On Sun, Nov 06, 2022 at 04:07:42PM -0500, Nayna Jain wrote: > securityfs is meant for Linux security subsystems to expose policies/logs > or any other information. However, there are various firmware security > features which expose their variables for user management via the kernel. > There is currently no single place to expose these variables. Different > platforms use sysfs/platform specific filesystem(efivarfs)/securityfs > interface as they find it appropriate. Thus, there is a gap in kernel > interfaces to expose variables for security features. > > Define a firmware security filesystem (fwsecurityfs) to be used by > security features enabled by the firmware. These variables are platform > specific. This filesystem provides platforms a way to implement their > own underlying semantics by defining own inode and file operations. > > Similar to securityfs, the firmware security filesystem is recommended > to be exposed on a well known mount point /sys/firmware/security. > Platforms can define their own directory or file structure under this path. > > Example: > > # mount -t fwsecurityfs fwsecurityfs /sys/firmware/security Why not juset use securityfs in /sys/security/firmware/ instead? Then you don't have to create a new filesystem and convince userspace to mount it in a specific location? thanks, greg k-h
