From: Ben Boeckel <me@benboeckel.net>
To: David 'equinox' Lamparter <equinox@diac24.net>
Cc: keyrings@vger.kernel.org, David Howells <dhowells@redhat.com>,
Jarkko Sakkinen <jarkko@kernel.org>,
Steve French <sfrench@samba.org>,
Chuck Lever <chuck.lever@oracle.com>,
Mimi Zohar <zohar@linux.ibm.com>,
Paulo Alcantara <pc@manguebit.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Jeffrey Altman <jaltman@auristor.com>,
hch@infradead.org
Subject: Re: [RFC] Keyrings: How to make them more useful
Date: Mon, 21 Jul 2025 08:04:59 -0400 [thread overview]
Message-ID: <aH4s6w6AgEJ2LDVr@farprobe> (raw)
In-Reply-To: <aGKZUfjsj6kGs726@eidolon.nox.tf>
On Mon, Jun 30, 2025 at 16:04:01 +0200, David 'equinox' Lamparter wrote:
> * the trusted key / TPM bits are incredibly poorly documented. It's
> basically "cobble together things from old patch descriptions", e.g.
> https://marc.info/?l=linux-keyrings&m=160074197025246
> (I still have not figured out how to do this correctly. Some of that
> is to blame on the TPM bits, but not all.)
>
> I guess the kernel itself doesn't care about the blocking API, but for
> trusted keys... you'll have to tie things together from user space, and
> I don't see how anyone can do that, especially with any level of
> confidence that they didn't accidentally leave some wide-open hole (as
> in - you might well get something to work, but without docs you can't
> check you actually did it *right*.) This is really improving keyctl
> itself (i.e. how its commands are invoked) and also its documentation.
You may be interested in some of the work I've done here:
https://github.com/mathstuf/rust-keyutils
In particular:
https://github.com/mathstuf/rust-keyutils/blob/master/src/keytypes/trusted.rs
There are assorted issues and PRs that may be of interest for trusted
keys as well.
Unfortunately, I've not had the time to dedicate to it, so it has
languished a bit over time.
--Ben
next prev parent reply other threads:[~2025-07-21 12:05 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-12 12:36 [RFC] Keyrings: How to make them more useful David Howells
2025-06-12 14:10 ` Benjamin Coddington
2025-06-12 18:27 ` James Bottomley
2025-06-12 20:36 ` David Howells
2025-06-13 15:40 ` James Bottomley
2025-06-16 20:30 ` Mimi Zohar
2025-06-17 13:54 ` Jarkko Sakkinen
2025-06-30 14:04 ` David 'equinox' Lamparter
2025-07-21 12:04 ` Ben Boeckel [this message]
2025-07-21 14:55 ` David Howells
2025-07-21 15:58 ` David 'equinox' Lamparter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aH4s6w6AgEJ2LDVr@farprobe \
--to=me@benboeckel.net \
--cc=chuck.lever@oracle.com \
--cc=dhowells@redhat.com \
--cc=equinox@diac24.net \
--cc=hch@infradead.org \
--cc=herbert@gondor.apana.org.au \
--cc=jaltman@auristor.com \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=list.lkml.keyrings@me.benboeckel.net \
--cc=pc@manguebit.org \
--cc=sfrench@samba.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.