git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Mika Westerberg <mika.westerberg@linux.intel.com>
	Wed, 28 Mar 2018 12:31:23 +0000 (20:31 +0800)
committer	Seth Forshee <seth.forshee@canonical.com>
	Wed, 28 Mar 2018 17:44:47 +0000 (12:44 -0500)
commit	afa11ff513d740d766d61cf705e02e3af953a578
tree	bf35ed7ceb9deb423930089c1c56df04718648f3	tree
parent	269f6defa6c72302c096c176c1b77b4f2a68f345	commit \| diff

thunderbolt: Add support for preboot ACL

BugLink: http://bugs.launchpad.net/bugs/1730775
Preboot ACL is a mechanism that allows connecting Thunderbolt devices
boot time in more secure way than the legacy Thunderbolt boot support.
As with the legacy boot option, this also needs to be enabled from the
BIOS before booting is allowed. Difference to the legacy mode is that
the userspace software explicitly adds device UUIDs by sending a special
message to the ICM firmware. Only the devices listed in the boot ACL are
connected automatically during the boot. This works in both "user" and
"secure" security levels.

We implement this in Linux by exposing a new sysfs attribute (boot_acl)
below each Thunderbolt domain. The userspace software can then update
the full list as needed.

Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
(cherry picked from commit 9aaa3b8b4c56d24210acef37b7c800ca218c3d40 linux-next)
Signed-off-by: Anthony Wong <anthony.wong@canonical.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

Documentation/ABI/testing/sysfs-bus-thunderbolt		diff \| blob \| blame \| history
drivers/thunderbolt/domain.c		diff \| blob \| blame \| history
drivers/thunderbolt/icm.c		diff \| blob \| blame \| history
drivers/thunderbolt/tb.h		diff \| blob \| blame \| history
drivers/thunderbolt/tb_msgs.h		diff \| blob \| blame \| history
include/linux/thunderbolt.h		diff \| blob \| blame \| history