[RFC,v3,07/13] keys: Add ability to track intended usage of the public key

From: Eric Snowberg <eric.snowberg@oracle.com>
To: linux-security-module@vger.kernel.org
Cc: dhowells@redhat.com, dwmw2@infradead.org, herbert@gondor.apana.org.au,
        davem@davemloft.net, ardb@kernel.org, jarkko@kernel.org,
        paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com,
        zohar@linux.ibm.com, roberto.sassu@huawei.com,
        dmitry.kasatkin@gmail.com, mic@digikod.net, casey@schaufler-ca.com,
        stefanb@linux.ibm.com, eric.snowberg@oracle.com, ebiggers@kernel.org,
        rdunlap@infradead.org, linux-kernel@vger.kernel.org,
        keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
        linux-efi@vger.kernel.org, linux-integrity@vger.kernel.org
Subject: [RFC PATCH v3 07/13] keys: Add ability to track intended usage of the
 public key
Date: Thu, 17 Oct 2024 09:55:10 -0600
Message-ID: <20241017155516.2582369-8-eric.snowberg@oracle.com>
In-Reply-To: <20241017155516.2582369-1-eric.snowberg@oracle.com>
References: <20241017155516.2582369-1-eric.snowberg@oracle.com>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
Precedence: bulk
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 yObkmPhmGnVtIuX6ujBIM0L7MRwByaXRtVtUNV1M70n52Yr6cErwcxmP2HbZZJD/ZD/iwb3bTQ4D8/k2JWq6dE7t9Z2GwGBnBeY3RQ2uaH6+91jCK8rQIoP0GxRcIUPjiufkJ+DeoGDACqPnKZxI2N/F26YOcAwi5k/SIkXyjAT0K8B57/Npp8GGjNS01k3HOyRpFyNi4aWEea9rxDLoAlkqamWB3uii9tiCqDhTZlGB1GEsqb+bLtBcPWLq7W1bJIoVi/jzcgV2ynLXpzk8+n+dK0gzedCohGotM/kceR+rL9TpdHJXys/rDU0AyuIAw37bGJCZoGIB7+yKM9tDw5KxZ3XJyY64tBu9ptKBqpBGUOYvnJLQEE3pWl43W+2ypjqy68EZ40NZ3eq1JTlOzr1v/WCdEzhHLnnEHk+he38XblW11652WW1/ulIGIj0jz5TJL05hp9mNAvqgX6zhSXHzpI8PM4FmVe5y33j2rXrDhT79ZiYA7nDvEI80eMeMBic/5uznGbI7ogHufGnODjvQ/5Wjcjx8FfTjbKtpGGmP/kjP3cci6mGyPBvIt8vee9y7Ie3vGPHDp19Q/oc66QoZuY3EOg3ttV+pTqSKwt96m9Bvv6GlmI/MmEUwwtCpyrBHoDLwyB1HB2sig7Bb6GLmWVoV32U/EWxXHrAQEwccIv9u3gZINcg0umLbe5Kj4xLVu3L1hZCHSKX4qLimebXbm2FSqBlJMlIHbqGmXtYQXaMxP1iK9m+6lpeyN/5aZ9FM28I6/01Yl+IwV5/yQ3nklv3Lk5SNNsGGHHDD41ErOGrv6QNIG09Syno3JuZJoSULPrdlfRGothQFOO1x62VPksxDW03qKbA8yM1W8D8scFJePZPWgFRD+srDqBhiYl+PTEX6sQFjFvVVZO4mXSM4fV0E4xtL4I4OD7FFpVXTiD3pHUN0aRNinp4xAULPbqdTP32hVvO62Y9fUOosusIMPeaIwPjRRKD4RFzhH5LBYyF81tu0aXq3bjzbXFZuQYTynV1BDnKXkxF8Tha3BlVlnS9MVQoodxDwj1L25gRWGH3iPWeE7i7MwpK+Fx29OiU11h0aSAoV7l3thyBUsnHFeiDl38ytbYpsmCcI/DSoAQiLqbatB0JSP8AkOw9RIQN7MmlzdncNepZlGsrCB+AS6VToBkfTPvtcAUOpo9kwhK6hzjR7f0cW9KEduofnNQB706ZFbwOkd+9xG0Ssc5eXOn2Vld6gZ8bvl8A43bfqwsdqrcfp65fnTm9BBNOVRPGh0/MHnzWw6TXNCHoRWNfqhfFWWfHPUOxXmOKSrrixX6xmD14P6Ljp9bmuz13Vcc/J+FUnm1zp4uujVvAMSmQ9CZQPHxov1Dj5hf8E2CINczq6wVAvSDOhpxRMXbIemWpWUwPVUTQAcoRyIKWD1+wnPQDrU1WiIZgcF97oX2gaoHTHDb2GLfYO0zzz9brIUBJ+m6YIP6BpEyrGh1MHxWKidaF6tbZLlQ5hxVRypa3BNNgJxc01FAvvnrCGhNpPiTkb+ht5arM2FfPI2Jt4I8zQApDjTdvqqgnmAw8P82njQ5FCKyYeEAb0Z7A51Z5pPyr9ynh6Hxk8GynKdrKglw==
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: 
	Dtc7a372gRqnBZWn9RId5zo//6XBbtD79OUGJcfxpaidfuH1F+owN5l/PFbL3JYa+vwlCXdnvJ+Fs8yP88XMQXoP9LUOAAwtdbksILP2ZW2Sv8xLJbwgbYYV4kRZdt4II+eb2jyOlGKzETIOnfXD7DwK1sxQC5bexWG1V9IbJbI0HWEpvQILptEpZL2Mai6U/3H25eIJqV4ejxmlFQLWwD24uKP1LGX5YTTPoLN/3ZgtdB/HVUsnpHBE/EcTd/wjRsX3ftQnFA3CztU2udJmA3NXwO+w5bR0PvqvtHeF2gJeEii7lajzY3AnLZChmfCYzl/P4Hrth+kHoeL2/UUxn2wRdevLCjUNRuvCr1sdLjQw7K5oAybeEaEUODTxUa/o8qvi4JUsnajzs5UJZ79YgLAOlEFG4TUBuiGOo/lWsHz3IiOSchxIUFVmuDY8XLlTtDmw52w8PkatHcqPsL8Sopszof/0tvTfI+PuVytdaHLNsvTwgdBDakzOYhtXdPDumTL2VrHfZy6tmd6Lw2jA2iodqR7Uwx2SiSLKfIe/u9c+IfNF+WMNWXZRKRrPlrDRxsLkYpz/vvx7JqGv1wKz63OYdb9c5cGktiZKSLIh5Ug=
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 b2d4ef8c-5e71-449a-83f1-08dceec431bb
X-MS-Exchange-CrossTenant-AuthSource: PH7PR10MB7730.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Oct 2024 15:55:59.6684
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 JSe52VJFLNZuVV1p6dbty90ej+G8FkcNhx512LJLpcQT7xYpsX9SvpVLXoaLiUoXJpmddIKBsfPfHbhz3RPFyHX8lMK791QqiLikoc5nSAg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV8PR10MB7967
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30
 definitions=2024-10-17_18,2024-10-17_01,2024-09-30_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0
 malwarescore=0 adultscore=0
 bulkscore=0 spamscore=0 mlxlogscore=999 phishscore=0 suspectscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2409260000
 definitions=main-2410170110
X-Proofpoint-GUID: zmLgbRBLLgQcn3q7s-NuzCni-neCwCal
X-Proofpoint-ORIG-GUID: zmLgbRBLLgQcn3q7s-NuzCni-neCwCal

Message ID	20241017155516.2582369-8-eric.snowberg@oracle.com
State	New
Headers	show Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2E3A91DFE2A; Thu, 17 Oct 2024 15:56:55 +0000 (UTC) From: Eric Snowberg <eric.snowberg@oracle.com> To: linux-security-module@vger.kernel.org Cc: dhowells@redhat.com, dwmw2@infradead.org, herbert@gondor.apana.org.au, davem@davemloft.net, ardb@kernel.org, jarkko@kernel.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, zohar@linux.ibm.com, roberto.sassu@huawei.com, dmitry.kasatkin@gmail.com, mic@digikod.net, casey@schaufler-ca.com, stefanb@linux.ibm.com, eric.snowberg@oracle.com, ebiggers@kernel.org, rdunlap@infradead.org, linux-kernel@vger.kernel.org, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-efi@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [RFC PATCH v3 07/13] keys: Add ability to track intended usage of the public key Date: Thu, 17 Oct 2024 09:55:10 -0600 Message-ID: <20241017155516.2582369-8-eric.snowberg@oracle.com> In-Reply-To: <20241017155516.2582369-1-eric.snowberg@oracle.com> References: <20241017155516.2582369-1-eric.snowberg@oracle.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: bulk MIME-Version: 1.0
Series	Clavis LSM \| expand [RFC,v3,00/13] Clavis LSM [RFC,v3,01/13] certs: Remove CONFIG_INTEGRITY_PLATFORM_KEYRING check [RFC,v3,02/13] certs: Introduce ability to link to a system key [RFC,v3,03/13] clavis: Introduce a new system keyring called clavis [RFC,v3,04/13] keys: Add new verification type (VERIFYING_CLAVIS_SIGNATURE) [RFC,v3,05/13] clavis: Introduce a new key type called clavis_key_acl [RFC,v3,06/13] clavis: Populate clavis keyring acl with kernel module signature [RFC,v3,07/13] keys: Add ability to track intended usage of the public key [RFC,v3,08/13] clavis: Introduce new LSM called clavis [RFC,v3,09/13] clavis: Allow user to define acl at build time [RFC,v3,10/13] efi: Make clavis boot param persist across kexec [RFC,v3,11/13] clavis: Prevent boot param change during kexec [RFC,v3,12/13] clavis: Add function redirection for Kunit support [RFC,v3,13/13] clavis: Kunit support

[RFC,v3,07/13] keys: Add ability to track intended usage of the public key

Commit Message

Comments

Patch