Explore the kernel keyring facility's expanded capabilities and learn how to implement keyring restrictions for userspace in this 28-minute conference talk by Mat Martineau from Intel. Dive into the evolution of the keyring facility, its generalization to support various key types, and the ability to configure restrictions from userspace. Discover how keyrings created by the keyctl API can be configured to verify signed x.509 asymmetric keys, and learn about real-world applications in the iNet Wireless Daemon (iwd) and Embedded Linux Library (ELL). Gain insights into using the keyring restriction userspace API with asymmetric keys, extending kernel key types for new userspace-configurable restrictions, and potential future developments. Cover topics such as keys and key types, keyring organization, restricted keyring use cases, software versions with userspace restrictions, and the makeup of restrict calls. Examine asymmetric restriction examples, including certificate verification, and understand the process of implementing restrict and lookup functions for key types and keyrings. Read more