git.openwrt.org Git - openwrt/staging/blogic.git/commit

thunderbolt: Add support for preboot ACL

Preboot ACL is a mechanism that allows connecting Thunderbolt devices
boot time in more secure way than the legacy Thunderbolt boot support.
As with the legacy boot option, this also needs to be enabled from the
BIOS before booting is allowed. Difference to the legacy mode is that
the userspace software explicitly adds device UUIDs by sending a special
message to the ICM firmware. Only the devices listed in the boot ACL are
connected automatically during the boot. This works in both "user" and
"secure" security levels.

We implement this in Linux by exposing a new sysfs attribute (boot_acl)
below each Thunderbolt domain. The userspace software can then update
the full list as needed.

Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>

author	Mika Westerberg <mika.westerberg@linux.intel.com>
	Sun, 21 Jan 2018 10:08:04 +0000 (12:08 +0200)
committer	Mika Westerberg <mika.westerberg@linux.intel.com>
	Fri, 9 Mar 2018 09:54:11 +0000 (12:54 +0300)
commit	9aaa3b8b4c56d24210acef37b7c800ca218c3d40
tree	d974db9578dc47b0157aa65c30aa3ddfbbb9d9e5	tree \| snapshot
parent	14862ee308bbcaae0ac9927b6cbccccb51386b6c	commit \| diff

Documentation/ABI/testing/sysfs-bus-thunderbolt		diff \| blob \| history
drivers/thunderbolt/domain.c		diff \| blob \| history
drivers/thunderbolt/icm.c		diff \| blob \| history
drivers/thunderbolt/tb.h		diff \| blob \| history
drivers/thunderbolt/tb_msgs.h		diff \| blob \| history
include/linux/thunderbolt.h		diff \| blob \| history