thunderbolt: Add 'boot' attribute for devices

In various cases, Thunderbolt device can be connected by ICM on boot
without waiting for approval from user. Most cases are related to
OEM-specific BIOS configurations. This information is interesting for
user-space as if the device isn't in SW ACL, it may create a friction in
the user experience where the device is automatically authorized if it's
connected on boot but requires an explicit user action if connected
after OS is up. User-space can use this information to suggest adding
the device to SW ACL for auto-authorization on later connections.

Signed-off-by: Yehezkel Bernat <yehezkel.bernat@intel.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
This commit is contained in:
Yehezkel Bernat 2018-01-22 12:50:09 +02:00 committed by Mika Westerberg
parent 3080e197e9
commit 14862ee308
5 changed files with 32 additions and 4 deletions

View File

@ -38,6 +38,13 @@ Description: This attribute is used to authorize Thunderbolt devices
the device did not contain a key at all, and
EKEYREJECTED if the challenge response did not match.
What: /sys/bus/thunderbolt/devices/.../boot
Date: Jun 2018
KernelVersion: 4.17
Contact: thunderbolt-software@lists.01.org
Description: This attribute contains 1 if Thunderbolt device was already
authorized on boot and 0 otherwise.
What: /sys/bus/thunderbolt/devices/.../key
Date: Sep 2017
KernelVersion: 4.13

View File

@ -402,7 +402,7 @@ static int icm_fr_disconnect_xdomain_paths(struct tb *tb, struct tb_xdomain *xd)
static void add_switch(struct tb_switch *parent_sw, u64 route,
const uuid_t *uuid, u8 connection_id, u8 connection_key,
u8 link, u8 depth, enum tb_security_level security_level,
bool authorized)
bool authorized, bool boot)
{
struct tb_switch *sw;
@ -417,6 +417,7 @@ static void add_switch(struct tb_switch *parent_sw, u64 route,
sw->depth = depth;
sw->authorized = authorized;
sw->security_level = security_level;
sw->boot = boot;
/* Link the two switches now */
tb_port_at(route, parent_sw)->remote = tb_upstream_port(sw);
@ -431,7 +432,7 @@ static void add_switch(struct tb_switch *parent_sw, u64 route,
static void update_switch(struct tb_switch *parent_sw, struct tb_switch *sw,
u64 route, u8 connection_id, u8 connection_key,
u8 link, u8 depth)
u8 link, u8 depth, bool boot)
{
/* Disconnect from parent */
tb_port_at(tb_route(sw), parent_sw)->remote = NULL;
@ -445,6 +446,7 @@ static void update_switch(struct tb_switch *parent_sw, struct tb_switch *sw,
sw->connection_key = connection_key;
sw->link = link;
sw->depth = depth;
sw->boot = boot;
/* This switch still exists */
sw->is_unplugged = false;
@ -504,6 +506,7 @@ icm_fr_device_connected(struct tb *tb, const struct icm_pkg_header *hdr)
bool authorized = false;
struct tb_xdomain *xd;
u8 link, depth;
bool boot;
u64 route;
int ret;
@ -513,6 +516,7 @@ icm_fr_device_connected(struct tb *tb, const struct icm_pkg_header *hdr)
authorized = pkg->link_info & ICM_LINK_INFO_APPROVED;
security_level = (pkg->hdr.flags & ICM_FLAGS_SLEVEL_MASK) >>
ICM_FLAGS_SLEVEL_SHIFT;
boot = pkg->link_info & ICM_LINK_INFO_BOOT;
if (pkg->link_info & ICM_LINK_INFO_REJECTED) {
tb_info(tb, "switch at %u.%u was rejected by ICM firmware because topology limit exceeded\n",
@ -546,7 +550,7 @@ icm_fr_device_connected(struct tb *tb, const struct icm_pkg_header *hdr)
if (sw->depth == depth && sw_phy_port == phy_port &&
!!sw->authorized == authorized) {
update_switch(parent_sw, sw, route, pkg->connection_id,
pkg->connection_key, link, depth);
pkg->connection_key, link, depth, boot);
tb_switch_put(sw);
return;
}
@ -595,7 +599,7 @@ icm_fr_device_connected(struct tb *tb, const struct icm_pkg_header *hdr)
add_switch(parent_sw, route, &pkg->ep_uuid, pkg->connection_id,
pkg->connection_key, link, depth, security_level,
authorized);
authorized, boot);
tb_switch_put(parent_sw);
}

View File

@ -775,6 +775,15 @@ static ssize_t authorized_store(struct device *dev,
}
static DEVICE_ATTR_RW(authorized);
static ssize_t boot_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
struct tb_switch *sw = tb_to_switch(dev);
return sprintf(buf, "%u\n", sw->boot);
}
static DEVICE_ATTR_RO(boot);
static ssize_t device_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
@ -951,6 +960,7 @@ static DEVICE_ATTR_RO(unique_id);
static struct attribute *switch_attrs[] = {
&dev_attr_authorized.attr,
&dev_attr_boot.attr,
&dev_attr_device.attr,
&dev_attr_device_name.attr,
&dev_attr_key.attr,
@ -979,6 +989,10 @@ static umode_t switch_attr_is_visible(struct kobject *kobj,
if (sw->dma_port)
return attr->mode;
return 0;
} else if (attr == &dev_attr_boot.attr) {
if (tb_route(sw))
return attr->mode;
return 0;
}
return sw->safe_mode ? 0 : attr->mode;

View File

@ -66,6 +66,7 @@ struct tb_switch_nvm {
* @nvm: Pointer to the NVM if the switch has one (%NULL otherwise)
* @no_nvm_upgrade: Prevent NVM upgrade of this switch
* @safe_mode: The switch is in safe-mode
* @boot: Whether the switch was already authorized on boot or not
* @authorized: Whether the switch is authorized by user or policy
* @work: Work used to automatically authorize a switch
* @security_level: Switch supported security level
@ -99,6 +100,7 @@ struct tb_switch {
struct tb_switch_nvm *nvm;
bool no_nvm_upgrade;
bool safe_mode;
bool boot;
unsigned int authorized;
struct work_struct work;
enum tb_security_level security_level;

View File

@ -179,6 +179,7 @@ struct icm_fr_event_device_connected {
#define ICM_LINK_INFO_DEPTH_MASK GENMASK(7, 4)
#define ICM_LINK_INFO_APPROVED BIT(8)
#define ICM_LINK_INFO_REJECTED BIT(9)
#define ICM_LINK_INFO_BOOT BIT(10)
struct icm_fr_pkg_approve_device {
struct icm_pkg_header hdr;