- Generic support for keylocks in the kernel. The number of keylock positions and the current keylock position can be read from the kernel using two functions, userland can access them through the hw.keylock.npos and hw.keylock.pos sysctl variables.
- gpiolock(4) a driver for GPIO attached multi-position keylocks. The driver registers with the in-kernel keylock "subsystem".
- secmodel_keylock, a kauth(9) security model that authorizes based on the keylock "closedness". Wheter the rightmost (default) or leftmost position of the keylock means open can be controlled using the security.models.keylock.order sysctl variable (access to which will be protected later).
The enable this, "options KEYLOCK" and "options secmodel_keylock" must be set in the kernel configuration; to use the gpiolock(4) driver att a "gpiolock* at gpio?" line.
This is of course work in progress and in an experimental state. But it's a nice demonstration of what can be done with kauth(9).
Take care not to lock you out of your own system! - Marc Balmer
Description: Binary data