Hi Eric, On Thu, 2024-05-30 at 18:39 -0600, Eric Snowberg wrote: > Introduce a new LSM called Clavis (Latin word meaning key). The motivation > behind this LSM is to provide access control for system keys. Before spending > more time on this LSM, I am sending this as an RFC to start a discussion to see > if the current direction taken has a possibility of being accepted in the > future. > > Today the kernel has the following system keyrings: .builtin_trusted_keyring, > .secondary_trusted_keyring, and the .machine. It also has the .platform > keyring which has limited capabilities; it can only be used to verify a kernel > for kexec. Please start the cover letter with the problem description/motivation, not the solution.
