lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <43369522-5e39-a90c-5263-cd4eacba3e24@redhat.com>
Date:   Tue, 4 Jul 2023 12:43:07 +0200
From:   Hans de Goede <hdegoede@...hat.com>
To:     Jorge Lopez <jorgealtxwork@...il.com>,
        platform-driver-x86@...r.kernel.org, linux-kernel@...r.kernel.org,
        thomas@...ch.de, ilpo.jarvinen@...ux.intel.com
Subject: Re: [PATCH v17 00/13] hp-bioscfg driver

Hi,

On 6/8/23 18:33, Jorge Lopez wrote:
> HP BIOS Configuration driver purpose is to provide a driver supporting
> the latest sysfs class firmware attributes framework allowing the user
> to change BIOS settings and security solutions on HP Inc.’s commercial
> notebooks.
> 
> Many features of HP Commercial notebooks can be managed using Windows
> Management Instrumentation (WMI). WMI is an implementation of Web-Based
> Enterprise Management (WBEM) that provides a standards-based interface
> for changing and monitoring system settings. HP BIOSCFG driver provides
> a native Linux solution and the exposed features facilitates the
> migration to Linux environments.
> 
> The Linux security features to be provided in hp-bioscfg driver enables
> managing the BIOS settings and security solutions via sysfs, a virtual
> filesystem that can be used by user-mode applications. The new
> documentation cover HP-specific firmware sysfs attributes such Secure
> Platform Management and Sure Start. Each section provides security
> feature description and identifies sysfs directories and files exposed
> by the driver.
> 
> Many HP Commercial notebooks include a feature called Secure Platform
> Management (SPM), which replaces older password-based BIOS settings
> management with public key cryptography. PC secure product management
> begins when a target system is provisioned with cryptographic keys
> that are used to ensure the integrity of communications between system
> management utilities and the BIOS.
> 
> HP Commercial notebooks have several BIOS settings that control its
> behaviour and capabilities, many of which are related to security.
> To prevent unauthorized changes to these settings, the system can
> be configured to use a cryptographic signature-based authorization
> string that the BIOS will use to verify authorization to modify the
> setting.
> 
> Linux Security components are under development and not published yet.
> The only linux component is the driver (hp bioscfg) at this time.
> Other published security components are under Windows.
> 
> Signed-off-by: Jorge Lopez <jorge.lopez2@...com>

Thank you for your patch, I've applied this patch to my review-hans 
branch:
https://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86.git/log/?h=review-hans

Note it will show up in my review-hans branch once I've pushed my
local branch there, which might take a while.

Patches which are added to review-hans now are intended for
the next kernel cycle. This branch will get rebased to the next
rc1 when it is out and after the rebasing the contents of review-hans
will be pushed to the platform-drivers-x86/for-next branch.

Regards,

Hans


> 
> ---
> Based on the latest platform-drivers-x86.git/for-next
> 
> History
> 
> Version 17
> 	Only patches marked [update] changed between version 17 and 16
> 	Added helper routine to handle all common data for all attributes.
> 	Corrected spaces found prior and after a '"'.
>         Update commit message to reflect comments from reviewers
>        
> 
> 	Patches
> 	 Documentation                  [update]
> 	 biosattr-interface
> 	 bioscfg 			[update]
> 	 bioscfg-h 			[update]
> 	 enum-attributes 		[update]
> 	 int-attributes 		[update]
> 	 order-list-attributes 		[update]
> 	 passwdattr-interface           [update]
> 	 spmobj-attributes
> 	 string-attributes 		[update]
> 	 surestart-attributes
> 	 Makefile ../hp/Makefile ../hp/Kconfig 
> 	 MAINTAINERS
> 
> Version 16
> 	Only patches marked [update] changed between version 16 and 15
> 
> 	Patches
> 	 Documentation
> 	 biosattr-interface
> 	 bioscfg 			[update]
> 	 bioscfg-h 			[update]
> 	 enum-attributes 		[update]
> 	 int-attributes 		[update]
> 	 order-list-attributes 		[update]
> 	 passwdattr-interface
> 	 spmobj-attributes
> 	 string-attributes 		[update]
> 	 surestart-attributes
> 	 Makefile ../hp/Makefile ../hp/Kconfig 
> 	 MAINTAINERS
> 
> 
> Version 15
> 	Only patches marked [update] changed between version 15 and 14
> 
> 	Patches
> 	 Documentation			[update]
> 	 biosattr-interface
> 	 bioscfg
> 	 bioscfg-h
> 	 enum-attributes
> 	 int-attributes
> 	 order-list-attributes
> 	 passwdattr-interface
> 	 spmobj-attributes		[update]
> 	 string-attributes
> 	 surestart-attributes 
> 	 Makefile ../hp/Makefile ../hp/Kconfig 
> 	 MAINTAINERS
> 
> Version 14
> 	Only patches marked [update] changed between version 14 and 13
> 	Sorted commit patches alphabetically
> 	Rename ordered-attributes to order-list-attributes
> 
> 	Patches
> 	 Documentation
> 	 biosattr-interface 		[update]
> 	 bioscfg
> 	 bioscfg-h
> 	 enum-attributes 		[update]
> 	 int-attributes
> 	 order-list-attributes
> 	 passwdattr-interface
> 	 spmobj-attributes
> 	 string-attributes
> 	 surestart-attributes 
> 	 Makefile ../hp/Makefile ../hp/Kconfig 
> 	 MAINTAINERS
> 
> 
> Version 13
> 	Only patches marked [update] changed between version 12 and 13
> 	Sorted commit patches alphabetically
> 	Rename ordered-attributes to order-list-attributes
> 
> 	Patches
> 	 Documentation 			[update]
> 	 biosattr-interface 		[update]
> 	 bioscfg 			[update]
> 	 bioscfg-h 			[update]
> 	 enum-attributes 		[update]
> 	 int-attributes 		[update]
> 	 order-list-attributes 		[update]
> 	 passwdattr-interface 		[update]
> 	 spmobj-attributes 		[update]
> 	 string-attributes 		[update]
> 	 surestart-attributes 		[update] 
> 	 Makefile ../hp/Makefile ../hp/Kconfig 
> 	 MAINTAINERS
> 
> Version 12
> 	Only patches marked [update] changed between version 11 and 12
> 
> 	Patches
> 	 Documentation 			[update]
> 	 biosattr-interface 		[update]
> 	 bioscfg 			[update]
> 	 int-attributes 		[update]
> 	 ordered-attributes 		[update]
> 	 passwdobj-attributes 	[deleted]
> 	 string-attributes 		[update]
> 	 bioscfg-h 			[update]
> 	 enum-attributes 		[update]
> 	 passwdattr-interface 		[update]
> 	 spmobj-attributes 		[update]
> 	 surestart-attributes 		[update] 
> 	 Makefile ../hp/Makefile ../hp/Kconfig [update]
> 	 MAINTAINERS
> 
> 
> Version 11
> 	Only patches marked [update] changed between version 10 and 11
> 
> 	Patches
> 	 Documentation
> 	 biosattr-interface 		[update]
> 	 bioscfg
> 	 int-attributes
> 	 ordered-attributes
> 	 passwdobj-attributes 		[update]
> 	 string-attributes
> 	 bioscfg-h
> 	 enum-attributes
> 	 passwdattr-interface
> 	 spmobj-attributes 		[update]
> 	 surestart-attributes 		[update]
> 	 Makefile ../hp/Makefile ../hp/Kconfig
> 	 MAINTAINERS
> 
> Version 10
> 	Break down changes to single files per patch
> 	Removed SPM/statusbin support
> 	Patches
> 	 Documentation
> 	 biosattr-interface
> 	 bioscfg
> 	 int-attributes
> 	 ordered-attributes
> 	 passwdobj-attributes
> 	 string-attributes
> 	 bioscfg-h
> 	 enum-attributes
> 	 passwdattr-interface
> 	 spmobj-attributes
> 	 surestart-attributes
> 	 Makefile ../hp/Makefile ../hp/Kconfig
> 	 MAINTAINERS
> 
> Version 9
> 	Includes only sysfs-class-firmware-attributes documentation
> 
> Version 8
> 	Includes only sysfs-class-firmware-attributes documentation
> 
> Version 7
> 	Includes only sysfs-class-firmware-attributes documentation
> 
> 
> Jorge Lopez (13):
>   hp-bioscfg: Documentation
>   hp-bioscfg: bioscfg-h
>   hp-bioscfg: bioscfg
>   hp-bioscfg: biosattr-interface
>   hp-bioscfg: enum-attributes
>   hp-bioscfg: int-attributes
>   hp-bioscfg: order-list-attributes
>   hp-bioscfg: passwdobj-attributes
>   hp-bioscfg: spmobj-attributes
>   hp-bioscfg: string-attributes
>   hp-bioscfg: surestart-attributes
>   hp-bioscfg: Makefile
>   hp-bioscfg: MAINTAINERS
> 
>  .../testing/sysfs-class-firmware-attributes   |  101 +-
>  MAINTAINERS                                   |    6 +
>  drivers/platform/x86/hp/Kconfig               |   16 +
>  drivers/platform/x86/hp/Makefile              |    1 +
>  drivers/platform/x86/hp/hp-bioscfg/Makefile   |   11 +
>  .../x86/hp/hp-bioscfg/biosattr-interface.c    |  312 +++++
>  drivers/platform/x86/hp/hp-bioscfg/bioscfg.c  | 1055 +++++++++++++++++
>  drivers/platform/x86/hp/hp-bioscfg/bioscfg.h  |  487 ++++++++
>  .../x86/hp/hp-bioscfg/enum-attributes.c       |  447 +++++++
>  .../x86/hp/hp-bioscfg/int-attributes.c        |  409 +++++++
>  .../x86/hp/hp-bioscfg/order-list-attributes.c |  436 +++++++
>  .../x86/hp/hp-bioscfg/passwdobj-attributes.c  |  543 +++++++++
>  .../x86/hp/hp-bioscfg/spmobj-attributes.c     |  386 ++++++
>  .../x86/hp/hp-bioscfg/string-attributes.c     |  390 ++++++
>  .../x86/hp/hp-bioscfg/surestart-attributes.c  |  132 +++
>  15 files changed, 4730 insertions(+), 2 deletions(-)
>  create mode 100644 drivers/platform/x86/hp/hp-bioscfg/Makefile
>  create mode 100644 drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c
>  create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.c
>  create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
>  create mode 100644 drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c
>  create mode 100644 drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
>  create mode 100644 drivers/platform/x86/hp/hp-bioscfg/order-list-attributes.c
>  create mode 100644 drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c
>  create mode 100644 drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
>  create mode 100644 drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
>  create mode 100644 drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ