On Mon, Sep 25, 2017 at 7:23 PM, Pali Rohár <pali.rohar@xxxxxxxxx> wrote: > On Thursday 21 September 2017 08:57:11 Mario Limonciello wrote: >> Currently userspace tools can access system tokens via the dcdbas >> kernel module and a SMI call that will cause the platform to execute >> SMM code. >> >> With a goal in mind of deprecating the dcdbas kernel module a different >> method for accessing these tokens from userspace needs to be created. >> >> This is intentionally marked to only be readable as root as it can >> contain sensitive information about the platform's configuration. > > Darren, Andy, any comments? I'm not quite sure if such API is suitable > for long term in kernel. I would try to avoid sysfs interfaces for some particular devices. Besides we are creating a character device. Would it be suitable there? > Basically tokens are list of tuples <id, location, value> with > possibility to active them, right? > > Does not kernel have some better API for it? I think the best what kernel may provide is a CSV-like format with or without title line and different delimiter (TAB/space/etc). > > Also, keep in mind security aspect of tokens. They represent e.g. boot > order priority or enable/disable some machine peripheral. For IOCTLs we may use capabilities. In sysfs case we may zero output based on capabilities or some other factors. -- With Best Regards, Andy Shevchenko
