Hi Thomas, On Fri, Apr 14, 2023 at 3:36 PM Thomas Weißschuh <thomas@xxxxxxxx> wrote: > > On 2023-04-14 15:00:02-0500, Jorge Lopez wrote: > > On Fri, Apr 14, 2023 at 10:27 AM <thomas@xxxxxxxx> wrote: > > > On 2023-04-12 09:48:21-0500, Jorge Lopez wrote: > > > > [..] > > > > > > > > +What: /sys/class/firmware-attributes/*/authentication/SPM/statusbin > > > > +Date: March 29 > > > > +KernelVersion: 5.18 > > > > +Contact: "Jorge Lopez" <jorge.lopez2@xxxxxx> > > > > +Description: 'statusbin' is a read-only file that returns 'status' information > > > > + in binary format. This file provides a mechanism for components > > > > + downstream (e.g. Recovery Agent) can read the status and public > > > > + key modulus. > > > > > > This is still missing docs about how to interpret the contents of the > > > "statusbin" file. > > > > > > "components downstream" -> userspace. > > > > > > > I will provide the details in Version 10. Additionally, I am working > > with the architect to understand the need for 'statusbin' in their > > upcoming features. Statusbin is one attribute we can drop but will require changes how 'status' data is reported (JSON format). > > If the userspace component is not ready maybe this can be delayed for a > future patchset? > The basic features should already be useful with a generic client like > fwupd. > Doing it in steps should be faster both in development and wall time. The interaction with fwupd and support is a goal for future patches for hp-bioscfg. Initially, We want to establish the proper and basic framework to enable the security and BIOS configuration features by leveraging firmware-attributes framework. No testing with fwupd tool has taken place since hp-bioscfg is not associated with a specific device > > > > I think we can start with the code review. > > > > > > > I will send all files with Version 10. To aid in the review process, > > I will keep all ..c in separate reviews. It is less confusing that > > way since there is commonality between them > > > > > Could you also provide a sample of the attribute files? > > > I'm especially curious about the different instances of the sure-start > > > attributes, including current_value, possible_values and the auditlog > > > properties. > > > > > > > What type of sample are you looking for.? I can provide you with a > > tree display of all attributes and some output samples for different > > attribute types. > > That sounds great. Attached is a copy of three files for your review. tree-view.log -- tree view of all attributes/authentication files reported by hp-bioscfg authentication.log -- List of all authentication attributes and corresponding file output. The data includes SPM (statusbin, status) attributes-sample.log -- Reduced list of attributes including a sample output for each attribute type. (string, enumeration, ordered-list, integer, Sure_Start, pending_reboot) Sure_Start includes the output captured for audit_log_entries and audit_log_entry_count. In addition, I captured the hex output for statusbin and audit_log_entries if you are interested to go over them. Binary-dump-statusbin-auditlog.log > > > I will include sure-start attributes, including current_value, > > possible_values and the audit log properties. Please let me know if > > there is anything else you want to see. > > I want to get a feeling for the exposed bios settings and how the > sure-start stuff works. > > > > Also is the userspace component for this published somewhere? > > > If so it would be useful to refer to it from the commit message. > > > > Linux components are under development and not published yet. The > > only linux component at this time is the driver (hp bioscfg). > > The only published components are under Windows ONLY. > > Maybe mention this in the commit message. The text will be added as part of the commit message. > > Also it would be useful to test the new driver with fwupd which is the > existing userspace user of this ABI. > Just to make sure that nothing is obviously broken there. > (And mention this in the commit message) > > Thomas
Attachment:
Binary-dump-statusbin-auditlog.log
Description: Binary data
Attachment:
attributes-examples.log
Description: Binary data
Attachment:
tree-view.log
Description: Binary data
Attachment:
authentication.log
Description: Binary data
