Hi Hans, On 2021-11-17 07:09, Hans de Goede wrote: > Hi, > > On 11/16/21 22:05, Mark Pearson wrote: >> >> Hi Hans, >> >> Thank you for the review. >> >> On 2021-11-16 09:00, Hans de Goede wrote: >>> Hi, >>> >>> On 11/9/21 00:25, Mark Pearson wrote: >>>> Newer Lenovo BIOS's have an opcode GUID support interface which provides >>>> - improved password setting control >>>> - ability to set System, hard drive and NVMe passwords >>>> >>>> Add the support for these new passwords, and the ability to select >>>> user/master mode and the drive index. >>>> >>>> Signed-off-by: Mark Pearson <markpearson@xxxxxxxxxx> >>>> --- >>>> .../ABI/testing/sysfs-class-firmware-attributes | 17 +++++++++++++++++ >>>> 1 file changed, 17 insertions(+) >>>> >>>> diff --git a/Documentation/ABI/testing/sysfs-class-firmware-attributes b/Documentation/ABI/testing/sysfs-class-firmware-attributes >>>> index 3348bf80a37c..6af4c5cf3d47 100644 >>>> --- a/Documentation/ABI/testing/sysfs-class-firmware-attributes >>>> +++ b/Documentation/ABI/testing/sysfs-class-firmware-attributes >>>> @@ -161,6 +161,12 @@ Description: >>>> power-on: >>>> Representing a password required to use >>>> the system >>>> + system-mgmt: >>>> + Representing System Management password >>> >>> What is the difference between the system-mgmt password and the bios-admin one ? >> >> Taken from the documentation but somewhat reformatted/edited for clarity >> >> bios-admin - You are prompted to enter a valid password each time you >> try to enter the BIOS menu >> >> system-mgmt - You can enable the system management password to have the >> same authority as the bios-admin password to control security related >> features. You can customize the authority of the system management >> password through the UEFI BIOS menu (SMP Access Control Policy) > > Ok, so if I understand this correctly, then if both a bios-admin and > a system-mgmt password are set then with the bios-admin option > all options accept those on the "security settings" BIOS screen > can be changed, and with the system-mgmt password everything can > be changed, is that correct? > Yes - that's my understanding. > Also can you update the new text here to try and explain this > somewhat ? Will do > > >>>> + HDD: >>>> + Representing HDD password >>>> + NVMe: >>>> + Representing NVMe password >>>> >>>> mechanism: >>>> The means of authentication. This attribute is mandatory. >>>> @@ -185,6 +191,17 @@ Description: >>>> A write only value that when used in tandem with >>>> current_password will reset a system or admin password. >>>> >>>> + level: >>>> + Used with HDD and NVMe authentication to set 'user' or 'master' >>>> + privilege level >>>> + This attribute defaults to 'user' level >>> >>> What is the difference between user and master levels ? >> >> User: If a user hard disk password has been set, but no master hard disk >> password has been, the user must enter the user hard disk password to >> access files and applications on the hard disk drive. >> >> Master: The master hard disk password also requires a user hard disk >> password. The master hard disk password is usually set and used by a >> system administrator. It enables the administrator to access any hard >> disk drive in a system like a master key. The administrator sets the >> master password; then assigns a user password for each computer in the >> network. The user can then change the user password as desired, but the >> administrator still can get access by using the master password When a >> master hard disk password is set, only the administrator can remove the >> user hard disk password. > > I understand, so like a master-key vs a normal key in a big office building. Yes - good analogy > > Can you update the new text here to try and explain this somewhat ? Will do Thanks! Mark
