From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 94D9EC4332F for ; Wed, 9 Nov 2022 13:47:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229554AbiKINrD (ORCPT ); Wed, 9 Nov 2022 08:47:03 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35228 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229527AbiKINrC (ORCPT ); Wed, 9 Nov 2022 08:47:02 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0921D13FB3; Wed, 9 Nov 2022 05:47:02 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id B73C3B81EC4; Wed, 9 Nov 2022 13:47:00 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B3FE1C433C1; Wed, 9 Nov 2022 13:46:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1668001619; bh=T8ZpCfeDrYRnXim+EtribWm92PpPSXe5RMsnfAotB4g=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=yilDZTQVRk/dQ6ZjPzjqvsk7gjmJ/ywI9HPUjKi20aCPrjgXYmUwjckntNGsnqPeV OVgTzAcVyN1BnZ3Ofu/6wLcRP7+Msh6bQ75oLO7maLPj9bNjjKgnASzOY7FMZb/WBo ziaNbBLpVAhRioTwS6CD7/5TLkPzIquE2AJTNFDI= Date: Wed, 9 Nov 2022 14:46:56 +0100 From: Greg Kroah-Hartman To: Nayna Jain Cc: linuxppc-dev@lists.ozlabs.org, linux-fsdevel@vger.kernel.org, linux-efi@vger.kernel.org, linux-security-module , linux-kernel@vger.kernel.org, Michael Ellerman , npiggin@gmail.com, christophe.leroy@csgroup.eu, Dov Murik , George Wilson , Matthew Garrett , Dave Hansen , Benjamin Herrenschmidt , Paul Mackerras , Russell Currey , Andrew Donnellan , Stefan Berger Subject: Re: [PATCH 2/4] fs: define a firmware security filesystem named fwsecurityfs Message-ID: References: <20221106210744.603240-1-nayna@linux.ibm.com> <20221106210744.603240-3-nayna@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221106210744.603240-3-nayna@linux.ibm.com> Precedence: bulk List-ID: On Sun, Nov 06, 2022 at 04:07:42PM -0500, Nayna Jain wrote: > securityfs is meant for Linux security subsystems to expose policies/logs > or any other information. However, there are various firmware security > features which expose their variables for user management via the kernel. > There is currently no single place to expose these variables. Different > platforms use sysfs/platform specific filesystem(efivarfs)/securityfs > interface as they find it appropriate. Thus, there is a gap in kernel > interfaces to expose variables for security features. > > Define a firmware security filesystem (fwsecurityfs) to be used by > security features enabled by the firmware. These variables are platform > specific. This filesystem provides platforms a way to implement their > own underlying semantics by defining own inode and file operations. > > Similar to securityfs, the firmware security filesystem is recommended > to be exposed on a well known mount point /sys/firmware/security. > Platforms can define their own directory or file structure under this path. > > Example: > > # mount -t fwsecurityfs fwsecurityfs /sys/firmware/security Why not juset use securityfs in /sys/security/firmware/ instead? Then you don't have to create a new filesystem and convince userspace to mount it in a specific location? thanks, greg k-h