Re: [RFC PATCH v3 00/13] Clavis LSM

From: Paul Moore
Date: Tue Mar 04 2025 - 19:23:24 EST

Next message: Ira Weiny: "Re: [PATCH v7 12/17] cxl/pci: Add error handler for CXL PCIe Port RAS errors"
Previous message: Fabrizio Castro: "[PATCH v5 5/6] dmaengine: sh: rz-dmac: Add RZ/V2H(P) support"
In reply to: Eric Snowberg: "Re: [RFC PATCH v3 00/13] Clavis LSM"
Next in thread: Eric Snowberg: "Re: [RFC PATCH v3 00/13] Clavis LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Mar 4, 2025 at 9:47 AM Eric Snowberg <eric.snowberg@xxxxxxxxxx> wrote:
> > On Mar 3, 2025, at 3:40 PM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> > On Fri, Feb 28, 2025 at 12:52 PM Eric Snowberg <eric.snowberg@xxxxxxxxxx> wrote:
> >>> On Feb 28, 2025, at 9:14 AM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> >>> On Fri, Feb 28, 2025 at 9:09 AM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
> >>>> On Thu, 2025-02-27 at 17:22 -0500, Paul Moore wrote:
> >>>>>
> >>>>> I'd still also like to see some discussion about moving towards the
> >>>>> addition of keyrings oriented towards usage instead of limiting
> >>>>> ourselves to keyrings that are oriented on the source of the keys.
> >>>>> Perhaps I'm missing some important detail which makes this
> >>>>> impractical, but it seems like an obvious improvement to me and would
> >>>>> go a long way towards solving some of the problems that we typically
> >>>>> see with kernel keys.
> >>
> >> The intent is not to limit ourselves to the source of the key. The main
> >> point of Clavis is to allow the end-user to determine what kernel keys
> >> they want to trust and for what purpose, irrespective of the originating
> >> source (.builtin_trusted, .secondary, .machine, or .platform). If we could
> >> go back in time, individual keyrings could be created that are oriented
> >> toward usage. The idea for introducing Clavis is to bridge what we
> >> have today with kernel keys and allow them to be usage based.
> >
> > While it is unlikely that the current well known keyrings could be
> > removed, I see no reason why new usage oriented keyrings could not be
> > introduced. We've seen far more significant shifts in the kernel over
> > the years.
>
> Could you further clarify how a usage oriented keyring would work? For
> example, if a kernel module keyring was added, how would the end-user
> add keys to it while maintaining a root of trust?

Consider it an exercise left to the reader :)

I imagine there are different ways one could do that, either using
traditional user/group/capability permissions and/or LSM permissions,
it would depend on the environment and the security goals of the
overall system.

--
paul-moore.com

Next message: Ira Weiny: "Re: [PATCH v7 12/17] cxl/pci: Add error handler for CXL PCIe Port RAS errors"
Previous message: Fabrizio Castro: "[PATCH v5 5/6] dmaengine: sh: rz-dmac: Add RZ/V2H(P) support"
In reply to: Eric Snowberg: "Re: [RFC PATCH v3 00/13] Clavis LSM"
Next in thread: Eric Snowberg: "Re: [RFC PATCH v3 00/13] Clavis LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]