~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/ABI/testing/sysfs-class-firmware-attributes

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/ABI/testing/sysfs-class-firmware-attributes (Version linux-6.12-rc7) and /Documentation/ABI/testing/sysfs-class-firmware-attributes (Version linux-6.10.14)


  1 What:           /sys/class/firmware-attributes      1 What:           /sys/class/firmware-attributes/*/attributes/*/
  2 Date:           February 2021                       2 Date:           February 2021
  3 KernelVersion:  5.11                                3 KernelVersion:  5.11
  4 Contact:        Divya Bharathi <Divya.Bharathi@      4 Contact:        Divya Bharathi <Divya.Bharathi@Dell.com>,
  5                 Prasanth KSR <prasanth.ksr@dell      5                 Prasanth KSR <prasanth.ksr@dell.com>
  6                 Dell.Client.Kernel@dell.com         6                 Dell.Client.Kernel@dell.com
  7 Description:                                        7 Description:
  8                 A sysfs interface for systems       8                 A sysfs interface for systems management software to enable
  9                 configuration capability on su      9                 configuration capability on supported systems.  This directory
 10                 exposes interfaces for interac     10                 exposes interfaces for interacting with configuration options.
 11                                                    11 
 12                 Unless otherwise specified in      12                 Unless otherwise specified in an attribute description all attributes are optional
 13                 and will accept UTF-8 input.       13                 and will accept UTF-8 input.
 14                                                    14 
 15                 type:                              15                 type:
 16                     A file that can be read to     16                     A file that can be read to obtain the type of attribute.
 17                     This attribute is mandator     17                     This attribute is mandatory.
 18                                                    18 
 19                 The following are known types:     19                 The following are known types:
 20                                                    20 
 21                         - enumeration: a set o     21                         - enumeration: a set of pre-defined valid values
 22                         - integer: a range of      22                         - integer: a range of numerical values
 23                         - string                   23                         - string
 24                                                    24 
 25                 HP specific types                  25                 HP specific types
 26                 -----------------                  26                 -----------------
 27                         - ordered-list - a set     27                         - ordered-list - a set of ordered list valid values
 28                                                    28 
 29                                                    29 
 30                 All attribute types support th     30                 All attribute types support the following values:
 31                                                    31 
 32                 current_value:                     32                 current_value:
 33                                 A file that ca     33                                 A file that can be read to obtain the current
 34                                 value of the <     34                                 value of the <attr>.
 35                                                    35 
 36                                 This file can      36                                 This file can also be written to in order to update the value of a
 37                                 <attr>             37                                 <attr>
 38                                                    38 
 39                                 This attribute     39                                 This attribute is mandatory.
 40                                                    40 
 41                 default_value:                     41                 default_value:
 42                                 A file that ca     42                                 A file that can be read to obtain the default
 43                                 value of the <     43                                 value of the <attr>
 44                                                    44 
 45                 display_name:                      45                 display_name:
 46                                 A file that ca     46                                 A file that can be read to obtain a user friendly
 47                                 description of     47                                 description of the at <attr>
 48                                                    48 
 49                 display_name_language_code:        49                 display_name_language_code:
 50                                                    50                                                 A file that can be read to obtain
 51                                                    51                                                 the IETF language tag corresponding to the
 52                                                    52                                                 "display_name" of the <attr>
 53                                                    53 
 54                 "enumeration"-type specific pr     54                 "enumeration"-type specific properties:
 55                                                    55 
 56                 possible_values:                   56                 possible_values:
 57                                         A file     57                                         A file that can be read to obtain the possible
 58                                         values     58                                         values of the <attr>. Values are separated using
 59                                         semi-c     59                                         semi-colon (``;``).
 60                                                    60 
 61                 "integer"-type specific proper     61                 "integer"-type specific properties:
 62                                                    62 
 63                 min_value:                         63                 min_value:
 64                                 A file that ca     64                                 A file that can be read to obtain the lower
 65                                 bound value of     65                                 bound value of the <attr>
 66                                                    66 
 67                 max_value:                         67                 max_value:
 68                                 A file that ca     68                                 A file that can be read to obtain the upper
 69                                 bound value of     69                                 bound value of the <attr>
 70                                                    70 
 71                 scalar_increment:                  71                 scalar_increment:
 72                                         A file     72                                         A file that can be read to obtain the scalar value used for
 73                                         increm     73                                         increments of current_value this attribute accepts.
 74                                                    74 
 75                 "string"-type specific propert     75                 "string"-type specific properties:
 76                                                    76 
 77                 max_length:                        77                 max_length:
 78                                 A file that ca     78                                 A file that can be read to obtain the maximum
 79                                 length value o     79                                 length value of the <attr>
 80                                                    80 
 81                 min_length:                        81                 min_length:
 82                                 A file that ca     82                                 A file that can be read to obtain the minimum
 83                                 length value o     83                                 length value of the <attr>
 84                                                    84 
 85                 Dell specific class extensions     85                 Dell specific class extensions
 86                 ------------------------------     86                 ------------------------------
 87                                                    87 
 88                 On Dell systems the following      88                 On Dell systems the following additional attributes are available:
 89                                                    89 
 90                 dell_modifier:                     90                 dell_modifier:
 91                                 A file that ca     91                                 A file that can be read to obtain attribute-level
 92                                 dependency rul     92                                 dependency rule. It says an attribute X will become read-only or
 93                                 suppressed, if     93                                 suppressed, if/if-not attribute Y is configured.
 94                                                    94 
 95                                 modifier rules     95                                 modifier rules can be in following format::
 96                                                    96 
 97                                     [ReadOnlyI     97                                     [ReadOnlyIf:<attribute>=<value>]
 98                                     [ReadOnlyI     98                                     [ReadOnlyIfNot:<attribute>=<value>]
 99                                     [SuppressI     99                                     [SuppressIf:<attribute>=<value>]
100                                     [SuppressI    100                                     [SuppressIfNot:<attribute>=<value>]
101                                                   101 
102                                 For example::     102                                 For example::
103                                                   103 
104                                     AutoOnFri/    104                                     AutoOnFri/dell_modifier has value,
105                                             [S    105                                             [SuppressIfNot:AutoOn=SelectDays]
106                                                   106 
107                                 This means Aut    107                                 This means AutoOnFri will be suppressed in BIOS setup if AutoOn
108                                 attribute is n    108                                 attribute is not "SelectDays" and its value will not be effective
109                                 through sysfs     109                                 through sysfs until this rule is met.
110                                                   110 
111                 Enumeration attributes also su    111                 Enumeration attributes also support the following:
112                                                   112 
113                 dell_value_modifier:              113                 dell_value_modifier:
114                                         A file    114                                         A file that can be read to obtain value-level dependency.
115                                         This f    115                                         This file is similar to dell_modifier but here, an
116                                         attrib    116                                         attribute's current value will be forcefully changed based
117                                         depend    117                                         dependent attributes value.
118                                                   118 
119                                         dell_v    119                                         dell_value_modifier rules can be in following format::
120                                                   120 
121                                             <v    121                                             <value>[ForceIf:<attribute>=<value>]
122                                             <v    122                                             <value>[ForceIfNot:<attribute>=<value>]
123                                                   123 
124                                         For ex    124                                         For example::
125                                                   125 
126                                             Le    126                                             LegacyOrom/dell_value_modifier has value:
127                                                   127                                                     Disabled[ForceIf:SecureBoot=Enabled]
128                                                   128 
129                                         This m    129                                         This means LegacyOrom's current value will be forced to
130                                         "Disab    130                                         "Disabled" in BIOS setup if SecureBoot is Enabled and its
131                                         value     131                                         value will not be effective through sysfs until this rule is
132                                         met.      132                                         met.
133                                                   133 
134                 HP specific class extensions      134                 HP specific class extensions
135                 ------------------------------    135                 ------------------------------
136                                                   136 
137                 On HP systems the following ad    137                 On HP systems the following additional attributes are available:
138                                                   138 
139                 "ordered-list"-type specific p    139                 "ordered-list"-type specific properties:
140                                                   140 
141                 elements:                         141                 elements:
142                                         A file    142                                         A file that can be read to obtain the possible
143                                         list o    143                                         list of values of the <attr>. Values are separated using
144                                         semi-c    144                                         semi-colon (``;``) and listed according to their priority.
145                                         An ele    145                                         An element listed first has the highest priority. Writing
146                                         the li    146                                         the list in a different order to current_value alters
147                                         the pr    147                                         the priority order for the particular attribute.
148                                                   148 
149 What:           /sys/class/firmware-attributes    149 What:           /sys/class/firmware-attributes/*/authentication/
150 Date:           February 2021                     150 Date:           February 2021
151 KernelVersion:  5.11                              151 KernelVersion:  5.11
152 Contact:        Divya Bharathi <Divya.Bharathi@    152 Contact:        Divya Bharathi <Divya.Bharathi@Dell.com>,
153                 Prasanth KSR <prasanth.ksr@dell    153                 Prasanth KSR <prasanth.ksr@dell.com>
154                 Dell.Client.Kernel@dell.com       154                 Dell.Client.Kernel@dell.com
155 Description:                                      155 Description:
156                 Devices support various authen    156                 Devices support various authentication mechanisms which can be exposed
157                 as a separate configuration ob    157                 as a separate configuration object.
158                                                   158 
159                 For example a "BIOS Admin" pas    159                 For example a "BIOS Admin" password and "System" Password can be set,
160                 reset or cleared using these a    160                 reset or cleared using these attributes.
161                                                   161 
162                 - An "Admin" password is used     162                 - An "Admin" password is used for preventing modification to the BIOS
163                   settings.                       163                   settings.
164                 - A "System" password is requi    164                 - A "System" password is required to boot a machine.
165                                                   165 
166                 Change in any of these two aut    166                 Change in any of these two authentication methods will also generate an
167                 uevent KOBJ_CHANGE.               167                 uevent KOBJ_CHANGE.
168                                                   168 
169                 is_enabled:                       169                 is_enabled:
170                                         A file    170                                         A file that can be read to obtain a 0/1 flag to see if
171                                         <attr>    171                                         <attr> authentication is enabled.
172                                         This a    172                                         This attribute is mandatory.
173                                                   173 
174                 role:                             174                 role:
175                                         The ty    175                                         The type of authentication used.
176                                         This a    176                                         This attribute is mandatory.
177                                                   177 
178                                         Known     178                                         Known types:
179                                                   179                                                 bios-admin:
180                                                   180                                                         Representing BIOS administrator password
181                                                   181                                                 power-on:
182                                                   182                                                         Representing a password required to use
183                                                   183                                                         the system
184                                                   184                                                 system-mgmt:
185                                                   185                                                         Representing System Management password.
186                                                   186                                                         See Lenovo extensions section for details
187                                                   187                                                 HDD:
188                                                   188                                                         Representing HDD password
189                                                   189                                                         See Lenovo extensions section for details
190                                                   190                                                 NVMe:
191                                                   191                                                         Representing NVMe password
192                                                   192                                                         See Lenovo extensions section for details
193                                                   193 
194                 mechanism:                        194                 mechanism:
195                                         The me    195                                         The means of authentication.  This attribute is mandatory.
196                                         Only s    196                                         Only supported type currently is "password".
197                                                   197 
198                 max_password_length:              198                 max_password_length:
199                                         A file    199                                         A file that can be read to obtain the
200                                         maximu    200                                         maximum length of the Password
201                                                   201 
202                 min_password_length:              202                 min_password_length:
203                                         A file    203                                         A file that can be read to obtain the
204                                         minimu    204                                         minimum length of the Password
205                                                   205 
206                 current_password:                 206                 current_password:
207                                         A writ    207                                         A write only value used for privileged access such as
208                                         settin    208                                         setting attributes when a system or admin password is set
209                                         or res    209                                         or resetting to a new password
210                                                   210 
211                                         This a    211                                         This attribute is mandatory when mechanism == "password".
212                                                   212 
213                 new_password:                     213                 new_password:
214                                         A writ    214                                         A write only value that when used in tandem with
215                                         curren    215                                         current_password will reset a system or admin password.
216                                                   216 
217                 Note, password management is s    217                 Note, password management is session specific. If Admin password is set,
218                 same password must be written     218                 same password must be written into current_password file (required for
219                 password-validation) and must     219                 password-validation) and must be cleared once the session is over.
220                 For example::                     220                 For example::
221                                                   221 
222                         echo "password" > curr    222                         echo "password" > current_password
223                         echo "disabled" > Touc    223                         echo "disabled" > TouchScreen/current_value
224                         echo "" > current_pass    224                         echo "" > current_password
225                                                   225 
226                 Drivers may emit a CHANGE ueve    226                 Drivers may emit a CHANGE uevent when a password is set or unset
227                 userspace may check it again.     227                 userspace may check it again.
228                                                   228 
229                 On Dell, Lenovo and HP systems    229                 On Dell, Lenovo and HP systems, if Admin password is set, then all BIOS attributes
230                 require password validation.      230                 require password validation.
231                 On Lenovo systems if you chang    231                 On Lenovo systems if you change the Admin password the new password is not active until
232                 the next boot.                    232                 the next boot.
233                                                   233 
234                 Lenovo specific class extensio    234                 Lenovo specific class extensions
235                 ------------------------------    235                 --------------------------------
236                                                   236 
237                 On Lenovo systems the followin    237                 On Lenovo systems the following additional settings are available:
238                                                   238 
239                 role: system-mgmt       This g    239                 role: system-mgmt       This gives the same authority as the bios-admin password to control
240                                         securi    240                                         security related features. The authorities allocated can be set via
241                                         the BI    241                                         the BIOS menu SMP Access Control Policy
242                                                   242 
243                 role: HDD & NVMe        This p    243                 role: HDD & NVMe        This password is used to unlock access to the drive at boot. Note see
244                                         'level    244                                         'level' and 'index' extensions below.
245                                                   245 
246                 lenovo_encoding:                  246                 lenovo_encoding:
247                                         The en    247                                         The encoding method that is used. This can be either "ascii"
248                                         or "sc    248                                         or "scancode". Default is set to "ascii"
249                                                   249 
250                 lenovo_kbdlang:                   250                 lenovo_kbdlang:
251                                         The ke    251                                         The keyboard language method that is used. This is generally a
252                                         two ch    252                                         two char code (e.g. "us", "fr", "gr") and may vary per platform.
253                                         Defaul    253                                         Default is set to "us"
254                                                   254 
255                 level:                            255                 level:
256                                         Availa    256                                         Available for HDD and NVMe authentication to set 'user' or 'master'
257                                         privil    257                                         privilege level.
258                                         If onl    258                                         If only the user password is configured then this should be used to
259                                         unlock    259                                         unlock the drive at boot. If both master and user passwords are set
260                                         then e    260                                         then either can be used. If a master password is set a user password
261                                         is req    261                                         is required.
262                                         This a    262                                         This attribute defaults to 'user' level
263                                                   263 
264                 index:                            264                 index:
265                                         Used w    265                                         Used with HDD and NVME authentication to set the drive index
266                                         that i    266                                         that is being referenced (e.g hdd1, hdd2 etc)
267                                         This a    267                                         This attribute defaults to device 1.
268                                                   268 
269                 certificate, signature, save_s    269                 certificate, signature, save_signature:
270                                         These     270                                         These attributes are used for certificate based authentication. This is
271                                         used i    271                                         used in conjunction with a signing server as an alternative to password
272                                         based     272                                         based authentication.
273                                         The us    273                                         The user writes to the attribute(s) with a BASE64 encoded string obtained
274                                         from t    274                                         from the signing server.
275                                         The at    275                                         The attributes can be displayed to check the stored value.
276                                                   276 
277                                         Some u    277                                         Some usage examples:
278                                                   278 
279                                                   279                                                 Installing a certificate to enable feature::
280                                                   280 
281                                                   281                                                         echo "supervisor password" > authentication/Admin/current_password
282                                                   282                                                         echo "signed certificate" > authentication/Admin/certificate
283                                                   283 
284                                                   284                                                 Updating the installed certificate::
285                                                   285 
286                                                   286                                                         echo "signature" > authentication/Admin/signature
287                                                   287                                                         echo "signed certificate" > authentication/Admin/certificate
288                                                   288 
289                                                   289                                                 Removing the installed certificate::
290                                                   290 
291                                                   291                                                         echo "signature" > authentication/Admin/signature
292                                                   292                                                         echo "" > authentication/Admin/certificate
293                                                   293 
294                                                   294                                                 Changing a BIOS setting::
295                                                   295 
296                                                   296                                                         echo "signature" > authentication/Admin/signature
297                                                   297                                                         echo "save signature" > authentication/Admin/save_signature
298                                                   298                                                         echo Enable > attribute/PasswordBeep/current_value
299                                                   299 
300                                         You ca    300                                         You cannot enable certificate authentication if a supervisor password
301                                         has no    301                                         has not been set.
302                                         Cleari    302                                         Clearing the certificate results in no bios-admin authentication method
303                                         being     303                                         being configured allowing anyone to make changes.
304                                         After     304                                         After any of these operations the system must reboot for the changes to
305                                         take e    305                                         take effect.
306                                                   306 
307                 certificate_thumbprint:           307                 certificate_thumbprint:
308                                         Read o    308                                         Read only attribute used to display the MD5, SHA1 and SHA256 thumbprints
309                                         for th    309                                         for the certificate installed in the BIOS.
310                                                   310 
311                 certificate_to_password:          311                 certificate_to_password:
312                                         Write     312                                         Write only attribute used to switch from certificate based authentication
313                                         back t    313                                         back to password based.
314                                         Usage:    314                                         Usage::
315                                                   315 
316                                                   316                                                 echo "signature" > authentication/Admin/signature
317                                                   317                                                 echo "password" > authentication/Admin/certificate_to_password
318                                                   318 
319                 HP specific class extensions      319                 HP specific class extensions
320                 ------------------------------    320                 --------------------------------
321                                                   321 
322                 On HP systems the following ad    322                 On HP systems the following additional settings are available:
323                                                   323 
324                 role: enhanced-bios-auth:         324                 role: enhanced-bios-auth:
325                                         This r    325                                         This role is specific to Secure Platform Management (SPM) attribute.
326                                         It req    326                                         It requires configuring an endorsement (kek) and signing certificate (sk).
327                                                   327 
328                                                   328 
329 What:           /sys/class/firmware-attributes    329 What:           /sys/class/firmware-attributes/*/attributes/pending_reboot
330 Date:           February 2021                     330 Date:           February 2021
331 KernelVersion:  5.11                              331 KernelVersion:  5.11
332 Contact:        Divya Bharathi <Divya.Bharathi@    332 Contact:        Divya Bharathi <Divya.Bharathi@Dell.com>,
333                 Prasanth KSR <prasanth.ksr@dell    333                 Prasanth KSR <prasanth.ksr@dell.com>
334                 Dell.Client.Kernel@dell.com       334                 Dell.Client.Kernel@dell.com
335 Description:                                      335 Description:
336                 A read-only attribute reads 1     336                 A read-only attribute reads 1 if a reboot is necessary to apply
337                 pending BIOS attribute changes    337                 pending BIOS attribute changes. Also, an uevent_KOBJ_CHANGE is
338                 generated when it changes to 1    338                 generated when it changes to 1.
339                                                   339 
340                         ==      ==============    340                         ==      =========================================
341                         0       All BIOS attri    341                         0       All BIOS attributes setting are current
342                         1       A reboot is ne    342                         1       A reboot is necessary to get pending BIOS
343                                 attribute chan    343                                 attribute changes applied
344                         ==      ==============    344                         ==      =========================================
345                                                   345 
346                 Note, userspace applications n    346                 Note, userspace applications need to follow below steps for efficient
347                 BIOS management,                  347                 BIOS management,
348                                                   348 
349                 1.      Check if admin passwor    349                 1.      Check if admin password is set. If yes, follow session method for
350                         password management as    350                         password management as briefed under authentication section above.
351                 2.      Before setting any att    351                 2.      Before setting any attribute, check if it has any modifiers
352                         or value_modifiers. If    352                         or value_modifiers. If yes, incorporate them and then modify
353                         attribute.                353                         attribute.
354                                                   354 
355                 Drivers may emit a CHANGE ueve    355                 Drivers may emit a CHANGE uevent when this value changes and userspace
356                 may check it again.               356                 may check it again.
357                                                   357 
358 What:           /sys/class/firmware-attributes    358 What:           /sys/class/firmware-attributes/*/attributes/reset_bios
359 Date:           February 2021                     359 Date:           February 2021
360 KernelVersion:  5.11                              360 KernelVersion:  5.11
361 Contact:        Divya Bharathi <Divya.Bharathi@    361 Contact:        Divya Bharathi <Divya.Bharathi@Dell.com>,
362                 Prasanth KSR <prasanth.ksr@dell    362                 Prasanth KSR <prasanth.ksr@dell.com>
363                 Dell.Client.Kernel@dell.com       363                 Dell.Client.Kernel@dell.com
364 Description:                                      364 Description:
365                 This attribute can be used to     365                 This attribute can be used to reset the BIOS Configuration.
366                 Specifically, it tells which t    366                 Specifically, it tells which type of reset BIOS configuration is being
367                 requested on the host.            367                 requested on the host.
368                                                   368 
369                 Reading from it returns a list    369                 Reading from it returns a list of supported options encoded as:
370                                                   370 
371                         - 'builtinsafe' (Built    371                         - 'builtinsafe' (Built in safe configuration profile)
372                         - 'lastknowngood' (Las    372                         - 'lastknowngood' (Last known good saved configuration profile)
373                         - 'factory' (Default f    373                         - 'factory' (Default factory settings configuration profile)
374                         - 'custom' (Custom sav    374                         - 'custom' (Custom saved configuration profile)
375                                                   375 
376                 The currently selected option     376                 The currently selected option is printed in square brackets as
377                 shown below::                     377                 shown below::
378                                                   378 
379                     # echo "factory" > /sys/cl    379                     # echo "factory" > /sys/class/firmware-attributes/*/device/attributes/reset_bios
380                     # cat /sys/class/firmware-    380                     # cat /sys/class/firmware-attributes/*/device/attributes/reset_bios
381                     builtinsafe lastknowngood     381                     builtinsafe lastknowngood [factory] custom
382                                                   382 
383                 Note that any changes to this     383                 Note that any changes to this attribute requires a reboot
384                 for changes to take effect.       384                 for changes to take effect.
385                                                   385 
386 What:           /sys/class/firmware-attributes    386 What:           /sys/class/firmware-attributes/*/attributes/save_settings
387 Date:           August 2023                       387 Date:           August 2023
388 KernelVersion:  6.6                               388 KernelVersion:  6.6
389 Contact:        Mark Pearson <mpearson-lenovo@s    389 Contact:        Mark Pearson <mpearson-lenovo@squebb.ca>
390 Description:                                      390 Description:
391                 On Lenovo platforms there is a    391                 On Lenovo platforms there is a limitation in the number of times an attribute can be
392                 saved. This is an architectura    392                 saved. This is an architectural limitation and it limits the number of attributes
393                 that can be modified to 48.       393                 that can be modified to 48.
394                 A solution for this is instead    394                 A solution for this is instead of the attribute being saved after every modification,
395                 to allow a user to bulk set th    395                 to allow a user to bulk set the attributes, and then trigger a final save. This allows
396                 unlimited attributes.             396                 unlimited attributes.
397                                                   397 
398                 Read the attribute to check wh    398                 Read the attribute to check what save mode is enabled (single or bulk).
399                 E.g:                              399                 E.g:
400                 # cat /sys/class/firmware-attr    400                 # cat /sys/class/firmware-attributes/thinklmi/attributes/save_settings
401                 single                            401                 single
402                                                   402 
403                 Write the attribute with 'bulk    403                 Write the attribute with 'bulk' to enable bulk save mode.
404                 Write the attribute with 'sing    404                 Write the attribute with 'single' to enable saving, after every attribute set.
405                 The default setting is single     405                 The default setting is single mode.
406                 E.g:                              406                 E.g:
407                 # echo bulk > /sys/class/firmw    407                 # echo bulk > /sys/class/firmware-attributes/thinklmi/attributes/save_settings
408                                                   408 
409                 When in bulk mode write 'save'    409                 When in bulk mode write 'save' to trigger a save of all currently modified attributes.
410                 Note, once a save has been tri    410                 Note, once a save has been triggered, in bulk mode, attributes can no longer be set and
411                 will return a permissions erro    411                 will return a permissions error. This is to prevent users hitting the 48+ save limitation
412                 (which requires entering the B    412                 (which requires entering the BIOS to clear the error condition)
413                 E.g:                              413                 E.g:
414                 # echo save > /sys/class/firmw    414                 # echo save > /sys/class/firmware-attributes/thinklmi/attributes/save_settings
415                                                   415 
416 What:           /sys/class/firmware-attributes    416 What:           /sys/class/firmware-attributes/*/attributes/debug_cmd
417 Date:           July 2021                         417 Date:           July 2021
418 KernelVersion:  5.14                              418 KernelVersion:  5.14
419 Contact:        Mark Pearson <markpearson@lenov    419 Contact:        Mark Pearson <markpearson@lenovo.com>
420 Description:                                      420 Description:
421                 This write only attribute can     421                 This write only attribute can be used to send debug commands to the BIOS.
422                 This should only be used when     422                 This should only be used when recommended by the BIOS vendor. Vendors may
423                 use it to enable extra debug a    423                 use it to enable extra debug attributes or BIOS features for testing purposes.
424                                                   424 
425                 Note that any changes to this     425                 Note that any changes to this attribute requires a reboot for changes to take effect.
426                                                   426 
427                                                   427 
428                 HP specific class extensions -    428                 HP specific class extensions - Secure Platform Manager (SPM)
429                 ------------------------------    429                 --------------------------------
430                                                   430 
431 What:           /sys/class/firmware-attributes    431 What:           /sys/class/firmware-attributes/*/authentication/SPM/kek
432 Date:           March 2023                        432 Date:           March 2023
433 KernelVersion:  5.18                              433 KernelVersion:  5.18
434 Contact:        "Jorge Lopez" <jorge.lopez2@hp.    434 Contact:        "Jorge Lopez" <jorge.lopez2@hp.com>
435 Description:                                      435 Description:
436                 'kek' Key-Encryption-Key is a     436                 'kek' Key-Encryption-Key is a write-only file that can be used to configure the
437                 RSA public key that will be us    437                 RSA public key that will be used by the BIOS to verify
438                 signatures when setting the si    438                 signatures when setting the signing key.  When written,
439                 the bytes should correspond to    439                 the bytes should correspond to the KEK certificate
440                 (x509 .DER format containing a    440                 (x509 .DER format containing an OU).  The size of the
441                 certificate must be less than     441                 certificate must be less than or equal to 4095 bytes.
442                                                   442 
443 What:           /sys/class/firmware-attributes    443 What:           /sys/class/firmware-attributes/*/authentication/SPM/sk
444 Date:           March 2023                        444 Date:           March 2023
445 KernelVersion:  5.18                              445 KernelVersion:  5.18
446 Contact:        "Jorge Lopez" <jorge.lopez2@hp.    446 Contact:        "Jorge Lopez" <jorge.lopez2@hp.com>
447 Description:                                      447 Description:
448                 'sk' Signature Key is a write-    448                 'sk' Signature Key is a write-only file that can be used to configure the RSA
449                 public key that will be used b    449                 public key that will be used by the BIOS to verify signatures
450                 when configuring BIOS settings    450                 when configuring BIOS settings and security features.  When
451                 written, the bytes should corr    451                 written, the bytes should correspond to the modulus of the
452                 public key.  The exponent is a    452                 public key.  The exponent is assumed to be 0x10001.
453                                                   453 
454 What:           /sys/class/firmware-attributes    454 What:           /sys/class/firmware-attributes/*/authentication/SPM/status
455 Date:           March 2023                        455 Date:           March 2023
456 KernelVersion:  5.18                              456 KernelVersion:  5.18
457 Contact:        "Jorge Lopez" <jorge.lopez2@hp.    457 Contact:        "Jorge Lopez" <jorge.lopez2@hp.com>
458 Description:                                      458 Description:
459                 'status' is a read-only file t    459                 'status' is a read-only file that returns ASCII text in JSON format reporting
460                 the status information.           460                 the status information.
461                                                   461 
462                   "State": "not provisioned |     462                   "State": "not provisioned | provisioned | provisioning in progress",
463                   "Version": "Major.Minor",       463                   "Version": "Major.Minor",
464                   "Nonce": <16-bit unsigned nu    464                   "Nonce": <16-bit unsigned number display in base 10>,
465                   "FeaturesInUse": <16-bit uns    465                   "FeaturesInUse": <16-bit unsigned number display in base 10>,
466                   "EndorsementKeyMod": "<256 b    466                   "EndorsementKeyMod": "<256 bytes in base64>",
467                   "SigningKeyMod": "<256 bytes    467                   "SigningKeyMod": "<256 bytes in base64>"
468                                                   468 
469 What:           /sys/class/firmware-attributes    469 What:           /sys/class/firmware-attributes/*/attributes/Sure_Start/audit_log_entries
470 Date:           March 2023                        470 Date:           March 2023
471 KernelVersion:  5.18                              471 KernelVersion:  5.18
472 Contact:        "Jorge Lopez" <jorge.lopez2@hp.    472 Contact:        "Jorge Lopez" <jorge.lopez2@hp.com>
473 Description:                                      473 Description:
474                 'audit_log_entries' is a read-    474                 'audit_log_entries' is a read-only file that returns the events in the log.
475                                                   475 
476                         Audit log entry format    476                         Audit log entry format
477                                                   477 
478                         Byte 0-15:   Requested    478                         Byte 0-15:   Requested Audit Log entry  (Each Audit log is 16 bytes)
479                         Byte 16-127: Unused       479                         Byte 16-127: Unused
480                                                   480 
481 What:           /sys/class/firmware-attributes    481 What:           /sys/class/firmware-attributes/*/attributes/Sure_Start/audit_log_entry_count
482 Date:           March 2023                        482 Date:           March 2023
483 KernelVersion:  5.18                              483 KernelVersion:  5.18
484 Contact:        "Jorge Lopez" <jorge.lopez2@hp.    484 Contact:        "Jorge Lopez" <jorge.lopez2@hp.com>
485 Description:                                      485 Description:
486                 'audit_log_entry_count' is a r    486                 'audit_log_entry_count' is a read-only file that returns the number of existing
487                 audit log events available to     487                 audit log events available to be read. Values are separated using comma. (``,``)
488                                                   488 
489                         [No of entries],[log e    489                         [No of entries],[log entry size],[Max number of entries supported]
490                                                   490 
491                 log entry size identifies audi    491                 log entry size identifies audit log size for the current BIOS version.
492                 The current size is 16 bytes b    492                 The current size is 16 bytes but it can be up to 128 bytes long in future BIOS
493                 versions.                         493                 versions.
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php