Re: what keylock(4) actually does for netbsd?

[Marc Balmer <marc%msys.ch@localhost>]

Am 10.08.2009 um 08:40 schrieb matthew green:

>   I described the purpose of keylocks in my first post.
>
>
> what i have not yet seen described is what keylocks mean to netbsd.
> you've got a secmodel.  what does it do?  what operations is it
> hooked into?  how can i use this code?

That is the experimental part.  Right now it somewhat mimics the  
securelevel secmodel.  The intention is to work with this and refine  
the secmodel over time.  Controlling kernel level security using a  
hardware device is a new concept and needs some experimentation and  
research.  That is the reason why I keep saying it is experimental.

The idea is that maybe two or three people could become interested in  
this and buy locks and hook them to a system.  And while you "play"  
with it you'll find suddenly what key positions could mean wrt security.

The code actually has two "outputs":  One interface is inside the  
kernel, for e.g. the secmodel_keylock to query the state, the second  
interface are sysctl variables that allow the lock state to be queried  
from userland.

> what's the actual use case you have in mind?

Rigth now two very specific ones:

a)  POS terminals where the keylock defines the level you have on the  
system.

b) A system with two locks that only can be operated when both locks  
are in the right position (with two people having a key each).  Maybe  
a firewall whose rules can only be changed if the keys are in a  
certain position.  Actually two locks are not supported yet, that  
would be one of the next steps.

And a third use case I wanted to use this in a workshop next week to  
demonstrate a few things, but I will drop that, I guess.

> please reply on tech-kern -- i know that several others have been
> asking the same questions (including on that list) and it would
> be good to get the answer for everyone.

tech-kern CC'ed as per your request.