Received: by 2002:a05:6a10:6006:0:0:0:0 with SMTP id w6csp504167pxa; Thu, 27 Aug 2020 08:07:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyybe+47KLGir9Y2i2JnPmrZOGkj3a+hJXpeaxdKjZ8iEpf50RPf62EkPLcohf8478K8Gx2 X-Received: by 2002:a17:907:10c9:: with SMTP id rv9mr17277433ejb.284.1598540857611; Thu, 27 Aug 2020 08:07:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1598540857; cv=none; d=google.com; s=arc-20160816; b=cVvdk832qwaEV/qVWc6awZO3Jfy9rCWerRWw2oTHNwi1lOWHylxELbDXQQaLLImXSl WTDw+N5McAPcbWP5tfH3fuTPGwbLM8oj7oK2I4Hf4eUfsZTZ8VRl6XlhxkVskugQB0rD 18z7uPAfZtSHdwgCRfcRvoCJB3mH1YDYU/5XmNuGQ0bgoe6k48GzYPJ0ar7euKpopQff qMqbv3SOP6C2JgBho1P4rkEwaFTr7cAQ9WBZxWWZVn4oMy9PrAYFtsfhBeNIgvwcodJw 15jf8V3IqykTsAkdSvDz9t3CELWGPxadfcZlgzKe2ZIM+xcgkMWfyZpa2fQaSIiWmcX1 1CaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=qMGmC0JqGhgnSsAE+tyJqcCe+jJ8ExSl/fNNYQ+aD2Q=; b=F3xzAn5FX0g5ATiOIefXAn+yelndm+qmKIGox4T8UT1JHCeaE5bMU+FzHCnVQOzMya LOHj5Sy2jbVzXU9UUMr2SGTsJCBJZKvwWsHDnDtz1NoKwT1hLrkfYUtj0dYM8N8RVAMM eV1gZ5iLSrBMBRjW853ImeFZVsiOwcdNwN9r627D++5oCyfvJD+0hDuaOVKsh5JVqadG gSwX3q/gHUXsuvWV8M0bdlOXdx1Ey5fYLojJUX+oI6AeZJ+YKwqaBhhaprePx5G0YuJ7 oSxpKN1o2q2jEYS4IFzWI2gUhN41D1fu9drVJLyT2AypVzg5qbIbHyevURO9XobdqhN3 gaug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@eclypsium.com header.s=google header.b=XW0csSKc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=eclypsium.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s8si1628456edc.566.2020.08.27.08.07.13; Thu, 27 Aug 2020 08:07:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@eclypsium.com header.s=google header.b=XW0csSKc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=eclypsium.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728434AbgH0PFt (ORCPT + 99 others); Thu, 27 Aug 2020 11:05:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35378 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727940AbgH0PEj (ORCPT ); Thu, 27 Aug 2020 11:04:39 -0400 Received: from mail-qt1-x843.google.com (mail-qt1-x843.google.com [IPv6:2607:f8b0:4864:20::843]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BB6F4C061233 for ; Thu, 27 Aug 2020 08:04:38 -0700 (PDT) Received: by mail-qt1-x843.google.com with SMTP id d27so4743035qtg.4 for ; Thu, 27 Aug 2020 08:04:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eclypsium.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qMGmC0JqGhgnSsAE+tyJqcCe+jJ8ExSl/fNNYQ+aD2Q=; b=XW0csSKc4tYY0U7nBo00AjWWMhpxLvOFsKwp7w7NmLNFCj8ThnP4y/HV0TycZhAgcM OV7+coGiDAc5h84bOWo/BffRbcn3NNOvTlFi+0uWVXKPQflc9ToKnFj8OeU8+EfhSaih 6crZWbOEmPVzMtEKAc0ZepeeRNObZfGcBDIXUrnupRMuvPz+Q2qZ5pyICTeK4cVIn44m P32Hhhn7bHFFrClTDK++vjIWUlP40W/QGg3LxqvU+PltOX6DHmDyzT4EtXs1p3lthnI9 G47hNHB9pivg2UPNuWmH/vrz5d/Il6u9jef42fXuOYeb9SIbQGWD6Spjgni/ZElZQC+C Pc0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qMGmC0JqGhgnSsAE+tyJqcCe+jJ8ExSl/fNNYQ+aD2Q=; b=OGqSVrmOBdkQ9EXfVZJG847prh7CbRPbYJqdjpRTgXDG+FSYWKWuRb7ngPPEAgQI+8 VcklwxjoH3AJ8JdD4fPCwEn+V5pjDttX9GvSzGEwIN4ilYswEMxCyaj94HFIRfQ2Nst7 Suak7iUlBqyDi/+utgLjssd/s6c4HhliogKjSBebRwM2gSB1181q9E0+IyQXgmBXj5mJ 3iU66x/qM91eXypbipzoF2YelIzHeTbfpROnaz4OIEgOpzBLZn8EKLhyYCTFvJr3bF/4 KzVyV0FR/vzxAJ1HCeAMluPkQdER3qp2PB0MSdmvMrcbpf7mxnzCHfMLqWmCGAKxNBvq XhFA== X-Gm-Message-State: AOAM530JFdJjHeWbr1ORRi5oGEbEAXjjsNOBzPJSswzECl3+So/sIoV1 VeoKdBghqMp0C2UKoCVB8w2LigPjckyiiEGC2nKTpg== X-Received: by 2002:ac8:1bb3:: with SMTP id z48mr6033161qtj.203.1598540677708; Thu, 27 Aug 2020 08:04:37 -0700 (PDT) MIME-Version: 1.0 References: <20200820145117.8348-1-daniel.gutson@eclypsium.com> In-Reply-To: From: Daniel Gutson Date: Thu, 27 Aug 2020 12:04:26 -0300 Message-ID: Subject: Re: [PATCH] Platform lockdown information in sysfs (v2) To: Arnd Bergmann Cc: Derek Kiernan , Tudor Ambarus , Miquel Raynal , Richard Weinberger , Vignesh Raghavendra , Mika Westerberg , Greg Kroah-Hartman , Mauro Carvalho Chehab , "linux-kernel@vger.kernel.org" , Richard Hughes , Alex Bazhaniuk Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Aug 27, 2020 at 7:15 AM Arnd Bergmann wrote: > > On Thu, Aug 20, 2020 at 4:51 PM Daniel Gutson > wrote: > > > > This patch exports information about the platform lockdown > > firmware configuration in the sysfs filesystem. > > In this initial patch, I include some configuration attributes > > for the system SPI chip. > > > > This initial version exports the BIOS Write Enable (bioswe), > > BIOS Lock Enable (ble), and the SMM BIOS Write Protect (SMM_BWP) > > fields of the BIOS Control register. The idea is to keep adding more > > flags, not only from the BC but also from other registers in following > > versions. > > > > The goal is that the attributes are avilable to fwupd when SecureBoot > > is turned on. > > > > The patch provides a new misc driver, as proposed in the previous patch, > > that provides a registration function for HW Driver devices to register > > class_attributes. > > In this case, the intel SPI flash chip (intel-spi) registers three > > class_attributes corresponding to the fields mentioned above. > > > > This version of the patch replaces class attributes by device > > attributes. > > > > Signed-off-by: Daniel Gutson > > This looks much better than before, thanks for addressing the feedback. Thanks for providing it. > > diff --git a/Documentation/ABI/stable/sysfs-class-platform-lockdown b/Documentation/ABI/stable/sysfs-class-platform-lockdown > > new file mode 100644 > > index 000000000000..3fe75d775a42 > > --- /dev/null > > +++ b/Documentation/ABI/stable/sysfs-class-platform-lockdown > > @@ -0,0 +1,23 @@ > > +What: /sys/class/platform-lockdown/bioswe > > platform-lockdown is a much better name than the previous suggestions. > I'm still hoping for an even better suggestion. Like everything the term > "lockdown" is also overloaded a bit, with the other common meaning > referring to the effort to give root users less privilege than the > kernel itself, > see https://lwn.net/Articles/750730/ I'd want to set the name for good before I proceed with the rest. A list of suggestions: platform-firmware platform-defence firmware-surety firmware-control platform-inspection platform-lookout platform-diligence platform-integrity I like the last want, what do you think? Any other suggestion? Thanks again! Daniel. > > Shouldn't there be a device name between the class name > ("platform-lockdown") and the attribute name? > > > +PLATFORM LOCKDOWN ATTRIBUTES MODULE > > +M: Daniel Gutson > > +S: Supported > > +F: Documentation/ABI/sysfs-class-platform-lockdown > > +F: drivers/misc/platform-lockdown-attrs.c > > +F: include/linux/platform_data/platform-lockdown-attrs.h > > include/linux/platform_data/ is not the right place for the header, > this is defined to be the place for defining properties of devices > that are created from old-style board files. > > Just put the header into include/linux/ directly. > the host. > > > > +config PLATFORM_LOCKDOWN_ATTRS > > + tristate "Platform lockdown information in the sysfs" > > + depends on SYSFS > > + help > > + This kernel module is a helper driver to provide information about > > + platform lockdown settings and configuration. > > + This module is used by other device drivers -such as the intel-spi- > > + to publish the information in /sys/class/platform-lockdown. > > Maybe mention fwupd in the description in some form. > > > + > > +static struct class platform_lockdown_class = { > > + .name = "platform-lockdown", > > + .owner = THIS_MODULE, > > +}; > > + > > +struct device *register_platform_lockdown_data_device(struct device *parent, > > + const char *name) > > +{ > > + return device_create(&platform_lockdown_class, parent, MKDEV(0, 0), > > + NULL, name); > > +} > > +EXPORT_SYMBOL_GPL(register_platform_lockdown_data_device); > > + > > +void unregister_platform_lockdown_data_device(struct device *dev) > > +{ > > + device_unregister(dev); > > +} > > +EXPORT_SYMBOL_GPL(unregister_platform_lockdown_data_device); > > + > > +int register_platform_lockdown_attribute(struct device *dev, > > + struct device_attribute *dev_attr) > > +{ > > + return device_create_file(dev, dev_attr); > > +} > > +EXPORT_SYMBOL_GPL(register_platform_lockdown_attribute); > > + > > +void register_platform_lockdown_attributes(struct device *dev, > > + struct device_attribute dev_attrs[]) > > +{ > > + u32 idx = 0; > > + > > + while (dev_attrs[idx].attr.name != NULL) { > > + register_platform_lockdown_attribute(dev, &dev_attrs[idx]); > > + idx++; > > + } > > There is a bit of a race with creating the device first and then > the attributes. Generally it seems better to me to use > device_create_with_groups() instead so the device shows up > with all attributes in place already. > > > +void register_platform_lockdown_custom_attributes(struct device *dev, > > + void *custom_attrs, > > + size_t dev_attr_offset, > > + size_t custom_attr_size) > > This interface seems to be overly complex, I would hope it can be avoided. > > > +static ssize_t cnl_spi_attr_show(struct device *dev, > > + struct device_attribute *attr, char *buf) > > +{ > > + u32 bcr; > > + struct cnl_spi_attr *cnl_spi_attr = container_of(attr, > > + struct cnl_spi_attr, dev_attr); > > + > > + if (class_child_device != dev) > > + return -EIO; > > + > > + if (dev->parent == NULL) > > + return -EIO; > > + > > + if (pci_read_config_dword(container_of(dev->parent, struct pci_dev, dev), > > + BCR, &bcr) != PCIBIOS_SUCCESSFUL) > > + return -EIO; > > + > > + return sprintf(buf, "%d\n", (int)!!(bcr & cnl_spi_attr->mask)); > > +} > > If I understand it right, that complexity comes from attempting to > have a single show callback for three different flags. To me that > actually feels more complicated than having an attribute group > with three similar but simpler show callbacks. > > > static void intel_spi_pci_remove(struct pci_dev *pdev) > > { > > + if (class_child_device != NULL) { > > Please avoid the global variable here and just add a member in the > per-device data. > > > + unregister_platform_lockdown_custom_attributes( > > + class_child_device, > > + cnl_spi_attrs, > > + offsetof(struct cnl_spi_attr, dev_attr), > > + sizeof(struct cnl_spi_attr)); > > + > > + unregister_platform_lockdown_data_device(class_child_device); > > It should be possible to just destroy the attributes as part of > unregister_platform_lockdown_data_device. > > Arnd -- Daniel Gutson Argentina Site Director Enginieering Director Eclypsium Below The Surface: Get the latest threat research and insights on firmware and supply chain threats from the research team at Eclypsium. https://eclypsium.com/research/#threatreport