[RFC,v2,2/8] clavis: Introduce a new system keyring called clavis

From: Eric Snowberg <eric.snowberg@oracle.com>
To: linux-security-module@vger.kernel.org
Cc: dhowells@redhat.com, dwmw2@infradead.org, herbert@gondor.apana.org.au,
        davem@davemloft.net, ardb@kernel.org, jarkko@kernel.org,
        paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com,
        zohar@linux.ibm.com, roberto.sassu@huawei.com,
        dmitry.kasatkin@gmail.com, mic@digikod.net, casey@schaufler-ca.com,
        stefanb@linux.ibm.com, eric.snowberg@oracle.com, ebiggers@kernel.org,
        rdunlap@infradead.org, linux-kernel@vger.kernel.org,
        keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
        linux-efi@vger.kernel.org, linux-integrity@vger.kernel.org
Subject: [RFC PATCH v2 2/8] clavis: Introduce a new system keyring called
 clavis
Date: Thu, 30 May 2024 18:39:39 -0600
Message-ID: <20240531003945.44594-3-eric.snowberg@oracle.com>
In-Reply-To: <20240531003945.44594-1-eric.snowberg@oracle.com>
References: <20240531003945.44594-1-eric.snowberg@oracle.com>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
Precedence: bulk
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 +BbiMVPAf74C3csWw/Y+lslwfA7zvKOkRNyOF4HH/6qHAdW6SRMKMK1IM1YV0wo/ZCgH3HtRTVU3PlPWOLU4kUmKMCLFLlu1ZZfPqSR3LLHv++BA9V+fwNXQ1p6rFTCKPfMQggtgfGtG88dH/vYWaM2LEZwLhJyWr8FXsFkdpdV5q6Vz53FJZoNWUx6qpqGAI5eKhAz5zbYFoc6FhGMjzyrOPTHxIn1VtZkLjmFLjZRon5MxtzDbvhEj9t4xE4G16WXN/mT+1JMY/bjzkYgZvEmeCZPAsnMxxYrgi8Sz+/p7kOsxGUnF5a+ys2qbqW3uR+eXdkdbh/oABREJZOouRFSTppdQA5tTxNycLeo7wLD9/zagvyFJ8/yQqEwJG/2AF2PqBczsnERNh2Wa6VDvU5HfmgoOmcSzIHjgE5tvFAt/NBhs0wTgR4iIEE1azIGBEh+4h5n1tj/W/dtAnqg9SycCzdKQ0jtTp+0AwFZjn2V+Ll1cyVMfM3IPBgMOCeyOp3qiyrcbSnA6h4hEqaeO45/fjs89jCMQdPwpfJgCjKhHsiGlTC8bjV5FfHTh1nU0ha1LygC7fk/8Sb0cKv1zSaa3K5orkguHTS+/I7+AJAYB/dhDqdvtuOvW1Ui78U7obQ3NAt/sTeKBbSQgYaO1o8or97obCIEF2hN9Sll9zB5WPS7xPJTHANV3GaN5mNOKFAsySp73GgL+Ub+X5bZXFkflTHL+2XoxXgO/zTxZ2S71A0sN0hsFIwWE6jrkPE7/3tgoEJEhwmhqHo0ESBbq669Ib+uuUNKrm2ykUTjbXqiPH3Zdp16HG5x0CwzDh7A5CNgKzAkPtn8V1TBaTezoGkBX5royBKb3zHzB0y0S5dJJj3hpdm4297OUhRRi9oc2ev6/B9oYBj5r75FEY3gVGRIM86fk12xOmOJfWKuTinkPiYtUMQuQPo6TIBeuFqGqjvNWFDlW4yY2BLiljzKEYHdBoqb/Iis5iTEHgykzlMLYAx5hBjtgEViaUIZK2Tmr8qy4+rdPPdTcdxxtutaMyt6oQec+GqQ8YkivRiOlki+9MTVThIiYIVGnzbxoYKNi3/ZZF/uDh94imfl96UODKKnqjRI/1duVPaLtU1C9Xy+GnXSQs95PgkYDXvxF2II+tsEAaT7VaFMqD1DWWUWFh1s/wMm5g8zJ6HPuDfk2x909qO03pc3wgU4O37lvuRvvmtwL2dokN8toEArtxND0+Xy8TbyXeVbBMzGDFxVc2EMcp8BgNghgoqKQ5Pibr7+A4CbzOqOfFuDl2DH4pWCX+Jvt/vxZynk7EhoVUWM+qPw7iir1R4/vZsBCGRcltsojdgkX3qF0bWkoNDM95IZ3FykHz1p6ZTmbelGk3nC0eFc7mynp0TP9kROqmalrhOYAhS8YhSs05g3EkMERTlQ15/Zbmz13fze55CSm/jTxpb8x/xN8QbjBk00fh5BJAxE2kjfoKWYIUcAsfm3TvYx4aemWsocEIkEwFGPddJomX3RDfBSCms6ruDnRgdz/jHcaXAWs2YUQxoKQlyCCZNWwnJFZ3HvDpngHh+c0jGFBPOqkKySPOnJ2rf61zJbif5UksuWCJdomVhoGZeqiNuWC1Q==
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: 
	qBvq3YTLJ2eBf8dnxlooH5PcDHxC6fDRdOhupSHdrXJbYDeqQx5sD/IG1ybi/do3DtXWOCZY6K5BS8Dr0t90C6upBbkQ002nlMG9+7dy/3DiMsMd9sf6q6AUicuUzTFnCgbBEXkydQVOLmq+zcBwr4Wcaly3Rnx1qh8fstoHcJxI9vElDEfdOJjuko3cCgaJILCVvtSwsGtBk5F7gEgjE7IQADPmReqnTtL3TVNz++KDPlHTWWeuNWBwBWCZ9wbO5iDwMnnW6ZZcg9hitGNC1nsZcHHyXPjq/VQXQSxOieMM6ASr/eiT0JDp+CUdOCUieOnXsj30h4eQOORIYYFzPNJ+g2ZZVfS4d8IHbJz7y0YgkXJcMJQ/ubook1rxZeDMK3S9ci1oerXfqjJE2jMMlue6q3KywDXxZEbvPESg31r+JzX1Ee4+Y0ldQyBWqTPdfXP7dEno1m+kJRYRB7RsQRH1oOfqJFrDnvWIkPozZ4vf20WlMUtc3bayXRacKstDbx0azDo+hVTw0YIFXypyYhoTTv6sv8KU6k9KHGdy37nz8P+TosuNcjOasJp93xzX7qOMl2ACgttQHxr7n+UiE6rVZtZiDHe51Mk/2UEU9yg=
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 e4e6d531-44c5-4f93-8f58-08dc810a3202
X-MS-Exchange-CrossTenant-AuthSource: CH2PR10MB4150.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 May 2024 00:39:56.9822
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 Y/PKxEsqgLsUF3mQ/OMpxtn3NgdVQUYv1Xi8oky/SqsGC9Q5ozxrEGELrN45FTl5PSzmYqLn4gfCDzOTzjqvqs6mmefOwfqD/0HmJuOmcUU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR10MB4274
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.650,FMLib:17.12.28.16
 definitions=2024-05-30_21,2024-05-30_01,2024-05-17_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999
 mlxscore=0 adultscore=0
 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2405010000
 definitions=main-2405310002
X-Proofpoint-GUID: z83kbeWcYAJ0bCo1pPwtInD1CMiBskJI
X-Proofpoint-ORIG-GUID: z83kbeWcYAJ0bCo1pPwtInD1CMiBskJI

Message ID	20240531003945.44594-3-eric.snowberg@oracle.com
State	New
Headers	show Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 10310A3F; Fri, 31 May 2024 00:41:40 +0000 (UTC) From: Eric Snowberg <eric.snowberg@oracle.com> To: linux-security-module@vger.kernel.org Cc: dhowells@redhat.com, dwmw2@infradead.org, herbert@gondor.apana.org.au, davem@davemloft.net, ardb@kernel.org, jarkko@kernel.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, zohar@linux.ibm.com, roberto.sassu@huawei.com, dmitry.kasatkin@gmail.com, mic@digikod.net, casey@schaufler-ca.com, stefanb@linux.ibm.com, eric.snowberg@oracle.com, ebiggers@kernel.org, rdunlap@infradead.org, linux-kernel@vger.kernel.org, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-efi@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [RFC PATCH v2 2/8] clavis: Introduce a new system keyring called clavis Date: Thu, 30 May 2024 18:39:39 -0600 Message-ID: <20240531003945.44594-3-eric.snowberg@oracle.com> In-Reply-To: <20240531003945.44594-1-eric.snowberg@oracle.com> References: <20240531003945.44594-1-eric.snowberg@oracle.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: bulk MIME-Version: 1.0
Series	Clavis LSM \| expand [RFC,v2,0/8] Clavis LSM [RFC,v2,1/8] certs: Introduce ability to link to a system key [RFC,v2,2/8] clavis: Introduce a new system keyring called clavis [RFC,v2,3/8] efi: Make clavis boot param persist across kexec [RFC,v2,4/8] clavis: Prevent clavis boot param from changing during kexec [RFC,v2,5/8] keys: Add new verification type (VERIFYING_CLAVIS_SIGNATURE) [RFC,v2,6/8] keys: Add ability to track intended usage of the public key [RFC,v2,7/8] clavis: Introduce a new key type called clavis_key_acl [RFC,v2,8/8] clavis: Introduce new LSM called clavis

[RFC,v2,2/8] clavis: Introduce a new system keyring called clavis

Commit Message

Patch