git.baikalelectronics.ru Git - kernel.git/commit

thunderbolt: Add support for preboot ACL

Preboot ACL is a mechanism that allows connecting Thunderbolt devices
boot time in more secure way than the legacy Thunderbolt boot support.
As with the legacy boot option, this also needs to be enabled from the
BIOS before booting is allowed. Difference to the legacy mode is that
the userspace software explicitly adds device UUIDs by sending a special
message to the ICM firmware. Only the devices listed in the boot ACL are
connected automatically during the boot. This works in both "user" and
"secure" security levels.

We implement this in Linux by exposing a new sysfs attribute (boot_acl)
below each Thunderbolt domain. The userspace software can then update
the full list as needed.

Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>

author	Mika Westerberg <mika.westerberg@linux.intel.com>
	Sun, 21 Jan 2018 10:08:04 +0000 (12:08 +0200)
committer	Mika Westerberg <mika.westerberg@linux.intel.com>
	Fri, 9 Mar 2018 09:54:11 +0000 (12:54 +0300)
commit	d4c9d16dca9f47efe93e2396c93338b1b298f12f
tree	d974db9578dc47b0157aa65c30aa3ddfbbb9d9e5	tree \| snapshot
parent	f8a0ffb4d3d059cf41562fd0f625051500669e9e	commit \| diff

Documentation/ABI/testing/sysfs-bus-thunderbolt		diff \| blob \| history
drivers/thunderbolt/domain.c		diff \| blob \| history
drivers/thunderbolt/icm.c		diff \| blob \| history
drivers/thunderbolt/tb.h		diff \| blob \| history
drivers/thunderbolt/tb_msgs.h		diff \| blob \| history
include/linux/thunderbolt.h		diff \| blob \| history