Re: [RFC PATCH v2 2/3] fs: define a firmware security filesystem named fwsecurityfs

From: Casey Schaufler
Date: Wed Jun 22 2022 - 18:29:15 EST

Next message: Saravana Kannan: "Re: [PATCH v2 7/9] driver core: Set fw_devlink.strict=1 by default"
Previous message: Kees Cook: "Re: [PATCH v2 3/4][next] scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_DRV_RAID_MAP"
In reply to: Nayna Jain: "[RFC PATCH v2 2/3] fs: define a firmware security filesystem named fwsecurityfs"
Next in thread: Nayna: "Re: [RFC PATCH v2 2/3] fs: define a firmware security filesystem named fwsecurityfs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/22/2022 2:56 PM, Nayna Jain wrote:

securityfs is meant for linux security subsystems to expose policies/logs
or any other information. However, there are various firmware security
features which expose their variables for user management via kernel.
There is currently no single place to expose these variables. Different
platforms use sysfs/platform specific filesystem(efivarfs)/securityfs
interface as find appropriate. Thus, there is a gap in kernel interfaces
to expose variables for security features.

Why not put the firmware entries under /sys/kernel/security/firmware?

Next message: Saravana Kannan: "Re: [PATCH v2 7/9] driver core: Set fw_devlink.strict=1 by default"
Previous message: Kees Cook: "Re: [PATCH v2 3/4][next] scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_DRV_RAID_MAP"
In reply to: Nayna Jain: "[RFC PATCH v2 2/3] fs: define a firmware security filesystem named fwsecurityfs"
Next in thread: Nayna: "Re: [RFC PATCH v2 2/3] fs: define a firmware security filesystem named fwsecurityfs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]