version 1.2, 2009/12/29 09:22:09
|
version 1.3, 2009/12/29 09:25:41
|
Line 14 overall keylock state can be read within
|
Line 14 overall keylock state can be read within
|
functions defined in |
functions defined in |
[keylock.h](http://cvsweb.de.netbsd.org/cgi-bin/cvsweb.cgi/src/sys/dev/keylock.h?rev=HEAD) |
[keylock.h](http://cvsweb.de.netbsd.org/cgi-bin/cvsweb.cgi/src/sys/dev/keylock.h?rev=HEAD) |
and userland |
and userland |
can access them through the <b>hw.keylock<b> sysctl hierarchy. |
can access them through the <b>hw.keylock</b> sysctl hierarchy. |
|
|
The following components have been added: |
The following components have been added: |
|
|
* '''{{manual page|gpiolock|4|}}''' a driver for GPIO attached keylocks. |
* '''{{manual page|gpiolock|4|}}''' a driver for GPIO attached keylocks. |
The driver registers with the in-kernel keylock "subsystem". See |
The driver registers with the in-kernel keylock "subsystem". See |
{{src|gpiolock.c|sys/dev/gpio/gpiolock.c}}. |
[gpiolock.c](http://cvsweb.de.netbsd.org/cgi-bin/cvsweb.cgi/src/sys/dev/gpio/gpiolock.c?rev=HEAD). |
|
|
* '''secmodel_keylock''', a {{manual page|kauth|9}} security model that |
* <b>secmodel_keylock</b>, a {{manual page|kauth|9}} security model that |
authorizes based on the keylock "closedness". Wheter the rightmost |
authorizes based on the keylock "closedness". Wheter the rightmost |
(default) or leftmost position of the keylock means open can be |
(default) or leftmost position of the keylock means open can be |
controlled using the '''hw.keylock.order''' sysctl variable. This |
controlled using the '''hw.keylock.order''' sysctl variable. This |
variable can only be changed if the keylock state is OPEN. See |
variable can only be changed if the keylock state is OPEN. See |
{{src|secmodel_keylock.c|sys/secmodel/keylock/secmodel_keylock.c}}. |
[secmodel_keylock.c](http://cvsweb.de.netbsd.org/cgi-bin/cvsweb.cgi/src/sys/secmodel/keylock/secmodel_keylock.c?rev=HEAD). |
|
|
The security model is started when a keylock driver registers and |
The security model is started when a keylock driver registers and |
stopped when there is no more keylock driver. The keylock security |
stopped when there is no more keylock driver. The keylock security |
Line 36 model as well (e.g. to provide keylock s
|
Line 36 model as well (e.g. to provide keylock s
|
Useful e.g. for POS applications). |
Useful e.g. for POS applications). |
|
|
The keylock state interpretation is done in |
The keylock state interpretation is done in |
{{src|keylock.c|sys/dev/keylock.c}} and not in the driver itself. This |
[keylock.c](http://cvsweb.de.netbsd.org/cgi-bin/cvsweb.cgi/src/sys/dev/keylock.c) |
|
and not in the driver itself. This |
allows for adding support for multiple keylocks in the future. The |
allows for adding support for multiple keylocks in the future. The |
hw.keylock.pos and hw.keylock.npos sysctl variable have debugging |
hw.keylock.pos and hw.keylock.npos sysctl variable have debugging |
character, the hw.keylock.state variable reflects the state and should |
character, the hw.keylock.state variable reflects the state and should |
Line 59 Of course you must have at least one GPI
|
Line 60 Of course you must have at least one GPI
|
{{manual page|gpiolock|4|}} driver to work and the lock must be |
{{manual page|gpiolock|4|}} driver to work and the lock must be |
connected properly. |
connected properly. |
|
|
Please keep in mind that this is an experimental feature... |
<b>Please keep in mind that this is an experimental feature...</b> |