xref: /linux/Documentation/ABI/testing/sysfs-class-firmware-attributes (revision a4eb44a6435d6d8f9e642407a4a06f65eb90ca04)
1What:		/sys/class/firmware-attributes/*/attributes/*/
2Date:		February 2021
3KernelVersion:	5.11
4Contact:	Divya Bharathi <Divya.Bharathi@Dell.com>,
5		Prasanth KSR <prasanth.ksr@dell.com>
6		Dell.Client.Kernel@dell.com
7Description:
8		A sysfs interface for systems management software to enable
9		configuration capability on supported systems.  This directory
10		exposes interfaces for interacting with configuration options.
11
12		Unless otherwise specified in an attribute description all attributes are optional
13		and will accept UTF-8 input.
14
15		type:
16		    A file that can be read to obtain the type of attribute.
17		    This attribute is mandatory.
18
19		The following are known types:
20
21			- enumeration: a set of pre-defined valid values
22			- integer: a range of numerical values
23			- string
24
25		All attribute types support the following values:
26
27		current_value:
28				A file that can be read to obtain the current
29				value of the <attr>.
30
31				This file can also be written to in order to update the value of a
32				<attr>
33
34				This attribute is mandatory.
35
36		default_value:
37				A file that can be read to obtain the default
38				value of the <attr>
39
40		display_name:
41				A file that can be read to obtain a user friendly
42				description of the at <attr>
43
44		display_name_language_code:
45						A file that can be read to obtain
46						the IETF language tag corresponding to the
47						"display_name" of the <attr>
48
49		"enumeration"-type specific properties:
50
51		possible_values:
52					A file that can be read to obtain the possible
53					values of the <attr>. Values are separated using
54					semi-colon (``;``).
55
56		"integer"-type specific properties:
57
58		min_value:
59				A file that can be read to obtain the lower
60				bound value of the <attr>
61
62		max_value:
63				A file that can be read to obtain the upper
64				bound value of the <attr>
65
66		scalar_increment:
67					A file that can be read to obtain the scalar value used for
68					increments of current_value this attribute accepts.
69
70		"string"-type specific properties:
71
72		max_length:
73				A file that can be read to obtain the maximum
74				length value of the <attr>
75
76		min_length:
77				A file that can be read to obtain the minimum
78				length value of the <attr>
79
80		Dell specific class extensions
81		------------------------------
82
83		On Dell systems the following additional attributes are available:
84
85		dell_modifier:
86				A file that can be read to obtain attribute-level
87				dependency rule. It says an attribute X will become read-only or
88				suppressed, if/if-not attribute Y is configured.
89
90				modifier rules can be in following format::
91
92				    [ReadOnlyIf:<attribute>=<value>]
93				    [ReadOnlyIfNot:<attribute>=<value>]
94				    [SuppressIf:<attribute>=<value>]
95				    [SuppressIfNot:<attribute>=<value>]
96
97				For example::
98
99				    AutoOnFri/dell_modifier has value,
100					    [SuppressIfNot:AutoOn=SelectDays]
101
102				This means AutoOnFri will be suppressed in BIOS setup if AutoOn
103				attribute is not "SelectDays" and its value will not be effective
104				through sysfs until this rule is met.
105
106		Enumeration attributes also support the following:
107
108		dell_value_modifier:
109					A file that can be read to obtain value-level dependency.
110					This file is similar to dell_modifier but here,	an
111					attribute's current value will be forcefully changed based
112					dependent attributes value.
113
114					dell_value_modifier rules can be in following format::
115
116					    <value>[ForceIf:<attribute>=<value>]
117					    <value>[ForceIfNot:<attribute>=<value>]
118
119					For example:
120
121					    LegacyOrom/dell_value_modifier has value:
122						    Disabled[ForceIf:SecureBoot=Enabled]
123
124					This means LegacyOrom's current value will be forced to
125					"Disabled" in BIOS setup if SecureBoot is Enabled and its
126					value will not be effective through sysfs until this rule is
127					met.
128
129What:		/sys/class/firmware-attributes/*/authentication/
130Date:		February 2021
131KernelVersion:	5.11
132Contact:	Divya Bharathi <Divya.Bharathi@Dell.com>,
133		Prasanth KSR <prasanth.ksr@dell.com>
134		Dell.Client.Kernel@dell.com
135Description:
136		Devices support various authentication mechanisms which can be exposed
137		as a separate configuration object.
138
139		For example a "BIOS Admin" password and "System" Password can be set,
140		reset or cleared using these attributes.
141
142		- An "Admin" password is used for preventing modification to the BIOS
143		  settings.
144		- A "System" password is required to boot a machine.
145
146		Change in any of these two authentication methods will also generate an
147		uevent KOBJ_CHANGE.
148
149		is_enabled:
150					A file that can be read to obtain a 0/1 flag to see if
151					<attr> authentication is enabled.
152					This attribute is mandatory.
153
154		role:
155					The type of authentication used.
156					This attribute is mandatory.
157
158					Known types:
159						bios-admin:
160							Representing BIOS administrator password
161						power-on:
162							Representing a password required to use
163							the system
164						system-mgmt:
165							Representing System Management password.
166							See Lenovo extensions section for details
167						HDD:
168							Representing HDD password
169							See Lenovo extensions section for details
170						NVMe:
171							Representing NVMe password
172							See Lenovo extensions section for details
173
174		mechanism:
175					The means of authentication.  This attribute is mandatory.
176					Only supported type currently is "password".
177
178		max_password_length:
179					A file that can be read to obtain the
180					maximum length of the Password
181
182		min_password_length:
183					A file that can be read to obtain the
184					minimum length of the Password
185
186		current_password:
187					A write only value used for privileged access such as
188					setting	attributes when a system or admin password is set
189					or resetting to a new password
190
191					This attribute is mandatory when mechanism == "password".
192
193		new_password:
194					A write only value that when used in tandem with
195					current_password will reset a system or admin password.
196
197		Note, password management is session specific. If Admin password is set,
198		same password must be written into current_password file (required for
199		password-validation) and must be cleared once the session is over.
200		For example::
201
202			echo "password" > current_password
203			echo "disabled" > TouchScreen/current_value
204			echo "" > current_password
205
206		Drivers may emit a CHANGE uevent when a password is set or unset
207		userspace may check it again.
208
209		On Dell and Lenovo systems, if Admin password is set, then all BIOS attributes
210		require password validation.
211		On Lenovo systems if you change the Admin password the new password is not active until
212		the next boot.
213
214		Lenovo specific class extensions
215		------------------------------
216
217		On Lenovo systems the following additional settings are available:
218
219		role: system-mgmt	This gives the same authority as the bios-admin password to control
220					security related features. The authorities allocated can be set via
221					the BIOS menu SMP Access Control Policy
222
223		role: HDD & NVMe	This password is used to unlock access to the drive at boot. Note see
224					'level' and 'index' extensions below.
225
226		lenovo_encoding:
227					The encoding method that is used. This can be either "ascii"
228					or "scancode". Default is set to "ascii"
229
230		lenovo_kbdlang:
231					The keyboard language method that is used. This is generally a
232					two char code (e.g. "us", "fr", "gr") and may vary per platform.
233					Default is set to "us"
234
235		level:
236					Available for HDD and NVMe authentication to set 'user' or 'master'
237					privilege level.
238					If only the user password is configured then this should be used to
239					unlock the drive at boot. If both master and user passwords are set
240					then either can be used. If a master password is set a user password
241					is required.
242					This attribute defaults to 'user' level
243
244		index:
245					Used with HDD and NVME authentication to set the drive index
246					that is being referenced (e.g hdd0, hdd1 etc)
247					This attribute defaults to device 0.
248
249
250
251What:		/sys/class/firmware-attributes/*/attributes/pending_reboot
252Date:		February 2021
253KernelVersion:	5.11
254Contact:	Divya Bharathi <Divya.Bharathi@Dell.com>,
255		Prasanth KSR <prasanth.ksr@dell.com>
256		Dell.Client.Kernel@dell.com
257Description:
258		A read-only attribute reads 1 if a reboot is necessary to apply
259		pending BIOS attribute changes. Also, an uevent_KOBJ_CHANGE is
260		generated when it changes to 1.
261
262			==	=========================================
263			0	All BIOS attributes setting are current
264			1	A reboot is necessary to get pending BIOS
265			        attribute changes applied
266			==	=========================================
267
268		Note, userspace applications need to follow below steps for efficient
269		BIOS management,
270
271		1.	Check if admin password is set. If yes, follow session method for
272			password management as briefed under authentication section above.
273		2.	Before setting any attribute, check if it has any modifiers
274			or value_modifiers. If yes, incorporate them and then modify
275			attribute.
276
277		Drivers may emit a CHANGE uevent when this value changes and userspace
278		may check it again.
279
280What:		/sys/class/firmware-attributes/*/attributes/reset_bios
281Date:		February 2021
282KernelVersion:	5.11
283Contact:	Divya Bharathi <Divya.Bharathi@Dell.com>,
284		Prasanth KSR <prasanth.ksr@dell.com>
285		Dell.Client.Kernel@dell.com
286Description:
287		This attribute can be used to reset the BIOS Configuration.
288		Specifically, it tells which type of reset BIOS configuration is being
289		requested on the host.
290
291		Reading from it returns a list of supported options encoded as:
292
293			- 'builtinsafe' (Built in safe configuration profile)
294			- 'lastknowngood' (Last known good saved configuration profile)
295			- 'factory' (Default factory settings configuration profile)
296			- 'custom' (Custom saved configuration profile)
297
298		The currently selected option is printed in square brackets as
299		shown below::
300
301		    # echo "factory" > /sys/class/firmware-attributes/*/device/attributes/reset_bios
302		    # cat /sys/class/firmware-attributes/*/device/attributes/reset_bios
303		    # builtinsafe lastknowngood [factory] custom
304
305		Note that any changes to this attribute requires a reboot
306		for changes to take effect.
307
308What:		/sys/class/firmware-attributes/*/attributes/debug_cmd
309Date:		July 2021
310KernelVersion:	5.14
311Contact:	Mark Pearson <markpearson@lenovo.com>
312Description:
313		This write only attribute can be used to send debug commands to the BIOS.
314		This should only be used when recommended by the BIOS vendor. Vendors may
315		use it to enable extra debug attributes or BIOS features for testing purposes.
316
317		Note that any changes to this attribute requires a reboot for changes to take effect.
318