Re: [patch 0/5] Add MMC password protection (lock/unlock) support

From: Carlos Aguiar
Date: Tue Dec 27 2005 - 13:49:59 EST

Next message: Jean Delvare: "Re: Sensors errors with 15-rc6, 15-rc5 was normal"
Previous message: Paolo Ornati: "[SCHED] Totally WRONG prority calculation with specific test-case(since 2.6.10-bk12)"
Next in thread: Anderson Lizardo: "Re: [patch 0/5] Add MMC password protection (lock/unlock) support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Anderson Lizardo wrote:

On 12/13/05, David Brownell <david-b@xxxxxxxxxxx> wrote:

Is there a writeup on how to hook this up with the key retention
infrastructure? I know many folk are unfamiliar with that, and
I seem to recall a need for some userspace tweaks. (Like SHA1
hashing of passphrases to generate MMC keys, and maybe storing
keys in some per-user file using some user interface.)

We have created a sample text-mode reference UI (using keyctl from the
keyutils[1] package to interface with the key retention service) that
shows how everything works together. We are setting up some web space
to put such UI (actually a set of shell scripts) and we will provide
links soon.

Regarding the userspace tweaks, we have not gone into this aspect, but
just provided the "core" kernel code. Usually, those integrating the
system will dictate policies regarding password hashing, persistent
caching etc. The policies for our reference UI were:

- no hashing (password is sent/stored clear-text)
- in-memory caching (so if the user reboots the system, the password
will have to be re-typed).

I think those policies can be done still on userspace, so the kernel
code remains "policy-free".

[1] http://people.redhat.com/~dhowells/keyutils/
--
Anderson Lizardo
Embedded Linux Lab - 10LE
Nokia Institute of Technology - INdT
Manaus - Brazil

Hi all,

As promised, you can find a simple text-mode reference UI for the MMC password protection
support, written in shell script, that shows how everything works together on the links below:

http://www.indt.org.br/10le/mmc_pwd/mmc_reference_ui-20051215.tar.gz
http://www.indt.org.br/10le/mmc_pwd/mmc_test-20051215.sh

BR,

Carlos Aguiar.

--
Carlos Eduardo
Software Engineer
Nokia Institute of Technology - INdT
Embedded Linux Laboratory - 10LE
Phone: +55 92 2126-1079
Mobile: +55 92 8127-1797
E-mail: carlos.aguiar@xxxxxxxxxxx

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jean Delvare: "Re: Sensors errors with 15-rc6, 15-rc5 was normal"
Previous message: Paolo Ornati: "[SCHED] Totally WRONG prority calculation with specific test-case(since 2.6.10-bk12)"
Next in thread: Anderson Lizardo: "Re: [patch 0/5] Add MMC password protection (lock/unlock) support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]