This patch provides a driver and an API for exporting information about the platform integrity firmware configuration in the sysfs filesystem.
The goal is that the attributes are avilable to fwupd. Signed-off-by: Daniel Gutson <daniel.gut...@eclypsium.com> --- .../ABI/stable/sysfs-class-platform-integrity | 23 ++++++++ MAINTAINERS | 7 +++ drivers/misc/Kconfig | 11 ++++ drivers/misc/Makefile | 1 + drivers/misc/platform-integrity.c | 56 +++++++++++++++++++ include/linux/platform-integrity.h | 19 +++++++ 6 files changed, 117 insertions(+) create mode 100644 Documentation/ABI/stable/sysfs-class-platform-integrity create mode 100644 drivers/misc/platform-integrity.c create mode 100644 include/linux/platform-integrity.h diff --git a/Documentation/ABI/stable/sysfs-class-platform-integrity b/Documentation/ABI/stable/sysfs-class-platform-integrity new file mode 100644 index 000000000000..0978079bde50 --- /dev/null +++ b/Documentation/ABI/stable/sysfs-class-platform-integrity @@ -0,0 +1,23 @@ +What: /sys/class/platform-integrity/intel-spi/bioswe +Date: September 2020 +KernelVersion: 5.10 +Contact: Daniel Gutson <daniel.gut...@eclypsium.com> +Description: If the system firmware set BIOS Write Enable. + 0: writes disabled, 1: writes enabled. +Users: https://github.com/fwupd/fwupd + +What: /sys/class/platform-integrity/intel-spi/biosle +Date: September 2020 +KernelVersion: 5.10 +Contact: Daniel Gutson <daniel.gut...@eclypsium.com> +Description: If the system firmware set BIOS Lock Enable. + 0: SMM lock disabled, 1: SMM lock enabled. +Users: https://github.com/fwupd/fwupd + +What: /sys/class/platform-integrity/intel-spi/smm_bioswp +Date: September 2020 +KernelVersion: 5.10 +Contact: Daniel Gutson <daniel.gut...@eclypsium.com> +Description: If the system firmware set SMM BIOS Write Protect. + 0: writes disabled unless in SMM, 1: writes enabled. +Users: https://github.com/fwupd/fwupd diff --git a/MAINTAINERS b/MAINTAINERS index d746519253c3..98bd26cd1adc 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -13774,6 +13774,13 @@ S: Maintained F: Documentation/devicetree/bindings/iio/chemical/plantower,pms7003.yaml F: drivers/iio/chemical/pms7003.c +PLATFORM INTEGRITY DATA MODULE +M: Daniel Gutson <daniel.gut...@eclypsium.com> +S: Supported +F: Documentation/ABI/sysfs-class-platform-integrity +F: drivers/misc/platform-integrity.c +F: include/linux/platform-integrity.h + PLDMFW LIBRARY M: Jacob Keller <jacob.e.kel...@intel.com> S: Maintained diff --git a/drivers/misc/Kconfig b/drivers/misc/Kconfig index ce136d685d14..8602049bd0ad 100644 --- a/drivers/misc/Kconfig +++ b/drivers/misc/Kconfig @@ -456,6 +456,17 @@ config PVPANIC a paravirtualized device provided by QEMU; it lets a virtual machine (guest) communicate panic events to the host. +config PLATFORM_INTEGRITY_DATA + bool "Platform integrity information in the sysfs" + depends on SYSFS + help + This kernel module is a helper driver to provide information about + platform integrity settings and configuration. + This module is used by other device drivers -such as the intel-spi- + to publish the information in /sys/class/platform-integrity which is + consumed by software such as fwupd which can verify the platform + has been configured in a secure way. + source "drivers/misc/c2port/Kconfig" source "drivers/misc/eeprom/Kconfig" source "drivers/misc/cb710/Kconfig" diff --git a/drivers/misc/Makefile b/drivers/misc/Makefile index c7bd01ac6291..97ebb997fc47 100644 --- a/drivers/misc/Makefile +++ b/drivers/misc/Makefile @@ -57,3 +57,4 @@ obj-$(CONFIG_PVPANIC) += pvpanic.o obj-$(CONFIG_HABANA_AI) += habanalabs/ obj-$(CONFIG_UACCE) += uacce/ obj-$(CONFIG_XILINX_SDFEC) += xilinx_sdfec.o +obj-$(CONFIG_PLATFORM_INTEGRITY_DATA) += platform-integrity.o diff --git a/drivers/misc/platform-integrity.c b/drivers/misc/platform-integrity.c new file mode 100644 index 000000000000..e17d27850a3b --- /dev/null +++ b/drivers/misc/platform-integrity.c @@ -0,0 +1,56 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Platform integrity data kernel module + * + * Copyright (C) 2020 Daniel Gutson <daniel.gut...@eclypsium.com> + * Copyright (C) 2020 Eclypsium Inc. + */ +#include <linux/sysfs.h> +#include <linux/module.h> +#include <linux/init.h> +#include <linux/kdev_t.h> +#include <linux/platform-integrity.h> + +static struct class platform_integrity_class = { + .name = "platform-integrity", + .owner = THIS_MODULE, +}; + +struct device * +create_platform_integrity_device(struct device *parent, const char *name, + const struct attribute_group **groups) +{ + return device_create_with_groups(&platform_integrity_class, parent, + MKDEV(0, 0), groups, groups, "%s", + name); +} +EXPORT_SYMBOL_GPL(create_platform_integrity_device); + +void destroy_platform_integrity_device(struct device *pi_device) +{ + device_remove_groups(pi_device, + (const struct attribute_group **)dev_get_drvdata(pi_device)); + device_unregister(pi_device); +} +EXPORT_SYMBOL_GPL(destroy_platform_integrity_device); + +static int __init platform_integrity_init(void) +{ + int status; + + status = class_register(&platform_integrity_class); + if (status < 0) + return status; + + return 0; +} + +static void __exit platform_integrity_exit(void) +{ + class_unregister(&platform_integrity_class); +} + +module_init(platform_integrity_init); +module_exit(platform_integrity_exit); +MODULE_LICENSE("GPL v2"); +MODULE_AUTHOR("Daniel Gutson <daniel.gut...@eclypsium.com>"); diff --git a/include/linux/platform-integrity.h b/include/linux/platform-integrity.h new file mode 100644 index 000000000000..56eb1a1190e8 --- /dev/null +++ b/include/linux/platform-integrity.h @@ -0,0 +1,19 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Platform integrity data kernel module + * + * Copyright (C) 2020 Daniel Gutson <daniel.gut...@eclypsium.com> + * Copyright (C) 2020 Eclypsium Inc. + */ +#ifndef PLATFORM_INTEGRITY_H +#define PLATFORM_INTEGRITY_H + +#include <linux/device.h> + +struct device * +create_platform_integrity_device(struct device *parent, const char *name, + const struct attribute_group **groups); + +extern void destroy_platform_integrity_device(struct device *pi_device); + +#endif /* PLATFORM_INTEGRITY_H */ -- 2.25.1
