tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Support for multi-position electro-mechanical keylocks



While preparing a hardware workshop and playing with multi-position keylocks, I was reading out the keylock position using GPIO pins. I had the idea to structure this a bit more and integrate it with the operating system. Out of this, experimental support for keylocks was born. The attached diff, which is also online at http://www.netbsd.org/~mbalmer/diffs/keylock_03.diff , adds the following components:

- Generic support for keylocks in the kernel. The number of keylock positions and the current keylock position can be read from the kernel using two functions, userland can access them through the hw.keylock.npos and hw.keylock.pos sysctl variables.

- gpiolock(4) a driver for GPIO attached multi-position keylocks. The driver registers with the in-kernel keylock "subsystem".

- secmodel_keylock, a kauth(9) security model that authorizes based on the keylock "closedness". Wheter the rightmost (default) or leftmost position of the keylock means open can be controlled using the security.models.keylock.order sysctl variable (access to which will be protected later).

The enable this, "options KEYLOCK" and "options secmodel_keylock" must be set in the kernel configuration; to use the gpiolock(4) driver att a "gpiolock* at gpio?" line.

This is of course work in progress and in an experimental state. But it's a nice demonstration of what can be done with kauth(9).

Take care not to lock you out of your own system!         - Marc Balmer

Attachment: keylock_03.diff
Description: Binary data




Home | Main Index | Thread Index | Old Index