Dave Jiang <[email protected]> wrote: > Ok stupid question David. I'm attempting to use the logon-type key. I > have added this line to the request-key.conf: > create logon nvdimm* * /usr/sbin/nvdimm-upcall %k
Can you show me the whole file? Let me ask a stupid question too: Why do you need to call request_key()? As I understand it, you poke an attribute file in sysfs by writing "update" to it and this triggers a request_key() call. The kernel then links the key it found across to the internal keyring. You could instead require that the key be specified directly, ie. you write "update <keyid>" to the attribute file. The driver can then call key_lookup() to get the key - or, better still, we should make lookup_user_key() available so that you can call that - which will do a security check. Another advantage of doing this is that the old key is still available in the internal keyring until it gets replaced. So you can do your password change if you want to do it this way. On the other hand, requiring both the old and the new passwords to be supplied is probably better from a security point of view, so you could require them both to be included in the key. David _______________________________________________ Linux-nvdimm mailing list [email protected] https://lists.01.org/mailman/listinfo/linux-nvdimm
