|
| 1 | +What: /sys/class/firmware-attributes/*/attributes/*/ |
| 2 | +Date: February 2021 |
| 3 | +KernelVersion: 5.11 |
| 4 | +Contact: Divya Bharathi < [email protected]>, |
| 5 | + Mario Limonciello < [email protected]>, |
| 6 | + |
| 7 | +Description: |
| 8 | + A sysfs interface for systems management software to enable |
| 9 | + configuration capability on supported systems. This directory |
| 10 | + exposes interfaces for interacting with configuration options. |
| 11 | + |
| 12 | + Unless otherwise specified in an attribute description all attributes are optional |
| 13 | + and will accept UTF-8 input. |
| 14 | + |
| 15 | + type: A file that can be read to obtain the type of attribute. This attribute is |
| 16 | + mandatory. |
| 17 | + |
| 18 | + The following are known types: |
| 19 | + - enumeration: a set of pre-defined valid values |
| 20 | + - integer: a range of numerical values |
| 21 | + - string |
| 22 | + |
| 23 | + All attribute types support the following values: |
| 24 | + |
| 25 | + current_value: A file that can be read to obtain the current |
| 26 | + value of the <attr>. |
| 27 | + |
| 28 | + This file can also be written to in order to update the value of a |
| 29 | + <attr> |
| 30 | + |
| 31 | + This attribute is mandatory. |
| 32 | + |
| 33 | + default_value: A file that can be read to obtain the default |
| 34 | + value of the <attr> |
| 35 | + |
| 36 | + display_name: A file that can be read to obtain a user friendly |
| 37 | + description of the at <attr> |
| 38 | + |
| 39 | + display_name_language_code: A file that can be read to obtain |
| 40 | + the IETF language tag corresponding to the |
| 41 | + "display_name" of the <attr> |
| 42 | + |
| 43 | + "enumeration"-type specific properties: |
| 44 | + |
| 45 | + possible_values: A file that can be read to obtain the possible |
| 46 | + values of the <attr>. Values are separated using |
| 47 | + semi-colon (``;``). |
| 48 | + |
| 49 | + "integer"-type specific properties: |
| 50 | + |
| 51 | + min_value: A file that can be read to obtain the lower |
| 52 | + bound value of the <attr> |
| 53 | + |
| 54 | + max_value: A file that can be read to obtain the upper |
| 55 | + bound value of the <attr> |
| 56 | + |
| 57 | + scalar_increment: A file that can be read to obtain the scalar value used for |
| 58 | + increments of current_value this attribute accepts. |
| 59 | + |
| 60 | + "string"-type specific properties: |
| 61 | + |
| 62 | + max_length: A file that can be read to obtain the maximum |
| 63 | + length value of the <attr> |
| 64 | + |
| 65 | + min_length: A file that can be read to obtain the minimum |
| 66 | + length value of the <attr> |
| 67 | + |
| 68 | + Dell specific class extensions |
| 69 | + -------------------------- |
| 70 | + |
| 71 | + On Dell systems the following additional attributes are available: |
| 72 | + |
| 73 | + dell_modifier: A file that can be read to obtain attribute-level |
| 74 | + dependency rule. It says an attribute X will become read-only or |
| 75 | + suppressed, if/if-not attribute Y is configured. |
| 76 | + |
| 77 | + modifier rules can be in following format: |
| 78 | + [ReadOnlyIf:<attribute>=<value>] |
| 79 | + [ReadOnlyIfNot:<attribute>=<value>] |
| 80 | + [SuppressIf:<attribute>=<value>] |
| 81 | + [SuppressIfNot:<attribute>=<value>] |
| 82 | + |
| 83 | + For example: |
| 84 | + AutoOnFri/dell_modifier has value, |
| 85 | + [SuppressIfNot:AutoOn=SelectDays] |
| 86 | + |
| 87 | + This means AutoOnFri will be suppressed in BIOS setup if AutoOn |
| 88 | + attribute is not "SelectDays" and its value will not be effective |
| 89 | + through sysfs until this rule is met. |
| 90 | + |
| 91 | + Enumeration attributes also support the following: |
| 92 | + |
| 93 | + dell_value_modifier: A file that can be read to obtain value-level dependency. |
| 94 | + This file is similar to dell_modifier but here, an |
| 95 | + attribute's current value will be forcefully changed based |
| 96 | + dependent attributes value. |
| 97 | + |
| 98 | + dell_value_modifier rules can be in following format: |
| 99 | + <value>[ForceIf:<attribute>=<value>] |
| 100 | + <value>[ForceIfNot:<attribute>=<value>] |
| 101 | + |
| 102 | + For example, |
| 103 | + LegacyOrom/dell_value_modifier has value: |
| 104 | + Disabled[ForceIf:SecureBoot=Enabled] |
| 105 | + This means LegacyOrom's current value will be forced to |
| 106 | + "Disabled" in BIOS setup if SecureBoot is Enabled and its |
| 107 | + value will not be effective through sysfs until this rule is |
| 108 | + met. |
| 109 | + |
| 110 | +What: /sys/class/firmware-attributes/*/authentication/ |
| 111 | +Date: February 2021 |
| 112 | +KernelVersion: 5.11 |
| 113 | +Contact: Divya Bharathi < [email protected]>, |
| 114 | + Mario Limonciello < [email protected]>, |
| 115 | + |
| 116 | + |
| 117 | + Devices support various authentication mechanisms which can be exposed |
| 118 | + as a separate configuration object. |
| 119 | + |
| 120 | + For example a "BIOS Admin" password and "System" Password can be set, |
| 121 | + reset or cleared using these attributes. |
| 122 | + - An "Admin" password is used for preventing modification to the BIOS |
| 123 | + settings. |
| 124 | + - A "System" password is required to boot a machine. |
| 125 | + |
| 126 | + Change in any of these two authentication methods will also generate an |
| 127 | + uevent KOBJ_CHANGE. |
| 128 | + |
| 129 | + is_enabled: A file that can be read to obtain a 0/1 flag to see if |
| 130 | + <attr> authentication is enabled. |
| 131 | + This attribute is mandatory. |
| 132 | + |
| 133 | + role: The type of authentication used. |
| 134 | + This attribute is mandatory. |
| 135 | + Known types: |
| 136 | + bios-admin: Representing BIOS administrator password |
| 137 | + power-on: Representing a password required to use |
| 138 | + the system |
| 139 | + |
| 140 | + mechanism: The means of authentication. This attribute is mandatory. |
| 141 | + Only supported type currently is "password". |
| 142 | + |
| 143 | + max_password_length: A file that can be read to obtain the |
| 144 | + maximum length of the Password |
| 145 | + |
| 146 | + min_password_length: A file that can be read to obtain the |
| 147 | + minimum length of the Password |
| 148 | + |
| 149 | + current_password: A write only value used for privileged access such as |
| 150 | + setting attributes when a system or admin password is set |
| 151 | + or resetting to a new password |
| 152 | + |
| 153 | + This attribute is mandatory when mechanism == "password". |
| 154 | + |
| 155 | + new_password: A write only value that when used in tandem with |
| 156 | + current_password will reset a system or admin password. |
| 157 | + |
| 158 | + Note, password management is session specific. If Admin password is set, |
| 159 | + same password must be written into current_password file (required for |
| 160 | + password-validation) and must be cleared once the session is over. |
| 161 | + For example: |
| 162 | + echo "password" > current_password |
| 163 | + echo "disabled" > TouchScreen/current_value |
| 164 | + echo "" > current_password |
| 165 | + |
| 166 | + Drivers may emit a CHANGE uevent when a password is set or unset |
| 167 | + userspace may check it again. |
| 168 | + |
| 169 | + On Dell systems, if Admin password is set, then all BIOS attributes |
| 170 | + require password validation. |
| 171 | + |
| 172 | +What: /sys/class/firmware-attributes/*/attributes/pending_reboot |
| 173 | +Date: February 2021 |
| 174 | +KernelVersion: 5.11 |
| 175 | +Contact: Divya Bharathi < [email protected]>, |
| 176 | + Mario Limonciello < [email protected]>, |
| 177 | + |
| 178 | +Description: |
| 179 | + A read-only attribute reads 1 if a reboot is necessary to apply |
| 180 | + pending BIOS attribute changes. Also, an uevent_KOBJ_CHANGE is |
| 181 | + generated when it changes to 1. |
| 182 | + |
| 183 | + 0: All BIOS attributes setting are current |
| 184 | + 1: A reboot is necessary to get pending BIOS attribute changes |
| 185 | + applied |
| 186 | + |
| 187 | + Note, userspace applications need to follow below steps for efficient |
| 188 | + BIOS management, |
| 189 | + 1. Check if admin password is set. If yes, follow session method for |
| 190 | + password management as briefed under authentication section above. |
| 191 | + 2. Before setting any attribute, check if it has any modifiers |
| 192 | + or value_modifiers. If yes, incorporate them and then modify |
| 193 | + attribute. |
| 194 | + |
| 195 | + Drivers may emit a CHANGE uevent when this value changes and userspace |
| 196 | + may check it again. |
| 197 | + |
| 198 | +What: /sys/class/firmware-attributes/*/attributes/reset_bios |
| 199 | +Date: February 2021 |
| 200 | +KernelVersion: 5.11 |
| 201 | +Contact: Divya Bharathi < [email protected]>, |
| 202 | + Mario Limonciello < [email protected]>, |
| 203 | + |
| 204 | +Description: |
| 205 | + This attribute can be used to reset the BIOS Configuration. |
| 206 | + Specifically, it tells which type of reset BIOS configuration is being |
| 207 | + requested on the host. |
| 208 | + |
| 209 | + Reading from it returns a list of supported options encoded as: |
| 210 | + |
| 211 | + 'builtinsafe' (Built in safe configuration profile) |
| 212 | + 'lastknowngood' (Last known good saved configuration profile) |
| 213 | + 'factory' (Default factory settings configuration profile) |
| 214 | + 'custom' (Custom saved configuration profile) |
| 215 | + |
| 216 | + The currently selected option is printed in square brackets as |
| 217 | + shown below: |
| 218 | + |
| 219 | + # echo "factory" > /sys/class/firmware-attributes/*/device/attributes/reset_bios |
| 220 | + # cat /sys/class/firmware-attributes/*/device/attributes/reset_bios |
| 221 | + # builtinsafe lastknowngood [factory] custom |
| 222 | + |
| 223 | + Note that any changes to this attribute requires a reboot |
| 224 | + for changes to take effect. |
0 commit comments