lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 5 Jun 2023 08:32:39 -0500
From:   Jorge Lopez <jorgealtxwork@...il.com>
To:     Randy Dunlap <rdunlap@...radead.org>
Cc:     hdegoede@...hat.com, platform-driver-x86@...r.kernel.org,
        linux-kernel@...r.kernel.org, thomas@...ch.de,
        ilpo.jarvinen@...ux.intel.com
Subject: Re: [PATCH v16 01/13] hp-bioscfg: Documentation

On Fri, Jun 2, 2023 at 5:55 PM Randy Dunlap <rdunlap@...radead.org> wrote:
>
>
>
> On 6/2/23 06:10, Jorge Lopez wrote:
>
> >
> > Signed-off-by: Jorge Lopez <jorge.lopez2@...com>
> >
> > ---
> > Based on the latest platform-drivers-x86.git/for-next
> > ---
> >  .../testing/sysfs-class-firmware-attributes   | 101 +++++++++++++++++-
> >  1 file changed, 99 insertions(+), 2 deletions(-)
> >
> > diff --git a/Documentation/ABI/testing/sysfs-class-firmware-attributes b/Documentation/ABI/testing/sysfs-class-firmware-attributes
> > index 4cdba3477176..df9904b9f39c 100644
> > --- a/Documentation/ABI/testing/sysfs-class-firmware-attributes
> > +++ b/Documentation/ABI/testing/sysfs-class-firmware-attributes
> > @@ -126,6 +131,21 @@ Description:
> >                                       value will not be effective through sysfs until this rule is
> >                                       met.
> >
> > +             HP specific class extensions
> > +             ------------------------------
> > +
> > +             On HP systems the following additional attributes are available:
> > +
> > +             "ordered-list"-type specific properties:
> > +
> > +             elements:
> > +                                     A file that can be read to obtain the possible
> > +                                     list of values of the <attr>. Values are separated using
> > +                                     semi-colon (``;``) and listed according to their priority.
> > +                                     An element listed first has the highest priority. Writing
> > +                                     the list in a different order to current_value alters
> > +                                     the priority order for the particular attribute.
> > +
> >  What:                /sys/class/firmware-attributes/*/authentication/
> >  Date:                February 2021
> >  KernelVersion:       5.11
>
> Why 5.11 and that date?

Date and Kernel values were provided by an earlier submitter.

>
> > @@ -364,3 +393,71 @@ Description:
> >               use it to enable extra debug attributes or BIOS features for testing purposes.
> >
> >               Note that any changes to this attribute requires a reboot for changes to take effect.
> > +
> > +
> > +             HP specific class extensions - Secure Platform Manager (SPM)
> > +             --------------------------------
> > +
> > +What:                /sys/class/firmware-attributes/*/authentication/SPM/kek
> > +Date:                March 2023
> > +KernelVersion:       5.18
>
> Why 5.18 and that date?

It is the minimum kernel version where firmware-attributes are
supported and date when we expected hp-bioscfg driver support to be
available.
The driver, kernel versions and date changes weekly so we were placing
those dates and versions as tentative.
Any suggestions for Date and KernelVersion fields?

>
> > +Contact:     "Jorge Lopez" <jorge.lopez2@...com>
> > +Description:
> > +             'kek' Key-Encryption-Key is a write-only file that can be used to configure the
> > +             RSA public key that will be used by the BIOS to verify
> > +             signatures when setting the signing key.  When written,
> > +             the bytes should correspond to the KEK certificate
> > +             (x509 .DER format containing an OU).  The size of the
> > +             certificate must be less than or equal to 4095 bytes.
> > +
> > +What:                /sys/class/firmware-attributes/*/authentication/SPM/sk
> > +Date:                March 2023
> > +KernelVersion:       5.18
>
> Why 5.18 and that date?

See previous explanation.

>
> > +Contact:     "Jorge Lopez" <jorge.lopez2@...com>
> > +Description:
> > +             'sk' Signature Key is a write-only file that can be used to configure the RSA
> > +             public key that will be used by the BIOS to verify signatures
> > +             when configuring BIOS settings and security features.  When
> > +             written, the bytes should correspond to the modulus of the
> > +             public key.  The exponent is assumed to be 0x10001.
> > +
> > +What:                /sys/class/firmware-attributes/*/authentication/SPM/status
> > +Date:                March 2023
> > +KernelVersion:       5.18
>
> Why 5.18 and that date?

See previous explanation.

>
> > +Contact:     "Jorge Lopez" <jorge.lopez2@...com>
> > +Description:
> > +             'status' is a read-only file that returns ASCII text in JSON format reporting
> > +             the status information.
> > +
> > +               "State": "not provisioned | provisioned | provisioning in progress ",
>
> Drop the space after "in progress" ?

Done!

>
> > +               "Version": " Major. Minor ",
>
> So Major. should have a space before and after it? and Minor should have a space after it?

Neither.  I will remove the space before and after for both Major and
Minor.    "Major.Minor"

>
> > +               "Nonce": <16-bit unsigned number display in base 10>,
> > +               "FeaturesInUse": <16-bit unsigned number display in base 10>,
> > +               "EndorsementKeyMod": "<256 bytes in base64>",
> > +               "SigningKeyMod": "<256 bytes in base64>"
> > +
> > +What:                /sys/class/firmware-attributes/*/attributes/Sure_Start/audit_log_entries
> > +Date:                March 2023
> > +KernelVersion:       5.18
>
> Why 5.18 and that date?

It is the minimum kernel version where firmware-attributes are
supported and date when we expected hp-bioscfg driver support to be
available.
The driver, kernel versions and date changes weekly so we were placing
those dates and versions as tentative.
Any suggestions for Date and KernelVersion fields?

>
> > +Contact:     "Jorge Lopez" <jorge.lopez2@...com>
> > +Description:
> > +             'audit_log_entries' is a read-only file that returns the events in the log.
> > +
> > +                     Audit log entry format
> > +
> > +                     Byte 0-15:   Requested Audit Log entry  (Each Audit log is 16 bytes)
> > +                     Byte 16-127: Unused
> > +
> > +What:                /sys/class/firmware-attributes/*/attributes/Sure_Start/audit_log_entry_count
> > +Date:                March 2023
> > +KernelVersion:       5.18
>
> Why 5.18 and that date?

See earlier explanation

>
> > +Contact:     "Jorge Lopez" <jorge.lopez2@...com>
> > +Description:
> > +             'audit_log_entry_count' is a read-only file that returns the number of existing
> > +             audit log events available to be read. Values are separated using comma (``,``)
>
> End the sentence above with a '.' please.

Done!

>
> > +
> > +                     [No of entries],[log entry size],[Max number of entries supported]
> > +
> > +             log entry size identifies audit log size for the current BIOS version.
> > +             The current size is 16 bytes but it can be up to 128 bytes long in future BIOS
> > +             versions.
>
> Thanks.
> --
> ~Randy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ