Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 14862ee3 authored by Yehezkel Bernat's avatar Yehezkel Bernat Committed by Mika Westerberg
Browse files

thunderbolt: Add 'boot' attribute for devices 



In various cases, Thunderbolt device can be connected by ICM on boot
without waiting for approval from user. Most cases are related to
OEM-specific BIOS configurations. This information is interesting for
user-space as if the device isn't in SW ACL, it may create a friction in
the user experience where the device is automatically authorized if it's
connected on boot but requires an explicit user action if connected
after OS is up. User-space can use this information to suggest adding
the device to SW ACL for auto-authorization on later connections.

Signed-off-by: default avatarYehezkel Bernat <yehezkel.bernat@intel.com>
Signed-off-by: default avatarMika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: default avatarAndy Shevchenko <andy.shevchenko@gmail.com>
parent 3080e197

Documentation/ABI/testing/sysfs-bus-thunderbolt

+7 −0
Original line number Original line Diff line number Diff line
@@ -38,6 +38,13 @@ Description: This attribute is used to authorize Thunderbolt devices 
		   the device did not contain a key at all, and

		   the device did not contain a key at all, and

		   EKEYREJECTED if the challenge response did not match.

		   EKEYREJECTED if the challenge response did not match.





What: /sys/bus/thunderbolt/devices/.../boot

Date:		Jun 2018

KernelVersion:	4.17

Contact:	thunderbolt-software@lists.01.org

Description:	This attribute contains 1 if Thunderbolt device was already

		authorized on boot and 0 otherwise.



What: /sys/bus/thunderbolt/devices/.../key

What: /sys/bus/thunderbolt/devices/.../key

Date:		Sep 2017

Date:		Sep 2017

KernelVersion:	4.13

KernelVersion:	4.13

drivers/thunderbolt/icm.c

+8 −4
Original line number Original line Diff line number Diff line
@@ -402,7 +402,7 @@ static int icm_fr_disconnect_xdomain_paths(struct tb *tb, struct tb_xdomain *xd) 
static void add_switch(struct tb_switch *parent_sw, u64 route,

static void add_switch(struct tb_switch *parent_sw, u64 route,

		       const uuid_t *uuid, u8 connection_id, u8 connection_key,

		       const uuid_t *uuid, u8 connection_id, u8 connection_key,

		       u8 link, u8 depth, enum tb_security_level security_level,

		       u8 link, u8 depth, enum tb_security_level security_level,

		       bool authorized)

		       bool authorized, bool boot)

{

{

	struct tb_switch *sw;

	struct tb_switch *sw;
@@ -417,6 +417,7 @@ static void add_switch(struct tb_switch *parent_sw, u64 route, 
	sw->depth = depth;

	sw->depth = depth;

	sw->authorized = authorized;

	sw->authorized = authorized;

	sw->security_level = security_level;

	sw->security_level = security_level;

	sw->boot = boot;





	/* Link the two switches now */

	/* Link the two switches now */

	tb_port_at(route, parent_sw)->remote = tb_upstream_port(sw);

	tb_port_at(route, parent_sw)->remote = tb_upstream_port(sw);
@@ -431,7 +432,7 @@ static void add_switch(struct tb_switch *parent_sw, u64 route, 




static void update_switch(struct tb_switch *parent_sw, struct tb_switch *sw,

static void update_switch(struct tb_switch *parent_sw, struct tb_switch *sw,

			  u64 route, u8 connection_id, u8 connection_key,

			  u64 route, u8 connection_id, u8 connection_key,

			  u8 link, u8 depth)

			  u8 link, u8 depth, bool boot)

{

{

	/* Disconnect from parent */

	/* Disconnect from parent */

	tb_port_at(tb_route(sw), parent_sw)->remote = NULL;

	tb_port_at(tb_route(sw), parent_sw)->remote = NULL;
@@ -445,6 +446,7 @@ static void update_switch(struct tb_switch *parent_sw, struct tb_switch *sw, 
	sw->connection_key = connection_key;

	sw->connection_key = connection_key;

	sw->link = link;

	sw->link = link;

	sw->depth = depth;

	sw->depth = depth;

	sw->boot = boot;





	/* This switch still exists */

	/* This switch still exists */

	sw->is_unplugged = false;

	sw->is_unplugged = false;
@@ -504,6 +506,7 @@ icm_fr_device_connected(struct tb *tb, const struct icm_pkg_header *hdr) 
	bool authorized = false;

	bool authorized = false;

	struct tb_xdomain *xd;

	struct tb_xdomain *xd;

	u8 link, depth;

	u8 link, depth;

	bool boot;

	u64 route;

	u64 route;

	int ret;

	int ret;
@@ -513,6 +516,7 @@ icm_fr_device_connected(struct tb *tb, const struct icm_pkg_header *hdr) 
	authorized = pkg->link_info & ICM_LINK_INFO_APPROVED;

	authorized = pkg->link_info & ICM_LINK_INFO_APPROVED;

	security_level = (pkg->hdr.flags & ICM_FLAGS_SLEVEL_MASK) >>

	security_level = (pkg->hdr.flags & ICM_FLAGS_SLEVEL_MASK) >>

			 ICM_FLAGS_SLEVEL_SHIFT;

			 ICM_FLAGS_SLEVEL_SHIFT;

	boot = pkg->link_info & ICM_LINK_INFO_BOOT;





	if (pkg->link_info & ICM_LINK_INFO_REJECTED) {

	if (pkg->link_info & ICM_LINK_INFO_REJECTED) {

		tb_info(tb, "switch at %u.%u was rejected by ICM firmware because topology limit exceeded\n",

		tb_info(tb, "switch at %u.%u was rejected by ICM firmware because topology limit exceeded\n",
@@ -546,7 +550,7 @@ icm_fr_device_connected(struct tb *tb, const struct icm_pkg_header *hdr) 
		if (sw->depth == depth && sw_phy_port == phy_port &&

		if (sw->depth == depth && sw_phy_port == phy_port &&

		    !!sw->authorized == authorized) {

		    !!sw->authorized == authorized) {

			update_switch(parent_sw, sw, route, pkg->connection_id,

			update_switch(parent_sw, sw, route, pkg->connection_id,

				      pkg->connection_key, link, depth);

				      pkg->connection_key, link, depth, boot);

			tb_switch_put(sw);

			tb_switch_put(sw);

			return;

			return;

		}

		}
@@ -595,7 +599,7 @@ icm_fr_device_connected(struct tb *tb, const struct icm_pkg_header *hdr) 




	add_switch(parent_sw, route, &pkg->ep_uuid, pkg->connection_id,

	add_switch(parent_sw, route, &pkg->ep_uuid, pkg->connection_id,

		   pkg->connection_key, link, depth, security_level,

		   pkg->connection_key, link, depth, security_level,

		   authorized);

		   authorized, boot);





	tb_switch_put(parent_sw);

	tb_switch_put(parent_sw);

}

}

drivers/thunderbolt/switch.c

+14 −0
Original line number Original line Diff line number Diff line
@@ -775,6 +775,15 @@ static ssize_t authorized_store(struct device *dev, 
}

}

static DEVICE_ATTR_RW(authorized);

static DEVICE_ATTR_RW(authorized);





static ssize_t boot_show(struct device *dev, struct device_attribute *attr,

			 char *buf)

{

	struct tb_switch *sw = tb_to_switch(dev);



	return sprintf(buf, "%u\n", sw->boot);

}

static DEVICE_ATTR_RO(boot);



static ssize_t device_show(struct device *dev, struct device_attribute *attr,

static ssize_t device_show(struct device *dev, struct device_attribute *attr,

			   char *buf)

			   char *buf)

{

{
@@ -951,6 +960,7 @@ static DEVICE_ATTR_RO(unique_id); 




static struct attribute *switch_attrs[] = {

static struct attribute *switch_attrs[] = {

	&dev_attr_authorized.attr,

	&dev_attr_authorized.attr,

	&dev_attr_boot.attr,

	&dev_attr_device.attr,

	&dev_attr_device.attr,

	&dev_attr_device_name.attr,

	&dev_attr_device_name.attr,

	&dev_attr_key.attr,

	&dev_attr_key.attr,
@@ -979,6 +989,10 @@ static umode_t switch_attr_is_visible(struct kobject *kobj, 
		if (sw->dma_port)

		if (sw->dma_port)

			return attr->mode;

			return attr->mode;

		return 0;

		return 0;

	} else if (attr == &dev_attr_boot.attr) {

		if (tb_route(sw))

			return attr->mode;

		return 0;

	}

	}





	return sw->safe_mode ? 0 : attr->mode;

	return sw->safe_mode ? 0 : attr->mode;

drivers/thunderbolt/tb.h

+2 −0
Original line number Original line Diff line number Diff line
@@ -66,6 +66,7 @@ struct tb_switch_nvm { 
 * @nvm: Pointer to the NVM if the switch has one (%NULL otherwise)

 * @nvm: Pointer to the NVM if the switch has one (%NULL otherwise)

 * @no_nvm_upgrade: Prevent NVM upgrade of this switch

 * @no_nvm_upgrade: Prevent NVM upgrade of this switch

 * @safe_mode: The switch is in safe-mode

 * @safe_mode: The switch is in safe-mode

 * @boot: Whether the switch was already authorized on boot or not

 * @authorized: Whether the switch is authorized by user or policy

 * @authorized: Whether the switch is authorized by user or policy

 * @work: Work used to automatically authorize a switch

 * @work: Work used to automatically authorize a switch

 * @security_level: Switch supported security level

 * @security_level: Switch supported security level
@@ -99,6 +100,7 @@ struct tb_switch { 
	struct tb_switch_nvm *nvm;

	struct tb_switch_nvm *nvm;

	bool no_nvm_upgrade;

	bool no_nvm_upgrade;

	bool safe_mode;

	bool safe_mode;

	bool boot;

	unsigned int authorized;

	unsigned int authorized;

	struct work_struct work;

	struct work_struct work;

	enum tb_security_level security_level;

	enum tb_security_level security_level;

drivers/thunderbolt/tb_msgs.h

+1 −0
Original line number Original line Diff line number Diff line
@@ -179,6 +179,7 @@ struct icm_fr_event_device_connected { 
#define ICM_LINK_INFO_DEPTH_MASK	GENMASK(7, 4)

#define ICM_LINK_INFO_DEPTH_MASK	GENMASK(7, 4)

#define ICM_LINK_INFO_APPROVED		BIT(8)

#define ICM_LINK_INFO_APPROVED		BIT(8)

#define ICM_LINK_INFO_REJECTED		BIT(9)

#define ICM_LINK_INFO_REJECTED		BIT(9)

#define ICM_LINK_INFO_BOOT		BIT(10)





struct icm_fr_pkg_approve_device {

struct icm_fr_pkg_approve_device {

	struct icm_pkg_header hdr;

	struct icm_pkg_header hdr;