Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp7605833rwb; Wed, 23 Nov 2022 08:29:06 -0800 (PST) X-Google-Smtp-Source: AA0mqf4h5w0QAMivNvorLnAq6uoluoHfCBVNdRn+dtaGHST5qMluv8TrfA3x51KwLj27QuvPNFpZ X-Received: by 2002:aa7:c754:0:b0:469:1ddf:9251 with SMTP id c20-20020aa7c754000000b004691ddf9251mr21756799eds.110.1669220946076; Wed, 23 Nov 2022 08:29:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669220946; cv=none; d=google.com; s=arc-20160816; b=ZaUtPqMC1v8EaVCurVKVTWyY7Qc8GJvUvHYWMGr+wwSZQwUfPBY1kwXGt1/e6G0qeN 5PoMU3oqrRgmNn8GYxB61moptQ9Ou1lWFfongofOXsracPWgDNa9/G36GXzGB/AZ0fpa 3cm5+mvFvOS4F1KLl2g4rlfIh/GsybwxjyurExchezRfUh2xb3wst/4ngf8OMq3Vs/5W 5PxkQ0G9q0vbBtJQ+QedkozmbfT+cbTc7PSFlxg5L1P0nH8tMozWWJ7zqapuzhnICC53 kVnXh4+/YWuQUoo2p3GhFWoKsV/ITtHjSTL5KwTL6cVOyqFXIquqckUtDqFJvnlZdUZl HTbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=kqGnlLicpxzF+RcsVb3tLvvTFLtd0KWx1zXf4fvqI3g=; b=xLkhEpQ41JLBtJ7o7Fdb++dvrLqnBC2KhlZYPDXPEnaEoQ0plXFsgKUYqYrftDfbV2 7mfwjRPN/Vj6JXWt+ZPqefYaE53Jp5Qd3MBCe+5h0XlPyodyjEg3sEyErHJLJzyDvZM7 nvkdArLGV46MkAOsrEkvo2V42zsflNKenq5QMWdVUN7VAqhHtR43k8OfpfcLMVHE0nu8 +lCGvVTL6td863iZdoHIAtbGvO4UQKyzKq9OvZdqVQiLWXBng/7OGTX7LmUjtWCr7fyl JwPJpAJOG+11FVhuJE1ooDeklz4ZRYrZU7jLZi6/8hJRVHzrLSwK/MLzQVeWylySVMqQ T8mA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=mhiplsOi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k14-20020aa7d2ce000000b00469a9937122si6480889edr.111.2022.11.23.08.28.42; Wed, 23 Nov 2022 08:29:06 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=mhiplsOi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238242AbiKWP6m (ORCPT + 88 others); Wed, 23 Nov 2022 10:58:42 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46230 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238254AbiKWP6Y (ORCPT ); Wed, 23 Nov 2022 10:58:24 -0500 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A08481A812; Wed, 23 Nov 2022 07:57:46 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id 04B76CE2322; Wed, 23 Nov 2022 15:57:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A2E49C433C1; Wed, 23 Nov 2022 15:57:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1669219063; bh=Q0SEQR3uc6eCtl05I/8Xe29JQKDtlOnHtgnxpmvfeK0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=mhiplsOioxUX4b7OWO/JF0jiV4e9OaOyeXb1vLr7BIXe2hSqp14HiG3LS60tfKiXR XYHklTI6LnIYJ+JdVdOx89JEMI34ZRFLWpqBlzMQsRqI8TmEAFjO9/8CnTgju7xKis AnxSbQ0zYNV4rEJno4YOqL/ulKqGxpwcGux1giIg= Date: Wed, 23 Nov 2022 16:57:40 +0100 From: Greg Kroah-Hartman To: Nayna Cc: Nayna Jain , linuxppc-dev@lists.ozlabs.org, linux-fsdevel@vger.kernel.org, linux-efi@vger.kernel.org, linux-security-module , linux-kernel@vger.kernel.org, Michael Ellerman , npiggin@gmail.com, christophe.leroy@csgroup.eu, Dov Murik , George Wilson , Matthew Garrett , Dave Hansen , Benjamin Herrenschmidt , Paul Mackerras , Russell Currey , Andrew Donnellan , Stefan Berger , "Serge E. Hallyn" , "Ritesh Harjani (IBM)" Subject: Re: [PATCH 2/4] fs: define a firmware security filesystem named fwsecurityfs Message-ID: References: <20221106210744.603240-1-nayna@linux.ibm.com> <20221106210744.603240-3-nayna@linux.ibm.com> <8447a726-c45d-8ebb-2a74-a4d759631e64@linux.vnet.ibm.com> <20221119114234.nnfxsqx4zxiku2h6@riteshh-domain> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 23, 2022 at 10:05:49AM -0500, Nayna wrote: > > On 11/22/22 18:21, Nayna wrote: > > > > From the perspective of our use case, we need to expose firmware > > security objects to userspace for management. Not all of the objects > > pre-exist and we would like to allow root to create them from userspace. > > > > From a unification perspective, I have considered a common location at > > /sys/firmware/security for managing any platform's security objects. And > > I've proposed a generic filesystem, which could be used by any platform > > to represent firmware security objects via /sys/firmware/security. > > > > Here are some alternatives to generic filesystem in discussion: > > > > 1. Start with a platform-specific filesystem. If more platforms would > > like to use the approach, it can be made generic. We would still have a > > common location of /sys/firmware/security and new code would live in > > arch. This is my preference and would be the best fit for our use case. > > > > 2. Use securityfs.? This would mean modifying it to satisfy other use > > cases, including supporting userspace file creation. I don't know if the > > securityfs maintainer would find that acceptable. I would also still > > want some way to expose variables at /sys/firmware/security. > > > > 3. Use a sysfs-based approach. This would be a platform-specific > > implementation. However, sysfs has a similar issue to securityfs for > > file creation. When I tried it in RFC v1[1], I had to implement a > > workaround to achieve that. > > > > [1] https://lore.kernel.org/linuxppc-dev/20220122005637.28199-3-nayna@linux.ibm.com/ > > > Hi Greg, > > Based on the discussions so far, is Option 1, described above, an acceptable > next step? No, as I said almost a year ago, I do not want to see platform-only filesystems going and implementing stuff that should be shared by all platforms. thanks, greg k-h