lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <D1RFFIVMEENQ.3RXXNAGNWBE1O@kernel.org>
Date: Tue, 04 Jun 2024 20:59:20 +0300
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "Eric Snowberg" <eric.snowberg@...cle.com>,
 <linux-security-module@...r.kernel.org>
Cc: <dhowells@...hat.com>, <dwmw2@...radead.org>,
 <herbert@...dor.apana.org.au>, <davem@...emloft.net>, <ardb@...nel.org>,
 <paul@...l-moore.com>, <jmorris@...ei.org>, <serge@...lyn.com>,
 <zohar@...ux.ibm.com>, <roberto.sassu@...wei.com>,
 <dmitry.kasatkin@...il.com>, <mic@...ikod.net>, <casey@...aufler-ca.com>,
 <stefanb@...ux.ibm.com>, <ebiggers@...nel.org>, <rdunlap@...radead.org>,
 <linux-kernel@...r.kernel.org>, <keyrings@...r.kernel.org>,
 <linux-crypto@...r.kernel.org>, <linux-efi@...r.kernel.org>,
 <linux-integrity@...r.kernel.org>
Subject: Re: [RFC PATCH v2 0/8] Clavis LSM

On Fri May 31, 2024 at 3:39 AM EEST, Eric Snowberg wrote:
> Introduce a new LSM called Clavis (Latin word meaning key).  The motivation
> behind this LSM is to provide access control for system keys.  Before spending
> more time on this LSM, I am sending this as an RFC to start a discussion to see
> if the current direction taken has a possibility of being accepted in the
> future.
>
> Today the kernel has the following system keyrings: .builtin_trusted_keyring,
> .secondary_trusted_keyring, and the .machine.  It also has the .platform
> keyring which has limited capabilities; it can only be used to verify a kernel
> for kexec.

Would be nice to have a reminder of applications for secondary keyrings
use cases of today [1]. It is not entirely clear for me, given that I
need personally just the builtin and machine keyring. This is not the
same as saying that it would not be useful, but it would clarity to
scope it a bit in the current state of the art.

>
> Today the kernel also tracks key usage for verification done with any of these
> keys. Current verification usage includes: VERIFYING_MODULE_SIGNATURE,
> VERIFYING_FIRMWARE_SIGNATURE, VERIFYING_KEXEC_PE_SIGNATURE,
> VERIFYING_KEY_SIGNATURE, VERIFYING_KEY_SELF_SIGNATURE, and
> VERIFYING_UNSPECIFIED_SIGNATURE. After these usage types were originally
> introduced, most additions have typically used the
> VERIFYING_UNSPECIFIED_SIGNATURE.

Since there are so many why not just format them as a list here?

Maybe start the whole cover letter with exactly two lists:

1. All possible keyrings that are below described as "system keys",
   and their purpose and scope (briefly).
2. The above verification methods and exact same level of detail
   for each.

There's so much text here that maybe even subsections like:

Background
==========

<Those two lists>

Motivation
==========

<Motivation behind Clavis>

Solution
========

<Mechanics of Clavis>

Would make reviewing this heck a lot easier as you can then focus in one
of these three parts. And I guess I have a brain of a goldfish ;-)

[1] https://lore.kernel.org/all/20160407085915.29311.7484.stgit@warthog.procyon.org.uk/

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ