From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Nayna <nayna@linux.vnet.ibm.com>
Cc: Nayna Jain <nayna@linux.ibm.com>,
linuxppc-dev@lists.ozlabs.org, linux-fsdevel@vger.kernel.org,
linux-efi@vger.kernel.org,
linux-security-module <linux-security-module@vger.kernel.org>,
linux-kernel@vger.kernel.org,
Michael Ellerman <mpe@ellerman.id.au>,
npiggin@gmail.com, christophe.leroy@csgroup.eu,
Dov Murik <dovmurik@linux.ibm.com>,
George Wilson <gcwilson@linux.ibm.com>,
Matthew Garrett <mjg59@srcf.ucam.org>,
Dave Hansen <dave.hansen@intel.com>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Russell Currey <ruscur@russell.cc>,
Andrew Donnellan <ajd@linux.ibm.com>,
Stefan Berger <stefanb@linux.ibm.com>
Subject: Re: [PATCH 2/4] fs: define a firmware security filesystem named fwsecurityfs
Date: Sun, 20 Nov 2022 17:13:11 +0100 [thread overview]
Message-ID: <Y3pSF2MRIXd6aH14@kroah.com> (raw)
In-Reply-To: <d615180d-6fe5-d977-da6a-e88fd8bf5345@linux.vnet.ibm.com>
On Sat, Nov 19, 2022 at 01:20:09AM -0500, Nayna wrote:
>
> On 11/17/22 16:27, Greg Kroah-Hartman wrote:
> > On Mon, Nov 14, 2022 at 06:03:43PM -0500, Nayna wrote:
> > > On 11/10/22 04:58, Greg Kroah-Hartman wrote:
> > > > On Wed, Nov 09, 2022 at 03:10:37PM -0500, Nayna wrote:
> > > > > On 11/9/22 08:46, Greg Kroah-Hartman wrote:
> > > > > > On Sun, Nov 06, 2022 at 04:07:42PM -0500, Nayna Jain wrote:
> > > > > > > securityfs is meant for Linux security subsystems to expose policies/logs
> > > > > > > or any other information. However, there are various firmware security
> > > > > > > features which expose their variables for user management via the kernel.
> > > > > > > There is currently no single place to expose these variables. Different
> > > > > > > platforms use sysfs/platform specific filesystem(efivarfs)/securityfs
> > > > > > > interface as they find it appropriate. Thus, there is a gap in kernel
> > > > > > > interfaces to expose variables for security features.
> > > > > > >
> > > > > > > Define a firmware security filesystem (fwsecurityfs) to be used by
> > > > > > > security features enabled by the firmware. These variables are platform
> > > > > > > specific. This filesystem provides platforms a way to implement their
> > > > > > > own underlying semantics by defining own inode and file operations.
> > > > > > >
> > > > > > > Similar to securityfs, the firmware security filesystem is recommended
> > > > > > > to be exposed on a well known mount point /sys/firmware/security.
> > > > > > > Platforms can define their own directory or file structure under this path.
> > > > > > >
> > > > > > > Example:
> > > > > > >
> > > > > > > # mount -t fwsecurityfs fwsecurityfs /sys/firmware/security
> > > > > > Why not juset use securityfs in /sys/security/firmware/ instead? Then
> > > > > > you don't have to create a new filesystem and convince userspace to
> > > > > > mount it in a specific location?
> > > > > From man 5 sysfs page:
> > > > >
> > > > > /sys/firmware: This subdirectory contains interfaces for viewing and
> > > > > manipulating firmware-specific objects and attributes.
> > > > >
> > > > > /sys/kernel: This subdirectory contains various files and subdirectories
> > > > > that provide information about the running kernel.
> > > > >
> > > > > The security variables which are being exposed via fwsecurityfs are managed
> > > > > by firmware, stored in firmware managed space and also often consumed by
> > > > > firmware for enabling various security features.
> > > > Ok, then just use the normal sysfs interface for /sys/firmware, why do
> > > > you need a whole new filesystem type?
> > > >
> > > > > From git commit b67dbf9d4c1987c370fd18fdc4cf9d8aaea604c2, the purpose of
> > > > > securityfs(/sys/kernel/security) is to provide a common place for all kernel
> > > > > LSMs. The idea of
> > > > > fwsecurityfs(/sys/firmware/security) is to similarly provide a common place
> > > > > for all firmware security objects.
> > > > >
> > > > > /sys/firmware already exists. The patch now defines a new /security
> > > > > directory in it for firmware security features. Using /sys/kernel/security
> > > > > would mean scattering firmware objects in multiple places and confusing the
> > > > > purpose of /sys/kernel and /sys/firmware.
> > > > sysfs is confusing already, no problem with making it more confusing :)
> > > >
> > > > Just document where you add things and all should be fine.
> > > >
> > > > > Even though fwsecurityfs code is based on securityfs, since the two
> > > > > filesystems expose different types of objects and have different
> > > > > requirements, there are distinctions:
> > > > >
> > > > > 1. fwsecurityfs lets users create files in userspace, securityfs only allows
> > > > > kernel subsystems to create files.
> > > > Wait, why would a user ever create a file in this filesystem? If you
> > > > need that, why not use configfs? That's what that is for, right?
> > > The purpose of fwsecurityfs is not to expose configuration items but rather
> > > security objects used for firmware security features. I think these are more
> > > comparable to EFI variables, which are exposed via an EFI-specific
> > > filesystem, efivarfs, rather than configfs.
> > >
> > > > > 2. firmware and kernel objects may have different requirements. For example,
> > > > > consideration of namespacing. As per my understanding, namespacing is
> > > > > applied to kernel resources and not firmware resources. That's why it makes
> > > > > sense to add support for namespacing in securityfs, but we concluded that
> > > > > fwsecurityfs currently doesn't need it. Another but similar example of it
> > > > > is: TPM space, which is exposed from hardware. For containers, the TPM would
> > > > > be made as virtual/software TPM. Similarly for firmware space for
> > > > > containers, it would have to be something virtualized/software version of
> > > > > it.
> > > > I do not understand, sorry. What does namespaces have to do with this?
> > > > sysfs can already handle namespaces just fine, why not use that?
> > > Firmware objects are not namespaced. I mentioned it here as an example of
> > > the difference between firmware and kernel objects. It is also in response
> > > to the feedback from James Bottomley in RFC v2 [https://lore.kernel.org/linuxppc-dev/41ca51e8db9907d9060cc38adb59a66dcae4c59b.camel@HansenPartnership.com/].
> > I do not understand, sorry. Do you want to use a namespace for these or
> > not? The code does not seem to be using namespaces. You can use sysfs
> > with, or without, a namespace so I don't understand the issue here.
> >
> > With your code, there is no namespace.
>
> You are correct. There's no namespace for these.
So again, I do not understand. Do you want to use filesystem
namespaces, or do you not?
How again can you not use sysfs or securityfs due to namespaces? What
is missing?
confused,
greg k-h
next prev parent reply other threads:[~2022-11-20 16:23 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-06 21:07 [PATCH 0/4] powerpc/pseries: expose firmware security variables via filesystem Nayna Jain
2022-11-06 21:07 ` [PATCH 1/4] powerpc/pseries: Add new functions to PLPKS driver Nayna Jain
2022-11-06 21:07 ` [PATCH 2/4] fs: define a firmware security filesystem named fwsecurityfs Nayna Jain
2022-11-09 13:46 ` Greg Kroah-Hartman
2022-11-09 20:10 ` Nayna
2022-11-10 9:58 ` Greg Kroah-Hartman
2022-11-14 23:03 ` Nayna
2022-11-17 21:27 ` Greg Kroah-Hartman
2022-11-19 6:20 ` Nayna
2022-11-20 16:13 ` Greg Kroah-Hartman [this message]
2022-11-21 3:14 ` James Bottomley
2022-11-21 11:05 ` Greg Kroah-Hartman
2022-11-21 14:03 ` James Bottomley
2022-11-21 15:05 ` Greg Kroah-Hartman
2022-11-21 17:33 ` James Bottomley
2022-11-21 18:12 ` Greg Kroah-Hartman
2022-11-21 16:12 ` David Laight
2022-11-21 19:34 ` Nayna
2022-11-19 11:48 ` Ritesh Harjani (IBM)
2022-11-22 23:21 ` Nayna
2022-11-23 15:05 ` Nayna
2022-11-23 15:57 ` Greg Kroah-Hartman
2022-11-23 18:57 ` Nayna
2022-12-12 0:58 ` Andrew Donnellan
2022-12-12 6:11 ` Greg Kroah-Hartman
2022-11-06 21:07 ` [PATCH 3/4] powerpc/pseries: initialize fwsecurityfs with plpks arch-specific structure Nayna Jain
2022-11-06 21:07 ` [PATCH 4/4] powerpc/pseries: expose authenticated variables stored in LPAR PKS Nayna Jain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y3pSF2MRIXd6aH14@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=ajd@linux.ibm.com \
--cc=benh@kernel.crashing.org \
--cc=christophe.leroy@csgroup.eu \
--cc=dave.hansen@intel.com \
--cc=dovmurik@linux.ibm.com \
--cc=gcwilson@linux.ibm.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mjg59@srcf.ucam.org \
--cc=mpe@ellerman.id.au \
--cc=nayna@linux.ibm.com \
--cc=nayna@linux.vnet.ibm.com \
--cc=npiggin@gmail.com \
--cc=paulus@samba.org \
--cc=ruscur@russell.cc \
--cc=stefanb@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).