Commit 00d4b352 authored by Jorge Lopez's avatar Jorge Lopez Committed by Hans de Goede
Browse files

platform/x86: hp-bioscfg: Documentation 



Update sysfs-class-firmware-attributes with hp-bioscfg information

HP BIOS Configuration driver purpose is to provide a driver supporting
the latest sysfs class firmware attributes framework allowing the user
to change BIOS settings and security solutions on HP Inc.’s commercial
notebooks.

Signed-off-by: default avatarJorge Lopez <jorge.lopez2@hp.com>
Reviewed-by: default avatarThomas Weißschuh <linux@weissschuh.net>
Link: https://lore.kernel.org/r/20230608163319.18934-2-jorge.lopez2@hp.com


Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
parent 06c2afb8

Documentation/ABI/testing/sysfs-class-firmware-attributes

+99 −2
Original line number Diff line number Diff line
@@ -22,6 +22,11 @@ Description: 
			- integer: a range of numerical values

			- string



		HP specific types

		-----------------

			- ordered-list - a set of ordered list valid values





		All attribute types support the following values:



		current_value:
@@ -126,6 +131,21 @@ Description: 
					value will not be effective through sysfs until this rule is

					met.



		HP specific class extensions

		------------------------------



		On HP systems the following additional attributes are available:



		"ordered-list"-type specific properties:



		elements:

					A file that can be read to obtain the possible

					list of values of the <attr>. Values are separated using

					semi-colon (``;``) and listed according to their priority.

					An element listed first has the highest priority. Writing

					the list in a different order to current_value alters

					the priority order for the particular attribute.



What:		/sys/class/firmware-attributes/*/authentication/

Date:		February 2021

KernelVersion:	5.11
@@ -206,7 +226,7 @@ Description: 
		Drivers may emit a CHANGE uevent when a password is set or unset

		userspace may check it again.



		On Dell and Lenovo systems, if Admin password is set, then all BIOS attributes

		On Dell, Lenovo and HP systems, if Admin password is set, then all BIOS attributes

		require password validation.

		On Lenovo systems if you change the Admin password the new password is not active until

		the next boot.
@@ -296,6 +316,15 @@ Description: 
						echo "signature" > authentication/Admin/signature

						echo "password" > authentication/Admin/certificate_to_password



		HP specific class extensions

		--------------------------------



		On HP systems the following additional settings are available:



		role: enhanced-bios-auth:

					This role is specific to Secure Platform Management (SPM) attribute.

					It requires configuring an endorsement (kek) and signing certificate (sk).





What:		/sys/class/firmware-attributes/*/attributes/pending_reboot

Date:		February 2021
@@ -364,3 +393,71 @@ Description: 
		use it to enable extra debug attributes or BIOS features for testing purposes.



		Note that any changes to this attribute requires a reboot for changes to take effect.





		HP specific class extensions - Secure Platform Manager (SPM)

		--------------------------------



What:		/sys/class/firmware-attributes/*/authentication/SPM/kek

Date:		March 2023

KernelVersion:	5.18

Contact:	"Jorge Lopez" <jorge.lopez2@hp.com>

Description:

		'kek' Key-Encryption-Key is a write-only file that can be used to configure the

		RSA public key that will be used by the BIOS to verify

		signatures when setting the signing key.  When written,

		the bytes should correspond to the KEK certificate

		(x509 .DER format containing an OU).  The size of the

		certificate must be less than or equal to 4095 bytes.



What:		/sys/class/firmware-attributes/*/authentication/SPM/sk

Date:		March 2023

KernelVersion:	5.18

Contact:	"Jorge Lopez" <jorge.lopez2@hp.com>

Description:

		'sk' Signature Key is a write-only file that can be used to configure the RSA

		public key that will be used by the BIOS to verify signatures

		when configuring BIOS settings and security features.  When

		written, the bytes should correspond to the modulus of the

		public key.  The exponent is assumed to be 0x10001.



What:		/sys/class/firmware-attributes/*/authentication/SPM/status

Date:		March 2023

KernelVersion:	5.18

Contact:	"Jorge Lopez" <jorge.lopez2@hp.com>

Description:

		'status' is a read-only file that returns ASCII text in JSON format reporting

		the status information.



		  "State": "not provisioned | provisioned | provisioning in progress",

		  "Version": "Major.Minor",

		  "Nonce": <16-bit unsigned number display in base 10>,

		  "FeaturesInUse": <16-bit unsigned number display in base 10>,

		  "EndorsementKeyMod": "<256 bytes in base64>",

		  "SigningKeyMod": "<256 bytes in base64>"



What:		/sys/class/firmware-attributes/*/attributes/Sure_Start/audit_log_entries

Date:		March 2023

KernelVersion:	5.18

Contact:	"Jorge Lopez" <jorge.lopez2@hp.com>

Description:

		'audit_log_entries' is a read-only file that returns the events in the log.



			Audit log entry format



			Byte 0-15:   Requested Audit Log entry  (Each Audit log is 16 bytes)

			Byte 16-127: Unused



What:		/sys/class/firmware-attributes/*/attributes/Sure_Start/audit_log_entry_count

Date:		March 2023

KernelVersion:	5.18

Contact:	"Jorge Lopez" <jorge.lopez2@hp.com>

Description:

		'audit_log_entry_count' is a read-only file that returns the number of existing

		audit log events available to be read. Values are separated using comma. (``,``)



			[No of entries],[log entry size],[Max number of entries supported]



		log entry size identifies audit log size for the current BIOS version.

		The current size is 16 bytes but it can be up to 128 bytes long in future BIOS

		versions.