull tpm updates from Jarkko Sakkinen: "This contains a new driver: a TPM FF-A driver. FF comes from Firmware Framework, and A comes from Arm's A-profile. FF-A is essentially a standard mechanism to communicate with TrustZone apps such as TPM. Other than that, this includes a pile of fixes and small improvments" * tag 'tpmdd-next-6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd: tpm: Make chip->{status,cancel,req_canceled} opt MAINTAINERS: TPM DEVICE DRIVER: add missing includes tpm: End any active auth session before shutdown Documentation: tpm: Add documentation for the CRB FF-A interface tpm_crb: Add support for the ARM FF-A start method ACPICA: Add start method for ARM FF-A tpm_crb: Clean-up and refactor check for idle support tpm_crb: ffa_tpm: Implement driver compliant to CRB over FF-A tpm/tpm_ftpm_tee: fix struct ftpm_tee_private documentation tpm, tpm_tis: Workaround failed command reception on Infineon devices tpm, tpm_tis: Fix timeout handling when waiting for TPM status tpm: Convert warn to dbg in tpm2_start_auth_session() tpm: Lazily flush auth session when getting random data tpm: ftpm_tee: remove incorrect of_match_ptr annotation tpm: do not start chip while suspended

Documentation: tpm: Add documentation for the CRB FF-A interface

2025-03-27T13:34:05Z

Add documentation providing details of how the CRB driver interacts with ARM FF-A. [jarkko: Fine-tuned the commit message.] Reviewed-by: Jarkko Sakkinen Signed-off-by: Stuart Yoder Signed-off-by: Jarkko Sakkinen

landlock: Add audit documentation

2025-03-26T12:59:49Z

Because audit is dedicated to the system administrator, create a new entry in Documentation/admin-guide/LSM . Extend other Landlock documentation's pages with this new one. Extend UAPI with the new log flags. Extend the guiding principles with logs. Cc: Günther Noack Cc: Paul Moore Link: https://lore.kernel.org/r/20250320190717.2287696-29-mic@digikod.net Signed-off-by: Mickaël Salaün

cred: remove unused get_new_cred()

2024-12-02T10:25:14Z

This helper is not used anymore so remove it. Link: https://lore.kernel.org/r/20241125-work-cred-v2-29-68b9d38bb5b2@kernel.org Reviewed-by: Jeff Layton Reviewed-by: Jens Axboe Signed-off-by: Christian Brauner

landlock: Fix grammar issues in documentation

2024-10-21T18:36:26Z

Improve user space and kernel documentation. Signed-off-by: Daniel Burgener Link: https://lore.kernel.org/r/20241015172647.2007644-1-dburgener@linux.microsoft.com [mic: Extend commit message, reword ptrace restriction as discussed in the thread] Signed-off-by: Mickaël Salaün

documentation: add IPE documentation

2024-08-20T18:03:47Z

Add IPE's admin and developer documentation to the kernel tree. Co-developed-by: Fan Wu Signed-off-by: Deven Bowers Signed-off-by: Fan Wu Signed-off-by: Paul Moore

Merge tag 'docs-6.10' of git://git.lwn.net/linux

2024-05-13T17:51:53Z

Pull documentation updates from Jonathan Corbet: "Another not-too-busy cycle for documentation, including: - Some build-system changes to detect the variable fonts installed by some distributions that can break the PDF build. - Various updates and additions to the Spanish, Chinese, Italian, and Japanese translations. - Update the stable-kernel rules to match modern practice ... and the usual array of corrections, updates, and typo fixes" * tag 'docs-6.10' of git://git.lwn.net/linux: (42 commits) cgroup: Add documentation for missing zswap memory.stat kernel-doc: Added "*" in $type_constants2 to fix 'make htmldocs' warning. docs:core-api: fixed typos and grammar in printk-index page Documentation: tracing: Fix spelling mistakes docs/zh_CN/rust: Update the translation of quick-start to 6.9-rc4 docs/zh_CN/rust: Update the translation of general-information to 6.9-rc4 docs/zh_CN/rust: Update the translation of coding-guidelines to 6.9-rc4 docs/zh_CN/rust: Update the translation of arch-support to 6.9-rc4 docs: stable-kernel-rules: fix typo sent->send docs/zh_CN: remove two inconsistent spaces docs: scripts/check-variable-fonts.sh: Improve commands for detection docs: stable-kernel-rules: create special tag to flag 'no backporting' docs: stable-kernel-rules: explain use of stable@kernel.org (w/o @vger.) docs: stable-kernel-rules: remove code-labels tags and a indention level docs: stable-kernel-rules: call mainline by its name and change example docs: stable-kernel-rules: reduce redundancy docs, kprobes: Add riscv as supported architecture Docs: typos/spelling docs: kernel_include.py: Cope with docutils 0.21 docs: ja_JP/howto: Catch up update in v6.8 ...

Merge tag 'tpmdd-next-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd

2024-05-13T17:40:15Z

Pull TPM updates from Jarkko Sakkinen: "These are the changes for the TPM driver with a single major new feature: TPM bus encryption and integrity protection. The key pair on TPM side is generated from so called null random seed per power on of the machine [1]. This supports the TPM encryption of the hard drive by adding layer of protection against bus interposer attacks. Other than that, a few minor fixes and documentation for tpm_tis to clarify basics of TPM localities for future patch review discussions (will be extended and refined over times, just a seed)" Link: https://lore.kernel.org/linux-integrity/20240429202811.13643-1-James.Bottomley@HansenPartnership.com/ [1] * tag 'tpmdd-next-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd: (28 commits) Documentation: tpm: Add TPM security docs toctree entry tpm: disable the TPM if NULL name changes Documentation: add tpm-security.rst tpm: add the null key name as a sysfs export KEYS: trusted: Add session encryption protection to the seal/unseal path tpm: add session encryption protection to tpm2_get_random() tpm: add hmac checks to tpm2_pcr_extend() tpm: Add the rest of the session HMAC API tpm: Add HMAC session name/handle append tpm: Add HMAC session start and end functions tpm: Add TCG mandated Key Derivation Functions (KDFs) tpm: Add NULL primary creation tpm: export the context save and load commands tpm: add buffer function to point to returned parameters crypto: lib - implement library version of AES in CFB mode KEYS: trusted: tpm2: Use struct tpm_buf for sized buffers tpm: Add tpm_buf_read_{u8,u16,u32} tpm: TPM2B formatted buffers tpm: Store the length of the tpm_buf data separately. tpm: Update struct tpm_buf documentation comments ...

Documentation: tpm: Add TPM security docs toctree entry

2024-05-09T19:30:52Z

Stephen Rothwell reports htmldocs warning when merging tpmdd tree for linux-next: Documentation/security/tpm/tpm-security.rst: WARNING: document isn't included in any toctree Add toctree entry for TPM security docs to fix above warning. Fixes: ddfb3687c538 ("Documentation: add tpm-security.rst") Reported-by: Stephen Rothwell Closes: https://lore.kernel.org/linux-next/20240506162105.42ce2ff7@canb.auug.org.au/ Signed-off-by: Bagas Sanjaya Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen

Documentation: add tpm-security.rst

2024-05-09T19:30:52Z

Document how the new encrypted secure interface for TPM2 works and how security can be assured after boot by certifying the NULL seed. Signed-off-by: James Bottomley Reviewed-by: Jarkko Sakkinen Tested-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen