Re: [RFC PATCH v3 00/13] Clavis LSM

From: Jarkko Sakkinen
Date: Tue Mar 04 2025 - 19:29:28 EST

Next message: Armin Wolf: "Re: [PATCH v2] platform/x86: samsung-galaxybook: Fix block_recording not supported logic"
Previous message: Melody Olvera: "[PATCH v2] arm64: dts: qcom: sm8750: Add BWMONs"
In reply to: Paul Moore: "Re: [RFC PATCH v3 00/13] Clavis LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Mar 04, 2025 at 07:25:13PM -0500, Paul Moore wrote:
> On Tue, Mar 4, 2025 at 5:25 PM Jarkko Sakkinen <jarkko@xxxxxxxxxx> wrote:
> > On Mon, Mar 03, 2025 at 05:40:54PM -0500, Paul Moore wrote:
> > > On Fri, Feb 28, 2025 at 12:52 PM Eric Snowberg <eric.snowberg@xxxxxxxxxx> wrote:
> > > > > On Feb 28, 2025, at 9:14 AM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> > > > > On Fri, Feb 28, 2025 at 9:09 AM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
> > > > >> On Thu, 2025-02-27 at 17:22 -0500, Paul Moore wrote:
> > > > >>>
> > > > >>> I'd still also like to see some discussion about moving towards the
> > > > >>> addition of keyrings oriented towards usage instead of limiting
> > > > >>> ourselves to keyrings that are oriented on the source of the keys.
> > > > >>> Perhaps I'm missing some important detail which makes this
> > > > >>> impractical, but it seems like an obvious improvement to me and would
> > > > >>> go a long way towards solving some of the problems that we typically
> > > > >>> see with kernel keys.
> > > >
> > > > The intent is not to limit ourselves to the source of the key. The main
> > > > point of Clavis is to allow the end-user to determine what kernel keys
> > > > they want to trust and for what purpose, irrespective of the originating
> > > > source (.builtin_trusted, .secondary, .machine, or .platform). If we could
> > > > go back in time, individual keyrings could be created that are oriented
> > > > toward usage. The idea for introducing Clavis is to bridge what we
> > > > have today with kernel keys and allow them to be usage based.
> > >
> > > While it is unlikely that the current well known keyrings could be
> > > removed, I see no reason why new usage oriented keyrings could not be
> > > introduced. We've seen far more significant shifts in the kernel over
> > > the years.
> >
> > Could we implement such change in a way that these new imaginary
> > (at this point) usage oriented keyrings would be used to create
> > the "legacy" keyrings?
>
> I think it would be easier for them to coexist so that one could have
> an easier migration. It's possible that even once everything was
> migrated to the new usage oriented keyrings it would still make sense
> to keep the existing keyrings in place and always link keys from there
> to the newer usage keyrings.

OK, so here I agree and disagree:

1. It probably does not port everything.
2. Still, we need to be sure that "can be done" condition is satisfied
for the sake of robustness.

>
> --
> paul-moore.com
>

BR, Jarkko

Next message: Armin Wolf: "Re: [PATCH v2] platform/x86: samsung-galaxybook: Fix block_recording not supported logic"
Previous message: Melody Olvera: "[PATCH v2] arm64: dts: qcom: sm8750: Add BWMONs"
In reply to: Paul Moore: "Re: [RFC PATCH v3 00/13] Clavis LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]