Back To Schedule
Wednesday, August 21 • 2:00pm - 2:30pm
Using and Implementing Keyring Restrictions for Userspace - Mat Martineau, Intel *

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
The kernel keyring facility has grown in capability beyond its initial, limited support for x.509 certificate verification. It has been generalized to allow any key type to implement its own checks for allowable keys, and to configure these restrictions from userspace.

Keyrings created by the keyctl API can currently be configured to verify signed x.509 asymmetric keys as they are linked to a keyring. The iNet Wireless Daemon (iwd) and the underlying Embedded Linux Library (ELL) leverage this to validate certificate chains.

This presentation will cover use of the keyring restriction userspace API with asymmetric keys in today's kernel, how to extend kernel key types to support new userspace-configurable restrictions, and ideas for more capable and flexible restrictions in the future.

avatar for Mat Martineau

Mat Martineau

Software Engineer, Intel
Mat Martineau is a software engineer at Intel. He has contributed to the keyring and Bluetooth subsystems in the Linux kernel, and is currently working to upstream Multipath TCP for Linux. He has previously spoken at the NetDev Conference and the Intel Open Source Technology Summ... Read More →

Wednesday August 21, 2019 2:00pm - 2:30pm PDT
Sapphire D
  Short Topic
  • Session Slides Included Yes