[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAOOmCE-u4bsjQa0-TG7hLntvPULLenEgO5V2LKhnmM6LPxdTaA@mail.gmail.com>
Date: Tue, 18 Apr 2023 10:43:17 -0500
From: Jorge Lopez <jorgealtxwork@...il.com>
To: Thomas Weißschuh <thomas@...ch.de>
Cc: hdegoede@...hat.com, platform-driver-x86@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v9] HP BIOSCFG driver - Documentation
Hi Thomas,
On Fri, Apr 14, 2023 at 3:36 PM Thomas Weißschuh <thomas@...ch.de> wrote:
>
> On 2023-04-14 15:00:02-0500, Jorge Lopez wrote:
> > On Fri, Apr 14, 2023 at 10:27 AM <thomas@...ch.de> wrote:
> > > On 2023-04-12 09:48:21-0500, Jorge Lopez wrote:
> > > > [..]
> > > >
> > > > +What: /sys/class/firmware-attributes/*/authentication/SPM/statusbin
> > > > +Date: March 29
> > > > +KernelVersion: 5.18
> > > > +Contact: "Jorge Lopez" <jorge.lopez2@...com>
> > > > +Description: 'statusbin' is a read-only file that returns 'status' information
> > > > + in binary format. This file provides a mechanism for components
> > > > + downstream (e.g. Recovery Agent) can read the status and public
> > > > + key modulus.
> > >
> > > This is still missing docs about how to interpret the contents of the
> > > "statusbin" file.
> > >
> > > "components downstream" -> userspace.
> > >
> >
> > I will provide the details in Version 10. Additionally, I am working
> > with the architect to understand the need for 'statusbin' in their
> > upcoming features.
Statusbin is one attribute we can drop but will require changes how
'status' data is reported (JSON format).
>
> If the userspace component is not ready maybe this can be delayed for a
> future patchset?
> The basic features should already be useful with a generic client like
> fwupd.
> Doing it in steps should be faster both in development and wall time.
The interaction with fwupd and support is a goal for future patches
for hp-bioscfg. Initially, We want to establish the proper and basic
framework to enable the security and BIOS configuration features by
leveraging firmware-attributes framework. No testing with fwupd
tool has taken place since hp-bioscfg is not associated with a
specific device
>
> > > I think we can start with the code review.
> > >
> >
> > I will send all files with Version 10. To aid in the review process,
> > I will keep all ..c in separate reviews. It is less confusing that
> > way since there is commonality between them
> >
> > > Could you also provide a sample of the attribute files?
> > > I'm especially curious about the different instances of the sure-start
> > > attributes, including current_value, possible_values and the auditlog
> > > properties.
> > >
> >
> > What type of sample are you looking for.? I can provide you with a
> > tree display of all attributes and some output samples for different
> > attribute types.
>
> That sounds great.
Attached is a copy of three files for your review.
tree-view.log -- tree view of all
attributes/authentication files reported by hp-bioscfg
authentication.log -- List of all authentication attributes and
corresponding file output. The data includes SPM (statusbin, status)
attributes-sample.log -- Reduced list of attributes including a
sample output for each attribute type. (string, enumeration,
ordered-list, integer, Sure_Start, pending_reboot) Sure_Start
includes the output captured for audit_log_entries and
audit_log_entry_count.
In addition, I captured the hex output for statusbin and
audit_log_entries if you are interested to go over them.
Binary-dump-statusbin-auditlog.log
>
> > I will include sure-start attributes, including current_value,
> > possible_values and the audit log properties. Please let me know if
> > there is anything else you want to see.
>
> I want to get a feeling for the exposed bios settings and how the
> sure-start stuff works.
>
> > > Also is the userspace component for this published somewhere?
> > > If so it would be useful to refer to it from the commit message.
> >
> > Linux components are under development and not published yet. The
> > only linux component at this time is the driver (hp bioscfg).
> > The only published components are under Windows ONLY.
>
> Maybe mention this in the commit message.
The text will be added as part of the commit message.
>
> Also it would be useful to test the new driver with fwupd which is the
> existing userspace user of this ABI.
> Just to make sure that nothing is obviously broken there.
> (And mention this in the commit message)
>
> Thomas
Download attachment "Binary-dump-statusbin-auditlog.log" of type "application/octet-stream" (34264 bytes)
Download attachment "attributes-examples.log" of type "application/octet-stream" (9244 bytes)
Download attachment "tree-view.log" of type "application/octet-stream" (108061 bytes)
Download attachment "authentication.log" of type "application/octet-stream" (4848 bytes)
Powered by blists - more mailing lists