mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-26 04:16:39 +00:00
platform/x86: hp-bioscfg: Documentation
Update sysfs-class-firmware-attributes with hp-bioscfg information HP BIOS Configuration driver purpose is to provide a driver supporting the latest sysfs class firmware attributes framework allowing the user to change BIOS settings and security solutions on HP Inc.’s commercial notebooks. Signed-off-by: Jorge Lopez <jorge.lopez2@hp.com> Reviewed-by: Thomas Weißschuh <linux@weissschuh.net> Link: https://lore.kernel.org/r/20230608163319.18934-2-jorge.lopez2@hp.com Signed-off-by: Hans de Goede <hdegoede@redhat.com>
This commit is contained in:
parent
06c2afb862
commit
00d4b35212
1 changed files with 99 additions and 2 deletions
|
@ -22,6 +22,11 @@ Description:
|
|||
- integer: a range of numerical values
|
||||
- string
|
||||
|
||||
HP specific types
|
||||
-----------------
|
||||
- ordered-list - a set of ordered list valid values
|
||||
|
||||
|
||||
All attribute types support the following values:
|
||||
|
||||
current_value:
|
||||
|
@ -126,6 +131,21 @@ Description:
|
|||
value will not be effective through sysfs until this rule is
|
||||
met.
|
||||
|
||||
HP specific class extensions
|
||||
------------------------------
|
||||
|
||||
On HP systems the following additional attributes are available:
|
||||
|
||||
"ordered-list"-type specific properties:
|
||||
|
||||
elements:
|
||||
A file that can be read to obtain the possible
|
||||
list of values of the <attr>. Values are separated using
|
||||
semi-colon (``;``) and listed according to their priority.
|
||||
An element listed first has the highest priority. Writing
|
||||
the list in a different order to current_value alters
|
||||
the priority order for the particular attribute.
|
||||
|
||||
What: /sys/class/firmware-attributes/*/authentication/
|
||||
Date: February 2021
|
||||
KernelVersion: 5.11
|
||||
|
@ -206,7 +226,7 @@ Description:
|
|||
Drivers may emit a CHANGE uevent when a password is set or unset
|
||||
userspace may check it again.
|
||||
|
||||
On Dell and Lenovo systems, if Admin password is set, then all BIOS attributes
|
||||
On Dell, Lenovo and HP systems, if Admin password is set, then all BIOS attributes
|
||||
require password validation.
|
||||
On Lenovo systems if you change the Admin password the new password is not active until
|
||||
the next boot.
|
||||
|
@ -296,6 +316,15 @@ Description:
|
|||
echo "signature" > authentication/Admin/signature
|
||||
echo "password" > authentication/Admin/certificate_to_password
|
||||
|
||||
HP specific class extensions
|
||||
--------------------------------
|
||||
|
||||
On HP systems the following additional settings are available:
|
||||
|
||||
role: enhanced-bios-auth:
|
||||
This role is specific to Secure Platform Management (SPM) attribute.
|
||||
It requires configuring an endorsement (kek) and signing certificate (sk).
|
||||
|
||||
|
||||
What: /sys/class/firmware-attributes/*/attributes/pending_reboot
|
||||
Date: February 2021
|
||||
|
@ -311,7 +340,7 @@ Description:
|
|||
== =========================================
|
||||
0 All BIOS attributes setting are current
|
||||
1 A reboot is necessary to get pending BIOS
|
||||
attribute changes applied
|
||||
attribute changes applied
|
||||
== =========================================
|
||||
|
||||
Note, userspace applications need to follow below steps for efficient
|
||||
|
@ -364,3 +393,71 @@ Description:
|
|||
use it to enable extra debug attributes or BIOS features for testing purposes.
|
||||
|
||||
Note that any changes to this attribute requires a reboot for changes to take effect.
|
||||
|
||||
|
||||
HP specific class extensions - Secure Platform Manager (SPM)
|
||||
--------------------------------
|
||||
|
||||
What: /sys/class/firmware-attributes/*/authentication/SPM/kek
|
||||
Date: March 2023
|
||||
KernelVersion: 5.18
|
||||
Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
|
||||
Description:
|
||||
'kek' Key-Encryption-Key is a write-only file that can be used to configure the
|
||||
RSA public key that will be used by the BIOS to verify
|
||||
signatures when setting the signing key. When written,
|
||||
the bytes should correspond to the KEK certificate
|
||||
(x509 .DER format containing an OU). The size of the
|
||||
certificate must be less than or equal to 4095 bytes.
|
||||
|
||||
What: /sys/class/firmware-attributes/*/authentication/SPM/sk
|
||||
Date: March 2023
|
||||
KernelVersion: 5.18
|
||||
Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
|
||||
Description:
|
||||
'sk' Signature Key is a write-only file that can be used to configure the RSA
|
||||
public key that will be used by the BIOS to verify signatures
|
||||
when configuring BIOS settings and security features. When
|
||||
written, the bytes should correspond to the modulus of the
|
||||
public key. The exponent is assumed to be 0x10001.
|
||||
|
||||
What: /sys/class/firmware-attributes/*/authentication/SPM/status
|
||||
Date: March 2023
|
||||
KernelVersion: 5.18
|
||||
Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
|
||||
Description:
|
||||
'status' is a read-only file that returns ASCII text in JSON format reporting
|
||||
the status information.
|
||||
|
||||
"State": "not provisioned | provisioned | provisioning in progress",
|
||||
"Version": "Major.Minor",
|
||||
"Nonce": <16-bit unsigned number display in base 10>,
|
||||
"FeaturesInUse": <16-bit unsigned number display in base 10>,
|
||||
"EndorsementKeyMod": "<256 bytes in base64>",
|
||||
"SigningKeyMod": "<256 bytes in base64>"
|
||||
|
||||
What: /sys/class/firmware-attributes/*/attributes/Sure_Start/audit_log_entries
|
||||
Date: March 2023
|
||||
KernelVersion: 5.18
|
||||
Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
|
||||
Description:
|
||||
'audit_log_entries' is a read-only file that returns the events in the log.
|
||||
|
||||
Audit log entry format
|
||||
|
||||
Byte 0-15: Requested Audit Log entry (Each Audit log is 16 bytes)
|
||||
Byte 16-127: Unused
|
||||
|
||||
What: /sys/class/firmware-attributes/*/attributes/Sure_Start/audit_log_entry_count
|
||||
Date: March 2023
|
||||
KernelVersion: 5.18
|
||||
Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
|
||||
Description:
|
||||
'audit_log_entry_count' is a read-only file that returns the number of existing
|
||||
audit log events available to be read. Values are separated using comma. (``,``)
|
||||
|
||||
[No of entries],[log entry size],[Max number of entries supported]
|
||||
|
||||
log entry size identifies audit log size for the current BIOS version.
|
||||
The current size is 16 bytes but it can be up to 128 bytes long in future BIOS
|
||||
versions.
|
||||
|
|
Loading…
Reference in a new issue