[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e5399b47-5382-99e6-9a79-c0947a696917@schaufler-ca.com>
Date: Wed, 22 Jun 2022 15:29:01 -0700
From: Casey Schaufler <casey@...aufler-ca.com>
To: Nayna Jain <nayna@...ux.ibm.com>, linuxppc-dev@...ts.ozlabs.org,
linux-fsdevel@...r.kernel.org
Cc: linux-efi@...r.kernel.org,
linux-security-module <linux-security-module@...r.kernel.org>,
linux-kernel@...r.kernel.org,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Michael Ellerman <mpe@...erman.id.au>,
Dov Murik <dovmurik@...ux.ibm.com>,
George Wilson <gcwilson@...ux.ibm.com>, gjoyce@....com,
Matthew Garrett <mjg59@...f.ucam.org>,
Dave Hansen <dave.hansen@...el.com>,
Benjamin Herrenschmidt <benh@...nel.crashing.org>,
Paul Mackerras <paulus@...ba.org>,
Casey Schaufler <casey@...aufler-ca.com>
Subject: Re: [RFC PATCH v2 2/3] fs: define a firmware security filesystem
named fwsecurityfs
On 6/22/2022 2:56 PM, Nayna Jain wrote:
> securityfs is meant for linux security subsystems to expose policies/logs
> or any other information. However, there are various firmware security
> features which expose their variables for user management via kernel.
> There is currently no single place to expose these variables. Different
> platforms use sysfs/platform specific filesystem(efivarfs)/securityfs
> interface as find appropriate. Thus, there is a gap in kernel interfaces
> to expose variables for security features.
Why not put the firmware entries under /sys/kernel/security/firmware?
Powered by blists - more mailing lists