lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <39a19a0b-610d-52bf-5050-eb870ad2e619@infradead.org>
Date:   Fri, 2 Jun 2023 15:55:32 -0700
From:   Randy Dunlap <rdunlap@...radead.org>
To:     Jorge Lopez <jorgealtxwork@...il.com>, hdegoede@...hat.com,
        platform-driver-x86@...r.kernel.org, linux-kernel@...r.kernel.org,
        thomas@...ch.de, ilpo.jarvinen@...ux.intel.com
Subject: Re: [PATCH v16 01/13] hp-bioscfg: Documentation



On 6/2/23 06:10, Jorge Lopez wrote:

> 
> Signed-off-by: Jorge Lopez <jorge.lopez2@...com>
> 
> ---
> Based on the latest platform-drivers-x86.git/for-next
> ---
>  .../testing/sysfs-class-firmware-attributes   | 101 +++++++++++++++++-
>  1 file changed, 99 insertions(+), 2 deletions(-)
> 
> diff --git a/Documentation/ABI/testing/sysfs-class-firmware-attributes b/Documentation/ABI/testing/sysfs-class-firmware-attributes
> index 4cdba3477176..df9904b9f39c 100644
> --- a/Documentation/ABI/testing/sysfs-class-firmware-attributes
> +++ b/Documentation/ABI/testing/sysfs-class-firmware-attributes
> @@ -126,6 +131,21 @@ Description:
>  					value will not be effective through sysfs until this rule is
>  					met.
>  
> +		HP specific class extensions
> +		------------------------------
> +
> +		On HP systems the following additional attributes are available:
> +
> +		"ordered-list"-type specific properties:
> +
> +		elements:
> +					A file that can be read to obtain the possible
> +					list of values of the <attr>. Values are separated using
> +					semi-colon (``;``) and listed according to their priority.
> +					An element listed first has the highest priority. Writing
> +					the list in a different order to current_value alters
> +					the priority order for the particular attribute.
> +
>  What:		/sys/class/firmware-attributes/*/authentication/
>  Date:		February 2021
>  KernelVersion:	5.11

Why 5.11 and that date?

> @@ -364,3 +393,71 @@ Description:
>  		use it to enable extra debug attributes or BIOS features for testing purposes.
>  
>  		Note that any changes to this attribute requires a reboot for changes to take effect.
> +
> +
> +		HP specific class extensions - Secure Platform Manager (SPM)
> +		--------------------------------
> +
> +What:		/sys/class/firmware-attributes/*/authentication/SPM/kek
> +Date:		March 2023
> +KernelVersion:	5.18

Why 5.18 and that date?

> +Contact:	"Jorge Lopez" <jorge.lopez2@...com>
> +Description:
> +		'kek' Key-Encryption-Key is a write-only file that can be used to configure the
> +		RSA public key that will be used by the BIOS to verify
> +		signatures when setting the signing key.  When written,
> +		the bytes should correspond to the KEK certificate
> +		(x509 .DER format containing an OU).  The size of the
> +		certificate must be less than or equal to 4095 bytes.
> +
> +What:		/sys/class/firmware-attributes/*/authentication/SPM/sk
> +Date:		March 2023
> +KernelVersion:	5.18

Why 5.18 and that date?

> +Contact:	"Jorge Lopez" <jorge.lopez2@...com>
> +Description:
> +		'sk' Signature Key is a write-only file that can be used to configure the RSA
> +		public key that will be used by the BIOS to verify signatures
> +		when configuring BIOS settings and security features.  When
> +		written, the bytes should correspond to the modulus of the
> +		public key.  The exponent is assumed to be 0x10001.
> +
> +What:		/sys/class/firmware-attributes/*/authentication/SPM/status
> +Date:		March 2023
> +KernelVersion:	5.18

Why 5.18 and that date?

> +Contact:	"Jorge Lopez" <jorge.lopez2@...com>
> +Description:
> +		'status' is a read-only file that returns ASCII text in JSON format reporting
> +		the status information.
> +
> +		  "State": "not provisioned | provisioned | provisioning in progress ",

Drop the space after "in progress" ?

> +		  "Version": " Major. Minor ",

So Major. should have a space before and after it? and Minor should have a space after it?

> +		  "Nonce": <16-bit unsigned number display in base 10>,
> +		  "FeaturesInUse": <16-bit unsigned number display in base 10>,
> +		  "EndorsementKeyMod": "<256 bytes in base64>",
> +		  "SigningKeyMod": "<256 bytes in base64>"
> +
> +What:		/sys/class/firmware-attributes/*/attributes/Sure_Start/audit_log_entries
> +Date:		March 2023
> +KernelVersion:	5.18

Why 5.18 and that date?

> +Contact:	"Jorge Lopez" <jorge.lopez2@...com>
> +Description:
> +		'audit_log_entries' is a read-only file that returns the events in the log.
> +
> +			Audit log entry format
> +
> +			Byte 0-15:   Requested Audit Log entry  (Each Audit log is 16 bytes)
> +			Byte 16-127: Unused
> +
> +What:		/sys/class/firmware-attributes/*/attributes/Sure_Start/audit_log_entry_count
> +Date:		March 2023
> +KernelVersion:	5.18

Why 5.18 and that date?

> +Contact:	"Jorge Lopez" <jorge.lopez2@...com>
> +Description:
> +		'audit_log_entry_count' is a read-only file that returns the number of existing
> +		audit log events available to be read. Values are separated using comma (``,``)

End the sentence above with a '.' please.

> +
> +			[No of entries],[log entry size],[Max number of entries supported]
> +
> +		log entry size identifies audit log size for the current BIOS version.
> +		The current size is 16 bytes but it can be up to 128 bytes long in future BIOS
> +		versions.

Thanks.
-- 
~Randy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ