diff options
author | Mika Westerberg <mika.westerberg@linux.intel.com> | 2018-01-21 12:08:04 +0200 |
---|---|---|
committer | Mika Westerberg <mika.westerberg@linux.intel.com> | 2018-03-09 12:54:11 +0300 |
commit | 9aaa3b8b4c56d24210acef37b7c800ca218c3d40 (patch) | |
tree | d974db9578dc47b0157aa65c30aa3ddfbbb9d9e5 /drivers/thunderbolt/tb.h | |
parent | 14862ee308bbcaae0ac9927b6cbccccb51386b6c (diff) | |
download | lwn-9aaa3b8b4c56d24210acef37b7c800ca218c3d40.tar.gz lwn-9aaa3b8b4c56d24210acef37b7c800ca218c3d40.zip |
thunderbolt: Add support for preboot ACL
Preboot ACL is a mechanism that allows connecting Thunderbolt devices
boot time in more secure way than the legacy Thunderbolt boot support.
As with the legacy boot option, this also needs to be enabled from the
BIOS before booting is allowed. Difference to the legacy mode is that
the userspace software explicitly adds device UUIDs by sending a special
message to the ICM firmware. Only the devices listed in the boot ACL are
connected automatically during the boot. This works in both "user" and
"secure" security levels.
We implement this in Linux by exposing a new sysfs attribute (boot_acl)
below each Thunderbolt domain. The userspace software can then update
the full list as needed.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Diffstat (limited to 'drivers/thunderbolt/tb.h')
-rw-r--r-- | drivers/thunderbolt/tb.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/drivers/thunderbolt/tb.h b/drivers/thunderbolt/tb.h index 9c9cef875ca8..9d9f0ca16bfb 100644 --- a/drivers/thunderbolt/tb.h +++ b/drivers/thunderbolt/tb.h @@ -200,6 +200,8 @@ struct tb_path { * @suspend: Connection manager specific suspend * @complete: Connection manager specific complete * @handle_event: Handle thunderbolt event + * @get_boot_acl: Get boot ACL list + * @set_boot_acl: Set boot ACL list * @approve_switch: Approve switch * @add_switch_key: Add key to switch * @challenge_switch_key: Challenge switch using key @@ -217,6 +219,8 @@ struct tb_cm_ops { void (*complete)(struct tb *tb); void (*handle_event)(struct tb *tb, enum tb_cfg_pkg_type, const void *buf, size_t size); + int (*get_boot_acl)(struct tb *tb, uuid_t *uuids, size_t nuuids); + int (*set_boot_acl)(struct tb *tb, const uuid_t *uuids, size_t nuuids); int (*approve_switch)(struct tb *tb, struct tb_switch *sw); int (*add_switch_key)(struct tb *tb, struct tb_switch *sw); int (*challenge_switch_key)(struct tb *tb, struct tb_switch *sw, |