File:  [NetBSD Developer Wiki] / wikisrc / users / mbalmer / keylock.mdwn
Revision 1.1: download - view: text, annotated - select for diffs
Tue Dec 29 09:17:38 2009 UTC (12 years, 9 months ago) by mbalmer
Branches: MAIN
CVS tags: HEAD
Bring in content from wiki.netbsd.se

    1: # A Keylock Security Model for kauth(9)
    2: 
    3: Recently, generic support for electro-mechanical multi-position keylocks
    4: in the kernel has been added to NetBSD.  Such locks can be turned into
    5: various positions, usually up to three or four position.  They come with
    6: a set of keys that are different in so far as not all positions can be
    7: reached with all keys (which key can go up to which position is called
    8: the "locking program").  With the new keylock support, such locks can be
    9: used to tinker with the kernel security, much like the traditional
   10: securelevel variable...
   11: 
   12: The number of keylock positions, the current keylock position, and the
   13: overall keylock state can be read within the kernel using a set of
   14: functions defined in {{src|keylock.h|sys/dev/keylock.h|}} and userland
   15: can access them through the '''hw.keylock''' sysctl hierarchy.
   16: 
   17: The following components have been added:
   18: 
   19: * '''{{manual page|gpiolock|4|}}''' a driver for GPIO attached keylocks.
   20:  The driver registers with the in-kernel keylock "subsystem". See
   21: {{src|gpiolock.c|sys/dev/gpio/gpiolock.c}}.
   22: 
   23: * '''secmodel_keylock''', a {{manual page|kauth|9}} security model that
   24: authorizes based on the keylock "closedness".  Wheter the rightmost
   25: (default) or leftmost position of the keylock means open can be
   26: controlled using the '''hw.keylock.order''' sysctl variable. This
   27: variable can only be changed if the keylock state is OPEN. See
   28: {{src|secmodel_keylock.c|sys/secmodel/keylock/secmodel_keylock.c}}.
   29: 
   30: The security model is started when a keylock driver registers and
   31: stopped when there is no more keylock driver.  The keylock security
   32: model is optional, keylock support can be used without the security
   33: model as well (e.g. to provide keylock state to a userland applications.
   34: Useful e.g. for POS applications).
   35: 
   36: The keylock state interpretation is done in
   37: {{src|keylock.c|sys/dev/keylock.c}} and not in the driver itself.  This
   38: allows for adding support for multiple keylocks in the future.  The
   39: hw.keylock.pos and hw.keylock.npos sysctl variable have debugging
   40: character, the hw.keylock.state variable reflects the state and should
   41: be used.
   42: 
   43: Currently, the keylock positions are interpreted as follows:  There are
   44: maximum four positions, OPEN, SEMIOPEN, SEMICLOSE, CLOSE.  What exactly
   45: that means leaves room for interpretation right now.... (experience will
   46: show what makes sense in the end).
   47: 
   48: To enable the keylock support, the keylock security model, and the
   49: {{manual page|gpiolock|4|}} driver, add the following lines to your
   50: kernel configuration file:
   51: 
   52: 	options KEYLOCK
   53: 	options secmodel_keylock
   54: 	gpiolock* at gpio?
   55: 
   56: Of course you must have at least one GPIO device in your system for the
   57: {{manual page|gpiolock|4|}} driver to work and the lock must be
   58: connected properly.
   59: 
   60: Please keep in mind that this is an experimental feature...

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb