- Rust 98.9%
- Linker Script 1.1%
| .github | ||
| src | ||
| .editorconfig | ||
| .gitignore | ||
| .markdownlint-cli2.yaml | ||
| ARCHITECTURE.md | ||
| Cargo.toml | ||
| CODE_OF_CONDUCT.md | ||
| CONTRIBUTING.md | ||
| LICENSE | ||
| linker.ld | ||
| README.md | ||
| ROADMAP.md | ||
| rustfmt.toml | ||
| SECURITY.md | ||
keyd
keyd is the private key and trust authority service for filesystem providers.
It is launched by rootd after ramfsd and before e2fsd, has no named
registration, and exists so encrypted and verity-capable filesystem media can
require explicit authority instead of ambient secrets.
EriX is a clean-room, capability-based microkernel operating system written entirely in Rust.
Technical requirements are tracked in the EriX requirements, conventions, and project documentation.
See:
- docs for design documents, specifications, and development plans.
- Related architecture repositories for kernel, services, libraries, drivers, and integration tooling.
Purpose of This Repository
This repository implements the EriX filesystem key authority service. Its purpose in EriX is to provide bounded private key and trust material to authorized filesystem providers.
Functionally, it loads configured key/trust rows, authorizes callers, serves bounded lookups, and explicitly scrubs material before removal. The repository keeps the implementation, interface contracts, tests, and documentation for that behavior in one reviewable ownership boundary.
The maintained responsibilities are:
- load bounded key and trust material from validated boot configuration
- authorize only private filesystem-provider callers for key and trust lookups
- parse runtime IPC requests in place from the receive buffer so lookup service does not retain oversized transient request copies
- zeroize held material on explicit request and shutdown paths before releasing the store slot
Clean-Room Policy
EriX follows a strict clean-room philosophy:
- No external source code may be copied.
- No external Rust crates are allowed.
- No code generation tools that embed third-party code.
- All code must be authored within the project.
Violations will result in rejection of the contribution.
License
All EriX repositories are licensed under the ISC License.
Development Model
EriX development is modular, deterministic, reproducible, authority-explicit, security-first, and self-hosting oriented.
This repository follows the project roadmap and the validation rules documented in its own roadmap.
Validation
cargo fmt --all -- --check
RUSTFLAGS="-D warnings" cargo clippy --all-targets --all-features -- -D warnings
RUSTFLAGS="-D warnings" cargo test --all-targets --all-features
Governance Principles
keyd governance is scoped to private filesystem key and trust-material
authority.
The scoped governance rules are:
- It loads only bounded, validated key and trust rows from boot configuration.
- It serves key and trust material only to authorized filesystem-provider callers.
- It must reject ambiguous, duplicate, overlong, wrong-kind, or wrong-caller requests.
- It zeroizes stored material on explicit zeroization and shutdown paths, and must not leave residual key bytes in released rows.
Authority Boundaries
keydhas no publicnamedentry and no ambient key discovery path.- Adding public key-management functions requires separate bounded IPC and caller authorization rules.
Contact
Development occurs in EriX organization and discussions happen in issues and design documents.
No decisions are considered valid without documented rationale.
Maintainers can be reached via email: admin@erikinkinen.fi.