* [PATCH 1/2] Platform integrity information in sysfs (version 9)
@ 2020-09-30 13:51 Daniel Gutson
0 siblings, 0 replies; 2+ messages in thread
From: Daniel Gutson @ 2020-09-30 13:51 UTC (permalink / raw)
To: Daniel Gutson, Derek Kiernan, Tudor Ambarus, Miquel Raynal,
Richard Weinberger, Vignesh Raghavendra, Mika Westerberg,
Arnd Bergmann, Greg Kroah-Hartman, Mauro Carvalho Chehab,
linux-kernel, Richard Hughes, Alex Bazhaniuk, linux-mtd
Cc: Richard Hughes
This patch provides a driver and an API for exporting
information about the platform integrity
firmware configuration in the sysfs filesystem.
The goal is that the attributes are avilable to fwupd.
Signed-off-by: Daniel Gutson <daniel.gutson@eclypsium.com>
Tested-by: Richard Hughes <richard@hughsie.com>
---
.../ABI/stable/sysfs-class-platform-integrity | 23 ++++++++
MAINTAINERS | 7 +++
drivers/misc/Kconfig | 11 ++++
drivers/misc/Makefile | 1 +
drivers/misc/platform-integrity.c | 56 +++++++++++++++++++
include/linux/platform-integrity.h | 19 +++++++
6 files changed, 117 insertions(+)
create mode 100644 Documentation/ABI/stable/sysfs-class-platform-integrity
create mode 100644 drivers/misc/platform-integrity.c
create mode 100644 include/linux/platform-integrity.h
diff --git a/Documentation/ABI/stable/sysfs-class-platform-integrity b/Documentation/ABI/stable/sysfs-class-platform-integrity
new file mode 100644
index 000000000000..0978079bde50
--- /dev/null
+++ b/Documentation/ABI/stable/sysfs-class-platform-integrity
@@ -0,0 +1,23 @@
+What: /sys/class/platform-integrity/intel-spi/bioswe
+Date: September 2020
+KernelVersion: 5.10
+Contact: Daniel Gutson <daniel.gutson@eclypsium.com>
+Description: If the system firmware set BIOS Write Enable.
+ 0: writes disabled, 1: writes enabled.
+Users: https://github.com/fwupd/fwupd
+
+What: /sys/class/platform-integrity/intel-spi/biosle
+Date: September 2020
+KernelVersion: 5.10
+Contact: Daniel Gutson <daniel.gutson@eclypsium.com>
+Description: If the system firmware set BIOS Lock Enable.
+ 0: SMM lock disabled, 1: SMM lock enabled.
+Users: https://github.com/fwupd/fwupd
+
+What: /sys/class/platform-integrity/intel-spi/smm_bioswp
+Date: September 2020
+KernelVersion: 5.10
+Contact: Daniel Gutson <daniel.gutson@eclypsium.com>
+Description: If the system firmware set SMM BIOS Write Protect.
+ 0: writes disabled unless in SMM, 1: writes enabled.
+Users: https://github.com/fwupd/fwupd
diff --git a/MAINTAINERS b/MAINTAINERS
index d746519253c3..98bd26cd1adc 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -13774,6 +13774,13 @@ S: Maintained
F: Documentation/devicetree/bindings/iio/chemical/plantower,pms7003.yaml
F: drivers/iio/chemical/pms7003.c
+PLATFORM INTEGRITY DATA MODULE
+M: Daniel Gutson <daniel.gutson@eclypsium.com>
+S: Supported
+F: Documentation/ABI/sysfs-class-platform-integrity
+F: drivers/misc/platform-integrity.c
+F: include/linux/platform-integrity.h
+
PLDMFW LIBRARY
M: Jacob Keller <jacob.e.keller@intel.com>
S: Maintained
diff --git a/drivers/misc/Kconfig b/drivers/misc/Kconfig
index ce136d685d14..8602049bd0ad 100644
--- a/drivers/misc/Kconfig
+++ b/drivers/misc/Kconfig
@@ -456,6 +456,17 @@ config PVPANIC
a paravirtualized device provided by QEMU; it lets a virtual machine
(guest) communicate panic events to the host.
+config PLATFORM_INTEGRITY_DATA
+ bool "Platform integrity information in the sysfs"
+ depends on SYSFS
+ help
+ This kernel module is a helper driver to provide information about
+ platform integrity settings and configuration.
+ This module is used by other device drivers -such as the intel-spi-
+ to publish the information in /sys/class/platform-integrity which is
+ consumed by software such as fwupd which can verify the platform
+ has been configured in a secure way.
+
source "drivers/misc/c2port/Kconfig"
source "drivers/misc/eeprom/Kconfig"
source "drivers/misc/cb710/Kconfig"
diff --git a/drivers/misc/Makefile b/drivers/misc/Makefile
index c7bd01ac6291..97ebb997fc47 100644
--- a/drivers/misc/Makefile
+++ b/drivers/misc/Makefile
@@ -57,3 +57,4 @@ obj-$(CONFIG_PVPANIC) += pvpanic.o
obj-$(CONFIG_HABANA_AI) += habanalabs/
obj-$(CONFIG_UACCE) += uacce/
obj-$(CONFIG_XILINX_SDFEC) += xilinx_sdfec.o
+obj-$(CONFIG_PLATFORM_INTEGRITY_DATA) += platform-integrity.o
diff --git a/drivers/misc/platform-integrity.c b/drivers/misc/platform-integrity.c
new file mode 100644
index 000000000000..e17d27850a3b
--- /dev/null
+++ b/drivers/misc/platform-integrity.c
@@ -0,0 +1,56 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Platform integrity data kernel module
+ *
+ * Copyright (C) 2020 Daniel Gutson <daniel.gutson@eclypsium.com>
+ * Copyright (C) 2020 Eclypsium Inc.
+ */
+#include <linux/sysfs.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kdev_t.h>
+#include <linux/platform-integrity.h>
+
+static struct class platform_integrity_class = {
+ .name = "platform-integrity",
+ .owner = THIS_MODULE,
+};
+
+struct device *
+create_platform_integrity_device(struct device *parent, const char *name,
+ const struct attribute_group **groups)
+{
+ return device_create_with_groups(&platform_integrity_class, parent,
+ MKDEV(0, 0), groups, groups, "%s",
+ name);
+}
+EXPORT_SYMBOL_GPL(create_platform_integrity_device);
+
+void destroy_platform_integrity_device(struct device *pi_device)
+{
+ device_remove_groups(pi_device,
+ (const struct attribute_group **)dev_get_drvdata(pi_device));
+ device_unregister(pi_device);
+}
+EXPORT_SYMBOL_GPL(destroy_platform_integrity_device);
+
+static int __init platform_integrity_init(void)
+{
+ int status;
+
+ status = class_register(&platform_integrity_class);
+ if (status < 0)
+ return status;
+
+ return 0;
+}
+
+static void __exit platform_integrity_exit(void)
+{
+ class_unregister(&platform_integrity_class);
+}
+
+module_init(platform_integrity_init);
+module_exit(platform_integrity_exit);
+MODULE_LICENSE("GPL v2");
+MODULE_AUTHOR("Daniel Gutson <daniel.gutson@eclypsium.com>");
diff --git a/include/linux/platform-integrity.h b/include/linux/platform-integrity.h
new file mode 100644
index 000000000000..56eb1a1190e8
--- /dev/null
+++ b/include/linux/platform-integrity.h
@@ -0,0 +1,19 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Platform integrity data kernel module
+ *
+ * Copyright (C) 2020 Daniel Gutson <daniel.gutson@eclypsium.com>
+ * Copyright (C) 2020 Eclypsium Inc.
+ */
+#ifndef PLATFORM_INTEGRITY_H
+#define PLATFORM_INTEGRITY_H
+
+#include <linux/device.h>
+
+struct device *
+create_platform_integrity_device(struct device *parent, const char *name,
+ const struct attribute_group **groups);
+
+extern void destroy_platform_integrity_device(struct device *pi_device);
+
+#endif /* PLATFORM_INTEGRITY_H */
--
2.25.1
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH 0/2] Platform integrity information in sysfs (version 9)
@ 2020-09-30 16:37 Daniel Gutson
2020-09-30 16:37 ` [PATCH 1/2] " Daniel Gutson
0 siblings, 1 reply; 2+ messages in thread
From: Daniel Gutson @ 2020-09-30 16:37 UTC (permalink / raw)
To: Daniel Gutson, Derek Kiernan, Tudor Ambarus, Miquel Raynal,
Richard Weinberger, Vignesh Raghavendra, Mika Westerberg,
Arnd Bergmann, Greg Kroah-Hartman, Mauro Carvalho Chehab,
linux-kernel, Richard Hughes, Alex Bazhaniuk, linux-mtd
This patch serie adds a misc kernel module and extends the intel-spi drivers
to publish platform integrity data in the sys-fs.
Please check the comments in the following patches of this serie for further
details.
Daniel Gutson (2):
Platform integrity information in sysfs (version 9)
This patch exports the BIOS Write Enable (bioswe), BIOS Lock Enable
(biosle), and the SMM BIOS Write Protect (SMM_BIOSWP) fields of the
BIOS Control register using the platform-integrity misc kernel
module. The idea is to keep adding more flags, not only from the BC
but also from other registers in following versions.
.../ABI/stable/sysfs-class-platform-integrity | 23 +++++
MAINTAINERS | 7 ++
drivers/misc/Kconfig | 11 +++
drivers/misc/Makefile | 1 +
drivers/misc/platform-integrity.c | 57 ++++++++++++
drivers/mtd/spi-nor/controllers/Kconfig | 1 +
.../mtd/spi-nor/controllers/intel-spi-pci.c | 75 +++++++++++++++-
.../spi-nor/controllers/intel-spi-platform.c | 2 +-
drivers/mtd/spi-nor/controllers/intel-spi.c | 90 ++++++++++++++++++-
drivers/mtd/spi-nor/controllers/intel-spi.h | 9 +-
include/linux/platform-integrity.h | 19 ++++
11 files changed, 288 insertions(+), 7 deletions(-)
create mode 100644 Documentation/ABI/stable/sysfs-class-platform-integrity
create mode 100644 drivers/misc/platform-integrity.c
create mode 100644 include/linux/platform-integrity.h
--
2.25.1
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
^ permalink raw reply [flat|nested] 2+ messages in thread
* [PATCH 1/2] Platform integrity information in sysfs (version 9)
2020-09-30 16:37 [PATCH 0/2] " Daniel Gutson
@ 2020-09-30 16:37 ` Daniel Gutson
0 siblings, 0 replies; 2+ messages in thread
From: Daniel Gutson @ 2020-09-30 16:37 UTC (permalink / raw)
To: Daniel Gutson, Derek Kiernan, Tudor Ambarus, Miquel Raynal,
Richard Weinberger, Vignesh Raghavendra, Mika Westerberg,
Arnd Bergmann, Greg Kroah-Hartman, Mauro Carvalho Chehab,
linux-kernel, Richard Hughes, Alex Bazhaniuk, linux-mtd
This patch provides a driver and an API for exporting
information about the platform integrity
firmware configuration in the sysfs filesystem.
The goal is that the attributes are avilable to fwupd.
Signed-off-by: Daniel Gutson <daniel.gutson@eclypsium.com>
---
.../ABI/stable/sysfs-class-platform-integrity | 23 ++++++++
MAINTAINERS | 7 +++
drivers/misc/Kconfig | 11 ++++
drivers/misc/Makefile | 1 +
drivers/misc/platform-integrity.c | 56 +++++++++++++++++++
include/linux/platform-integrity.h | 19 +++++++
6 files changed, 117 insertions(+)
create mode 100644 Documentation/ABI/stable/sysfs-class-platform-integrity
create mode 100644 drivers/misc/platform-integrity.c
create mode 100644 include/linux/platform-integrity.h
diff --git a/Documentation/ABI/stable/sysfs-class-platform-integrity b/Documentation/ABI/stable/sysfs-class-platform-integrity
new file mode 100644
index 000000000000..0978079bde50
--- /dev/null
+++ b/Documentation/ABI/stable/sysfs-class-platform-integrity
@@ -0,0 +1,23 @@
+What: /sys/class/platform-integrity/intel-spi/bioswe
+Date: September 2020
+KernelVersion: 5.10
+Contact: Daniel Gutson <daniel.gutson@eclypsium.com>
+Description: If the system firmware set BIOS Write Enable.
+ 0: writes disabled, 1: writes enabled.
+Users: https://github.com/fwupd/fwupd
+
+What: /sys/class/platform-integrity/intel-spi/biosle
+Date: September 2020
+KernelVersion: 5.10
+Contact: Daniel Gutson <daniel.gutson@eclypsium.com>
+Description: If the system firmware set BIOS Lock Enable.
+ 0: SMM lock disabled, 1: SMM lock enabled.
+Users: https://github.com/fwupd/fwupd
+
+What: /sys/class/platform-integrity/intel-spi/smm_bioswp
+Date: September 2020
+KernelVersion: 5.10
+Contact: Daniel Gutson <daniel.gutson@eclypsium.com>
+Description: If the system firmware set SMM BIOS Write Protect.
+ 0: writes disabled unless in SMM, 1: writes enabled.
+Users: https://github.com/fwupd/fwupd
diff --git a/MAINTAINERS b/MAINTAINERS
index d746519253c3..98bd26cd1adc 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -13774,6 +13774,13 @@ S: Maintained
F: Documentation/devicetree/bindings/iio/chemical/plantower,pms7003.yaml
F: drivers/iio/chemical/pms7003.c
+PLATFORM INTEGRITY DATA MODULE
+M: Daniel Gutson <daniel.gutson@eclypsium.com>
+S: Supported
+F: Documentation/ABI/sysfs-class-platform-integrity
+F: drivers/misc/platform-integrity.c
+F: include/linux/platform-integrity.h
+
PLDMFW LIBRARY
M: Jacob Keller <jacob.e.keller@intel.com>
S: Maintained
diff --git a/drivers/misc/Kconfig b/drivers/misc/Kconfig
index ce136d685d14..8602049bd0ad 100644
--- a/drivers/misc/Kconfig
+++ b/drivers/misc/Kconfig
@@ -456,6 +456,17 @@ config PVPANIC
a paravirtualized device provided by QEMU; it lets a virtual machine
(guest) communicate panic events to the host.
+config PLATFORM_INTEGRITY_DATA
+ bool "Platform integrity information in the sysfs"
+ depends on SYSFS
+ help
+ This kernel module is a helper driver to provide information about
+ platform integrity settings and configuration.
+ This module is used by other device drivers -such as the intel-spi-
+ to publish the information in /sys/class/platform-integrity which is
+ consumed by software such as fwupd which can verify the platform
+ has been configured in a secure way.
+
source "drivers/misc/c2port/Kconfig"
source "drivers/misc/eeprom/Kconfig"
source "drivers/misc/cb710/Kconfig"
diff --git a/drivers/misc/Makefile b/drivers/misc/Makefile
index c7bd01ac6291..97ebb997fc47 100644
--- a/drivers/misc/Makefile
+++ b/drivers/misc/Makefile
@@ -57,3 +57,4 @@ obj-$(CONFIG_PVPANIC) += pvpanic.o
obj-$(CONFIG_HABANA_AI) += habanalabs/
obj-$(CONFIG_UACCE) += uacce/
obj-$(CONFIG_XILINX_SDFEC) += xilinx_sdfec.o
+obj-$(CONFIG_PLATFORM_INTEGRITY_DATA) += platform-integrity.o
diff --git a/drivers/misc/platform-integrity.c b/drivers/misc/platform-integrity.c
new file mode 100644
index 000000000000..e17d27850a3b
--- /dev/null
+++ b/drivers/misc/platform-integrity.c
@@ -0,0 +1,56 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Platform integrity data kernel module
+ *
+ * Copyright (C) 2020 Daniel Gutson <daniel.gutson@eclypsium.com>
+ * Copyright (C) 2020 Eclypsium Inc.
+ */
+#include <linux/sysfs.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kdev_t.h>
+#include <linux/platform-integrity.h>
+
+static struct class platform_integrity_class = {
+ .name = "platform-integrity",
+ .owner = THIS_MODULE,
+};
+
+struct device *
+create_platform_integrity_device(struct device *parent, const char *name,
+ const struct attribute_group **groups)
+{
+ return device_create_with_groups(&platform_integrity_class, parent,
+ MKDEV(0, 0), groups, groups, "%s",
+ name);
+}
+EXPORT_SYMBOL_GPL(create_platform_integrity_device);
+
+void destroy_platform_integrity_device(struct device *pi_device)
+{
+ device_remove_groups(pi_device,
+ (const struct attribute_group **)dev_get_drvdata(pi_device));
+ device_unregister(pi_device);
+}
+EXPORT_SYMBOL_GPL(destroy_platform_integrity_device);
+
+static int __init platform_integrity_init(void)
+{
+ int status;
+
+ status = class_register(&platform_integrity_class);
+ if (status < 0)
+ return status;
+
+ return 0;
+}
+
+static void __exit platform_integrity_exit(void)
+{
+ class_unregister(&platform_integrity_class);
+}
+
+module_init(platform_integrity_init);
+module_exit(platform_integrity_exit);
+MODULE_LICENSE("GPL v2");
+MODULE_AUTHOR("Daniel Gutson <daniel.gutson@eclypsium.com>");
diff --git a/include/linux/platform-integrity.h b/include/linux/platform-integrity.h
new file mode 100644
index 000000000000..56eb1a1190e8
--- /dev/null
+++ b/include/linux/platform-integrity.h
@@ -0,0 +1,19 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Platform integrity data kernel module
+ *
+ * Copyright (C) 2020 Daniel Gutson <daniel.gutson@eclypsium.com>
+ * Copyright (C) 2020 Eclypsium Inc.
+ */
+#ifndef PLATFORM_INTEGRITY_H
+#define PLATFORM_INTEGRITY_H
+
+#include <linux/device.h>
+
+struct device *
+create_platform_integrity_device(struct device *parent, const char *name,
+ const struct attribute_group **groups);
+
+extern void destroy_platform_integrity_device(struct device *pi_device);
+
+#endif /* PLATFORM_INTEGRITY_H */
--
2.25.1
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-09-30 16:38 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-30 13:51 [PATCH 1/2] Platform integrity information in sysfs (version 9) Daniel Gutson
2020-09-30 16:37 [PATCH 0/2] " Daniel Gutson
2020-09-30 16:37 ` [PATCH 1/2] " Daniel Gutson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).