File:  [NetBSD Developer Wiki] / wikisrc / users / mbalmer / keylock.mdwn
Revision 1.4: download - view: text, annotated - select for diffs
Tue Dec 29 09:26:30 2009 UTC (12 years, 7 months ago) by mbalmer
Branches: MAIN
CVS tags: HEAD
Show source, not CVS log.

    1: [[!meta title="A Keylock Security Model for kauth(9)"]]
    2: 
    3: Recently, generic support for electro-mechanical multi-position keylocks
    4: in the kernel has been added to NetBSD.  Such locks can be turned into
    5: various positions, usually up to three or four position.  They come with
    6: a set of keys that are different in so far as not all positions can be
    7: reached with all keys (which key can go up to which position is called
    8: the "locking program").  With the new keylock support, such locks can be
    9: used to tinker with the kernel security, much like the traditional
   10: securelevel variable...
   11: 
   12: The number of keylock positions, the current keylock position, and the
   13: overall keylock state can be read within the kernel using a set of
   14: functions defined in
   15: [keylock.h](http://cvsweb.de.netbsd.org/cgi-bin/cvsweb.cgi/src/sys/dev/keylock.h?rev=HEAD)
   16: and userland
   17: can access them through the <b>hw.keylock</b> sysctl hierarchy.
   18: 
   19: The following components have been added:
   20: 
   21: * '''{{manual page|gpiolock|4|}}''' a driver for GPIO attached keylocks.
   22:  The driver registers with the in-kernel keylock "subsystem". See
   23: [gpiolock.c](http://cvsweb.de.netbsd.org/cgi-bin/cvsweb.cgi/src/sys/dev/gpio/gpiolock.c?rev=HEAD).
   24: 
   25: * <b>secmodel_keylock</b>, a {{manual page|kauth|9}} security model that
   26: authorizes based on the keylock "closedness".  Wheter the rightmost
   27: (default) or leftmost position of the keylock means open can be
   28: controlled using the '''hw.keylock.order''' sysctl variable. This
   29: variable can only be changed if the keylock state is OPEN. See
   30: [secmodel_keylock.c](http://cvsweb.de.netbsd.org/cgi-bin/cvsweb.cgi/src/sys/secmodel/keylock/secmodel_keylock.c?rev=HEAD).
   31: 
   32: The security model is started when a keylock driver registers and
   33: stopped when there is no more keylock driver.  The keylock security
   34: model is optional, keylock support can be used without the security
   35: model as well (e.g. to provide keylock state to a userland applications.
   36: Useful e.g. for POS applications).
   37: 
   38: The keylock state interpretation is done in
   39: [keylock.c](http://cvsweb.de.netbsd.org/cgi-bin/cvsweb.cgi/src/sys/dev/keylock.c?rev=HEAD)
   40: and not in the driver itself.  This
   41: allows for adding support for multiple keylocks in the future.  The
   42: hw.keylock.pos and hw.keylock.npos sysctl variable have debugging
   43: character, the hw.keylock.state variable reflects the state and should
   44: be used.
   45: 
   46: Currently, the keylock positions are interpreted as follows:  There are
   47: maximum four positions, OPEN, SEMIOPEN, SEMICLOSE, CLOSE.  What exactly
   48: that means leaves room for interpretation right now.... (experience will
   49: show what makes sense in the end).
   50: 
   51: To enable the keylock support, the keylock security model, and the
   52: {{manual page|gpiolock|4|}} driver, add the following lines to your
   53: kernel configuration file:
   54: 
   55: 	options KEYLOCK
   56: 	options secmodel_keylock
   57: 	gpiolock* at gpio?
   58: 
   59: Of course you must have at least one GPIO device in your system for the
   60: {{manual page|gpiolock|4|}} driver to work and the lock must be
   61: connected properly.
   62: 
   63: <b>Please keep in mind that this is an experimental feature...</b>

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb