1 What: /sys/class/firmware-attributes 1 What: /sys/class/firmware-attributes/*/attributes/*/
2 Date: February 2021 2 Date: February 2021
3 KernelVersion: 5.11 3 KernelVersion: 5.11
4 Contact: Divya Bharathi <Divya.Bharathi@ 4 Contact: Divya Bharathi <Divya.Bharathi@Dell.com>,
5 Prasanth KSR <prasanth.ksr@dell 5 Prasanth KSR <prasanth.ksr@dell.com>
6 Dell.Client.Kernel@dell.com 6 Dell.Client.Kernel@dell.com
7 Description: 7 Description:
8 A sysfs interface for systems 8 A sysfs interface for systems management software to enable
9 configuration capability on su 9 configuration capability on supported systems. This directory
10 exposes interfaces for interac 10 exposes interfaces for interacting with configuration options.
11 11
12 Unless otherwise specified in 12 Unless otherwise specified in an attribute description all attributes are optional
13 and will accept UTF-8 input. 13 and will accept UTF-8 input.
14 14
15 type: 15 type:
16 A file that can be read to 16 A file that can be read to obtain the type of attribute.
17 This attribute is mandator 17 This attribute is mandatory.
18 18
19 The following are known types: 19 The following are known types:
20 20
21 - enumeration: a set o 21 - enumeration: a set of pre-defined valid values
22 - integer: a range of 22 - integer: a range of numerical values
23 - string 23 - string
24 24
25 HP specific types <<
26 ----------------- <<
27 - ordered-list - a set <<
28 <<
29 <<
30 All attribute types support th 25 All attribute types support the following values:
31 26
32 current_value: 27 current_value:
33 A file that ca 28 A file that can be read to obtain the current
34 value of the < 29 value of the <attr>.
35 30
36 This file can 31 This file can also be written to in order to update the value of a
37 <attr> 32 <attr>
38 33
39 This attribute 34 This attribute is mandatory.
40 35
41 default_value: 36 default_value:
42 A file that ca 37 A file that can be read to obtain the default
43 value of the < 38 value of the <attr>
44 39
45 display_name: 40 display_name:
46 A file that ca 41 A file that can be read to obtain a user friendly
47 description of 42 description of the at <attr>
48 43
49 display_name_language_code: 44 display_name_language_code:
50 45 A file that can be read to obtain
51 46 the IETF language tag corresponding to the
52 47 "display_name" of the <attr>
53 48
54 "enumeration"-type specific pr 49 "enumeration"-type specific properties:
55 50
56 possible_values: 51 possible_values:
57 A file 52 A file that can be read to obtain the possible
58 values 53 values of the <attr>. Values are separated using
59 semi-c 54 semi-colon (``;``).
60 55
61 "integer"-type specific proper 56 "integer"-type specific properties:
62 57
63 min_value: 58 min_value:
64 A file that ca 59 A file that can be read to obtain the lower
65 bound value of 60 bound value of the <attr>
66 61
67 max_value: 62 max_value:
68 A file that ca 63 A file that can be read to obtain the upper
69 bound value of 64 bound value of the <attr>
70 65
71 scalar_increment: 66 scalar_increment:
72 A file 67 A file that can be read to obtain the scalar value used for
73 increm 68 increments of current_value this attribute accepts.
74 69
75 "string"-type specific propert 70 "string"-type specific properties:
76 71
77 max_length: 72 max_length:
78 A file that ca 73 A file that can be read to obtain the maximum
79 length value o 74 length value of the <attr>
80 75
81 min_length: 76 min_length:
82 A file that ca 77 A file that can be read to obtain the minimum
83 length value o 78 length value of the <attr>
84 79
85 Dell specific class extensions 80 Dell specific class extensions
86 ------------------------------ 81 ------------------------------
87 82
88 On Dell systems the following 83 On Dell systems the following additional attributes are available:
89 84
90 dell_modifier: 85 dell_modifier:
91 A file that ca 86 A file that can be read to obtain attribute-level
92 dependency rul 87 dependency rule. It says an attribute X will become read-only or
93 suppressed, if 88 suppressed, if/if-not attribute Y is configured.
94 89
95 modifier rules 90 modifier rules can be in following format::
96 91
97 [ReadOnlyI 92 [ReadOnlyIf:<attribute>=<value>]
98 [ReadOnlyI 93 [ReadOnlyIfNot:<attribute>=<value>]
99 [SuppressI 94 [SuppressIf:<attribute>=<value>]
100 [SuppressI 95 [SuppressIfNot:<attribute>=<value>]
101 96
102 For example:: 97 For example::
103 98
104 AutoOnFri/ 99 AutoOnFri/dell_modifier has value,
105 [S 100 [SuppressIfNot:AutoOn=SelectDays]
106 101
107 This means Aut 102 This means AutoOnFri will be suppressed in BIOS setup if AutoOn
108 attribute is n 103 attribute is not "SelectDays" and its value will not be effective
109 through sysfs 104 through sysfs until this rule is met.
110 105
111 Enumeration attributes also su 106 Enumeration attributes also support the following:
112 107
113 dell_value_modifier: 108 dell_value_modifier:
114 A file 109 A file that can be read to obtain value-level dependency.
115 This f 110 This file is similar to dell_modifier but here, an
116 attrib 111 attribute's current value will be forcefully changed based
117 depend 112 dependent attributes value.
118 113
119 dell_v 114 dell_value_modifier rules can be in following format::
120 115
121 <v 116 <value>[ForceIf:<attribute>=<value>]
122 <v 117 <value>[ForceIfNot:<attribute>=<value>]
123 118
124 For ex !! 119 For example:
125 120
126 Le 121 LegacyOrom/dell_value_modifier has value:
127 122 Disabled[ForceIf:SecureBoot=Enabled]
128 123
129 This m 124 This means LegacyOrom's current value will be forced to
130 "Disab 125 "Disabled" in BIOS setup if SecureBoot is Enabled and its
131 value 126 value will not be effective through sysfs until this rule is
132 met. 127 met.
133 128
134 HP specific class extensions <<
135 ------------------------------ <<
136 <<
137 On HP systems the following ad <<
138 <<
139 "ordered-list"-type specific p <<
140 <<
141 elements: <<
142 A file <<
143 list o <<
144 semi-c <<
145 An ele <<
146 the li <<
147 the pr <<
148 <<
149 What: /sys/class/firmware-attributes 129 What: /sys/class/firmware-attributes/*/authentication/
150 Date: February 2021 130 Date: February 2021
151 KernelVersion: 5.11 131 KernelVersion: 5.11
152 Contact: Divya Bharathi <Divya.Bharathi@ 132 Contact: Divya Bharathi <Divya.Bharathi@Dell.com>,
153 Prasanth KSR <prasanth.ksr@dell 133 Prasanth KSR <prasanth.ksr@dell.com>
154 Dell.Client.Kernel@dell.com 134 Dell.Client.Kernel@dell.com
155 Description: 135 Description:
156 Devices support various authen 136 Devices support various authentication mechanisms which can be exposed
157 as a separate configuration ob 137 as a separate configuration object.
158 138
159 For example a "BIOS Admin" pas 139 For example a "BIOS Admin" password and "System" Password can be set,
160 reset or cleared using these a 140 reset or cleared using these attributes.
161 141
162 - An "Admin" password is used 142 - An "Admin" password is used for preventing modification to the BIOS
163 settings. 143 settings.
164 - A "System" password is requi 144 - A "System" password is required to boot a machine.
165 145
166 Change in any of these two aut 146 Change in any of these two authentication methods will also generate an
167 uevent KOBJ_CHANGE. 147 uevent KOBJ_CHANGE.
168 148
169 is_enabled: 149 is_enabled:
170 A file 150 A file that can be read to obtain a 0/1 flag to see if
171 <attr> 151 <attr> authentication is enabled.
172 This a 152 This attribute is mandatory.
173 153
174 role: 154 role:
175 The ty 155 The type of authentication used.
176 This a 156 This attribute is mandatory.
177 157
178 Known 158 Known types:
179 159 bios-admin:
180 160 Representing BIOS administrator password
181 161 power-on:
182 162 Representing a password required to use
183 163 the system
184 <<
185 <<
186 <<
187 <<
188 <<
189 <<
190 <<
191 <<
192 <<
193 164
194 mechanism: 165 mechanism:
195 The me 166 The means of authentication. This attribute is mandatory.
196 Only s 167 Only supported type currently is "password".
197 168
198 max_password_length: 169 max_password_length:
199 A file 170 A file that can be read to obtain the
200 maximu 171 maximum length of the Password
201 172
202 min_password_length: 173 min_password_length:
203 A file 174 A file that can be read to obtain the
204 minimu 175 minimum length of the Password
205 176
206 current_password: 177 current_password:
207 A writ 178 A write only value used for privileged access such as
208 settin 179 setting attributes when a system or admin password is set
209 or res 180 or resetting to a new password
210 181
211 This a 182 This attribute is mandatory when mechanism == "password".
212 183
213 new_password: 184 new_password:
214 A writ 185 A write only value that when used in tandem with
215 curren 186 current_password will reset a system or admin password.
216 187
217 Note, password management is s 188 Note, password management is session specific. If Admin password is set,
218 same password must be written 189 same password must be written into current_password file (required for
219 password-validation) and must 190 password-validation) and must be cleared once the session is over.
220 For example:: 191 For example::
221 192
222 echo "password" > curr 193 echo "password" > current_password
223 echo "disabled" > Touc 194 echo "disabled" > TouchScreen/current_value
224 echo "" > current_pass 195 echo "" > current_password
225 196
226 Drivers may emit a CHANGE ueve 197 Drivers may emit a CHANGE uevent when a password is set or unset
227 userspace may check it again. 198 userspace may check it again.
228 199
229 On Dell, Lenovo and HP systems !! 200 On Dell and Lenovo systems, if Admin password is set, then all BIOS attributes
230 require password validation. 201 require password validation.
231 On Lenovo systems if you chang 202 On Lenovo systems if you change the Admin password the new password is not active until
232 the next boot. 203 the next boot.
233 204
234 Lenovo specific class extensio 205 Lenovo specific class extensions
235 ------------------------------ !! 206 ------------------------------
236 207
237 On Lenovo systems the followin 208 On Lenovo systems the following additional settings are available:
238 209
239 role: system-mgmt This g <<
240 securi <<
241 the BI <<
242 <<
243 role: HDD & NVMe This p <<
244 'level <<
245 <<
246 lenovo_encoding: 210 lenovo_encoding:
247 The en 211 The encoding method that is used. This can be either "ascii"
248 or "sc 212 or "scancode". Default is set to "ascii"
249 213
250 lenovo_kbdlang: 214 lenovo_kbdlang:
251 The ke 215 The keyboard language method that is used. This is generally a
252 two ch 216 two char code (e.g. "us", "fr", "gr") and may vary per platform.
253 Defaul 217 Default is set to "us"
254 218
255 level: <<
256 Availa <<
257 privil <<
258 If onl <<
259 unlock <<
260 then e <<
261 is req <<
262 This a <<
263 <<
264 index: <<
265 Used w <<
266 that i <<
267 This a <<
268 <<
269 certificate, signature, save_s <<
270 These <<
271 used i <<
272 based <<
273 The us <<
274 from t <<
275 The at <<
276 <<
277 Some u <<
278 <<
279 <<
280 <<
281 <<
282 <<
283 <<
284 <<
285 <<
286 <<
287 <<
288 <<
289 <<
290 <<
291 <<
292 <<
293 <<
294 <<
295 <<
296 <<
297 <<
298 <<
299 <<
300 You ca <<
301 has no <<
302 Cleari <<
303 being <<
304 After <<
305 take e <<
306 <<
307 certificate_thumbprint: <<
308 Read o <<
309 for th <<
310 <<
311 certificate_to_password: <<
312 Write <<
313 back t <<
314 Usage: <<
315 <<
316 <<
317 <<
318 <<
319 HP specific class extensions <<
320 ------------------------------ <<
321 <<
322 On HP systems the following ad <<
323 <<
324 role: enhanced-bios-auth: <<
325 This r <<
326 It req <<
327 <<
328 <<
329 What: /sys/class/firmware-attributes 219 What: /sys/class/firmware-attributes/*/attributes/pending_reboot
330 Date: February 2021 220 Date: February 2021
331 KernelVersion: 5.11 221 KernelVersion: 5.11
332 Contact: Divya Bharathi <Divya.Bharathi@ 222 Contact: Divya Bharathi <Divya.Bharathi@Dell.com>,
333 Prasanth KSR <prasanth.ksr@dell 223 Prasanth KSR <prasanth.ksr@dell.com>
334 Dell.Client.Kernel@dell.com 224 Dell.Client.Kernel@dell.com
335 Description: 225 Description:
336 A read-only attribute reads 1 226 A read-only attribute reads 1 if a reboot is necessary to apply
337 pending BIOS attribute changes 227 pending BIOS attribute changes. Also, an uevent_KOBJ_CHANGE is
338 generated when it changes to 1 228 generated when it changes to 1.
339 229
340 == ============== 230 == =========================================
341 0 All BIOS attri 231 0 All BIOS attributes setting are current
342 1 A reboot is ne 232 1 A reboot is necessary to get pending BIOS
343 attribute chan !! 233 attribute changes applied
344 == ============== 234 == =========================================
345 235
346 Note, userspace applications n 236 Note, userspace applications need to follow below steps for efficient
347 BIOS management, 237 BIOS management,
348 238
349 1. Check if admin passwor 239 1. Check if admin password is set. If yes, follow session method for
350 password management as 240 password management as briefed under authentication section above.
351 2. Before setting any att 241 2. Before setting any attribute, check if it has any modifiers
352 or value_modifiers. If 242 or value_modifiers. If yes, incorporate them and then modify
353 attribute. 243 attribute.
354 244
355 Drivers may emit a CHANGE ueve 245 Drivers may emit a CHANGE uevent when this value changes and userspace
356 may check it again. 246 may check it again.
357 247
358 What: /sys/class/firmware-attributes 248 What: /sys/class/firmware-attributes/*/attributes/reset_bios
359 Date: February 2021 249 Date: February 2021
360 KernelVersion: 5.11 250 KernelVersion: 5.11
361 Contact: Divya Bharathi <Divya.Bharathi@ 251 Contact: Divya Bharathi <Divya.Bharathi@Dell.com>,
362 Prasanth KSR <prasanth.ksr@dell 252 Prasanth KSR <prasanth.ksr@dell.com>
363 Dell.Client.Kernel@dell.com 253 Dell.Client.Kernel@dell.com
364 Description: 254 Description:
365 This attribute can be used to 255 This attribute can be used to reset the BIOS Configuration.
366 Specifically, it tells which t 256 Specifically, it tells which type of reset BIOS configuration is being
367 requested on the host. 257 requested on the host.
368 258
369 Reading from it returns a list 259 Reading from it returns a list of supported options encoded as:
370 260
371 - 'builtinsafe' (Built 261 - 'builtinsafe' (Built in safe configuration profile)
372 - 'lastknowngood' (Las 262 - 'lastknowngood' (Last known good saved configuration profile)
373 - 'factory' (Default f 263 - 'factory' (Default factory settings configuration profile)
374 - 'custom' (Custom sav 264 - 'custom' (Custom saved configuration profile)
375 265
376 The currently selected option 266 The currently selected option is printed in square brackets as
377 shown below:: 267 shown below::
378 268
379 # echo "factory" > /sys/cl 269 # echo "factory" > /sys/class/firmware-attributes/*/device/attributes/reset_bios
380 # cat /sys/class/firmware- 270 # cat /sys/class/firmware-attributes/*/device/attributes/reset_bios
381 builtinsafe lastknowngood !! 271 # builtinsafe lastknowngood [factory] custom
382 272
383 Note that any changes to this 273 Note that any changes to this attribute requires a reboot
384 for changes to take effect. 274 for changes to take effect.
385 275
386 What: /sys/class/firmware-attributes <<
387 Date: August 2023 <<
388 KernelVersion: 6.6 <<
389 Contact: Mark Pearson <mpearson-lenovo@s <<
390 Description: <<
391 On Lenovo platforms there is a <<
392 saved. This is an architectura <<
393 that can be modified to 48. <<
394 A solution for this is instead <<
395 to allow a user to bulk set th <<
396 unlimited attributes. <<
397 <<
398 Read the attribute to check wh <<
399 E.g: <<
400 # cat /sys/class/firmware-attr <<
401 single <<
402 <<
403 Write the attribute with 'bulk <<
404 Write the attribute with 'sing <<
405 The default setting is single <<
406 E.g: <<
407 # echo bulk > /sys/class/firmw <<
408 <<
409 When in bulk mode write 'save' <<
410 Note, once a save has been tri <<
411 will return a permissions erro <<
412 (which requires entering the B <<
413 E.g: <<
414 # echo save > /sys/class/firmw <<
415 <<
416 What: /sys/class/firmware-attributes 276 What: /sys/class/firmware-attributes/*/attributes/debug_cmd
417 Date: July 2021 277 Date: July 2021
418 KernelVersion: 5.14 278 KernelVersion: 5.14
419 Contact: Mark Pearson <markpearson@lenov 279 Contact: Mark Pearson <markpearson@lenovo.com>
420 Description: 280 Description:
421 This write only attribute can 281 This write only attribute can be used to send debug commands to the BIOS.
422 This should only be used when 282 This should only be used when recommended by the BIOS vendor. Vendors may
423 use it to enable extra debug a 283 use it to enable extra debug attributes or BIOS features for testing purposes.
424 284
425 Note that any changes to this 285 Note that any changes to this attribute requires a reboot for changes to take effect.
426 <<
427 <<
428 HP specific class extensions - <<
429 ------------------------------ <<
430 <<
431 What: /sys/class/firmware-attributes <<
432 Date: March 2023 <<
433 KernelVersion: 5.18 <<
434 Contact: "Jorge Lopez" <jorge.lopez2@hp. <<
435 Description: <<
436 'kek' Key-Encryption-Key is a <<
437 RSA public key that will be us <<
438 signatures when setting the si <<
439 the bytes should correspond to <<
440 (x509 .DER format containing a <<
441 certificate must be less than <<
442 <<
443 What: /sys/class/firmware-attributes <<
444 Date: March 2023 <<
445 KernelVersion: 5.18 <<
446 Contact: "Jorge Lopez" <jorge.lopez2@hp. <<
447 Description: <<
448 'sk' Signature Key is a write- <<
449 public key that will be used b <<
450 when configuring BIOS settings <<
451 written, the bytes should corr <<
452 public key. The exponent is a <<
453 <<
454 What: /sys/class/firmware-attributes <<
455 Date: March 2023 <<
456 KernelVersion: 5.18 <<
457 Contact: "Jorge Lopez" <jorge.lopez2@hp. <<
458 Description: <<
459 'status' is a read-only file t <<
460 the status information. <<
461 <<
462 "State": "not provisioned | <<
463 "Version": "Major.Minor", <<
464 "Nonce": <16-bit unsigned nu <<
465 "FeaturesInUse": <16-bit uns <<
466 "EndorsementKeyMod": "<256 b <<
467 "SigningKeyMod": "<256 bytes <<
468 <<
469 What: /sys/class/firmware-attributes <<
470 Date: March 2023 <<
471 KernelVersion: 5.18 <<
472 Contact: "Jorge Lopez" <jorge.lopez2@hp. <<
473 Description: <<
474 'audit_log_entries' is a read- <<
475 <<
476 Audit log entry format <<
477 <<
478 Byte 0-15: Requested <<
479 Byte 16-127: Unused <<
480 <<
481 What: /sys/class/firmware-attributes <<
482 Date: March 2023 <<
483 KernelVersion: 5.18 <<
484 Contact: "Jorge Lopez" <jorge.lopez2@hp. <<
485 Description: <<
486 'audit_log_entry_count' is a r <<
487 audit log events available to <<
488 <<
489 [No of entries],[log e <<
490 <<
491 log entry size identifies audi <<
492 The current size is 16 bytes b <<
493 versions. <<
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.