Explore the kernel keyring facility's expanded capabilities and learn how to implement keyring restrictions for userspace in this 28-minute conference talk by Mat Martineau from Intel. Dive into the evolution of the keyring facility, its generalization to support various key types, and the ability to configure restrictions from userspace. Discover how keyrings created by the keyctl API can be configured to verify signed x.509 asymmetric keys, and learn about real-world applications in the iNet Wireless Daemon (iwd) and Embedded Linux Library (ELL). Gain insights into using the keyring restriction userspace API with asymmetric keys, extending kernel key types for new userspace-configurable restrictions, and potential future developments. Cover topics such as keys and key types, keyring organization, restricted keyring use cases, software versions with userspace restrictions, and the makeup of restrict calls. Examine asymmetric restriction examples, including certificate verification, and understand the process of implementing restrict and lookup functions for key types and keyrings.
Using and Implementing Keyring Restrictions for Userspace
Overview
Syllabus
Intro
Keys and key types
Keyrings: A key for organizing keys
The origin of keyring restrictions
A restricted keyring use case
Software versions with userspace restrictions
Makeup of the restrict call
Asymmetric Restriction Examples
Certificate verification
Additions to key types and keyrings
Choose a key type to use for restriction lookup
Implement restrict functions
Considerations for restrict functions
Implement a lookup function
Considerations for lookup functions
Other possibilities
Questions?
Taught by
Linux Foundation
