On Thu, Sep 02, 2021 at 08:19:51AM -0700, James Bottomley wrote: > On Thu, 2021-09-02 at 17:05 +0200, Greg KH wrote: > > On Thu, Sep 02, 2021 at 07:35:10AM -0700, James Bottomley wrote: > > > On Thu, 2021-09-02 at 14:57 +0200, Greg KH wrote: > > > [...] > > > > Wait, why are you using securityfs for this? > > > > > > > > securityfs is for LSMs to use. > > > > > > No it isn't ... at least not exclusively; we use it for non LSM > > > security purposes as well, like for the TPM BIOS log and for > > > IMA. What makes you think we should start restricting securityfs > > > to LSMs only? That's not been the policy up to now. > > > > Well that was the original intent of the filesystem when it was > > created, but I guess it's really up to the LSM maintainers now what > > they want it for. > > > > > > If you want your own filesystem to play around with stuff like > > > > this, great, write your own, it's only 200 lines or less these > > > > days. We used to do it all the time until people realized they > > > > should just use sysfs for driver stuff. > > > > > > This is a security purpose (injected key retrieval), so securityfs > > > seems to be the best choice. It's certainly possible to create a > > > new filesystem, but I really think things with a security purpose > > > should use securityfs so people know where to look for them. > > > > knowing where to look should not be an issue, as that should be > > documented in Documentation/ABI/ anyway, right? > > > > It's just the overlap / overreach of using an existing filesystem for > > things that don't seem to be LSM-related that feels odd to me. > > > > Why not just make a cocofs if those people want a filesystem > > interface? > > It's 200 lines or so these days, if not less, and that way you only > > mount what you actually need for the system. > > Secrets transfer is actually broader than confidential computing, > although confidential computing is a first proposed use, so I think > cocofs would be too narrow. > > > Why force this into securityfs if it doesn't have to be? > > It's not being forced. Secrets transfer is a security function in the > same way the bios log is. Is the bios log in securityfs today? Anyway, it's up to the securityfs maintainer (i.e. not me), but personally, I think this should be a separate filesystem as that would probably make things easier in the long run... good luck! greg k-h
