Re: [RFC PATCH v3 00/13] Clavis LSM
From: Jarkko Sakkinen
Date: Tue Mar 04 2025 - 17:25:50 EST
On Mon, Mar 03, 2025 at 05:40:54PM -0500, Paul Moore wrote:
> On Fri, Feb 28, 2025 at 12:52 PM Eric Snowberg <eric.snowberg@xxxxxxxxxx> wrote:
> > > On Feb 28, 2025, at 9:14 AM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> > > On Fri, Feb 28, 2025 at 9:09 AM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
> > >> On Thu, 2025-02-27 at 17:22 -0500, Paul Moore wrote:
> > >>>
> > >>> I'd still also like to see some discussion about moving towards the
> > >>> addition of keyrings oriented towards usage instead of limiting
> > >>> ourselves to keyrings that are oriented on the source of the keys.
> > >>> Perhaps I'm missing some important detail which makes this
> > >>> impractical, but it seems like an obvious improvement to me and would
> > >>> go a long way towards solving some of the problems that we typically
> > >>> see with kernel keys.
> >
> > The intent is not to limit ourselves to the source of the key. The main
> > point of Clavis is to allow the end-user to determine what kernel keys
> > they want to trust and for what purpose, irrespective of the originating
> > source (.builtin_trusted, .secondary, .machine, or .platform). If we could
> > go back in time, individual keyrings could be created that are oriented
> > toward usage. The idea for introducing Clavis is to bridge what we
> > have today with kernel keys and allow them to be usage based.
>
> While it is unlikely that the current well known keyrings could be
> removed, I see no reason why new usage oriented keyrings could not be
> introduced. We've seen far more significant shifts in the kernel over
> the years.
Could we implement such change in a way that these new imaginary
(at this point) usage oriented keyrings would be used to create
the "legacy" keyrings?
>
> --
> paul-moore.com
>
BR, Jarkko