| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f6be3ecad5695090658e49e8f456ae9e47d757c0.camel@linux.ibm.com>
Date: Sun, 05 Jan 2025 06:43:24 -0500
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Eric Snowberg <eric.snowberg@...cle.com>
Cc: "open list:SECURITY SUBSYSTEM" <linux-security-module@...r.kernel.org>,
David Howells <dhowells@...hat.com>,
David Woodhouse <dwmw2@...radead.org>,
"herbert@...dor.apana.org.au" <herbert@...dor.apana.org.au>,
"davem@...emloft.net" <davem@...emloft.net>,
Ard Biesheuvel
<ardb@...nel.org>,
"jarkko@...nel.org" <jarkko@...nel.org>,
"paul@...l-moore.com" <paul@...l-moore.com>,
"jmorris@...ei.org"
<jmorris@...ei.org>,
"serge@...lyn.com" <serge@...lyn.com>,
"roberto.sassu@...wei.com" <roberto.sassu@...wei.com>,
"dmitry.kasatkin@...il.com" <dmitry.kasatkin@...il.com>,
"mic@...ikod.net"
<mic@...ikod.net>,
"casey@...aufler-ca.com" <casey@...aufler-ca.com>,
"stefanb@...ux.ibm.com" <stefanb@...ux.ibm.com>,
"ebiggers@...nel.org"
<ebiggers@...nel.org>,
"rdunlap@...radead.org" <rdunlap@...radead.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"keyrings@...r.kernel.org" <keyrings@...r.kernel.org>,
"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
"linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>,
"linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>
Subject: Re: [RFC PATCH v3 03/13] clavis: Introduce a new system keyring
called clavis
Hi Eric,
On Fri, 2025-01-03 at 23:27 +0000, Eric Snowberg wrote:
> > > +config SECURITY_CLAVIS
> > > + bool "Clavis keyring"
> >
> > Isn't SECURITY_CLAVIS the new LSM? Why is the bool defined as just "Clavis
> > keyring"?
> >
> > > + depends on SECURITY
> > > + select SYSTEM_DATA_VERIFICATION
> > > + select CRYPTO_SHA256
> > > + help
> > > + Enable the clavis keyring. This keyring shall contain a single asymmetric key.
> > > + This key shall be linked to a key already contained in one of the system
> > > + keyrings (builtin, secondary, or platform). One way to add this key
> > > + is during boot by passing in the asymmetric key id within the "clavis=" boot
> > > + param. This keyring is required by the Clavis LSM.
> >
> > If SECURITY_CLAVIS is a new LSM, the 'help' shouldn't be limited to just the
> > clavis keyring, but written at a higher level describing the new LSM. For
> > example,
> >
> > This option enables the Clavis LSM, which provides the ability to configure and
> > enforce the usage of keys contained on the system keyrings -
> > .builtin_trusted_keys, .secondary_trusted_keys, .machine, and .platform
> > keyrings. The clavis LSM defines a keyring named "clavis", which contains a
> > single asymmetric key and the key usage rules.
> >
> > The single asymmetric key may be specified on the boot command line ...
> >
> > [The patch that introduces the key usage rules would add additional info here.]
> >
> > [The patch that adds the Documentatoin would add a reference here.]
>
> I went the route of creating the keyring in this patch and then introducing the
> LSM which uses it in a later patch. My reasoning was it can be tested
> independently. Also, I thought it would make it easier to review, since
> everything isn't contained within a single patch. I could look at combining
> them together if you think that would be better.
SECURITY_CLAVIS is not just about the CLAVIS keyring, right? The Kconfig can be
defined and used here, but eventually the SECURITY_CLAVIS "help" needs to be
updated to describe the new LSM.
thanks,
Mimi
Powered by blists - more mailing lists