From: Daniel Gutson <daniel.gutson@eclypsium.com>
To: Daniel Gutson <daniel.gutson@eclypsium.com>,
Derek Kiernan <derek.kiernan@xilinx.com>,
Tudor Ambarus <tudor.ambarus@microchip.com>,
Miquel Raynal <miquel.raynal@bootlin.com>,
Richard Weinberger <richard@nod.at>,
Vignesh Raghavendra <vigneshr@ti.com>,
Mika Westerberg <mika.westerberg@linux.intel.com>,
Arnd Bergmann <arnd@arndb.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Mauro Carvalho Chehab <mchehab+huawei@kernel.org>,
linux-kernel@vger.kernel.org,
Richard Hughes <hughsient@gmail.com>,
Alex Bazhaniuk <alex@eclypsium.com>,
linux-mtd@lists.infradead.org
Cc: Richard Hughes <richard@hughsie.com>
Subject: [PATCH 1/2] Platform integrity information in sysfs (version 9)
Date: Wed, 30 Sep 2020 10:51:22 -0300 [thread overview]
Message-ID: <20200930135122.5566-1-daniel.gutson@eclypsium.com> (raw)
This patch provides a driver and an API for exporting
information about the platform integrity
firmware configuration in the sysfs filesystem.
The goal is that the attributes are avilable to fwupd.
Signed-off-by: Daniel Gutson <daniel.gutson@eclypsium.com>
Tested-by: Richard Hughes <richard@hughsie.com>
---
.../ABI/stable/sysfs-class-platform-integrity | 23 ++++++++
MAINTAINERS | 7 +++
drivers/misc/Kconfig | 11 ++++
drivers/misc/Makefile | 1 +
drivers/misc/platform-integrity.c | 56 +++++++++++++++++++
include/linux/platform-integrity.h | 19 +++++++
6 files changed, 117 insertions(+)
create mode 100644 Documentation/ABI/stable/sysfs-class-platform-integrity
create mode 100644 drivers/misc/platform-integrity.c
create mode 100644 include/linux/platform-integrity.h
diff --git a/Documentation/ABI/stable/sysfs-class-platform-integrity b/Documentation/ABI/stable/sysfs-class-platform-integrity
new file mode 100644
index 000000000000..0978079bde50
--- /dev/null
+++ b/Documentation/ABI/stable/sysfs-class-platform-integrity
@@ -0,0 +1,23 @@
+What: /sys/class/platform-integrity/intel-spi/bioswe
+Date: September 2020
+KernelVersion: 5.10
+Contact: Daniel Gutson <daniel.gutson@eclypsium.com>
+Description: If the system firmware set BIOS Write Enable.
+ 0: writes disabled, 1: writes enabled.
+Users: https://github.com/fwupd/fwupd
+
+What: /sys/class/platform-integrity/intel-spi/biosle
+Date: September 2020
+KernelVersion: 5.10
+Contact: Daniel Gutson <daniel.gutson@eclypsium.com>
+Description: If the system firmware set BIOS Lock Enable.
+ 0: SMM lock disabled, 1: SMM lock enabled.
+Users: https://github.com/fwupd/fwupd
+
+What: /sys/class/platform-integrity/intel-spi/smm_bioswp
+Date: September 2020
+KernelVersion: 5.10
+Contact: Daniel Gutson <daniel.gutson@eclypsium.com>
+Description: If the system firmware set SMM BIOS Write Protect.
+ 0: writes disabled unless in SMM, 1: writes enabled.
+Users: https://github.com/fwupd/fwupd
diff --git a/MAINTAINERS b/MAINTAINERS
index d746519253c3..98bd26cd1adc 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -13774,6 +13774,13 @@ S: Maintained
F: Documentation/devicetree/bindings/iio/chemical/plantower,pms7003.yaml
F: drivers/iio/chemical/pms7003.c
+PLATFORM INTEGRITY DATA MODULE
+M: Daniel Gutson <daniel.gutson@eclypsium.com>
+S: Supported
+F: Documentation/ABI/sysfs-class-platform-integrity
+F: drivers/misc/platform-integrity.c
+F: include/linux/platform-integrity.h
+
PLDMFW LIBRARY
M: Jacob Keller <jacob.e.keller@intel.com>
S: Maintained
diff --git a/drivers/misc/Kconfig b/drivers/misc/Kconfig
index ce136d685d14..8602049bd0ad 100644
--- a/drivers/misc/Kconfig
+++ b/drivers/misc/Kconfig
@@ -456,6 +456,17 @@ config PVPANIC
a paravirtualized device provided by QEMU; it lets a virtual machine
(guest) communicate panic events to the host.
+config PLATFORM_INTEGRITY_DATA
+ bool "Platform integrity information in the sysfs"
+ depends on SYSFS
+ help
+ This kernel module is a helper driver to provide information about
+ platform integrity settings and configuration.
+ This module is used by other device drivers -such as the intel-spi-
+ to publish the information in /sys/class/platform-integrity which is
+ consumed by software such as fwupd which can verify the platform
+ has been configured in a secure way.
+
source "drivers/misc/c2port/Kconfig"
source "drivers/misc/eeprom/Kconfig"
source "drivers/misc/cb710/Kconfig"
diff --git a/drivers/misc/Makefile b/drivers/misc/Makefile
index c7bd01ac6291..97ebb997fc47 100644
--- a/drivers/misc/Makefile
+++ b/drivers/misc/Makefile
@@ -57,3 +57,4 @@ obj-$(CONFIG_PVPANIC) += pvpanic.o
obj-$(CONFIG_HABANA_AI) += habanalabs/
obj-$(CONFIG_UACCE) += uacce/
obj-$(CONFIG_XILINX_SDFEC) += xilinx_sdfec.o
+obj-$(CONFIG_PLATFORM_INTEGRITY_DATA) += platform-integrity.o
diff --git a/drivers/misc/platform-integrity.c b/drivers/misc/platform-integrity.c
new file mode 100644
index 000000000000..e17d27850a3b
--- /dev/null
+++ b/drivers/misc/platform-integrity.c
@@ -0,0 +1,56 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Platform integrity data kernel module
+ *
+ * Copyright (C) 2020 Daniel Gutson <daniel.gutson@eclypsium.com>
+ * Copyright (C) 2020 Eclypsium Inc.
+ */
+#include <linux/sysfs.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kdev_t.h>
+#include <linux/platform-integrity.h>
+
+static struct class platform_integrity_class = {
+ .name = "platform-integrity",
+ .owner = THIS_MODULE,
+};
+
+struct device *
+create_platform_integrity_device(struct device *parent, const char *name,
+ const struct attribute_group **groups)
+{
+ return device_create_with_groups(&platform_integrity_class, parent,
+ MKDEV(0, 0), groups, groups, "%s",
+ name);
+}
+EXPORT_SYMBOL_GPL(create_platform_integrity_device);
+
+void destroy_platform_integrity_device(struct device *pi_device)
+{
+ device_remove_groups(pi_device,
+ (const struct attribute_group **)dev_get_drvdata(pi_device));
+ device_unregister(pi_device);
+}
+EXPORT_SYMBOL_GPL(destroy_platform_integrity_device);
+
+static int __init platform_integrity_init(void)
+{
+ int status;
+
+ status = class_register(&platform_integrity_class);
+ if (status < 0)
+ return status;
+
+ return 0;
+}
+
+static void __exit platform_integrity_exit(void)
+{
+ class_unregister(&platform_integrity_class);
+}
+
+module_init(platform_integrity_init);
+module_exit(platform_integrity_exit);
+MODULE_LICENSE("GPL v2");
+MODULE_AUTHOR("Daniel Gutson <daniel.gutson@eclypsium.com>");
diff --git a/include/linux/platform-integrity.h b/include/linux/platform-integrity.h
new file mode 100644
index 000000000000..56eb1a1190e8
--- /dev/null
+++ b/include/linux/platform-integrity.h
@@ -0,0 +1,19 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Platform integrity data kernel module
+ *
+ * Copyright (C) 2020 Daniel Gutson <daniel.gutson@eclypsium.com>
+ * Copyright (C) 2020 Eclypsium Inc.
+ */
+#ifndef PLATFORM_INTEGRITY_H
+#define PLATFORM_INTEGRITY_H
+
+#include <linux/device.h>
+
+struct device *
+create_platform_integrity_device(struct device *parent, const char *name,
+ const struct attribute_group **groups);
+
+extern void destroy_platform_integrity_device(struct device *pi_device);
+
+#endif /* PLATFORM_INTEGRITY_H */
--
2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Daniel Gutson <daniel.gutson@eclypsium.com>
To: Daniel Gutson <daniel.gutson@eclypsium.com>,
Derek Kiernan <derek.kiernan@xilinx.com>,
Tudor Ambarus <tudor.ambarus@microchip.com>,
Miquel Raynal <miquel.raynal@bootlin.com>,
Richard Weinberger <richard@nod.at>,
Vignesh Raghavendra <vigneshr@ti.com>,
Mika Westerberg <mika.westerberg@linux.intel.com>,
Arnd Bergmann <arnd@arndb.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Mauro Carvalho Chehab <mchehab+huawei@kernel.org>,
linux-kernel@vger.kernel.org,
Richard Hughes <hughsient@gmail.com>,
Alex Bazhaniuk <alex@eclypsium.com>,
linux-mtd@lists.infradead.org
Cc: Richard Hughes <richard@hughsie.com>
Subject: [PATCH 1/2] Platform integrity information in sysfs (version 9)
Date: Wed, 30 Sep 2020 10:51:22 -0300 [thread overview]
Message-ID: <20200930135122.5566-1-daniel.gutson@eclypsium.com> (raw)
This patch provides a driver and an API for exporting
information about the platform integrity
firmware configuration in the sysfs filesystem.
The goal is that the attributes are avilable to fwupd.
Signed-off-by: Daniel Gutson <daniel.gutson@eclypsium.com>
Tested-by: Richard Hughes <richard@hughsie.com>
---
.../ABI/stable/sysfs-class-platform-integrity | 23 ++++++++
MAINTAINERS | 7 +++
drivers/misc/Kconfig | 11 ++++
drivers/misc/Makefile | 1 +
drivers/misc/platform-integrity.c | 56 +++++++++++++++++++
include/linux/platform-integrity.h | 19 +++++++
6 files changed, 117 insertions(+)
create mode 100644 Documentation/ABI/stable/sysfs-class-platform-integrity
create mode 100644 drivers/misc/platform-integrity.c
create mode 100644 include/linux/platform-integrity.h
diff --git a/Documentation/ABI/stable/sysfs-class-platform-integrity b/Documentation/ABI/stable/sysfs-class-platform-integrity
new file mode 100644
index 000000000000..0978079bde50
--- /dev/null
+++ b/Documentation/ABI/stable/sysfs-class-platform-integrity
@@ -0,0 +1,23 @@
+What: /sys/class/platform-integrity/intel-spi/bioswe
+Date: September 2020
+KernelVersion: 5.10
+Contact: Daniel Gutson <daniel.gutson@eclypsium.com>
+Description: If the system firmware set BIOS Write Enable.
+ 0: writes disabled, 1: writes enabled.
+Users: https://github.com/fwupd/fwupd
+
+What: /sys/class/platform-integrity/intel-spi/biosle
+Date: September 2020
+KernelVersion: 5.10
+Contact: Daniel Gutson <daniel.gutson@eclypsium.com>
+Description: If the system firmware set BIOS Lock Enable.
+ 0: SMM lock disabled, 1: SMM lock enabled.
+Users: https://github.com/fwupd/fwupd
+
+What: /sys/class/platform-integrity/intel-spi/smm_bioswp
+Date: September 2020
+KernelVersion: 5.10
+Contact: Daniel Gutson <daniel.gutson@eclypsium.com>
+Description: If the system firmware set SMM BIOS Write Protect.
+ 0: writes disabled unless in SMM, 1: writes enabled.
+Users: https://github.com/fwupd/fwupd
diff --git a/MAINTAINERS b/MAINTAINERS
index d746519253c3..98bd26cd1adc 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -13774,6 +13774,13 @@ S: Maintained
F: Documentation/devicetree/bindings/iio/chemical/plantower,pms7003.yaml
F: drivers/iio/chemical/pms7003.c
+PLATFORM INTEGRITY DATA MODULE
+M: Daniel Gutson <daniel.gutson@eclypsium.com>
+S: Supported
+F: Documentation/ABI/sysfs-class-platform-integrity
+F: drivers/misc/platform-integrity.c
+F: include/linux/platform-integrity.h
+
PLDMFW LIBRARY
M: Jacob Keller <jacob.e.keller@intel.com>
S: Maintained
diff --git a/drivers/misc/Kconfig b/drivers/misc/Kconfig
index ce136d685d14..8602049bd0ad 100644
--- a/drivers/misc/Kconfig
+++ b/drivers/misc/Kconfig
@@ -456,6 +456,17 @@ config PVPANIC
a paravirtualized device provided by QEMU; it lets a virtual machine
(guest) communicate panic events to the host.
+config PLATFORM_INTEGRITY_DATA
+ bool "Platform integrity information in the sysfs"
+ depends on SYSFS
+ help
+ This kernel module is a helper driver to provide information about
+ platform integrity settings and configuration.
+ This module is used by other device drivers -such as the intel-spi-
+ to publish the information in /sys/class/platform-integrity which is
+ consumed by software such as fwupd which can verify the platform
+ has been configured in a secure way.
+
source "drivers/misc/c2port/Kconfig"
source "drivers/misc/eeprom/Kconfig"
source "drivers/misc/cb710/Kconfig"
diff --git a/drivers/misc/Makefile b/drivers/misc/Makefile
index c7bd01ac6291..97ebb997fc47 100644
--- a/drivers/misc/Makefile
+++ b/drivers/misc/Makefile
@@ -57,3 +57,4 @@ obj-$(CONFIG_PVPANIC) += pvpanic.o
obj-$(CONFIG_HABANA_AI) += habanalabs/
obj-$(CONFIG_UACCE) += uacce/
obj-$(CONFIG_XILINX_SDFEC) += xilinx_sdfec.o
+obj-$(CONFIG_PLATFORM_INTEGRITY_DATA) += platform-integrity.o
diff --git a/drivers/misc/platform-integrity.c b/drivers/misc/platform-integrity.c
new file mode 100644
index 000000000000..e17d27850a3b
--- /dev/null
+++ b/drivers/misc/platform-integrity.c
@@ -0,0 +1,56 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Platform integrity data kernel module
+ *
+ * Copyright (C) 2020 Daniel Gutson <daniel.gutson@eclypsium.com>
+ * Copyright (C) 2020 Eclypsium Inc.
+ */
+#include <linux/sysfs.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kdev_t.h>
+#include <linux/platform-integrity.h>
+
+static struct class platform_integrity_class = {
+ .name = "platform-integrity",
+ .owner = THIS_MODULE,
+};
+
+struct device *
+create_platform_integrity_device(struct device *parent, const char *name,
+ const struct attribute_group **groups)
+{
+ return device_create_with_groups(&platform_integrity_class, parent,
+ MKDEV(0, 0), groups, groups, "%s",
+ name);
+}
+EXPORT_SYMBOL_GPL(create_platform_integrity_device);
+
+void destroy_platform_integrity_device(struct device *pi_device)
+{
+ device_remove_groups(pi_device,
+ (const struct attribute_group **)dev_get_drvdata(pi_device));
+ device_unregister(pi_device);
+}
+EXPORT_SYMBOL_GPL(destroy_platform_integrity_device);
+
+static int __init platform_integrity_init(void)
+{
+ int status;
+
+ status = class_register(&platform_integrity_class);
+ if (status < 0)
+ return status;
+
+ return 0;
+}
+
+static void __exit platform_integrity_exit(void)
+{
+ class_unregister(&platform_integrity_class);
+}
+
+module_init(platform_integrity_init);
+module_exit(platform_integrity_exit);
+MODULE_LICENSE("GPL v2");
+MODULE_AUTHOR("Daniel Gutson <daniel.gutson@eclypsium.com>");
diff --git a/include/linux/platform-integrity.h b/include/linux/platform-integrity.h
new file mode 100644
index 000000000000..56eb1a1190e8
--- /dev/null
+++ b/include/linux/platform-integrity.h
@@ -0,0 +1,19 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Platform integrity data kernel module
+ *
+ * Copyright (C) 2020 Daniel Gutson <daniel.gutson@eclypsium.com>
+ * Copyright (C) 2020 Eclypsium Inc.
+ */
+#ifndef PLATFORM_INTEGRITY_H
+#define PLATFORM_INTEGRITY_H
+
+#include <linux/device.h>
+
+struct device *
+create_platform_integrity_device(struct device *parent, const char *name,
+ const struct attribute_group **groups);
+
+extern void destroy_platform_integrity_device(struct device *pi_device);
+
+#endif /* PLATFORM_INTEGRITY_H */
--
2.25.1
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
next reply other threads:[~2020-09-30 13:51 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-30 13:51 Daniel Gutson [this message]
2020-09-30 13:51 ` [PATCH 1/2] Platform integrity information in sysfs (version 9) Daniel Gutson
2020-09-30 16:37 [PATCH 0/2] " Daniel Gutson
2020-09-30 16:37 ` [PATCH 1/2] " Daniel Gutson
2020-09-30 16:37 ` Daniel Gutson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200930135122.5566-1-daniel.gutson@eclypsium.com \
--to=daniel.gutson@eclypsium.com \
--cc=alex@eclypsium.com \
--cc=arnd@arndb.de \
--cc=derek.kiernan@xilinx.com \
--cc=gregkh@linuxfoundation.org \
--cc=hughsient@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=mchehab+huawei@kernel.org \
--cc=mika.westerberg@linux.intel.com \
--cc=miquel.raynal@bootlin.com \
--cc=richard@hughsie.com \
--cc=richard@nod.at \
--cc=tudor.ambarus@microchip.com \
--cc=vigneshr@ti.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.