Received: by 2002:a05:7412:1e0b:b0:fc:a2b0:25d7 with SMTP id kr11csp1236810rdb; Fri, 16 Feb 2024 09:10:05 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWTMQI+T/XP+vgJmMi4y+IWvE1pjxWmKKk0xUs0OT0c8WoenDgznmn8Elh95vZKAaxcSBb1q+/+CDitEdNjONLAPcGzm0zHvAQfwA/tww== X-Google-Smtp-Source: AGHT+IFMqpgG4fLP1FF0n7zDVwuxiL2Vq7bQrxBwqU2UUyAD8QMp+p846L2Dg6sahxkxbqxdyOCw X-Received: by 2002:a50:ab50:0:b0:563:fc63:e73d with SMTP id t16-20020a50ab50000000b00563fc63e73dmr1392974edc.11.1708103404883; Fri, 16 Feb 2024 09:10:04 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708103404; cv=pass; d=google.com; s=arc-20160816; b=Es7+dLHPVPq6+FtrT5SSpA2Jp8RSfEeYbGQ9L714hJ6gbfU52XwtbQg5BaJSAPuptM EUcv0SYKndIJy4l29HekF+NheDMyaB4GyFQNg9u6Cg2RFkqRXnNEsoEqDJWnAAzxGaJl oN+fw71SaTzbHnm/TvVw4qZcV0HIJOWVmSkelwgFlraK0smFV3mZznzw6zCGMy8rbXG/ Wa9EakeBGxiut6N+L+ROyu3mixGAoEKYJrNDQALVn1fnZUvhgUGVBHUTkaSiV5nw9AhN oNXl5aTQFpfD6NXblirLnU+MSzX/O9kraRFqyqCrzr2ORTcQD+92eWoV4p6Uk+DnU3Su KzVQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:references:in-reply-to :user-agent:subject:cc:to:from:date:dkim-signature:dkim-filter; bh=yE41dwzByXf5KF23clNh/IHW7SK625SXni353rbEmD4=; fh=7fyeshTgoupQ3bIPrRlpgxNbeQll7w/EGuAaF8alFuM=; b=AflLqiSdpXJOwvLMTi9NRCg6pInJCFP8vtNql8xBQe6z9EC5qAo75iaJkCvenaLf+T BwJUifa4j912PByEs4vC9inq9Mz0yDnV4um8NjXJUPmlHVedtyeB48jvp4ok2XszV3Db xHqWRWgLL5edoc89Pb27PMlVWaALf7VFWBEF/O6eLQLoyX1CGrwZsJIimuLsFNu5jGut rNjevz8PtNClydDQ+oCHwtDD6/Sg9Yi8Qvwp6eBScRB4941tZr+TLBT9djFaCb/iw2Zs lAo/G3yj5RfWhfOcE/VUIuUsym6mCap+bVtq0hWGnbPLk75nYg2hrubVS2XGumWJebgc yqng==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@zytor.com header.s=2024021201 header.b="S/cM9C8s"; arc=pass (i=1 spf=pass spfdomain=zytor.com dkim=pass dkdomain=zytor.com dmarc=pass fromdomain=zytor.com); spf=pass (google.com: domain of linux-kernel+bounces-69032-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-69032-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zytor.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id w6-20020a05640234c600b005638fa60d3esi125429edc.573.2024.02.16.09.10.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Feb 2024 09:10:04 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-69032-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@zytor.com header.s=2024021201 header.b="S/cM9C8s"; arc=pass (i=1 spf=pass spfdomain=zytor.com dkim=pass dkdomain=zytor.com dmarc=pass fromdomain=zytor.com); spf=pass (google.com: domain of linux-kernel+bounces-69032-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-69032-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zytor.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id A14061F222C9 for ; Fri, 16 Feb 2024 17:10:04 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C5883130AD9; Fri, 16 Feb 2024 17:09:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="S/cM9C8s" Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C5CFF12BF07; Fri, 16 Feb 2024 17:09:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708103387; cv=none; b=ayd1u/CFbkOkjHy3RrIxgn4E5dZhwvDhpQOs2PfGoWtoh7IeeQB0Hht/ez1bm3V0rKYk8D0iZrgWAzzsH1GXtnqqBVslsyYLrN5YYtKl92WGOGvbt9BTAIh622+2FRc/9mM2yS2d20QwsR7pL+m+PWRE/gLfal9gSyQOfvmCIYY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708103387; c=relaxed/simple; bh=eHCvsvK7FzSYW+2FVZi4jYh9j3AL+F2oTzbeXUur3NY=; h=Date:From:To:CC:Subject:In-Reply-To:References:Message-ID: MIME-Version:Content-Type; b=KQemAojXEZKFP2DQQSEf0l+WvtTESC9Q936wxiIi+o3Iw/PxCAf3JiANyMI3fEqfi5zlY4rNVEyW+UclEEgEPinzNLcIKbk9udjI5FTjbbcuaiSgbMKSGZ8IVAn9WVQq5gTX/pZ3Mf8X+qMm6ZDXQ59SAleEVJQjAhLG+5xeOuE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=S/cM9C8s; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Received: from [127.0.0.1] ([76.133.66.138]) (authenticated bits=0) by mail.zytor.com (8.17.2/8.17.1) with ESMTPSA id 41GH8CxZ2177841 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Fri, 16 Feb 2024 09:08:13 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 41GH8CxZ2177841 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2024021201; t=1708103295; bh=yE41dwzByXf5KF23clNh/IHW7SK625SXni353rbEmD4=; h=Date:From:To:CC:Subject:In-Reply-To:References:From; b=S/cM9C8syGe2Gd1h7OZtWYEh86Htb1CAw+qb17ipbI17JAYuVgsA8u2DTTv/rAvEg Hh3YNClUsDhVj/OpgIJCurvaZEZJsRy6YeLUEcQYyLufeGrtYAgkm726jqbutPEOPk 7GJD+X5wbOD3TJeqJ8tH9cQixad1uN/kyfxDYNUTLk+BD77p+xEg+u3g0qyH8DtIcn AitqPQz9BL0FEaYCQQ5McbLSUydiErVHqy5yaqmSPpnuaEOvWo55Qiqr0Ax1C1rRgj 9uMyJnSY7Ysel8VBdKp8JW9V+0Q6R5IhJDKMNn4ddndgudhXvZ8APOJ+O6+2LBuCdz vrndxYarlkWRA== Date: Fri, 16 Feb 2024 09:08:09 -0800 From: "H. Peter Anvin" To: Roberto Sassu , Matthew Wilcox , Petr Tesarik CC: Dave Hansen , =?UTF-8?Q?Petr_Tesa=C5=99=C3=ADk?= , Jonathan Corbet , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" , Andy Lutomirski , Oleg Nesterov , Peter Zijlstra , Xin Li , Arnd Bergmann , Andrew Morton , Rick Edgecombe , Kees Cook , "Masami Hiramatsu (Google)" , Pengfei Xu , Josh Poimboeuf , Ze Gao , "Kirill A. Shutemov" , Kai Huang , David Woodhouse , Brian Gerst , Jason Gunthorpe , Joerg Roedel , "Mike Rapoport (IBM)" , Tina Zhang , Jacob Pan , "open list:DOCUMENTATION" , open list , David Howells , Petr Tesarik Subject: Re: [RFC 6/8] KEYS: PGP data parser User-Agent: K-9 Mail for Android In-Reply-To: <5916fa3ac3d0ce2ade71e7ed1c9eb6923e374c1f.camel@huaweicloud.com> References: <20240216152435.1575-1-petrtesarik@huaweicloud.com> <20240216152435.1575-7-petrtesarik@huaweicloud.com> <5916fa3ac3d0ce2ade71e7ed1c9eb6923e374c1f.camel@huaweicloud.com> Message-ID: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On February 16, 2024 8:53:01 AM PST, Roberto Sassu wrote: >On Fri, 2024-02-16 at 16:44 +0000, Matthew Wilcox wrote: >> On Fri, Feb 16, 2024 at 04:24:33PM +0100, Petr Tesarik wrote: >> > From: David Howells >> >=20 >> > Implement a PGP data parser for the crypto key type to use when >> > instantiating a key=2E >> >=20 >> > This parser attempts to parse the instantiation data as a PGP packet >> > sequence (RFC 4880) and if it parses okay, attempts to extract a publ= ic-key >> > algorithm key or subkey from it=2E >>=20 >> I don't understand why we want to do this in-kernel instead of in >> userspace and then pass in the actual key=2E > >Sigh, this is a long discussion=2E > >PGP keys would be used as a system-wide trust anchor to verify RPM >package headers, which already contain file digests that can be used as >reference values for kernel-enforced integrity appraisal=2E > >With the assumptions that: > >- In a locked-down system the kernel has more privileges than root >- The kernel cannot offload this task to an user space process due to > insufficient isolation > >the only available option is to do it in the kernel (that is what I got >as suggestion)=2E > >Roberto > > Ok, at least one of those assumptions is false, and *definitely* this appr= oach seems to be a solution in search of a problem=2E