Lines Matching +full:attribute +full:- +full:set
1 What: /sys/class/firmware-attributes/*/attributes/*/
12 Unless otherwise specified in an attribute description all attributes are optional
13 and will accept UTF-8 input.
16 A file that can be read to obtain the type of attribute.
17 This attribute is mandatory.
21 - enumeration: a set of pre-defined valid values
22 - integer: a range of numerical values
23 - string
26 -----------------
27 - ordered-list - a set of ordered list valid values
30 All attribute types support the following values:
39 This attribute is mandatory.
54 "enumeration"-type specific properties:
59 semi-colon (``;``).
61 "integer"-type specific properties:
73 increments of current_value this attribute accepts.
75 "string"-type specific properties:
86 ------------------------------
91 A file that can be read to obtain attribute-level
92 dependency rule. It says an attribute X will become read-only or
93 suppressed, if/if-not attribute Y is configured.
97 [ReadOnlyIf:<attribute>=<value>]
98 [ReadOnlyIfNot:<attribute>=<value>]
99 [SuppressIf:<attribute>=<value>]
100 [SuppressIfNot:<attribute>=<value>]
108 attribute is not "SelectDays" and its value will not be effective
114 A file that can be read to obtain value-level dependency.
116 attribute's current value will be forcefully changed based
121 <value>[ForceIf:<attribute>=<value>]
122 <value>[ForceIfNot:<attribute>=<value>]
135 ------------------------------
139 "ordered-list"-type specific properties:
144 semi-colon (``;``) and listed according to their priority.
147 the priority order for the particular attribute.
149 What: /sys/class/firmware-attributes/*/authentication/
159 For example a "BIOS Admin" password and "System" Password can be set,
162 - An "Admin" password is used for preventing modification to the BIOS
164 - A "System" password is required to boot a machine.
172 This attribute is mandatory.
176 This attribute is mandatory.
179 bios-admin:
181 power-on:
184 system-mgmt:
195 The means of authentication. This attribute is mandatory.
208 setting attributes when a system or admin password is set
211 This attribute is mandatory when mechanism == "password".
217 Note, password management is session specific. If Admin password is set,
219 password-validation) and must be cleared once the session is over.
226 Drivers may emit a CHANGE uevent when a password is set or unset
229 On Dell, Lenovo and HP systems, if Admin password is set, then all BIOS attributes
235 --------------------------------
239 role: system-mgmt This gives the same authority as the bios-admin password to control
240 security related features. The authorities allocated can be set via
248 or "scancode". Default is set to "ascii"
253 Default is set to "us"
256 Available for HDD and NVMe authentication to set 'user' or 'master'
259 unlock the drive at boot. If both master and user passwords are set
260 then either can be used. If a master password is set a user password
262 This attribute defaults to 'user' level
265 Used with HDD and NVME authentication to set the drive index
267 This attribute defaults to device 1.
273 The user writes to the attribute(s) with a BASE64 encoded string obtained
298 echo Enable > attribute/PasswordBeep/current_value
301 has not been set.
302 Clearing the certificate results in no bios-admin authentication method
308 Read only attribute used to display the MD5, SHA1 and SHA256 thumbprints
312 Write only attribute used to switch from certificate based authentication
320 --------------------------------
324 role: enhanced-bios-auth:
325 This role is specific to Secure Platform Management (SPM) attribute.
329 What: /sys/class/firmware-attributes/*/attributes/pending_reboot
336 A read-only attribute reads 1 if a reboot is necessary to apply
337 pending BIOS attribute changes. Also, an uevent_KOBJ_CHANGE is
343 attribute changes applied
349 1. Check if admin password is set. If yes, follow session method for
351 2. Before setting any attribute, check if it has any modifiers
353 attribute.
358 What: /sys/class/firmware-attributes/*/attributes/reset_bios
365 This attribute can be used to reset the BIOS Configuration.
371 - 'builtinsafe' (Built in safe configuration profile)
372 - 'lastknowngood' (Last known good saved configuration profile)
373 - 'factory' (Default factory settings configuration profile)
374 - 'custom' (Custom saved configuration profile)
379 # echo "factory" > /sys/class/firmware-attributes/*/device/attributes/reset_bios
380 # cat /sys/class/firmware-attributes/*/device/attributes/reset_bios
383 Note that any changes to this attribute requires a reboot
386 What: /sys/class/firmware-attributes/*/attributes/save_settings
389 Contact: Mark Pearson <mpearson-lenovo@squebb.ca>
391 On Lenovo platforms there is a limitation in the number of times an attribute can be
394 A solution for this is instead of the attribute being saved after every modification,
395 to allow a user to bulk set the attributes, and then trigger a final save. This allows
398 Read the attribute to check what save mode is enabled (single or bulk).
400 # cat /sys/class/firmware-attributes/thinklmi/attributes/save_settings
403 Write the attribute with 'bulk' to enable bulk save mode.
404 Write the attribute with 'single' to enable saving, after every attribute set.
407 # echo bulk > /sys/class/firmware-attributes/thinklmi/attributes/save_settings
410 Note, once a save has been triggered, in bulk mode, attributes can no longer be set and
414 # echo save > /sys/class/firmware-attributes/thinklmi/attributes/save_settings
416 What: /sys/class/firmware-attributes/*/attributes/debug_cmd
421 This write only attribute can be used to send debug commands to the BIOS.
425 Note that any changes to this attribute requires a reboot for changes to take effect.
428 HP specific class extensions - Secure Platform Manager (SPM)
429 --------------------------------
431 What: /sys/class/firmware-attributes/*/authentication/SPM/kek
436 'kek' Key-Encryption-Key is a write-only file that can be used to configure the
443 What: /sys/class/firmware-attributes/*/authentication/SPM/sk
448 'sk' Signature Key is a write-only file that can be used to configure the RSA
454 What: /sys/class/firmware-attributes/*/authentication/SPM/status
459 'status' is a read-only file that returns ASCII text in JSON format reporting
464 "Nonce": <16-bit unsigned number display in base 10>,
465 "FeaturesInUse": <16-bit unsigned number display in base 10>,
469 What: /sys/class/firmware-attributes/*/attributes/Sure_Start/audit_log_entries
474 'audit_log_entries' is a read-only file that returns the events in the log.
478 Byte 0-15: Requested Audit Log entry (Each Audit log is 16 bytes)
479 Byte 16-127: Unused
481 What: /sys/class/firmware-attributes/*/attributes/Sure_Start/audit_log_entry_count
486 'audit_log_entry_count' is a read-only file that returns the number of existing