Support for multi-position electro-mechanical keylocks

[Marc Balmer <marc%msys.ch@localhost>]

While preparing a hardware workshop and playing with multi-position  
keylocks, I was reading out the keylock position using GPIO pins.  I  
had the idea to structure this a bit more and integrate it with the  
operating system.  Out of this, experimental support for keylocks was  
born.  The attached diff, which is also online at http://www.netbsd.org/~mbalmer/diffs/keylock_03.diff 
, adds the following components:

- Generic support for keylocks in the kernel.  The number of keylock  
positions and the current keylock position can be read from the kernel  
using two functions, userland can access them through the  
hw.keylock.npos and hw.keylock.pos sysctl variables.

- gpiolock(4) a driver for GPIO attached multi-position keylocks.  The  
driver registers with the in-kernel keylock "subsystem".

- secmodel_keylock, a kauth(9) security model that authorizes based on  
the keylock "closedness".  Wheter the rightmost (default) or leftmost  
position of the keylock means open can be controlled using the  
security.models.keylock.order sysctl variable (access to which will be  
protected later).

The enable this, "options KEYLOCK" and "options secmodel_keylock" must  
be set in the kernel configuration; to use the gpiolock(4) driver att  
a "gpiolock* at gpio?" line.

This is of course work in progress and in an experimental state.  But  
it's a nice demonstration of what can be done with kauth(9).

Take care not to lock you out of your own system!         - Marc Balmer

Attachment: keylock_03.diff
Description: Binary data