diff options
| author | Lennart Poettering <lennart@poettering.net> | 2024-01-15 17:36:44 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2024-01-30 17:07:47 +0100 |
| commit | 48d67957d507c17009f804ec91bf459a674edab7 (patch) | |
| tree | 04442e4438420deb1152e6f2b1261be8bd005bff /src/pcrlock | |
| parent | Merge pull request #31121 from YHNdnzj/notify-man (diff) | |
| download | systemd-48d67957d507c17009f804ec91bf459a674edab7.tar.xz systemd-48d67957d507c17009f804ec91bf459a674edab7.zip | |
creds-util: add a concept of "user-scoped" credentials
So far credentials are a concept for system services only: to encrypt or
decrypt credential you must be privileged, as only then you can access
the TPM and the host key.
Let's break this up a bit: let's add a "user-scoped" credential, that
are specific to users. Internally this works by adding another step to
the acquisition of the symmetric encryption key for the credential: if a
"user-scoped" credential is used we'll generate an symmetric encryption
key K as usual, but then we'll use it to calculate
K' = HMAC(K, flags || uid || machine-id || username)
and then use the resulting K' as encryption key instead. This basically
includes the (public) user's identity in the encryption key, ensuring
that only if the right user credentials are specified the correct key
can be acquired.
Diffstat (limited to 'src/pcrlock')
| -rw-r--r-- | src/pcrlock/pcrlock.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/pcrlock/pcrlock.c b/src/pcrlock/pcrlock.c index 329153c65e..9a9da049b2 100644 --- a/src/pcrlock/pcrlock.c +++ b/src/pcrlock/pcrlock.c @@ -4268,6 +4268,7 @@ static int write_boot_policy_file(const char *json_text) { /* tpm2_hash_pcr_mask= */ 0, /* tpm2_pubkey_path= */ NULL, /* tpm2_pubkey_path_mask= */ 0, + UID_INVALID, &IOVEC_MAKE_STRING(json_text), CREDENTIAL_ALLOW_NULL, &encoded); |