|
version 1.2, 2009/12/29 09:22:09
|
version 1.3, 2009/12/29 09:25:41
|
|
Line 14 overall keylock state can be read within
|
Line 14 overall keylock state can be read within
|
| functions defined in |
functions defined in |
| [keylock.h](http://cvsweb.de.netbsd.org/cgi-bin/cvsweb.cgi/src/sys/dev/keylock.h?rev=HEAD) |
[keylock.h](http://cvsweb.de.netbsd.org/cgi-bin/cvsweb.cgi/src/sys/dev/keylock.h?rev=HEAD) |
| and userland |
and userland |
| can access them through the <b>hw.keylock<b> sysctl hierarchy. |
can access them through the <b>hw.keylock</b> sysctl hierarchy. |
| |
|
| The following components have been added: |
The following components have been added: |
| |
|
| * '''{{manual page|gpiolock|4|}}''' a driver for GPIO attached keylocks. |
* '''{{manual page|gpiolock|4|}}''' a driver for GPIO attached keylocks. |
| The driver registers with the in-kernel keylock "subsystem". See |
The driver registers with the in-kernel keylock "subsystem". See |
| {{src|gpiolock.c|sys/dev/gpio/gpiolock.c}}. |
[gpiolock.c](http://cvsweb.de.netbsd.org/cgi-bin/cvsweb.cgi/src/sys/dev/gpio/gpiolock.c?rev=HEAD). |
| |
|
| * '''secmodel_keylock''', a {{manual page|kauth|9}} security model that |
* <b>secmodel_keylock</b>, a {{manual page|kauth|9}} security model that |
| authorizes based on the keylock "closedness". Wheter the rightmost |
authorizes based on the keylock "closedness". Wheter the rightmost |
| (default) or leftmost position of the keylock means open can be |
(default) or leftmost position of the keylock means open can be |
| controlled using the '''hw.keylock.order''' sysctl variable. This |
controlled using the '''hw.keylock.order''' sysctl variable. This |
| variable can only be changed if the keylock state is OPEN. See |
variable can only be changed if the keylock state is OPEN. See |
| {{src|secmodel_keylock.c|sys/secmodel/keylock/secmodel_keylock.c}}. |
[secmodel_keylock.c](http://cvsweb.de.netbsd.org/cgi-bin/cvsweb.cgi/src/sys/secmodel/keylock/secmodel_keylock.c?rev=HEAD). |
| |
|
| The security model is started when a keylock driver registers and |
The security model is started when a keylock driver registers and |
| stopped when there is no more keylock driver. The keylock security |
stopped when there is no more keylock driver. The keylock security |
|
Line 36 model as well (e.g. to provide keylock s
|
Line 36 model as well (e.g. to provide keylock s
|
| Useful e.g. for POS applications). |
Useful e.g. for POS applications). |
| |
|
| The keylock state interpretation is done in |
The keylock state interpretation is done in |
| {{src|keylock.c|sys/dev/keylock.c}} and not in the driver itself. This |
[keylock.c](http://cvsweb.de.netbsd.org/cgi-bin/cvsweb.cgi/src/sys/dev/keylock.c) |
| |
and not in the driver itself. This |
| allows for adding support for multiple keylocks in the future. The |
allows for adding support for multiple keylocks in the future. The |
| hw.keylock.pos and hw.keylock.npos sysctl variable have debugging |
hw.keylock.pos and hw.keylock.npos sysctl variable have debugging |
| character, the hw.keylock.state variable reflects the state and should |
character, the hw.keylock.state variable reflects the state and should |
|
Line 59 Of course you must have at least one GPI
|
Line 60 Of course you must have at least one GPI
|
| {{manual page|gpiolock|4|}} driver to work and the lock must be |
{{manual page|gpiolock|4|}} driver to work and the lock must be |
| connected properly. |
connected properly. |
| |
|
| Please keep in mind that this is an experimental feature... |
<b>Please keep in mind that this is an experimental feature...</b> |
![[BACK]](/icons/back.gif){kind=icon}
Return to keylock.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / users / mbalmer