On February 16, 2024 8:53:01 AM PST, Roberto Sassu <roberto.sassu@xxxxxxxxxxxxxxx> wrote: >On Fri, 2024-02-16 at 16:44 +0000, Matthew Wilcox wrote: >> On Fri, Feb 16, 2024 at 04:24:33PM +0100, Petr Tesarik wrote: >> > From: David Howells <dhowells@xxxxxxxxxx> >> > >> > Implement a PGP data parser for the crypto key type to use when >> > instantiating a key. >> > >> > This parser attempts to parse the instantiation data as a PGP packet >> > sequence (RFC 4880) and if it parses okay, attempts to extract a public-key >> > algorithm key or subkey from it. >> >> I don't understand why we want to do this in-kernel instead of in >> userspace and then pass in the actual key. > >Sigh, this is a long discussion. > >PGP keys would be used as a system-wide trust anchor to verify RPM >package headers, which already contain file digests that can be used as >reference values for kernel-enforced integrity appraisal. > >With the assumptions that: > >- In a locked-down system the kernel has more privileges than root >- The kernel cannot offload this task to an user space process due to > insufficient isolation > >the only available option is to do it in the kernel (that is what I got >as suggestion). > >Roberto > > Ok, at least one of those assumptions is false, and *definitely* this approach seems to be a solution in search of a problem.
