Migration to trusted keys: sealing user-provided key?
David Howells
dhowells at redhat.com
Mon Feb 1 17:04:22 UTC 2021
Jan Lübbe <jlu at pengutronix.de> wrote:
> > > ... But at this point, you can still do 'keyctl read' on that key, exposing
> > > the key material to user space.
> >
> > I wonder if it would help to provide a keyctl function to mark a key as being
> > permanently unreadable - so that it overrides the READ permission bit.
> >
> > Alternatively, you can disable READ and SETATTR permission - but that then
> > prevents you from removing other perms if you want to :-/
>
> That would mean using user type keys, right? Then we'd still have the core
> problem how a master key can be protected against simply reading it from
> flash/disk, as it would be unencrypted in this scenario.
It would apply to any type of key or keyring on which it was set. It would
cause keyctl_read() on a flagged key to return EPERM.
David
More information about the Linux-security-module-archive
mailing list