tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: ccp - Add sysfs attribute for boot integrity

The boot integrity attribute represents that the CPU or APU is used for the
hardware root of trust in the boot process. This bit only represents the
CPU/APU and some vendors have other hardware root of trust implementations
specific to their designs.

Link: https://github.com/fwupd/fwupd/pull/9825
Reviewed-by: Mark Pearson <mpearson-lenovo@squebb.ca>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Mario Limonciello and committed by
Herbert Xu 90f7520b 64ae90a8

+19 -1
+15
Documentation/ABI/testing/sysfs-driver-ccp
··· 8 8 0: Not fused 9 9 1: Fused 10 10 11 + What: /sys/bus/pci/devices/<BDF>/boot_integrity 12 + Date: April 2026 13 + KernelVersion: 6.20 14 + Contact: mario.limonciello@amd.com 15 + Description: 16 + The /sys/bus/pci/devices/<BDF>/boot_integrity reports 17 + whether the AMD CPU or APU is used for a hardware root of trust 18 + during the boot process. 19 + Possible values: 20 + 0: Not hardware root of trust. 21 + 1: Hardware root of trust 22 + 23 + NOTE: Vendors may provide design specific alternative hardware 24 + root of trust implementations. 25 + 11 26 What: /sys/bus/pci/devices/<BDF>/debug_lock_on 12 27 Date: June 2022 13 28 KernelVersion: 5.19
+3
drivers/crypto/ccp/hsti.c
··· 30 30 31 31 security_attribute_show(fused_part) 32 32 static DEVICE_ATTR_RO(fused_part); 33 + security_attribute_show(boot_integrity) 34 + static DEVICE_ATTR_RO(boot_integrity); 33 35 security_attribute_show(debug_lock_on) 34 36 static DEVICE_ATTR_RO(debug_lock_on); 35 37 security_attribute_show(tsme_status) ··· 49 47 50 48 static struct attribute *psp_security_attrs[] = { 51 49 &dev_attr_fused_part.attr, 50 + &dev_attr_boot_integrity.attr, 52 51 &dev_attr_debug_lock_on.attr, 53 52 &dev_attr_tsme_status.attr, 54 53 &dev_attr_anti_rollback_status.attr,
+1 -1
drivers/crypto/ccp/psp-dev.h
··· 36 36 rsvd1 :3, 37 37 security_reporting :1, 38 38 fused_part :1, 39 - rsvd2 :1, 39 + boot_integrity :1, 40 40 debug_lock_on :1, 41 41 rsvd3 :2, 42 42 tsme_status :1,