On Wed, Mar 09, 2022 at 11:48:23AM +0100, Greg KH wrote: > On Wed, Mar 09, 2022 at 10:40:03AM +0000, Jonathan McDowell wrote: > > (This is an RFC to see if the approach is generally acceptable; unlike > > the previous driver this exposes the information purely as read-only > > status information, so userspace can make an informed decision about the > > system state without having to poke about in /dev/mem. There are still a > > few extra registers I'm trying to dig up information for before a proper > > submission.) > > > > This module provides read-only access to the Intel TXT (Trusted > > Execution Technology) status registers, allowing userspace to determine > > the status of measured boot and whether the dynamic root of trust for > > measurement (DRTM) has been fully enabled. > > > > Tools such as txt-stat from tboot > > <https://sourceforge.net/projects/tboot/ > can make use of this driver to > > display state rather than relying on access to /dev/mem. > > > > See Documentation/x86/intel_txt.rst for more information about Intel > > TXT. > > > > Signed-off-by: Jonathan McDowell <noodles@xxxxxx> > > --- > > arch/x86/include/asm/txt.h | 34 +++++ > > drivers/platform/x86/intel/Kconfig | 14 ++ > > drivers/platform/x86/intel/Makefile | 2 + > > drivers/platform/x86/intel/txt_sysfs.c | 185 +++++++++++++++++++++++++ > > No Documentation/ABI/ entry for your new sysfs entry? How can we > evaluate if this is a good api then? As a read-only export of configuration registers is a full set of info in Documentation/ABI/ required? I didn't get a feel for how required that was from the existing files there. > Wait, I don't see any sysfs code in here, are you sure you sent a viable > patch? The export to sysfs is via securityfs, as that seemed to be the appropriate route (it fits into a similar area as /sys/kernel/security/integrity/ima/ or /sys/kernel/security/tpm0/, providing userspace with some visibility of what the kernel thinks the state is). J.
