From: David 'equinox' Lamparter <equinox@diac24.net>
To: keyrings@vger.kernel.org
Cc: David Howells <dhowells@redhat.com>,
Jarkko Sakkinen <jarkko@kernel.org>,
Steve French <sfrench@samba.org>,
Chuck Lever <chuck.lever@oracle.com>,
Mimi Zohar <zohar@linux.ibm.com>,
Paulo Alcantara <pc@manguebit.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Jeffrey Altman <jaltman@auristor.com>,
hch@infradead.org
Subject: Re: [RFC] Keyrings: How to make them more useful
Date: Mon, 30 Jun 2025 16:04:01 +0200 [thread overview]
Message-ID: <aGKZUfjsj6kGs726@eidolon.nox.tf> (raw)
In-Reply-To: <462886.1749731810@warthog.procyon.org.uk>
[removed other lists from Cc:]
Hi all,
On Thu, Jun 12, 2025 at 01:36:50PM +0100, David Howells wrote:
> I think work needs to be done on the keyrings subsystem to make them more
> useful for network filesystems and other kernel services such as TLS and
> crypto.
As someone who has recently tried to use keyrings from userspace (in
order to bind key material to a TPM, and have it never enter user
memory), I would note two things here:
* the request_key() syscall seems to be blocking. Of course you can
work around that by creating a thread, but is it not possible to
create a better API?
* the trusted key / TPM bits are incredibly poorly documented. It's
basically "cobble together things from old patch descriptions", e.g.
https://marc.info/?l=linux-keyrings&m=160074197025246
(I still have not figured out how to do this correctly. Some of that
is to blame on the TPM bits, but not all.)
I guess the kernel itself doesn't care about the blocking API, but for
trusted keys... you'll have to tie things together from user space, and
I don't see how anyone can do that, especially with any level of
confidence that they didn't accidentally leave some wide-open hole (as
in - you might well get something to work, but without docs you can't
check you actually did it *right*.) This is really improving keyctl
itself (i.e. how its commands are invoked) and also its documentation.
Hope this isn't too negative as feedback,
equi
P.S.: I wish I could submit patches for this. I can't, because I don't
understand it.
next prev parent reply other threads:[~2025-06-30 14:04 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-12 12:36 [RFC] Keyrings: How to make them more useful David Howells
2025-06-12 14:10 ` Benjamin Coddington
2025-06-12 18:27 ` James Bottomley
2025-06-12 20:36 ` David Howells
2025-06-13 15:40 ` James Bottomley
2025-06-16 20:30 ` Mimi Zohar
2025-06-17 13:54 ` Jarkko Sakkinen
2025-06-30 14:04 ` David 'equinox' Lamparter [this message]
2025-07-21 12:04 ` Ben Boeckel
2025-07-21 14:55 ` David Howells
2025-07-21 15:58 ` David 'equinox' Lamparter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aGKZUfjsj6kGs726@eidolon.nox.tf \
--to=equinox@diac24.net \
--cc=chuck.lever@oracle.com \
--cc=dhowells@redhat.com \
--cc=hch@infradead.org \
--cc=herbert@gondor.apana.org.au \
--cc=jaltman@auristor.com \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=pc@manguebit.org \
--cc=sfrench@samba.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.