Hi Hans, Thank you for the review. On 2021-11-16 09:00, Hans de Goede wrote: > Hi, > > On 11/9/21 00:25, Mark Pearson wrote: >> Newer Lenovo BIOS's have an opcode GUID support interface which provides >> - improved password setting control >> - ability to set System, hard drive and NVMe passwords >> >> Add the support for these new passwords, and the ability to select >> user/master mode and the drive index. >> >> Signed-off-by: Mark Pearson <markpearson@xxxxxxxxxx> >> --- >> .../ABI/testing/sysfs-class-firmware-attributes | 17 +++++++++++++++++ >> 1 file changed, 17 insertions(+) >> >> diff --git a/Documentation/ABI/testing/sysfs-class-firmware-attributes b/Documentation/ABI/testing/sysfs-class-firmware-attributes >> index 3348bf80a37c..6af4c5cf3d47 100644 >> --- a/Documentation/ABI/testing/sysfs-class-firmware-attributes >> +++ b/Documentation/ABI/testing/sysfs-class-firmware-attributes >> @@ -161,6 +161,12 @@ Description: >> power-on: >> Representing a password required to use >> the system >> + system-mgmt: >> + Representing System Management password > > What is the difference between the system-mgmt password and the bios-admin one ? Taken from the documentation but somewhat reformatted/edited for clarity bios-admin - You are prompted to enter a valid password each time you try to enter the BIOS menu system-mgmt - You can enable the system management password to have the same authority as the bios-admin password to control security related features. You can customize the authority of the system management password through the UEFI BIOS menu (SMP Access Control Policy) > >> + HDD: >> + Representing HDD password >> + NVMe: >> + Representing NVMe password >> >> mechanism: >> The means of authentication. This attribute is mandatory. >> @@ -185,6 +191,17 @@ Description: >> A write only value that when used in tandem with >> current_password will reset a system or admin password. >> >> + level: >> + Used with HDD and NVMe authentication to set 'user' or 'master' >> + privilege level >> + This attribute defaults to 'user' level > > What is the difference between user and master levels ? User: If a user hard disk password has been set, but no master hard disk password has been, the user must enter the user hard disk password to access files and applications on the hard disk drive. Master: The master hard disk password also requires a user hard disk password. The master hard disk password is usually set and used by a system administrator. It enables the administrator to access any hard disk drive in a system like a master key. The administrator sets the master password; then assigns a user password for each computer in the network. The user can then change the user password as desired, but the administrator still can get access by using the master password When a master hard disk password is set, only the administrator can remove the user hard disk password. > >> + >> + index: >> + Used with HDD and NVME authentication to set the drive index >> + that is being referenced (e.g hdd0, hdd1 etc) >> + This attribute defaults to device 0. >> + >> + >> Note, password management is session specific. If Admin password is set, >> same password must be written into current_password file (required for >> password-validation) and must be cleared once the session is over. >> > > > Also maybe all of this needs to be moved to the Lenovo specific section for now ? > > If we then get other firmware APIs to set HDD / NVMe passwords we can try to re-use this > and move it to the generic section (assuming we can make things fit ...) > Ah - good point. I will do that Thanks Mark
