From: Mark Pearson <markpearson@lenovo.com>
To: <markpearson@lenovo.com>
Cc: <hdegoede@redhat.com>, <mgross@linux.intel.com>,
<platform-driver-x86@vger.kernel.org>
Subject: [PATCH v2 1/2] Documentation: syfs-class-firmware-attributes: Lenovo Opcode support
Date: Wed, 17 Nov 2021 13:44:52 -0500 [thread overview]
Message-ID: <20211117184453.2476-1-markpearson@lenovo.com> (raw)
In-Reply-To: <markpearson@lenovo.com>
Newer Lenovo BIOS's have an opcode GUID support interface which provides
- improved password setting control
- ability to set System, hard drive and NVMe passwords
Add the support for these new passwords, and the ability to select
user/master mode and the drive index.
Signed-off-by: Mark Pearson <markpearson@lenovo.com>
---
Changes in v2:
- Move 'level' and 'index' authentication attributes to Lenovo
extensions section
- Add details on system-mgmt and drive authentication roles to Lenovo
extensions section
.../testing/sysfs-class-firmware-attributes | 32 +++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/Documentation/ABI/testing/sysfs-class-firmware-attributes b/Documentation/ABI/testing/sysfs-class-firmware-attributes
index 90fdf935aa5e..13e31c6a0e9c 100644
--- a/Documentation/ABI/testing/sysfs-class-firmware-attributes
+++ b/Documentation/ABI/testing/sysfs-class-firmware-attributes
@@ -161,6 +161,15 @@ Description:
power-on:
Representing a password required to use
the system
+ system-mgmt:
+ Representing System Management password.
+ See Lenovo extensions section for details
+ HDD:
+ Representing HDD password
+ See Lenovo extensions section for details
+ NVMe:
+ Representing NVMe password
+ See Lenovo extensions section for details
mechanism:
The means of authentication. This attribute is mandatory.
@@ -207,6 +216,13 @@ Description:
On Lenovo systems the following additional settings are available:
+ role: system-mgmt This gives the same authority as the bios-admin password to control
+ security related features. The authorities allocated can be set via
+ the BIOS menu SMP Access Control Policy
+
+ role: HDD & NVMe This password is used to unlock access to the drive at boot. Note see
+ 'level' and 'index' extensions below.
+
lenovo_encoding:
The encoding method that is used. This can be either "ascii"
or "scancode". Default is set to "ascii"
@@ -216,6 +232,22 @@ Description:
two char code (e.g. "us", "fr", "gr") and may vary per platform.
Default is set to "us"
+ level:
+ Available for HDD and NVMe authentication to set 'user' or 'master'
+ privilege level.
+ If only the user password is configured then this should be used to
+ unlock the drive at boot. If both master and user passwords are set
+ then either can be used. If a master password is set a user password
+ is required.
+ This attribute defaults to 'user' level
+
+ index:
+ Used with HDD and NVME authentication to set the drive index
+ that is being referenced (e.g hdd0, hdd1 etc)
+ This attribute defaults to device 0.
+
+
+
What: /sys/class/firmware-attributes/*/attributes/pending_reboot
Date: February 2021
KernelVersion: 5.11
--
2.31.1
next reply other threads:[~2021-11-17 18:45 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-17 18:44 Mark Pearson [this message]
2021-11-17 18:44 ` [PATCH v2 2/2] platform/x86: think-lmi: Opcode support Mark Pearson
2021-11-18 11:32 ` Hans de Goede
2021-11-18 15:04 ` [External] " Mark Pearson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211117184453.2476-1-markpearson@lenovo.com \
--to=markpearson@lenovo.com \
--cc=hdegoede@redhat.com \
--cc=mgross@linux.intel.com \
--cc=platform-driver-x86@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.