[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <83d86690-fdbe-66fb-221e-5443851330c7@infradead.org>
Date: Fri, 2 Jun 2023 15:46:20 -0700
From: Randy Dunlap <rdunlap@...radead.org>
To: Jorge Lopez <jorgealtxwork@...il.com>, hdegoede@...hat.com,
platform-driver-x86@...r.kernel.org, linux-kernel@...r.kernel.org,
thomas@...ch.de, ilpo.jarvinen@...ux.intel.com
Subject: Re: [PATCH v16 12/13] hp-bioscfg: Makefile
Hi again,
On 6/2/23 06:10, Jorge Lopez wrote:
> HP BIOS Configuration driver purpose is to provide a driver supporting
> the latest sysfs class firmware attributes framework allowing the user
> to change BIOS settings and security solutions on HP Inc.’s commercial
> notebooks.
>
> Many features of HP Commercial notebooks can be managed using Windows
> Management Instrumentation (WMI). WMI is an implementation of Web-Based
> Enterprise Management (WBEM) that provides a standards-based interface
> for changing and monitoring system settings. HP BIOSCFG driver provides
> a native Linux solution and the exposed features facilitates the
> migration to Linux environments.
>
> The Linux security features to be provided in hp-bioscfg driver enables
> managing the BIOS settings and security solutions via sysfs, a virtual
> filesystem that can be used by user-mode applications. The new
> documentation cover HP-specific firmware sysfs attributes such Secure
> Platform Management and Sure Start. Each section provides security
> feature description and identifies sysfs directories and files exposed
> by the driver.
>
> Many HP Commercial notebooks include a feature called Secure Platform
> Management (SPM), which replaces older password-based BIOS settings
> management with public key cryptography. PC secure product management
> begins when a target system is provisioned with cryptographic keys
> that are used to ensure the integrity of communications between system
> management utilities and the BIOS.
>
> HP Commercial notebooks have several BIOS settings that control its
> behaviour and capabilities, many of which are related to security.
> To prevent unauthorized changes to these settings, the system can
> be configured to use a cryptographic signature-based authorization
> string that the BIOS will use to verify authorization to modify the
> setting.
>
> Linux Security components are under development and not published yet.
> The only linux component is the driver (hp bioscfg) at this time.
> Other published security components are under Windows.
>
A commit message should tell what and why. E.g.:
Add Makefile and Kconfig to build hp-bioscfg.
It does not need all of that boilerplate info.
The cover letter is good for that.
The "why" part can and usually should include some background/history
info.
> Signed-off-by: Jorge Lopez <jorge.lopez2@...com>
>
> ---
> Based on the latest platform-drivers-x86.git/for-next
> ---
> drivers/platform/x86/hp/Kconfig | 16 ++++++++++++++++
> drivers/platform/x86/hp/Makefile | 1 +
> drivers/platform/x86/hp/hp-bioscfg/Makefile | 11 +++++++++++
> 3 files changed, 28 insertions(+)
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/Makefile
thanks.
--
~Randy
Powered by blists - more mailing lists