PROTOCOLS
InlineEncryption
Defined in fuchsia.hardware.inlineencryption/inlineencryption.fidl
DeriveRawSecret
Derives a raw software secret from the ephemerally wrapped wrapped_key. wrapped_key
must be a key wrapped by the inline encryption hardware (in the same session/boot) via a
separate mechanism to this protocol. The returned secret can be used for non-inline
cryptographic operations e.g. it can be used for encrypting filesystem metadata not covered
by inline encryption.
Returns
- ZX_ERR_INVALID_ARGS if
wrapped_keyis not the expected size or if thewrapped_keyfails authentication (e.g. wrapped_key is from a previous boot). - ZX_ERR_TIMED_OUT if the operation times out.
- ZX_ERR_INTERNAL if the operation failed for any other reason.
Request
| Name | Type |
|---|---|
wrapped_key |
vector<uint8>
|
Response
| Name | Type |
|---|---|
payload |
InlineEncryption_DeriveRawSecret_Result
|
ProgramKey
Programs the ephemerally wrapped wrapped_key into the inline encryption hardware in the
next available slot. All slots programmed via the connection this method is called on
will be evicted once the connection is dropped. It is not possible to evict individual keys
(not for any technical reasons; a need for this has not yet arisen). wrapped_key must be
a key wrapped by the inline encryption hardware (in the same session/boot) via a separate
mechanism to this protocol.
Returns
- ZX_ERR_NO_RESOURCES if there are no available key slots.
- ZX_ERR_INVALID_ARGS if
wrapped_keyis not the expected size or if thewrapped_keyfails authentication (e.g. wrapped_key is from a previous boot). - ZX_ERR_TIMED_OUT if the operation times out.
- ZX_ERR_INTERNAL if the operation failed for any other reason.
Request
| Name | Type |
|---|---|
wrapped_key |
vector<uint8>
|
data_unit_size |
uint32
|
Response
| Name | Type |
|---|---|
payload |
InlineEncryption_ProgramKey_Result
|
STRUCTS
InlineEncryption_DeriveRawSecret_Response resource
Defined in fuchsia.hardware.inlineencryption/inlineencryption.fidl
| Field | Type | Description | Default |
|---|---|---|---|
secret |
vector<uint8>
|
No default |
InlineEncryption_ProgramKey_Response
Defined in fuchsia.hardware.inlineencryption/inlineencryption.fidl
| Field | Type | Description | Default |
|---|---|---|---|
slot |
uint8
|
No default |
UNIONS
InlineEncryption_DeriveRawSecret_Result strict resource
Defined in fuchsia.hardware.inlineencryption/inlineencryption.fidl
| Ordinal | Variant | Type | Description |
|---|---|---|---|
1 |
response |
InlineEncryption_DeriveRawSecret_Response
|
|
2 |
err |
zx/Status
|
InlineEncryption_ProgramKey_Result strict
Defined in fuchsia.hardware.inlineencryption/inlineencryption.fidl
| Ordinal | Variant | Type | Description |
|---|---|---|---|
1 |
response |
InlineEncryption_ProgramKey_Response
|
|
2 |
err |
zx/Status
|
SERVICES
InlineCryptoService
Defined in fuchsia.hardware.inlineencryption/inlineencryption.fidl
| Name | Type | Transport |
|---|---|---|
| device |
fuchsia.hardware.inlineencryption/InlineEncryption
|
Channel |