> -Original Message-
> From: Eric Snowberg
> Sent: Monday, March 11, 2024 9:41 PM
> To: linux-security-mod...@vger.kernel.org
> Cc: dhowe...@redhat.com; dw...@infradead.org;
> herb...@gondor.apana.org.au; da...@davemloft.net; a...@kernel.org;
> jar...@kernel.org; p...@paul-moore.com; jm
On 3/11/24 09:11, Eric Snowberg wrote:
> In the future it is envisioned this LSM could be enhanced to provide
> access control for UEFI Secure Boot Advanced Targeting (SBAT). Using
> the same clavis= boot param and storing the additional contents within
> the new RT UEFI var, SBAT restrictions
> On Mar 11, 2024, at 1:18 PM, Jarkko Sakkinen wrote:
>
> On Mon Mar 11, 2024 at 6:11 PM EET, Eric Snowberg wrote:
>> + return -1;
>
> Missed this one: why a magic number?
Good point, I'll change this to return -ENOKEY. Thanks.
> On Mar 11, 2024, at 1:16 PM, Jarkko Sakkinen wrote:
>
> On Mon Mar 11, 2024 at 6:11 PM EET, Eric Snowberg wrote:
>> Introduce a new function to allow a keyring to link to a key contained
>> within one of the system keyrings (builtin, secondary, or platform).
>> Depending on how the kernel is
On Fri Mar 8, 2024 at 9:17 AM EET, David Gstir wrote:
> Hi Jarkko,
>
> > On 07.03.2024, at 20:30, Jarkko Sakkinen wrote:
>
> [...]
>
> >> +
> >> +static int trusted_dcp_init(void)
> >> +{
> >> + int ret;
> >> +
> >> + if (use_otp_key)
> >> + pr_info("Using DCP OTP key\n");
> >> +
> >> + ret = test
On Mon Mar 11, 2024 at 6:11 PM EET, Eric Snowberg wrote:
> + return -1;
Missed this one: why a magic number?
BR, Jarkko
On Mon Mar 11, 2024 at 6:11 PM EET, Eric Snowberg wrote:
> Introduce a new function to allow a keyring to link to a key contained
> within one of the system keyrings (builtin, secondary, or platform).
> Depending on how the kernel is built, if the machine keyring is
> available, it will be checked
Introduce a new LSM called clavis. The motivation behind this LSM is to
provide access control for system keys. The access control list is
contained within a keyring call .clavis. During boot if the clavis= boot
arg is supplied with a key id contained within any of the current system
keyrings (b
Introduce a new key type for keyring access control. The new key type
is called clavis_key_acl. The clavis_key_acl contains the subject key
identifer along with the allowed usage type for the key.
The format is as follows:
XX:YYY
XX - Single byte of the key type
VERIFYING_MODUL
Add two new fields in public_key_signature to track the intended usage of
the signature. Also add a flag for the revocation pass. During signiture
validation, two verifications can take place for the same signature. One
to see if it verifies against something on the .blacklist keyring and
the ot
Introduce a new LSM called Clavis (Latin word meaning key). The motivation
behind this LSM is to provide access control for system keys. Before spending
more time on this LSM, I am sending this as an RFC to start a discussion to see
if the current direction taken has a possibility of being accept
Add a new verification type called VERIFYING_CLAVIS_SIGNATURE. This new
usage will be used for validating keys added to the new clavis lsm keyring.
This will be introduced in a follow-on patch.
Signed-off-by: Eric Snowberg
---
crypto/asymmetric_keys/asymmetric_type.c | 1 +
crypto/asymmetric_ke
Use the new Clavis EFI RT variable to validate the clavis boot param didn't
change during a reboot. If the boot param is different or missing, use the
one stored in EFI instead. This will prevent a pivot in the root of trust
for the upcoming Clavis LSM.
Signed-off-by: Eric Snowberg
---
security/
Introduce a new system keyring called clavis. This keyring shall contain a
single asymmetric key. This key shall be a linked to a key already
contained in one of the system keyrings (builtin, secondary, or platform).
The only way to add this key is during boot by passing in the asymmetric
key id w
Introduce a new function to allow a keyring to link to a key contained
within one of the system keyrings (builtin, secondary, or platform).
Depending on how the kernel is built, if the machine keyring is
available, it will be checked as well, since it is linked to the secondary
keyring. If the asym
Add the ability for the clavis boot param to persist across kexec. This is
done by creating a RT variable before ExitBootServices is called. The new
variable is called Clavis with a new GUID
193ccef6-348b-4f1f-a81b-0ea4b899dbf2. This variable does not have NVRAM
set, signifying it was created dur
16 matches
Mail list logo
