From: Mark Pearson <markpearson@lenovo.com>
To: Hans de Goede <hdegoede@redhat.com>
Cc: <mgross@linux.intel.com>, <platform-driver-x86@vger.kernel.org>
Subject: Re: [External]Re: [External]Re: [PATCH] platform/x86: think-lmi: add debug_cmd
Date: Thu, 29 Jul 2021 13:40:06 -0400 [thread overview]
Message-ID: <76a0aa55-c778-2398-dd31-c4a53a373a09@lenovo.com> (raw)
In-Reply-To: <985c01bb-76f4-a7c1-e614-470cb5009576@redhat.com>
Hi Hans
On 2021-07-29 1:34 p.m., Hans de Goede wrote:
> Hi Mark,
>
> On 7/19/21 2:46 PM, Mark Pearson wrote:
>> Thanks for the review Hans
>>
>> On 2021-07-17 9:59 a.m., Hans de Goede wrote:
>>> Hi Mark,
>>>
>>> On 7/16/21 1:08 AM, Mark Pearson wrote:
>>>> Many Lenovo BIOS's support the ability to send a debug command
>>>> which is useful for debugging and testing unreleased or early
>>>> features. Adding support for this feature.
>>>>
>>>> Also moved the pending_reboot node under attributes dir where
>>>> it should correctly live. Got that wrong in my last commit and
>>>> realised as I was updating the documentation for debug_cmd
>>>>
>>>> Signed-off-by: Mark Pearson <markpearson@lenovo.com>
>>>
>>> Thank you for the patch, I'm not entirely sure if we want this in
>>> its current form though, isn't this new debug_cmd file not
>>> something which would be better under debugfs ? Or maybe have it
>>> only show up if a module parameter is passed to enable it ?
>>>
>>> Note that both have implications wrt secureboot. debugfs is only
>>> writeable when secureboot is disabled; and ATM module options
>>> are not protected by secureboot, but at least in Fedora we would
>>> actually like to change that in the future.
>>>
>>> Anyways, lets discuss this a bit further and then merge
>>> something for this later.
>>>
>> I wasn't sure about debugfs but did consider it. It seemed to be
>> adding a whole extra layer. I'm happy to do that if that's what is
>> recommended but not having it available with secureboot could be
>> annoying for users.
>
> I agree that adding debugfs support just for a single file seems a
> bit overkill.
>
>> This feature is mostly used internally (which is fine) but we have
>> had occasions where we've used it with customers; and with the WMI
>> interface it's usually the enterprise customers who do have secure
>> boot enabled. I'd like to avoid that limitation if possible.
>
> So given that using debugfs seems a bit overkill and it has issues
> with selinux I think that it might be best to hide this file behind a
> module option (and mention that in the docs, or maybe not document it
> at all?).
>
> At least for now kernel commandline options an be set without
> breaking secureboot and even if secureboot ever starts verifying the
> cmdline then we can always use a /etc/modprobe.d/*.conf file to
> specify the option instead of passing it through the kernel cmdline.
>
> Would using a module option to enable the debug_cmd file work for you
> ?
>
That sounds very sensible to me - totally happy to do that.
I'll get that implemented when I'm back from PTO and send as an update.
Thanks!
Mark
prev parent reply other threads:[~2021-07-29 17:40 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-15 23:08 [PATCH] platform/x86: think-lmi: add debug_cmd Mark Pearson
2021-07-17 13:59 ` Hans de Goede
2021-07-19 12:46 ` [External]Re: " Mark Pearson
2021-07-29 17:34 ` Hans de Goede
2021-07-29 17:40 ` Mark Pearson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=76a0aa55-c778-2398-dd31-c4a53a373a09@lenovo.com \
--to=markpearson@lenovo.com \
--cc=hdegoede@redhat.com \
--cc=mgross@linux.intel.com \
--cc=platform-driver-x86@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).