[$] memfd_secret() in 5.14
The memfd_secret() system call has, in one form or another, beencovered here since February 2020. In thebeginning, it was a flag to memfd_create(),but its functionality was later moved to a separate system call. Therehave been many changes during this feature's development, but its corepurpose remains the same: allow a user-space process to create a range of memory that isinaccessible to anybody else - kernel included. That memory can be used tostore cryptographic keys or any other data that must not be exposed toothers. This new system call was finally merged for the upcoming 5.14release; what follows is a look at the form this call will take in themainline kernel.