* [PATCH v6 0/4] Introduction of HP-BIOSCFG driver
@ 2023-03-09 20:10 Jorge Lopez
2023-03-09 20:10 ` [PATCH v6 1/4] " Jorge Lopez
` (3 more replies)
0 siblings, 4 replies; 18+ messages in thread
From: Jorge Lopez @ 2023-03-09 20:10 UTC (permalink / raw)
To: hdegoede, platform-driver-x86
Version 6 restructures the patches submitted in previous versions.
Earlier hp-bioscfg patches were squashed together before creating
the new split. SureAdmin-attributes was removed completely and
new functionality was introduced to replace its behavior. The
new functionality is fully compliant to firmware-attributes
framework.
Version 6
- Breaks down the changes into 4 patches
- SureAdmin-attributes was removed
Jorge Lopez (4):
Introduction of HP-BIOSCFG driver
Introduction of HP-BIOSCFG driver [2]
Introduction of HP-BIOSCFG driver [3]
Introduction of HP-BIOSCFG driver [4]
.../testing/sysfs-class-firmware-attributes | 107 +-
MAINTAINERS | 6 +
drivers/platform/x86/hp/hp-bioscfg/Makefile | 13 +
.../x86/hp/hp-bioscfg/biosattr-interface.c | 303 +++++
drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 1017 +++++++++++++++++
drivers/platform/x86/hp/hp-bioscfg/bioscfg.h | 654 +++++++++++
.../x86/hp/hp-bioscfg/enum-attributes.c | 553 +++++++++
.../x86/hp/hp-bioscfg/int-attributes.c | 472 ++++++++
.../x86/hp/hp-bioscfg/ordered-attributes.c | 571 +++++++++
.../x86/hp/hp-bioscfg/passwdattr-interface.c | 51 +
.../x86/hp/hp-bioscfg/passwdobj-attributes.c | 676 +++++++++++
.../x86/hp/hp-bioscfg/spmobj-attributes.c | 460 ++++++++
.../x86/hp/hp-bioscfg/string-attributes.c | 459 ++++++++
.../x86/hp/hp-bioscfg/surestart-attributes.c | 149 +++
14 files changed, 5490 insertions(+), 1 deletion(-)
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/Makefile
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.c
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/passwdattr-interface.c
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
--
2.34.1
^ permalink raw reply [flat|nested] 18+ messages in thread
* [PATCH v6 1/4] Introduction of HP-BIOSCFG driver
2023-03-09 20:10 [PATCH v6 0/4] Introduction of HP-BIOSCFG driver Jorge Lopez
@ 2023-03-09 20:10 ` Jorge Lopez
2023-04-02 16:28 ` Thomas Weißschuh
2023-03-09 20:10 ` [PATCH v6 2/4] Introduction of HP-BIOSCFG driver [2] Jorge Lopez
` (2 subsequent siblings)
3 siblings, 1 reply; 18+ messages in thread
From: Jorge Lopez @ 2023-03-09 20:10 UTC (permalink / raw)
To: hdegoede, platform-driver-x86
The purpose for this patch is submit HP BIOSCFG driver to be list of
HP Linux kernel drivers. The driver include a total of 12 files
broken in several patches.
HP BIOS Configuration driver purpose is to provide a driver supporting
the latest sysfs class firmware attributes framework allowing the user
to change BIOS settings and security solutions on HP Inc.’s commercial
notebooks.
Many features of HP Commercial PC’s can be managed using Windows
Management Instrumentation (WMI). WMI is an implementation of Web-Based
Enterprise Management (WBEM) that provides a standards-based interface
for changing and monitoring system settings. HP BISOCFG driver provides
a native Linux solution and the exposed features facilitates the
migration to Linux environments.
The Linux security features to be provided in hp-bioscfg driver enables
managing the BIOS settings and security solutions via sysfs, a virtual
filesystem that can be used by user-mode applications. The new
documentation cover features such Secure Platform Management, Sure
Admin, and Sure Start. Each section provides security feature
description and identifies sysfs directories and files exposed by
the driver.
Many HP Commercial PC’s include a feature called Secure Platform
Management (SPM), which replaces older password-based BIOS settings
management with public key cryptography. PC secure product management
begins when a target system is provisioned with cryptographic keys
that are used to ensure the integrity of communications between system
management utilities and the BIOS.
HP Commercial PC’s have several BIOS settings that control its behaviour
and capabilities, many of which are related to security. To prevent
unauthorized changes to these settings, the system can be configured
to use a Sure Admin cryptographic signature-based authorization string
that the BIOS will use to verify authorization to modify the setting.
Signed-off-by: Jorge Lopez <jorge.lopez2@hp.com>
---
Based on the latest platform-drivers-x86.git/for-next
History
Version 6
Breaks down the changes into 4 patches
SureAdmin-attributes was removed
Version 5
Remove version 4 patch 1
Address review changes proposed in Version 4
Reorganize all patches number and file order
---
.../x86/hp/hp-bioscfg/spmobj-attributes.c | 460 ++++++++++++++++++
.../x86/hp/hp-bioscfg/string-attributes.c | 459 +++++++++++++++++
.../x86/hp/hp-bioscfg/surestart-attributes.c | 149 ++++++
3 files changed, 1068 insertions(+)
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
diff --git a/drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
new file mode 100644
index 000000000000..60a7bcfd7951
--- /dev/null
+++ b/drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
@@ -0,0 +1,460 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Functions corresponding to secure platform management object type
+ * attributes under BIOS PASSWORD for use with hp-bioscfg driver
+ *
+ * Copyright (c) 2022 HP Development Company, L.P.
+ */
+
+#include "bioscfg.h"
+
+#define MAX_KEK_BLOB_SIZE 4160
+#define MAX_SK_BLOB_SIZE 516
+
+enum spm_states_values {
+ NOT_PROVISIONED = 0x00,
+ PROVISIONED = 0x01,
+ PROVISIONING_IN_PROGRESS = 0x02
+};
+
+static const char * const spm_state_types[] = {
+ "not provisioned",
+ "provisioned",
+ "provisioning in progress"
+};
+
+
+int check_spm_is_enabled(void)
+{
+ /* do we need to check the admin password is also configured */
+ return bioscfg_drv.spm_data.is_enabled;
+}
+
+/*
+ * calculate_security_buffer() - determines size of security buffer
+ * for authentication scheme
+ *
+ * @authentication: the authentication content
+ *
+ * Currently only supported type is Admin password
+ */
+size_t calculate_security_buffer(const char *authentication)
+{
+ int size;
+
+ if (authentication != NULL && strlen(authentication) > 0) {
+
+ size = (sizeof(u16) + (strlen(authentication) * sizeof(u16)));
+ if (strncmp(authentication, BEAM_PREFIX, strlen(BEAM_PREFIX)) != 0)
+ size += (strlen(UTF_PREFIX) * sizeof(u16));
+
+ return size;
+ }
+
+ size = sizeof(u16) * 2;
+ return size;
+}
+
+/*
+ * populate_security_buffer() - builds a security buffer for
+ * authentication scheme
+ *
+ * @buffer: the buffer to populate
+ * @authentication: the authentication content
+ *
+ * Currently only supported type is PLAIN TEXT
+ */
+void populate_security_buffer(u16 *buffer, const char *authentication)
+{
+ u16 *auth = buffer;
+ char *strprefix = NULL;
+
+ if (strncmp(authentication, BEAM_PREFIX, strlen(BEAM_PREFIX)) == 0) {
+ /*
+ * BEAM_PREFIX is append to buffer when a signature
+ * is provided and Sure Admin is enabled in BIOS
+ */
+ // BEAM_PREFIX found, convert part to unicode
+ auth = ascii_to_utf16_unicode(auth, authentication);
+ } else {
+ /*
+ * UTF-16 prefix is append to the * buffer when a BIOS
+ * admin password is configured in BIOS
+ */
+
+ // append UTF_PREFIX to part and then convert it to unicode
+ strprefix = kasprintf(GFP_KERNEL, "%s%s", UTF_PREFIX,
+ authentication);
+ if (!strprefix)
+ goto out_populate_security_buffer;
+
+ auth = ascii_to_utf16_unicode(auth, strprefix);
+ }
+out_populate_security_buffer:
+
+ kfree(strprefix);
+ strprefix = NULL;
+}
+
+ssize_t update_spm_state(void)
+{
+ int ret;
+ struct secureplatform_provisioning_data *data = NULL;
+
+ data = kmalloc(sizeof(struct secureplatform_provisioning_data),
+ GFP_KERNEL);
+ if (!data) {
+ ret = -ENOMEM;
+ goto spm_state_exit;
+ }
+
+ ret = hp_wmi_perform_query(HPWMI_SECUREPLATFORM_GET_STATE,
+ HPWMI_SECUREPLATFORM, data, 0,
+ sizeof(struct secureplatform_provisioning_data));
+ if (ret < 0)
+ goto spm_state_exit;
+
+ bioscfg_drv.spm_data.mechanism = data->state;
+ if (bioscfg_drv.spm_data.mechanism)
+ bioscfg_drv.spm_data.is_enabled = 1;
+
+spm_state_exit:
+ kfree(data);
+
+ return ret;
+}
+
+/*
+ * statusbin - Reports SPM status in binary format
+ *
+ * @kobj: Pointer to a kernel object of things that show up as
+ * directory in the sysfs filesystem.
+ * @attr: Pointer to list of attributes for the operation
+ * @buf: Pointer to buffer
+ *
+ * Returns number of bytes read on success. Otherwise,
+ * an HP WMI query specific error code (which is positive)
+ * -ENODEV if the query was not successful at all
+ *
+ */
+ssize_t statusbin(struct kobject *kobj,
+ struct kobj_attribute *attr, char *buf)
+{
+ int ret = hp_wmi_perform_query(HPWMI_SECUREPLATFORM_GET_STATE,
+ HPWMI_SECUREPLATFORM, buf, 0,
+ sizeof(struct secureplatform_provisioning_data));
+
+ return ret ? -ENODEV : sizeof(struct secureplatform_provisioning_data);
+}
+
+ssize_t statusbin_show(struct kobject *kobj,
+ struct kobj_attribute *attr, char *buf)
+{
+ int ret;
+ struct secureplatform_provisioning_data *data = NULL;
+
+ data = kmalloc(sizeof(struct secureplatform_provisioning_data),
+ GFP_KERNEL);
+ if (!data) {
+ ret = -ENOMEM;
+ goto statusbin_show_exit;
+ }
+
+ ret = statusbin(kobj, attr, (char *)data);
+ if (ret < 0)
+ goto statusbin_show_exit;
+
+ /* copy data to spm local structure */
+ memcpy(buf, data, sizeof(struct secureplatform_provisioning_data));
+
+statusbin_show_exit:
+ kfree(data);
+
+ return ret ? ret : strnlen(buf, PAGE_SIZE);
+}
+struct kobj_attribute password_spm_statusbin = __ATTR_RO(statusbin);
+
+/*
+ * status_show - Reads SPM status
+ *
+ * @kobj: Pointer to a kernel object of things that show up as
+ * directory in the sysfs filesystem.
+ * @attr: Pointer to list of attributes for the operation
+ * @buf: Pointer to buffer
+ *
+ * Returns number of bytes read on success. Otherwise,
+ * an HP WMI query specific error code (which is positive)
+ * -ENODEV if the query was not successful at all
+ * -ENOMEM if cannot allocate required memory size
+ *
+ */
+ssize_t status_show(struct kobject *kobj, struct kobj_attribute
+ *attr, char *buf)
+{
+ int ret, i;
+ struct secureplatform_provisioning_data *data = NULL;
+
+ data = kmalloc(sizeof(struct secureplatform_provisioning_data),
+ GFP_KERNEL);
+ if (!data) {
+ ret = -ENOMEM;
+ goto status_show_exit;
+ }
+
+ ret = statusbin(kobj, attr, (char *)data);
+ if (ret < 0)
+ goto status_show_exit;
+
+ sysfs_emit(buf, "%sState: %d\n", buf, data->state);
+ sysfs_emit(buf, "%sVersion: %d.%d\n", buf, data->version[0],
+ data->version[1]);
+
+ /*
+ * state == 0 means secure platform management
+ * feature is not configured in BIOS.
+ */
+ if (data->state == 0)
+ goto status_show_exit;
+
+ sysfs_emit(buf, "%sNonce: %d\n", buf, data->nonce);
+ sysfs_emit(buf, "%sFeaturesInUse: %d\n", buf, data->features);
+ sysfs_emit(buf, "%sEndorsementKeyMod: {", buf);
+
+ for (i = 255; i >= 0; i--)
+ sysfs_emit(buf, "%s %u", buf, data->kek_mod[i]);
+
+ sysfs_emit(buf, "%s }\n", buf);
+ sysfs_emit(buf, "%sSigningKeyMod: {", buf);
+
+ for (i = 255; i >= 0; i--)
+ sysfs_emit(buf, "%s %u", buf, data->sk_mod[i]);
+
+ /* Return buf contents */
+
+ sysfs_emit(buf, "%s }\n", buf);
+
+status_show_exit:
+ kfree(data);
+
+ return strnlen(buf, PAGE_SIZE);
+}
+
+struct kobj_attribute password_spm_status = __ATTR_RO(status);
+
+attribute_spm_n_property_show(is_enabled, spm);
+static struct kobj_attribute password_spm_is_key_enabled = __ATTR_RO(is_enabled);
+
+
+static ssize_t key_mechanism_show(struct kobject *kobj, struct kobj_attribute *attr,
+ char *buf)
+{
+ int ret;
+
+ ret = sysfs_emit(buf, "%s\n",
+ spm_mechanism_types[bioscfg_drv.spm_data.mechanism]);
+ return ret;
+}
+static struct kobj_attribute password_spm_key_mechanism = __ATTR_RO(key_mechanism);
+
+static ssize_t sk_store(struct kobject *kobj,
+ struct kobj_attribute *attr,
+ const char *buf, size_t count)
+{
+ int ret;
+ int length;
+
+ length = count;
+ if (buf[length-1] == '\n')
+ length--;
+
+ /* allocate space and copy current signing key */
+ bioscfg_drv.spm_data.signing_key = kmalloc(length, GFP_KERNEL);
+ if (!bioscfg_drv.spm_data.signing_key) {
+ ret = -ENOMEM;
+ goto exit_signing_key;
+ }
+
+ memcpy(bioscfg_drv.spm_data.signing_key, buf, length);
+ bioscfg_drv.spm_data.signing_key[length] = '\0';
+
+ /* submit signing key payload */
+ ret = hp_wmi_perform_query(HPWMI_SECUREPLATFORM_SET_SK,
+ HPWMI_SECUREPLATFORM,
+ (void *)bioscfg_drv.spm_data.signing_key,
+ length, 0);
+
+ if (!ret) {
+ bioscfg_drv.spm_data.mechanism = SIGNING_KEY;
+ bioscfg_drv.pending_reboot = TRUE;
+ }
+
+exit_signing_key:
+ kfree(bioscfg_drv.spm_data.signing_key);
+ bioscfg_drv.spm_data.signing_key = NULL;
+
+ return ret ? ret : count;
+}
+
+static struct kobj_attribute password_spm_signing_key = __ATTR_WO(sk);
+
+static ssize_t kek_store(struct kobject *kobj,
+ struct kobj_attribute *attr,
+ const char *buf, size_t count)
+{
+ int ret;
+ int length;
+
+ length = count;
+ if (buf[length-1] == '\n')
+ length--;
+
+ /* allocate space and copy current signing key */
+ bioscfg_drv.spm_data.endorsement_key = kmalloc(length, GFP_KERNEL);
+ if (!bioscfg_drv.spm_data.endorsement_key) {
+ ret = -ENOMEM;
+ goto exit_endorsement_key;
+ }
+
+ memcpy(bioscfg_drv.spm_data.endorsement_key, buf, length);
+ bioscfg_drv.spm_data.endorsement_key[length] = '\0';
+
+ ret = hp_wmi_perform_query(HPWMI_SECUREPLATFORM_SET_KEK,
+ HPWMI_SECUREPLATFORM,
+ (void *)bioscfg_drv.spm_data.endorsement_key,
+ count, 0);
+
+ if (!ret) {
+ bioscfg_drv.spm_data.mechanism = ENDORSEMENT_KEY;
+ bioscfg_drv.pending_reboot = TRUE;
+ }
+
+exit_endorsement_key:
+ kfree(bioscfg_drv.spm_data.endorsement_key);
+ bioscfg_drv.spm_data.endorsement_key = NULL;
+
+ return ret ? ret : count;
+}
+static struct kobj_attribute password_spm_endorsement_key = __ATTR_WO(kek);
+
+static ssize_t display_name_language_code_show(struct kobject *kobj,
+ struct kobj_attribute *attr,
+ char *buf)
+{
+ return sysfs_emit(buf, "%s\n", LANG_CODE_STR);
+}
+
+static struct kobj_attribute password_spm_display_langcode =
+ __ATTR_RO(display_name_language_code);
+
+
+static ssize_t display_name_show(struct kobject *kobj,
+ struct kobj_attribute *attr, char *buf)
+{
+ return sysfs_emit(buf, "%s\n", SPM_STR_DESC);
+}
+static struct kobj_attribute password_spm_display_name = __ATTR_RO(display_name);
+
+static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
+ char *buf)
+{
+ return sysfs_emit(buf, "secure-platform-management\n");
+}
+static struct kobj_attribute password_spm_type = __ATTR_RO(type);
+
+static ssize_t role_show(struct kobject *kobj, struct kobj_attribute *attr,
+ char *buf)
+{
+ return sysfs_emit(buf, "%s\n", role_type[BIOS_SPM]);
+}
+static struct kobj_attribute password_spm_role = __ATTR_RO(role);
+
+static ssize_t auth_token_store(struct kobject *kobj,
+ struct kobj_attribute *attr,
+ const char *buf, size_t count)
+{
+ int ret = 0;
+ int length;
+
+ length = count;
+ if (buf[length-1] == '\n')
+ length--;
+
+ /* allocate space and copy current auth token */
+ bioscfg_drv.spm_data.auth_token = kmalloc(count, GFP_KERNEL);
+ if (!bioscfg_drv.spm_data.auth_token) {
+ ret = -ENOMEM;
+ goto exit_auth_token;
+ }
+
+ memcpy(bioscfg_drv.spm_data.auth_token, buf, count);
+ bioscfg_drv.spm_data.auth_token[length] = '\0';
+ return count;
+
+
+exit_auth_token:
+ kfree(bioscfg_drv.spm_data.auth_token);
+ bioscfg_drv.spm_data.auth_token = NULL;
+
+ return ret;
+
+}
+static struct kobj_attribute password_spm_auth_token = __ATTR_WO(auth_token);
+
+static struct attribute *secure_platform_attrs[] = {
+ &password_spm_display_name.attr,
+ &password_spm_display_langcode.attr,
+ &password_spm_is_key_enabled.attr,
+ &password_spm_signing_key.attr,
+ &password_spm_endorsement_key.attr,
+ &password_spm_key_mechanism.attr,
+ &password_spm_status.attr,
+ &password_spm_statusbin.attr,
+ &password_spm_type.attr,
+ &password_spm_role.attr,
+ &password_spm_auth_token.attr,
+ NULL,
+};
+
+static const struct attribute_group secure_platform_attr_group = {
+ .attrs = secure_platform_attrs,
+};
+
+void exit_secure_platform_attributes(void)
+{
+ /* remove secure platform sysfs entry and free key data*/
+
+ kfree(bioscfg_drv.spm_data.endorsement_key);
+ bioscfg_drv.spm_data.endorsement_key = NULL;
+
+ kfree(bioscfg_drv.spm_data.signing_key);
+ bioscfg_drv.spm_data.signing_key = NULL;
+
+ kfree(bioscfg_drv.spm_data.auth_token);
+ bioscfg_drv.spm_data.auth_token = NULL;
+
+ if (bioscfg_drv.spm_data.attr_name_kobj)
+ sysfs_remove_group(bioscfg_drv.spm_data.attr_name_kobj,
+ &secure_platform_attr_group);
+}
+
+int populate_secure_platform_data(struct kobject *attr_name_kobj)
+{
+ /* Populate data for Secure Platform Management */
+ bioscfg_drv.spm_data.attr_name_kobj = attr_name_kobj;
+
+ strscpy(bioscfg_drv.spm_data.attribute_name, SPM_STR,
+ sizeof(bioscfg_drv.spm_data.attribute_name));
+ strscpy(bioscfg_drv.spm_data.display_name, SPM_STR_DESC,
+ sizeof(bioscfg_drv.spm_data.display_name));
+
+ bioscfg_drv.spm_data.is_enabled = 0;
+ bioscfg_drv.spm_data.mechanism = 0;
+ bioscfg_drv.pending_reboot = FALSE;
+ update_spm_state();
+
+ bioscfg_drv.spm_data.endorsement_key = NULL;
+ bioscfg_drv.spm_data.signing_key = NULL;
+ bioscfg_drv.spm_data.auth_token = NULL;
+
+ return sysfs_create_group(attr_name_kobj, &secure_platform_attr_group);
+}
diff --git a/drivers/platform/x86/hp/hp-bioscfg/string-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
new file mode 100644
index 000000000000..79ec007fbcee
--- /dev/null
+++ b/drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
@@ -0,0 +1,459 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Functions corresponding to string type attributes under
+ * HP_WMI_BIOS_STRING_GUID for use with hp-bioscfg driver.
+ *
+ * Copyright (c) 2022 HP Development Company, L.P.
+ */
+
+#include "bioscfg.h"
+
+#define WMI_STRING_TYPE "HPBIOS_BIOSString"
+
+get_instance_id(string);
+
+static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
+{
+ ssize_t ret;
+ int instance_id = get_string_instance_id(kobj);
+
+ if (instance_id < 0)
+ return -EIO;
+
+ ret = sysfs_emit(buf, "%s\n",
+ bioscfg_drv.string_data[instance_id].current_value);
+
+ return ret;
+}
+
+/*
+ * validate_string_input() -
+ * Validate input of current_value against min and max lengths
+ *
+ * @instance_id: The instance on which input is validated
+ * @buf: Input value
+ */
+static int validate_string_input(int instance_id, const char *buf)
+{
+ int in_len = strlen(buf);
+
+ /* BIOS treats it as a read only attribute */
+ if (bioscfg_drv.string_data[instance_id].is_readonly)
+ return -EIO;
+
+ if ((in_len < bioscfg_drv.string_data[instance_id].min_length) ||
+ (in_len > bioscfg_drv.string_data[instance_id].max_length))
+ return -EINVAL;
+
+ /*
+ * set pending reboot flag depending on
+ * "RequiresPhysicalPresence" value
+ */
+ if (bioscfg_drv.string_data[instance_id].requires_physical_presence)
+ bioscfg_drv.pending_reboot = TRUE;
+ return 0;
+}
+
+static void update_string_value(int instance_id, char *attr_value)
+{
+ /* Write settings to BIOS */
+ strscpy(bioscfg_drv.string_data[instance_id].current_value,
+ attr_value,
+ sizeof(bioscfg_drv.string_data[instance_id].current_value));
+}
+
+attribute_s_property_show(display_name_language_code, string);
+static struct kobj_attribute string_display_langcode =
+ __ATTR_RO(display_name_language_code);
+
+attribute_s_property_show(display_name, string);
+static struct kobj_attribute string_display_name =
+ __ATTR_RO(display_name);
+
+attribute_property_store(current_value, string);
+static struct kobj_attribute string_current_val =
+ __ATTR_RW_MODE(current_value, 0644);
+
+attribute_n_property_show(min_length, string);
+static struct kobj_attribute string_min_length =
+ __ATTR_RO(min_length);
+
+attribute_n_property_show(max_length, string);
+static struct kobj_attribute string_max_length =
+ __ATTR_RO(max_length);
+
+attribute_n_property_show(prerequisites_size, string);
+static struct kobj_attribute string_prerequisites_size_val =
+ __ATTR_RO(prerequisites_size);
+
+attribute_values_property_show(prerequisites, string);
+static struct kobj_attribute string_prerequisites_val =
+ __ATTR_RO(prerequisites);
+
+static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
+ char *buf)
+{
+ return sysfs_emit(buf, "string\n");
+}
+static struct kobj_attribute string_type =
+ __ATTR_RO(type);
+
+static struct attribute *string_attrs[] = {
+ &string_display_langcode.attr,
+ &string_display_name.attr,
+ &string_current_val.attr,
+ &string_min_length.attr,
+ &string_max_length.attr,
+ &string_prerequisites_size_val.attr,
+ &string_prerequisites_val.attr,
+ &string_type.attr,
+ NULL
+};
+
+static const struct attribute_group string_attr_group = {
+ .attrs = string_attrs,
+};
+
+int alloc_string_data(void)
+{
+ int ret = 0;
+
+ bioscfg_drv.string_instances_count = get_instance_count(HP_WMI_BIOS_STRING_GUID);
+ bioscfg_drv.string_data = kcalloc(bioscfg_drv.string_instances_count,
+ sizeof(struct string_data), GFP_KERNEL);
+ if (!bioscfg_drv.string_data) {
+ bioscfg_drv.string_instances_count = 0;
+ ret = -ENOMEM;
+ }
+ return ret;
+}
+
+/* Expected Values types associated with each element */
+static acpi_object_type expected_string_types[] = {
+ [NAME] = ACPI_TYPE_STRING,
+ [VALUE] = ACPI_TYPE_STRING,
+ [PATH] = ACPI_TYPE_STRING,
+ [IS_READONLY] = ACPI_TYPE_INTEGER,
+ [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER,
+ [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER,
+ [SEQUENCE] = ACPI_TYPE_INTEGER,
+ [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER,
+ [PREREQUISITES] = ACPI_TYPE_STRING,
+ [SECURITY_LEVEL] = ACPI_TYPE_INTEGER,
+ [STR_MIN_LENGTH] = ACPI_TYPE_INTEGER,
+ [STR_MAX_LENGTH] = ACPI_TYPE_INTEGER
+};
+
+/*
+ * populate_string_package_data() -
+ * Populate all properties of an instance under string attribute
+ *
+ * @string_obj: ACPI object with string data
+ * @instance_id: The instance to enumerate
+ * @attr_name_kobj: The parent kernel object
+ */
+int populate_string_package_data(union acpi_object *string_obj,
+ int instance_id,
+ struct kobject *attr_name_kobj)
+{
+ bioscfg_drv.string_data[instance_id].attr_name_kobj = attr_name_kobj;
+
+ populate_string_elements_from_package(string_obj,
+ string_obj->package.count,
+ instance_id,
+ HPWMI_STRING_TYPE);
+ update_attribute_permissions(bioscfg_drv.string_data[instance_id].is_readonly,
+ &string_current_val);
+ friendly_user_name_update(bioscfg_drv.string_data[instance_id].path,
+ attr_name_kobj->name,
+ bioscfg_drv.string_data[instance_id].display_name,
+ sizeof(bioscfg_drv.string_data[instance_id].display_name));
+ return sysfs_create_group(attr_name_kobj, &string_attr_group);
+}
+
+int populate_string_elements_from_package(union acpi_object *string_obj,
+ int string_obj_count,
+ int instance_id,
+ enum hp_wmi_data_type type)
+{
+ char *str_value = NULL;
+ int value_len;
+ int ret = 0;
+ u32 size = 0;
+ u32 int_value;
+ int elem = 0;
+ int reqs;
+ int eloc;
+
+ if (!string_obj)
+ return -EINVAL;
+
+ strscpy(bioscfg_drv.string_data[instance_id].display_name_language_code,
+ LANG_CODE_STR,
+ sizeof(bioscfg_drv.string_data[instance_id].display_name_language_code));
+
+ for (elem = 1, eloc = 1; elem < string_obj_count; elem++, eloc++) {
+
+ /* ONLY look at the first 'hp_wmi_elements_count[type]' elements */
+ if (eloc == hp_wmi_elements_count[type])
+ goto exit_string_package;
+
+ switch (string_obj[elem].type) {
+ case ACPI_TYPE_STRING:
+
+ if (elem != PREREQUISITES) {
+ ret = convert_hexstr_to_str(string_obj[elem].string.pointer,
+ string_obj[elem].string.length,
+ &str_value, &value_len);
+
+ if (ret)
+ continue;
+ }
+ break;
+ case ACPI_TYPE_INTEGER:
+ int_value = (u32)string_obj[elem].integer.value;
+ break;
+ default:
+ pr_warn("Unsupported object type [%d]\n", string_obj[elem].type);
+ continue;
+ }
+
+ /* Check that both expected and read object type match */
+ if (expected_string_types[eloc] != string_obj[elem].type) {
+ pr_err("Error expected type %d for elem %d, but got type %d instead\n",
+ expected_string_types[eloc], elem, string_obj[elem].type);
+ return -EIO;
+ }
+
+ /* Assign appropriate element value to corresponding field*/
+ switch (eloc) {
+ case VALUE:
+ strscpy(bioscfg_drv.string_data[instance_id].current_value,
+ str_value, sizeof(bioscfg_drv.string_data[instance_id].current_value));
+ break;
+ case PATH:
+ strscpy(bioscfg_drv.string_data[instance_id].path, str_value,
+ sizeof(bioscfg_drv.string_data[instance_id].path));
+ break;
+ case IS_READONLY:
+ bioscfg_drv.string_data[instance_id].is_readonly = int_value;
+ break;
+ case DISPLAY_IN_UI:
+ bioscfg_drv.string_data[instance_id].display_in_ui = int_value;
+ break;
+ case REQUIRES_PHYSICAL_PRESENCE:
+ bioscfg_drv.string_data[instance_id].requires_physical_presence = int_value;
+ break;
+ case SEQUENCE:
+ bioscfg_drv.string_data[instance_id].sequence = int_value;
+ break;
+ case PREREQUISITES_SIZE:
+ bioscfg_drv.string_data[instance_id].prerequisites_size = int_value;
+ if (size > MAX_PREREQUISITES_SIZE)
+ pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
+ /*
+ * This HACK is needed to keep the expected
+ * element list pointing to the right obj[elem].type
+ * when the size is zero. PREREQUISITES
+ * object is omitted by BIOS when the size is
+ * zero.
+ */
+ if (int_value == 0)
+ eloc++;
+ break;
+ case PREREQUISITES:
+ size = bioscfg_drv.string_data[instance_id].prerequisites_size;
+
+ for (reqs = 0; reqs < size && reqs < MAX_PREREQUISITES_SIZE; reqs++) {
+ if (elem >= string_obj_count) {
+ pr_err("Error elem-objects package is too small\n");
+ return -EINVAL;
+ }
+
+ ret = convert_hexstr_to_str(string_obj[elem + reqs].string.pointer,
+ string_obj[elem + reqs].string.length,
+ &str_value, &value_len);
+
+ if (ret)
+ continue;
+
+ strscpy(bioscfg_drv.string_data[instance_id].prerequisites[reqs],
+ str_value,
+ sizeof(bioscfg_drv.string_data[instance_id].prerequisites[reqs]));
+ kfree(str_value);
+ str_value = NULL;
+ }
+ break;
+
+ case SECURITY_LEVEL:
+ bioscfg_drv.string_data[instance_id].security_level = int_value;
+ break;
+ case STR_MIN_LENGTH:
+ bioscfg_drv.string_data[instance_id].min_length = int_value;
+ break;
+ case STR_MAX_LENGTH:
+ bioscfg_drv.string_data[instance_id].max_length = int_value;
+ break;
+ default:
+ pr_warn("Invalid element: %d found in String attribute or data may be malformed\n", elem);
+ break;
+ }
+
+ kfree(str_value);
+ str_value = NULL;
+ }
+
+exit_string_package:
+ kfree(str_value);
+ str_value = NULL;
+ return 0;
+}
+
+/*
+ * populate_string_data() -
+ * Populate all properties of an instance under string attribute
+ *
+ * @buffer_ptr: Buffer pointer
+ * @buffer_size: Buffer size
+ * @instance_id: The instance to enumerate
+ * @attr_name_kobj: The parent kernel object
+ */
+int populate_string_buffer_data(u8 *buffer_ptr, int *buffer_size,
+ int instance_id,
+ struct kobject *attr_name_kobj)
+{
+ bioscfg_drv.string_data[instance_id].attr_name_kobj = attr_name_kobj;
+
+ populate_string_elements_from_buffer(buffer_ptr, buffer_size,
+ instance_id,
+ HPWMI_STRING_TYPE);
+
+ update_attribute_permissions(bioscfg_drv.string_data[instance_id].is_readonly,
+ &string_current_val);
+ friendly_user_name_update(bioscfg_drv.string_data[instance_id].path,
+ attr_name_kobj->name,
+ bioscfg_drv.string_data[instance_id].display_name,
+ sizeof(bioscfg_drv.string_data[instance_id].display_name));
+
+ return sysfs_create_group(attr_name_kobj, &string_attr_group);
+}
+
+int populate_string_elements_from_buffer(u8 *buffer_ptr, int *buffer_size,
+ int instance_id,
+ enum hp_wmi_data_type type)
+{
+ int ret;
+ char *dst = NULL;
+ int elem;
+ int reqs;
+ int int_value;
+ int size = 0;
+ int dst_size = *buffer_size / sizeof(u16);
+
+ dst = kcalloc(dst_size, sizeof(char), GFP_KERNEL);
+ if (!dst)
+ return -ENOMEM;
+
+ strscpy(bioscfg_drv.string_data[instance_id].display_name_language_code,
+ LANG_CODE_STR,
+ sizeof(bioscfg_drv.string_data[instance_id].display_name_language_code));
+
+ for (elem = 1; elem < 3; elem++) {
+ ret = get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
+ /* Ignore. Zero length string values */
+ if (ret < 0)
+ continue;
+
+ switch (elem) {
+ case VALUE:
+ strscpy(bioscfg_drv.string_data[instance_id].current_value,
+ dst, sizeof(bioscfg_drv.string_data[instance_id].current_value));
+ break;
+ case PATH:
+ strscpy(bioscfg_drv.string_data[instance_id].path, dst,
+ sizeof(bioscfg_drv.string_data[instance_id].path));
+ break;
+ default:
+ pr_warn("Invalid element: %d found in String attribute or data may be malformed\n", elem);
+ break;
+ }
+ }
+
+ for (elem = 3; elem < hp_wmi_elements_count[type]; elem++) {
+ if (elem != PREREQUISITES) {
+ ret = get_integer_from_buffer((int **)&buffer_ptr,
+ buffer_size,
+ (int *)&int_value);
+ if (ret < 0)
+ continue;
+ }
+
+ switch (elem) {
+ case IS_READONLY:
+ bioscfg_drv.string_data[instance_id].is_readonly = int_value;
+ break;
+ case DISPLAY_IN_UI:
+ bioscfg_drv.string_data[instance_id].display_in_ui = int_value;
+ break;
+ case REQUIRES_PHYSICAL_PRESENCE:
+ bioscfg_drv.string_data[instance_id].requires_physical_presence = int_value;
+ break;
+ case SEQUENCE:
+ bioscfg_drv.string_data[instance_id].sequence = int_value;
+ break;
+ case PREREQUISITES_SIZE:
+ bioscfg_drv.string_data[instance_id].prerequisites_size = int_value;
+ if (int_value > MAX_PREREQUISITES_SIZE)
+ pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
+ break;
+
+ case PREREQUISITES:
+ size = bioscfg_drv.string_data[instance_id].prerequisites_size;
+ for (reqs = 0; reqs < size && reqs < MAX_PREREQUISITES_SIZE; reqs++) {
+ ret = get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
+ /* Ignore. Zero length string values */
+ if (ret < 0)
+ continue;
+ strscpy(bioscfg_drv.string_data[instance_id].prerequisites[reqs],
+ dst,
+ sizeof(bioscfg_drv.string_data[instance_id].prerequisites[reqs]));
+ }
+ break;
+ case SECURITY_LEVEL:
+ bioscfg_drv.string_data[instance_id].security_level = int_value;
+ break;
+ case STR_MIN_LENGTH:
+ bioscfg_drv.string_data[instance_id].min_length = int_value;
+ break;
+ case STR_MAX_LENGTH:
+ bioscfg_drv.string_data[instance_id].max_length = int_value;
+ break;
+ default:
+ pr_warn("Invalid element: %d found in String attribute or data may be malformed\n", elem);
+ break;
+ }
+ }
+ kfree(dst);
+
+ return 0;
+}
+
+/*
+ * exit_string_attributes() - Clear all attribute data
+ *
+ * Clears all data allocated for this group of attributes
+ */
+void exit_string_attributes(void)
+{
+ int instance_id;
+
+ for (instance_id = 0; instance_id < bioscfg_drv.string_instances_count; instance_id++) {
+ if (bioscfg_drv.string_data[instance_id].attr_name_kobj)
+ sysfs_remove_group(bioscfg_drv.string_data[instance_id].attr_name_kobj,
+ &string_attr_group);
+ }
+ bioscfg_drv.string_instances_count = 0;
+
+ kfree(bioscfg_drv.string_data);
+ bioscfg_drv.string_data = NULL;
+}
diff --git a/drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
new file mode 100644
index 000000000000..f9fa81444706
--- /dev/null
+++ b/drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
@@ -0,0 +1,149 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Functions corresponding to sure start object type attributes under
+ * BIOS for use with hp-bioscfg driver
+ *
+ * Copyright (c) 2022 HP Development Company, L.P.
+ */
+
+#include "bioscfg.h"
+#include <asm-generic/posix_types.h>
+
+#define LOG_MAX_ENTRIES 254
+#define LOG_ENTRY_SIZE 16
+
+/*
+ * audit_log_entry_count_show - Reports the number of
+ * existing audit log entries available
+ * to be read
+ *
+ * @kobj: Pointer to a kernel object of things that show up as directory
+ * in the sysfs filesystem.
+ * @attr: Pointer to list of attributes for the operation
+ * @buf: Pointer to buffer
+ *
+ * Returns number of existing audit log entries available to be read,
+ * audit log entry size, and maximum number of entries
+ * supported. Otherwise, an HP WMI query specific error code
+ * (which is negative)
+ *
+ * [No of entries],[log entry size],[Max number of entries supported]
+ */
+static ssize_t audit_log_entry_count_show(struct kobject *kobj,
+ struct kobj_attribute *attr, char *buf)
+{
+ int ret;
+ u32 count = 0;
+
+ ret = hp_wmi_perform_query(HPWMI_SURESTART_GET_LOG_COUNT,
+ HPWMI_SURESTART,
+ &count, 0, sizeof(count));
+ if (ret < 0)
+ return ret;
+
+ return sysfs_emit(buf, "%d,%d,%d\n", count, LOG_ENTRY_SIZE,
+ LOG_MAX_ENTRIES);
+}
+
+/*
+ * audit_log_entries_show() - Return all entries found in log file
+ *
+ * @kobj: Pointer to a kernel object of things that show up as
+ * directory in the sysfs filesystem.
+ * @attr: Pointer to list of attributes for the operation
+ * @buf: Pointer to buffer
+ *
+ * Returns number of bytes needed to read all audit logs entries to be read.
+ * Otherwise, an HP WMI query specific error code (which is negative)
+ * -EFAULT if the audit logs size exceeds 4KB
+ *
+ */
+static ssize_t audit_log_entries_show(struct kobject *kobj,
+ struct kobj_attribute *attr, char *buf)
+{
+ int ret;
+ int i;
+ u32 count = 0;
+
+ // Get the number of event logs
+ ret = hp_wmi_perform_query(HPWMI_SURESTART_GET_LOG_COUNT,
+ HPWMI_SURESTART,
+ &count, 1, 4);
+
+ /*
+ * The show() api will not work if the audit logs ever go
+ * beyond 4KB
+ */
+ if (count * LOG_ENTRY_SIZE > PAGE_SIZE)
+ return -EFAULT;
+
+ if (ret < 0)
+ return ret;
+
+ /*
+ * We are guaranteed the buffer is 4KB so today all the event
+ * logs will fit
+ */
+ for (i = 0; ((i < count) & (ret >= 0)); i++) {
+ *buf = (i + 1);
+ ret = hp_wmi_perform_query(HPWMI_SURESTART_GET_LOG,
+ HPWMI_SURESTART,
+ buf, 1, 128);
+ if (ret >= 0)
+ buf += LOG_ENTRY_SIZE;
+ }
+ return (count * LOG_ENTRY_SIZE);
+}
+
+static struct kobj_attribute sure_start_audit_log_entry_count = __ATTR_RO(audit_log_entry_count);
+struct kobj_attribute sure_start_audit_log_entries = __ATTR_RO(audit_log_entries);
+
+static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
+ char *buf)
+{
+ return sysfs_emit(buf, "sure-start\n");
+}
+static struct kobj_attribute sure_start_type = __ATTR_RO(type);
+
+static ssize_t display_name_language_code_show(struct kobject *kobj,
+ struct kobj_attribute *attr,
+ char *buf)
+{
+ return sysfs_emit(buf, "%s\n", LANG_CODE_STR);
+}
+
+static struct kobj_attribute sure_start_display_langcode =
+ __ATTR_RO(display_name_language_code);
+
+
+static ssize_t display_name_show(struct kobject *kobj,
+ struct kobj_attribute *attr, char *buf)
+{
+ return sysfs_emit(buf, "%s\n", SURE_START_DESC);
+}
+static struct kobj_attribute sure_start_display_name = __ATTR_RO(display_name);
+
+static struct attribute *sure_start_attrs[] = {
+ &sure_start_display_name.attr,
+ &sure_start_display_langcode.attr,
+ &sure_start_audit_log_entry_count.attr,
+ &sure_start_audit_log_entries.attr,
+ &sure_start_type.attr,
+ NULL,
+};
+
+static const struct attribute_group sure_start_attr_group = {
+ .attrs = sure_start_attrs,
+};
+
+void exit_sure_start_attributes(void)
+{
+ sysfs_remove_group(bioscfg_drv.sure_start_attr_kobj,
+ &sure_start_attr_group);
+}
+
+int populate_sure_start_data(struct kobject *attr_name_kobj)
+{
+ bioscfg_drv.sure_start_attr_kobj = attr_name_kobj;
+ return sysfs_create_group(attr_name_kobj, &sure_start_attr_group);
+}
--
2.34.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH v6 2/4] Introduction of HP-BIOSCFG driver [2]
2023-03-09 20:10 [PATCH v6 0/4] Introduction of HP-BIOSCFG driver Jorge Lopez
2023-03-09 20:10 ` [PATCH v6 1/4] " Jorge Lopez
@ 2023-03-09 20:10 ` Jorge Lopez
2023-03-09 20:10 ` [PATCH v6 3/4] Introduction of HP-BIOSCFG driver [3] Jorge Lopez
2023-03-09 20:10 ` [PATCH v6 4/4] Introduction of HP-BIOSCFG driver [4] Jorge Lopez
3 siblings, 0 replies; 18+ messages in thread
From: Jorge Lopez @ 2023-03-09 20:10 UTC (permalink / raw)
To: hdegoede, platform-driver-x86
The purpose for this patch is submit HP BIOSCFG driver to be list of
HP Linux kernel drivers. The driver include a total of 12 files
broken in several patches.
HP BIOS Configuration driver purpose is to provide a driver supporting
the latest sysfs class firmware attributes framework allowing the user
to change BIOS settings and security solutions on HP Inc.’s commercial
notebooks.
Many features of HP Commercial PC’s can be managed using Windows
Management Instrumentation (WMI). WMI is an implementation of Web-Based
Enterprise Management (WBEM) that provides a standards-based interface
for changing and monitoring system settings. HP BISOCFG driver provides
a native Linux solution and the exposed features facilitates the
migration to Linux environments.
The Linux security features to be provided in hp-bioscfg driver enables
managing the BIOS settings and security solutions via sysfs, a virtual
filesystem that can be used by user-mode applications. The new
documentation cover features such Secure Platform Management, Sure
Admin, and Sure Start. Each section provides security feature
description and identifies sysfs directories and files exposed by
the driver.
Many HP Commercial PC’s include a feature called Secure Platform
Management (SPM), which replaces older password-based BIOS settings
management with public key cryptography. PC secure product management
begins when a target system is provisioned with cryptographic keys
that are used to ensure the integrity of communications between system
management utilities and the BIOS.
HP Commercial PC’s have several BIOS settings that control its behaviour
and capabilities, many of which are related to security. To prevent
unauthorized changes to these settings, the system can be configured
to use a Sure Admin cryptographic signature-based authorization string
that the BIOS will use to verify authorization to modify the setting.
Signed-off-by: Jorge Lopez <jorge.lopez2@hp.com>
---
Based on the latest platform-drivers-x86.git/for-next
History
Version 6
Breaks down the changes into 4 patches
SureAdmin-attributes was removed
Version 5
Remove version 4 patch 1
Address review changes proposed in Version 4
Reorganize all patches number and file order
---
.../x86/hp/hp-bioscfg/int-attributes.c | 472 ++++++++++++
.../x86/hp/hp-bioscfg/ordered-attributes.c | 571 +++++++++++++++
.../x86/hp/hp-bioscfg/passwdobj-attributes.c | 676 ++++++++++++++++++
3 files changed, 1719 insertions(+)
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c
diff --git a/drivers/platform/x86/hp/hp-bioscfg/int-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
new file mode 100644
index 000000000000..84c58d6ee707
--- /dev/null
+++ b/drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
@@ -0,0 +1,472 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Functions corresponding to integer type attributes under
+ * BIOS Enumeration GUID for use with hp-bioscfg driver.
+ *
+ * Copyright (c) 2022 Hewlett-Packard Inc.
+ */
+
+#include "bioscfg.h"
+
+get_instance_id(integer);
+
+static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
+{
+ int instance_id = get_integer_instance_id(kobj);
+ ssize_t ret;
+
+ if (instance_id < 0)
+ return instance_id;
+
+ ret = sysfs_emit(buf, "%d\n",
+ bioscfg_drv.integer_data[instance_id].current_value);
+ return ret;
+}
+
+/*
+ * validate_integer_input() -
+ * Validate input of current_value against lower and upper bound
+ *
+ * @instance_id: The instance on which input is validated
+ * @buf: Input value
+ */
+static int validate_integer_input(int instance_id, char *buf)
+{
+ int in_val;
+ int ret;
+
+ /* BIOS treats it as a read only attribute */
+ if (bioscfg_drv.integer_data[instance_id].is_readonly)
+ return -EIO;
+
+ ret = kstrtoint(buf, 10, &in_val);
+ if (in_val < bioscfg_drv.integer_data[instance_id].lower_bound ||
+ in_val > bioscfg_drv.integer_data[instance_id].upper_bound)
+ return -EINVAL;
+
+ /*
+ * set pending reboot flag depending on
+ * "RequiresPhysicalPresence" value
+ */
+ if (bioscfg_drv.integer_data[instance_id].requires_physical_presence)
+ bioscfg_drv.pending_reboot = TRUE;
+ return 0;
+}
+
+static void update_integer_value(int instance_id, char *attr_value)
+{
+ int in_val;
+ int ret;
+
+ ret = kstrtoint(attr_value, 10, &in_val);
+ bioscfg_drv.integer_data[instance_id].current_value = in_val;
+}
+
+attribute_s_property_show(display_name_language_code, integer);
+static struct kobj_attribute integer_display_langcode =
+ __ATTR_RO(display_name_language_code);
+
+attribute_s_property_show(display_name, integer);
+static struct kobj_attribute integer_display_name =
+ __ATTR_RO(display_name);
+
+attribute_property_store(current_value, integer);
+static struct kobj_attribute integer_current_val =
+ __ATTR_RW_MODE(current_value, 0644);
+
+attribute_n_property_show(lower_bound, integer);
+static struct kobj_attribute integer_lower_bound =
+ __ATTR_RO(lower_bound);
+
+attribute_n_property_show(upper_bound, integer);
+static struct kobj_attribute integer_upper_bound =
+ __ATTR_RO(upper_bound);
+
+attribute_n_property_show(prerequisites_size, integer);
+static struct kobj_attribute integer_prerequisites_size_val =
+ __ATTR_RO(prerequisites_size);
+
+attribute_values_property_show(prerequisites, integer);
+static struct kobj_attribute integer_prerequisites_val =
+ __ATTR_RO(prerequisites);
+
+attribute_n_property_show(scalar_increment, integer);
+static struct kobj_attribute integer_scalar_increment =
+ __ATTR_RO(scalar_increment);
+
+static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
+ char *buf)
+{
+ return sysfs_emit(buf, "integer\n");
+}
+static struct kobj_attribute integer_type =
+ __ATTR_RO(type);
+
+static struct attribute *integer_attrs[] = {
+ &integer_display_langcode.attr,
+ &integer_display_name.attr,
+ &integer_current_val.attr,
+ &integer_lower_bound.attr,
+ &integer_upper_bound.attr,
+ &integer_scalar_increment.attr,
+ &integer_prerequisites_size_val.attr,
+ &integer_prerequisites_val.attr,
+ &integer_type.attr,
+ NULL,
+};
+
+static const struct attribute_group integer_attr_group = {
+ .attrs = integer_attrs,
+};
+
+int alloc_integer_data(void)
+{
+ int ret = 0;
+
+ bioscfg_drv.integer_instances_count = get_instance_count(HP_WMI_BIOS_INTEGER_GUID);
+ bioscfg_drv.integer_data = kcalloc(bioscfg_drv.integer_instances_count,
+ sizeof(struct integer_data), GFP_KERNEL);
+
+ if (!bioscfg_drv.integer_data) {
+ bioscfg_drv.integer_instances_count = 0;
+ ret = -ENOMEM;
+ }
+ return ret;
+}
+
+/* Expected Values types associated with each element */
+static acpi_object_type expected_integer_types[] = {
+ [NAME] = ACPI_TYPE_STRING,
+ [VALUE] = ACPI_TYPE_STRING,
+ [PATH] = ACPI_TYPE_STRING,
+ [IS_READONLY] = ACPI_TYPE_INTEGER,
+ [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER,
+ [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER,
+ [SEQUENCE] = ACPI_TYPE_INTEGER,
+ [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER,
+ [PREREQUISITES] = ACPI_TYPE_STRING,
+ [SECURITY_LEVEL] = ACPI_TYPE_INTEGER,
+ [INT_LOWER_BOUND] = ACPI_TYPE_INTEGER,
+ [INT_UPPER_BOUND] = ACPI_TYPE_INTEGER,
+ [INT_SCALAR_INCREMENT] = ACPI_TYPE_INTEGER
+};
+
+/*
+ * populate_int_data() -
+ * Populate all properties of an instance under integer attribute
+ *
+ * @integer_obj: ACPI object with integer data
+ * @instance_id: The instance to enumerate
+ * @attr_name_kobj: The parent kernel object
+ */
+int populate_integer_package_data(union acpi_object *integer_obj,
+ int instance_id,
+ struct kobject *attr_name_kobj)
+{
+ bioscfg_drv.integer_data[instance_id].attr_name_kobj = attr_name_kobj;
+ populate_integer_elements_from_package(integer_obj,
+ integer_obj->package.count,
+ instance_id,
+ HPWMI_INTEGER_TYPE);
+ update_attribute_permissions(bioscfg_drv.integer_data[instance_id].is_readonly,
+ &integer_current_val);
+ friendly_user_name_update(bioscfg_drv.integer_data[instance_id].path,
+ attr_name_kobj->name,
+ bioscfg_drv.integer_data[instance_id].display_name,
+ sizeof(bioscfg_drv.integer_data[instance_id].display_name));
+ return sysfs_create_group(attr_name_kobj, &integer_attr_group);
+}
+
+int populate_integer_elements_from_package(union acpi_object *integer_obj,
+ int integer_obj_count,
+ int instance_id,
+ enum hp_wmi_data_type type)
+{
+ char *str_value = NULL;
+ int value_len;
+ int ret = 0;
+ u32 size = 0;
+ u32 int_value;
+ int elem = 0;
+ int reqs;
+ int eloc;
+
+ if (!integer_obj)
+ return -EINVAL;
+
+ strscpy(bioscfg_drv.integer_data[instance_id].display_name_language_code,
+ LANG_CODE_STR,
+ sizeof(bioscfg_drv.integer_data[instance_id].display_name_language_code));
+
+ for (elem = 1, eloc = 1; elem < integer_obj_count; elem++, eloc++) {
+
+ /* ONLY look at the first 'hp_wmi_elements_count[type]' elements */
+ if (eloc == hp_wmi_elements_count[type])
+ goto exit_integer_package;
+
+ switch (integer_obj[elem].type) {
+ case ACPI_TYPE_STRING:
+
+ if (elem != PREREQUISITES) {
+ ret = convert_hexstr_to_str(integer_obj[elem].string.pointer,
+ integer_obj[elem].string.length,
+ &str_value, &value_len);
+ if (ret)
+ continue;
+ }
+ break;
+ case ACPI_TYPE_INTEGER:
+ int_value = (u32)integer_obj[elem].integer.value;
+ break;
+ default:
+ pr_warn("Unsupported object type [%d]\n", integer_obj[elem].type);
+ continue;
+ }
+ /* Check that both expected and read object type match */
+ if (expected_integer_types[eloc] != integer_obj[elem].type) {
+ pr_err("Error expected type %d for elem %d, but got type %d instead\n",
+ expected_integer_types[eloc], elem, integer_obj[elem].type);
+ return -EIO;
+ }
+ /* Assign appropriate element value to corresponding field*/
+ switch (eloc) {
+ case VALUE:
+ ret = kstrtoint(str_value, 10, &int_value);
+ if (ret)
+ continue;
+
+ bioscfg_drv.integer_data[instance_id].current_value = int_value;
+ break;
+ case PATH:
+ strscpy(bioscfg_drv.integer_data[instance_id].path, str_value,
+ sizeof(bioscfg_drv.integer_data[instance_id].path));
+ break;
+ case IS_READONLY:
+ bioscfg_drv.integer_data[instance_id].is_readonly = int_value;
+ break;
+ case DISPLAY_IN_UI:
+ bioscfg_drv.integer_data[instance_id].display_in_ui = int_value;
+ break;
+ case REQUIRES_PHYSICAL_PRESENCE:
+ bioscfg_drv.integer_data[instance_id].requires_physical_presence = int_value;
+ break;
+ case SEQUENCE:
+ bioscfg_drv.integer_data[instance_id].sequence = int_value;
+ break;
+ case PREREQUISITES_SIZE:
+ bioscfg_drv.integer_data[instance_id].prerequisites_size = int_value;
+
+ if (int_value > MAX_PREREQUISITES_SIZE)
+ pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
+ /*
+ * This HACK is needed to keep the expected
+ * element list pointing to the right obj[elem].type
+ * when the size is zero. PREREQUISITES
+ * object is omitted by BIOS when the size is
+ * zero.
+ */
+ if (int_value == 0)
+ eloc++;
+ break;
+ case PREREQUISITES:
+ size = bioscfg_drv.integer_data[instance_id].prerequisites_size;
+
+ for (reqs = 0; reqs < size && reqs < MAX_PREREQUISITES_SIZE; reqs++) {
+ if (elem >= integer_obj_count) {
+ pr_err("Error elem-objects package is too small\n");
+ return -EINVAL;
+ }
+
+ ret = convert_hexstr_to_str(integer_obj[elem + reqs].string.pointer,
+ integer_obj[elem + reqs].string.length,
+ &str_value, &value_len);
+
+ if (ret)
+ continue;
+
+ strscpy(bioscfg_drv.integer_data[instance_id].prerequisites[reqs],
+ str_value,
+ sizeof(bioscfg_drv.integer_data[instance_id].prerequisites[reqs]));
+ kfree(str_value);
+ str_value = NULL;
+ }
+ break;
+
+ case SECURITY_LEVEL:
+ bioscfg_drv.integer_data[instance_id].security_level = int_value;
+ break;
+ case INT_LOWER_BOUND:
+ bioscfg_drv.integer_data[instance_id].lower_bound = int_value;
+ break;
+ case INT_UPPER_BOUND:
+ bioscfg_drv.integer_data[instance_id].upper_bound = int_value;
+ break;
+ case INT_SCALAR_INCREMENT:
+ bioscfg_drv.integer_data[instance_id].scalar_increment = int_value;
+ break;
+ default:
+ pr_warn("Invalid element: %d found in Integer attribute or data may be malformed\n", elem);
+ break;
+ }
+ }
+exit_integer_package:
+ kfree(str_value);
+ str_value = NULL;
+ return 0;
+}
+
+
+/*
+ * populate_integer_buffer_data() -
+ * Populate all properties of an instance under integer attribute
+ *
+ * @buffer_ptr: Buffer pointer
+ * @buffer_size: Buffer size
+ * @instance_id: The instance to enumerate
+ * @attr_name_kobj: The parent kernel object
+ */
+int populate_integer_buffer_data(u8 *buffer_ptr, int *buffer_size, int instance_id,
+ struct kobject *attr_name_kobj)
+{
+ bioscfg_drv.integer_data[instance_id].attr_name_kobj = attr_name_kobj;
+
+ /* Populate integer elements */
+ populate_integer_elements_from_buffer(buffer_ptr, buffer_size,
+ instance_id, HPWMI_INTEGER_TYPE);
+ update_attribute_permissions(bioscfg_drv.integer_data[instance_id].is_readonly,
+ &integer_current_val);
+ friendly_user_name_update(bioscfg_drv.integer_data[instance_id].path,
+ attr_name_kobj->name,
+ bioscfg_drv.integer_data[instance_id].display_name,
+ sizeof(bioscfg_drv.integer_data[instance_id].display_name));
+
+ return sysfs_create_group(attr_name_kobj, &integer_attr_group);
+}
+
+int populate_integer_elements_from_buffer(u8 *buffer_ptr, int *buffer_size,
+ int instance_id, enum hp_wmi_data_type type)
+{
+ char *dst = NULL;
+ int elem;
+ int reqs;
+ int integer;
+ int size = 0;
+ int ret;
+ int dst_size = *buffer_size / sizeof(u16);
+
+ dst = kcalloc(dst_size, sizeof(char), GFP_KERNEL);
+ if (!dst)
+ return -ENOMEM;
+
+ elem = 0;
+ strscpy(bioscfg_drv.integer_data[instance_id].display_name_language_code,
+ LANG_CODE_STR,
+ sizeof(bioscfg_drv.integer_data[instance_id].display_name_language_code));
+
+ for (elem = 1; elem < 3; elem++) {
+
+ ret = get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
+ if (ret < 0)
+ continue;
+
+ switch (elem) {
+ case VALUE:
+ ret = kstrtoint(dst, 10, &integer);
+ if (ret)
+ continue;
+
+ bioscfg_drv.integer_data[instance_id].current_value = integer;
+ break;
+ case PATH:
+ strscpy(bioscfg_drv.integer_data[instance_id].path, dst,
+ sizeof(bioscfg_drv.integer_data[instance_id].path));
+ break;
+ default:
+ pr_warn("Invalid element: %d found in Integer attribute or data may be malformed\n", elem);
+ break;
+ }
+ }
+
+ for (elem = 3; elem < hp_wmi_elements_count[type]; elem++) {
+
+ if (elem != PREREQUISITES) {
+ ret = get_integer_from_buffer((int **)&buffer_ptr, buffer_size, (int *)&integer);
+ if (ret < 0)
+ continue;
+ }
+
+ switch (elem) {
+
+ case IS_READONLY:
+ bioscfg_drv.integer_data[instance_id].is_readonly = integer;
+ break;
+ case DISPLAY_IN_UI:
+ bioscfg_drv.integer_data[instance_id].display_in_ui = integer;
+ break;
+ case REQUIRES_PHYSICAL_PRESENCE:
+ bioscfg_drv.integer_data[instance_id].requires_physical_presence = integer;
+ break;
+ case SEQUENCE:
+ bioscfg_drv.integer_data[instance_id].sequence = integer;
+ break;
+ case PREREQUISITES_SIZE:
+ bioscfg_drv.integer_data[instance_id].prerequisites_size = integer;
+ size = integer;
+ if (size > MAX_PREREQUISITES_SIZE)
+ pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
+
+ // PREREQUISITES:
+ elem++;
+ for (reqs = 0; reqs < size && reqs < MAX_PREREQUISITES_SIZE; reqs++) {
+ ret = get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
+ if (ret < 0)
+ continue;
+
+ strscpy(bioscfg_drv.integer_data[instance_id].prerequisites[reqs],
+ dst,
+ sizeof(bioscfg_drv.integer_data[instance_id].prerequisites[reqs]));
+ }
+ break;
+
+ case SECURITY_LEVEL:
+ bioscfg_drv.integer_data[instance_id].security_level = integer;
+ break;
+ case INT_LOWER_BOUND:
+ bioscfg_drv.integer_data[instance_id].lower_bound = integer;
+ break;
+ case INT_UPPER_BOUND:
+ bioscfg_drv.integer_data[instance_id].upper_bound = integer;
+ break;
+ case INT_SCALAR_INCREMENT:
+ bioscfg_drv.integer_data[instance_id].scalar_increment = integer;
+ break;
+
+ default:
+ pr_warn("Invalid element: %d found in Integer attribute or data may be malformed\n", elem);
+ break;
+ }
+ }
+ kfree(dst);
+
+ return 0;
+}
+
+/*
+ * exit_integer_attributes() - Clear all attribute data
+ *
+ * Clears all data allocated for this group of attributes
+ */
+void exit_integer_attributes(void)
+{
+ int instance_id;
+
+ for (instance_id = 0; instance_id < bioscfg_drv.integer_instances_count; instance_id++) {
+ if (bioscfg_drv.integer_data[instance_id].attr_name_kobj)
+ sysfs_remove_group(bioscfg_drv.integer_data[instance_id].attr_name_kobj,
+ &integer_attr_group);
+ }
+ bioscfg_drv.integer_instances_count = 0;
+
+ kfree(bioscfg_drv.integer_data);
+ bioscfg_drv.integer_data = NULL;
+}
diff --git a/drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c
new file mode 100644
index 000000000000..4f0527a9273d
--- /dev/null
+++ b/drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c
@@ -0,0 +1,571 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Functions corresponding to ordered list type attributes under
+ * BIOS ORDERED LIST GUID for use with hp-bioscfg driver.
+ *
+ * Copyright (c) 2022 HP Development Company, L.P.
+ */
+
+#include "bioscfg.h"
+
+get_instance_id(ordered_list);
+
+static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
+{
+ ssize_t ret;
+ int instance_id = get_ordered_list_instance_id(kobj);
+
+ if (instance_id < 0)
+ return -EIO;
+
+ ret = sysfs_emit(buf, "%s\n",
+ bioscfg_drv.ordered_list_data[instance_id].current_value);
+
+ return ret;
+}
+
+/*
+ * validate_ordered_list_value -
+ * Validate input of current_value against possible values
+ *
+ * @instance_id: The instance on which input is validated
+ * @buf: Input value
+ */
+static int validate_ordered_list_values(int instance_id, const char *buf)
+{
+ int ret = 0;
+ int found = 0;
+ char *new_values = NULL;
+ char *value;
+ int elem;
+ int elem_found = 0;
+
+ /* Is it a read only attribute */
+ if (bioscfg_drv.ordered_list_data[instance_id].is_readonly)
+ return -EIO;
+
+ new_values = kstrdup(buf, GFP_KERNEL);
+
+ /*
+ * Changes to ordered list values require checking that new
+ * values are found in the list of elements.
+ */
+ elem_found = 0;
+ while (elem_found < bioscfg_drv.ordered_list_data[instance_id].elements_size) {
+
+ value = strsep(&new_values, ",");
+ if (value != NULL) {
+ if (!*value)
+ continue;
+ elem_found++;
+ }
+
+ found = 0;
+ for (elem = 0; elem < bioscfg_drv.ordered_list_data[instance_id].elements_size; elem++) {
+ if (!strcasecmp(bioscfg_drv.ordered_list_data[instance_id].elements[elem], value)) {
+ found = 1;
+ break;
+ }
+ }
+
+
+ if (!found) {
+ ret = -EINVAL;
+ goto validate_ordered_list_value_exit;
+ }
+ }
+
+ if (elem_found == bioscfg_drv.ordered_list_data[instance_id].elements_size) {
+ pr_warn("Number of new values is not equal to number of ordered list elements (%d)\n",
+ bioscfg_drv.ordered_list_data[instance_id].elements_size);
+ ret = -EINVAL;
+ goto validate_ordered_list_value_exit;
+ }
+
+validate_ordered_list_value_exit:
+ kfree(new_values);
+ return ret;
+}
+
+/*
+ * validate_ordered_input() -
+ * Validate input of current_value against possible values
+ *
+ * @instance_id: The instance on which input is validated
+ * @buf: Input value
+ */
+static int validate_ordered_list_input(int instance_id, const char *buf)
+{
+ int ret = 0;
+
+ ret = validate_ordered_list_values(instance_id, buf);
+ if (ret < 0)
+ return -EINVAL;
+
+ /*
+ * set pending reboot flag depending on
+ * "RequiresPhysicalPresence" value
+ */
+ if (bioscfg_drv.ordered_list_data[instance_id].requires_physical_presence)
+ bioscfg_drv.pending_reboot = TRUE;
+
+ return ret;
+}
+
+static void update_ordered_list_value(int instance_id, char *attr_value)
+{
+ strscpy(bioscfg_drv.ordered_list_data[instance_id].current_value,
+ attr_value,
+ sizeof(bioscfg_drv.ordered_list_data[instance_id].current_value));
+}
+
+attribute_s_property_show(display_name_language_code, ordered_list);
+static struct kobj_attribute ordered_list_display_langcode =
+ __ATTR_RO(display_name_language_code);
+
+attribute_s_property_show(display_name, ordered_list);
+static struct kobj_attribute ordered_list_display_name =
+ __ATTR_RO(display_name);
+
+attribute_property_store(current_value, ordered_list);
+static struct kobj_attribute ordered_list_current_val =
+ __ATTR_RW_MODE(current_value, 0644);
+
+
+attribute_n_property_show(prerequisites_size, ordered_list);
+static struct kobj_attribute ordered_list_prerequisites_size_val =
+ __ATTR_RO(prerequisites_size);
+
+attribute_values_property_show(prerequisites, ordered_list);
+static struct kobj_attribute ordered_list_prerequisites_val =
+ __ATTR_RO(prerequisites);
+
+attribute_n_property_show(elements_size, ordered_list);
+static struct kobj_attribute ordered_list_elements_size_val =
+ __ATTR_RO(elements_size);
+
+attribute_values_property_show(elements, ordered_list);
+static struct kobj_attribute ordered_list_elements_val =
+ __ATTR_RO(elements);
+
+static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
+ char *buf)
+{
+ return sysfs_emit(buf, "ordered-list\n");
+}
+static struct kobj_attribute ordered_list_type =
+ __ATTR_RO(type);
+
+static struct attribute *ordered_list_attrs[] = {
+ &ordered_list_display_langcode.attr,
+ &ordered_list_display_name.attr,
+ &ordered_list_current_val.attr,
+ &ordered_list_prerequisites_size_val.attr,
+ &ordered_list_prerequisites_val.attr,
+ &ordered_list_elements_val.attr,
+ &ordered_list_elements_size_val.attr,
+ &ordered_list_type.attr,
+ NULL,
+};
+
+static const struct attribute_group ordered_list_attr_group = {
+ .attrs = ordered_list_attrs,
+};
+
+int alloc_ordered_list_data(void)
+{
+ int ret = 0;
+
+ bioscfg_drv.ordered_list_instances_count =
+ get_instance_count(HP_WMI_BIOS_ORDERED_LIST_GUID);
+ bioscfg_drv.ordered_list_data = kcalloc(bioscfg_drv.ordered_list_instances_count,
+ sizeof(struct ordered_list_data), GFP_KERNEL);
+ if (!bioscfg_drv.ordered_list_data) {
+ bioscfg_drv.ordered_list_instances_count = 0;
+ ret = -ENOMEM;
+ }
+ return ret;
+}
+
+/*
+ * populate_ordered_list_package_data() -
+ * Populate all properties of an instance under ordered_list attribute
+ *
+ * @order_obj: ACPI object with ordered_list data
+ * @instance_id: The instance to enumerate
+ * @attr_name_kobj: The parent kernel object
+ */
+int populate_ordered_list_package_data(union acpi_object *order_obj, int instance_id,
+ struct kobject *attr_name_kobj)
+{
+ bioscfg_drv.ordered_list_data[instance_id].attr_name_kobj = attr_name_kobj;
+
+ populate_ordered_list_elements_from_package(order_obj,
+ order_obj->package.count,
+ instance_id,
+ HPWMI_ORDERED_LIST_TYPE);
+ update_attribute_permissions(bioscfg_drv.ordered_list_data[instance_id].is_readonly,
+ &ordered_list_current_val);
+ friendly_user_name_update(bioscfg_drv.ordered_list_data[instance_id].path,
+ attr_name_kobj->name,
+ bioscfg_drv.ordered_list_data[instance_id].display_name,
+ sizeof(bioscfg_drv.ordered_list_data[instance_id].display_name));
+ return sysfs_create_group(attr_name_kobj, &ordered_list_attr_group);
+}
+
+/* Expected Values types associated with each element */
+static acpi_object_type expected_order_types[] = {
+ [NAME] = ACPI_TYPE_STRING,
+ [VALUE] = ACPI_TYPE_STRING,
+ [PATH] = ACPI_TYPE_STRING,
+ [IS_READONLY] = ACPI_TYPE_INTEGER,
+ [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER,
+ [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER,
+ [SEQUENCE] = ACPI_TYPE_INTEGER,
+ [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER,
+ [PREREQUISITES] = ACPI_TYPE_STRING,
+ [SECURITY_LEVEL] = ACPI_TYPE_INTEGER,
+ [ORD_LIST_SIZE] = ACPI_TYPE_INTEGER,
+ [ORD_LIST_ELEMENTS] = ACPI_TYPE_STRING
+};
+
+
+int populate_ordered_list_elements_from_package(union acpi_object *order_obj,
+ int order_obj_count,
+ int instance_id,
+ enum hp_wmi_data_type type)
+{
+ char *str_value = NULL;
+ int value_len;
+ int ret = 0;
+ u32 size = 0;
+ u32 int_value;
+ int elem = 0;
+ int reqs;
+ int eloc;
+ char *tmpstr = NULL;
+ char *part_tmp = NULL;
+ int tmp_len = 0;
+ char *part = NULL;
+
+ if (!order_obj)
+ return -EINVAL;
+
+ strscpy(bioscfg_drv.ordered_list_data[instance_id].display_name_language_code,
+ LANG_CODE_STR,
+ sizeof(bioscfg_drv.ordered_list_data[instance_id].display_name_language_code));
+
+ for (elem = 1, eloc = 1; elem < order_obj_count; elem++, eloc++) {
+
+ /* ONLY look at the first 'hp_wmi_elements_count[type]' elements */
+ if (eloc == hp_wmi_elements_count[type])
+ goto exit_ordered_list_package;
+
+ switch (order_obj[elem].type) {
+ case ACPI_TYPE_STRING:
+
+ if (elem != PREREQUISITES && elem != ORD_LIST_ELEMENTS) {
+ ret = convert_hexstr_to_str(order_obj[elem].string.pointer,
+ order_obj[elem].string.length,
+ &str_value, &value_len);
+ if (ret)
+ continue;
+ }
+ break;
+ case ACPI_TYPE_INTEGER:
+ int_value = (u32)order_obj[elem].integer.value;
+ break;
+ default:
+ pr_warn("Unsupported object type [%d]\n", order_obj[elem].type);
+ continue;
+ }
+
+ /* Check that both expected and read object type match */
+ if (expected_order_types[eloc] != order_obj[elem].type) {
+ pr_err("Error expected type %d for elem %d, but got type %d instead\n",
+ expected_order_types[eloc], elem, order_obj[elem].type);
+ return -EIO;
+ }
+
+ /* Assign appropriate element value to corresponding field*/
+ switch (eloc) {
+ case VALUE:
+ strscpy(bioscfg_drv.ordered_list_data[instance_id].current_value,
+ str_value, sizeof(bioscfg_drv.ordered_list_data[instance_id].current_value));
+ break;
+ case PATH:
+ strscpy(bioscfg_drv.ordered_list_data[instance_id].path, str_value,
+ sizeof(bioscfg_drv.ordered_list_data[instance_id].path));
+ break;
+ case IS_READONLY:
+ bioscfg_drv.ordered_list_data[instance_id].is_readonly = int_value;
+ break;
+ case DISPLAY_IN_UI:
+ bioscfg_drv.ordered_list_data[instance_id].display_in_ui = int_value;
+ break;
+ case REQUIRES_PHYSICAL_PRESENCE:
+ bioscfg_drv.ordered_list_data[instance_id].requires_physical_presence = int_value;
+ break;
+ case SEQUENCE:
+ bioscfg_drv.ordered_list_data[instance_id].sequence = int_value;
+ break;
+ case PREREQUISITES_SIZE:
+ bioscfg_drv.ordered_list_data[instance_id].prerequisites_size = int_value;
+ if (int_value > MAX_PREREQUISITES_SIZE)
+ pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
+
+ /*
+ * This HACK is needed to keep the expected
+ * element list pointing to the right obj[elem].type
+ * when the size is zero. PREREQUISITES
+ * object is omitted by BIOS when the size is
+ * zero.
+ */
+ if (int_value == 0)
+ eloc++;
+ break;
+ case PREREQUISITES:
+ size = bioscfg_drv.ordered_list_data[instance_id].prerequisites_size;
+
+ for (reqs = 0; reqs < size && reqs < MAX_PREREQUISITES_SIZE; reqs++) {
+ ret = convert_hexstr_to_str(order_obj[elem + reqs].string.pointer,
+ order_obj[elem + reqs].string.length,
+ &str_value, &value_len);
+
+ if (ret)
+ continue;
+
+ strscpy(bioscfg_drv.ordered_list_data[instance_id].prerequisites[reqs],
+ str_value,
+ sizeof(bioscfg_drv.ordered_list_data[instance_id].prerequisites[reqs]));
+
+ kfree(str_value);
+ str_value = NULL;
+ }
+ break;
+
+ case SECURITY_LEVEL:
+ bioscfg_drv.ordered_list_data[instance_id].security_level = int_value;
+ break;
+
+ case ORD_LIST_SIZE:
+ bioscfg_drv.ordered_list_data[instance_id].elements_size = int_value;
+ if (int_value > MAX_ELEMENTS_SIZE)
+ pr_warn("Ordered List size value exceeded the maximum number of elements supported or data may be malformed\n");
+ /*
+ * This HACK is needed to keep the expected
+ * element list pointing to the right obj[elem].type
+ * when the size is zero. ORD_LIST_ELEMENTS
+ * object is omitted by BIOS when the size is
+ * zero.
+ */
+ if (int_value == 0)
+ eloc++;
+ break;
+ case ORD_LIST_ELEMENTS:
+ size = bioscfg_drv.ordered_list_data[instance_id].elements_size;
+
+ /*
+ * Ordered list data is stored in hex and comma separated format
+ * Convert the data and split it to show each element
+ */
+ ret = convert_hexstr_to_str(str_value, value_len, &tmpstr, &tmp_len);
+ if (ret)
+ goto exit_ordered_list_package;
+
+ part_tmp = tmpstr;
+ part = strsep(&part_tmp, ",");
+ if (!part)
+ strscpy(bioscfg_drv.ordered_list_data[instance_id].elements[0],
+ tmpstr,
+ sizeof(bioscfg_drv.ordered_list_data[instance_id].elements[0]));
+
+ for (elem = 1; elem < MAX_ELEMENTS_SIZE && part; elem++) {
+ strscpy(bioscfg_drv.ordered_list_data[instance_id].elements[elem],
+ part,
+ sizeof(bioscfg_drv.ordered_list_data[instance_id].elements[elem]));
+ part = strsep(&part_tmp, ",");
+ }
+
+ kfree(tmpstr);
+ tmpstr = NULL;
+ break;
+ default:
+ pr_warn("Invalid element: %d found in Ordered_List attribute or data may be malformed\n", elem);
+ break;
+ }
+ kfree(tmpstr);
+ tmpstr = NULL;
+ kfree(str_value);
+ str_value = NULL;
+ }
+
+exit_ordered_list_package:
+ kfree(tmpstr);
+ tmpstr = NULL;
+ kfree(str_value);
+ str_value = NULL;
+ return 0;
+}
+
+/*
+ * populate_ordered_list_data() - Populate all properties of an
+ * instance under ordered list attribute
+ *
+ * @buffer_ptr: Buffer pointer
+ * @buffer_size: Buffer size
+ * @instance_id: The instance to enumerate
+ * @attr_name_kobj: The parent kernel object
+ * @enum_property_count: Total properties count under ordered list type
+ */
+int populate_ordered_list_buffer_data(u8 *buffer_ptr, int *buffer_size, int instance_id,
+ struct kobject *attr_name_kobj)
+{
+
+ bioscfg_drv.ordered_list_data[instance_id].attr_name_kobj = attr_name_kobj;
+
+ /* Populate ordered list elements */
+ populate_ordered_list_elements_from_buffer(buffer_ptr, buffer_size,
+ instance_id, HPWMI_ORDERED_LIST_TYPE);
+ update_attribute_permissions(bioscfg_drv.ordered_list_data[instance_id].is_readonly,
+ &ordered_list_current_val);
+ friendly_user_name_update(bioscfg_drv.ordered_list_data[instance_id].path,
+ attr_name_kobj->name,
+ bioscfg_drv.ordered_list_data[instance_id].display_name,
+ sizeof(bioscfg_drv.ordered_list_data[instance_id].display_name));
+
+ return sysfs_create_group(attr_name_kobj, &ordered_list_attr_group);
+}
+
+int populate_ordered_list_elements_from_buffer(u8 *buffer_ptr, int *buffer_size,
+ int instance_id, enum hp_wmi_data_type type)
+{
+ int ret;
+ char *dst = NULL;
+ int elem;
+ int reqs;
+ int integer;
+ int size = 0;
+ int values;
+ int dst_size = *buffer_size / sizeof(u16);
+
+ dst = kcalloc(dst_size, sizeof(char), GFP_KERNEL);
+ if (!dst)
+ return -ENOMEM;
+
+ elem = 0;
+ strscpy(bioscfg_drv.ordered_list_data[instance_id].display_name_language_code,
+ LANG_CODE_STR,
+ sizeof(bioscfg_drv.ordered_list_data[instance_id].display_name_language_code));
+
+ for (elem = 1; elem < 3; elem++) {
+
+ ret = get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
+ if (ret < 0)
+ continue;
+
+ switch (elem) {
+ case VALUE:
+ strscpy(bioscfg_drv.ordered_list_data[instance_id].current_value,
+ dst, sizeof(bioscfg_drv.ordered_list_data[instance_id].current_value));
+ break;
+ case PATH:
+ strscpy(bioscfg_drv.ordered_list_data[instance_id].path, dst,
+ sizeof(bioscfg_drv.ordered_list_data[instance_id].path));
+ break;
+ default:
+ pr_warn("Invalid element: %d found in Ordered list attribute or data may be malformed\n", elem);
+ break;
+ }
+ }
+ for (elem = 3; elem < hp_wmi_elements_count[type]; elem++) {
+
+ if (elem != PREREQUISITES && elem != ORD_LIST_ELEMENTS) {
+ ret = get_integer_from_buffer((int **)&buffer_ptr, buffer_size, (int *)&integer);
+ if (ret < 0)
+ continue;
+ }
+
+ switch (elem) {
+
+ case IS_READONLY:
+ bioscfg_drv.ordered_list_data[instance_id].is_readonly = integer;
+ break;
+ case DISPLAY_IN_UI:
+ bioscfg_drv.ordered_list_data[instance_id].display_in_ui = integer;
+ break;
+ case REQUIRES_PHYSICAL_PRESENCE:
+ bioscfg_drv.ordered_list_data[instance_id].requires_physical_presence = integer;
+ break;
+ case SEQUENCE:
+ bioscfg_drv.ordered_list_data[instance_id].sequence = integer;
+ break;
+ case PREREQUISITES_SIZE:
+ bioscfg_drv.ordered_list_data[instance_id].prerequisites_size = integer;
+ if (integer > MAX_PREREQUISITES_SIZE)
+ pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
+
+ // PREREQUISITES:
+ elem++;
+ size = bioscfg_drv.ordered_list_data[instance_id].prerequisites_size;
+ for (reqs = 0; reqs < size && reqs < MAX_PREREQUISITES_SIZE; reqs++) {
+ ret = get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
+ if (ret < 0)
+ continue;
+
+ strscpy(bioscfg_drv.ordered_list_data[instance_id].prerequisites[reqs],
+ dst,
+ sizeof(bioscfg_drv.ordered_list_data[instance_id].prerequisites[reqs]));
+ }
+ break;
+ case SECURITY_LEVEL:
+ bioscfg_drv.ordered_list_data[instance_id].security_level = integer;
+ break;
+ case ORD_LIST_SIZE:
+ bioscfg_drv.ordered_list_data[instance_id].elements_size = integer;
+ if (integer > MAX_ELEMENTS_SIZE)
+ pr_warn("Ordered List size value exceeded the maximum number of elements supported or data may be malformed\n");
+
+ // ORD_LIST_ELEMENTS:
+ elem++;
+ size = bioscfg_drv.ordered_list_data[instance_id].elements_size;
+ for (values = 0; values < size && values < MAX_ELEMENTS_SIZE; values++) {
+ ret = get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
+ if (ret < 0)
+ continue;
+
+ strscpy(bioscfg_drv.ordered_list_data[instance_id].elements[values],
+ dst,
+ sizeof(bioscfg_drv.ordered_list_data[instance_id].elements)[values]);
+ }
+ break;
+ default:
+ pr_warn("Invalid element: %d found in Ordered list attribute or data may be malformed\n", elem);
+ break;
+ }
+ }
+ kfree(dst);
+
+ return 0;
+}
+
+
+/*
+ * exit_ordered_list_attributes() - Clear all attribute data
+ *
+ * Clears all data allocated for this group of attributes
+ */
+void exit_ordered_list_attributes(void)
+{
+ int instance_id;
+
+ for (instance_id = 0; instance_id < bioscfg_drv.ordered_list_instances_count; instance_id++) {
+ if (bioscfg_drv.ordered_list_data[instance_id].attr_name_kobj)
+ sysfs_remove_group(bioscfg_drv.ordered_list_data[instance_id].attr_name_kobj,
+ &ordered_list_attr_group);
+ }
+ bioscfg_drv.ordered_list_instances_count = 0;
+
+ kfree(bioscfg_drv.ordered_list_data);
+ bioscfg_drv.ordered_list_data = NULL;
+}
diff --git a/drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c
new file mode 100644
index 000000000000..a627b90e5f28
--- /dev/null
+++ b/drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c
@@ -0,0 +1,676 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Functions corresponding to password object type attributes under
+ * BIOS PASSWORD for use with hp-bioscfg driver.
+ *
+ * Copyright (c) 2022 HP Development Company, L.P.
+ */
+
+#include "bioscfg.h"
+#include <asm-generic/posix_types.h>
+
+get_instance_id(password);
+
+/*
+ * Clear all passwords copied to memory for a particular
+ * authentication instance
+*/
+int clear_passwords(const int instance)
+{
+ if (!bioscfg_drv.password_data[instance].is_enabled)
+ return 0;
+
+ memset(bioscfg_drv.password_data[instance].current_password,
+ 0, sizeof(bioscfg_drv.password_data[instance].current_password));
+ memset(bioscfg_drv.password_data[instance].new_password,
+ 0, sizeof(bioscfg_drv.password_data[instance].new_password));
+
+ return 0;
+}
+
+/*
+ * Clear all credentials copied to memory for both Power-ON and Setup
+ * BIOS instances
+*/
+int clear_all_credentials(void)
+{
+ int instance;
+
+ /* clear all passwords */
+ for (instance = 0; instance < bioscfg_drv.password_instances_count; instance++)
+ clear_passwords(instance);
+
+ /* clear auth_token */
+ kfree(bioscfg_drv.spm_data.auth_token);
+ bioscfg_drv.spm_data.auth_token = NULL;
+
+ return 0;
+}
+
+int get_password_instance_for_type(const char *name)
+{
+ int count = bioscfg_drv.password_instances_count;
+ int instance;
+
+ for (instance = 0; instance < count; instance++) {
+ if (strcmp(bioscfg_drv.password_data[instance].display_name, name) == 0)
+ return instance;
+ }
+ return -EINVAL;
+}
+
+int validate_password_input(int instance_id, const char *buf)
+{
+ int length;
+
+ length = strlen(buf);
+ if (buf[length-1] == '\n')
+ length--;
+
+ if (length > MAX_PASSWD_SIZE)
+ return INVALID_BIOS_AUTH;
+
+ if (bioscfg_drv.password_data[instance_id].min_password_length > length ||
+ bioscfg_drv.password_data[instance_id].max_password_length < length)
+ return INVALID_BIOS_AUTH;
+ return SUCCESS;
+}
+
+int password_is_set(const char *name)
+{
+ int id;
+
+ id = get_password_instance_for_type(name);
+ if (id < 0)
+ return 0;
+
+ return bioscfg_drv.password_data[id].is_enabled;
+}
+
+attribute_n_property_show(is_enabled, password);
+static struct kobj_attribute password_is_password_set = __ATTR_RO(is_enabled);
+
+static ssize_t current_password_store(struct kobject *kobj,
+ struct kobj_attribute *attr,
+ const char *buf, size_t count)
+{
+ char *p, *buf_cp;
+ int id, ret = 0;
+
+ buf_cp = kstrdup(buf, GFP_KERNEL);
+ if (!buf_cp) {
+ ret = -ENOMEM;
+ goto exit_current_password;
+ }
+
+ p = memchr(buf_cp, '\n', count);
+
+ if (p != NULL)
+ *p = '\0';
+
+ id = get_password_instance_id(kobj);
+
+ if (id >= 0)
+ ret = validate_password_input(id, buf_cp);
+
+ if (!ret) {
+ strscpy(bioscfg_drv.password_data[id].current_password,
+ buf_cp,
+ sizeof(bioscfg_drv.password_data[id].current_password));
+ /*
+ * set pending reboot flag depending on
+ * "RequiresPhysicalPresence" value
+ */
+ if (bioscfg_drv.password_data[id].requires_physical_presence)
+ bioscfg_drv.pending_reboot = TRUE;
+ }
+
+exit_current_password:
+ kfree(buf_cp);
+ return ret ? ret : count;
+}
+static struct kobj_attribute password_current_password = __ATTR_WO(current_password);
+
+static ssize_t new_password_store(struct kobject *kobj,
+ struct kobj_attribute *attr,
+ const char *buf, size_t count)
+{
+ char *p, *buf_cp = NULL;
+ int id, ret = -EIO;
+
+ buf_cp = kstrdup(buf, GFP_KERNEL);
+ if (!buf_cp) {
+ ret = -ENOMEM;
+ goto exit_new_password;
+ }
+
+ p = memchr(buf_cp, '\n', count);
+
+ if (p != NULL)
+ *p = '\0';
+
+ id = get_password_instance_id(kobj);
+
+ if (id >= 0)
+ ret = validate_password_input(id, buf_cp);
+
+ if (!ret)
+ strscpy(bioscfg_drv.password_data[id].new_password,
+ buf_cp,
+ sizeof(bioscfg_drv.password_data[id].new_password));
+
+ if (!ret)
+ ret = hp_set_attribute(kobj->name, buf_cp);
+
+exit_new_password:
+ /*
+ * Regardless of the results both new and current passwords
+ * will be set to zero and avoid security issues
+ */
+ clear_passwords(id);
+
+ kfree(buf_cp);
+ return ret ? ret : count;
+}
+
+static struct kobj_attribute password_new_password = __ATTR_WO(new_password);
+
+
+attribute_n_property_show(min_password_length, password);
+static struct kobj_attribute password_min_password_length = __ATTR_RO(min_password_length);
+
+attribute_n_property_show(max_password_length, password);
+static struct kobj_attribute password_max_password_length = __ATTR_RO(max_password_length);
+
+static ssize_t role_show(struct kobject *kobj, struct kobj_attribute *attr,
+ char *buf)
+{
+ if (strcmp(kobj->name, SETUP_PASSWD) == 0)
+ return sysfs_emit(buf, "%s\n", role_type[BIOS_ADMIN]);
+
+ if (strcmp(kobj->name, POWER_ON_PASSWD) == 0)
+ return sysfs_emit(buf, "%s\n", role_type[POWER_ON]);
+
+ return -EIO;
+}
+static struct kobj_attribute password_role = __ATTR_RO(role);
+
+static ssize_t mechanism_show(struct kobject *kobj, struct kobj_attribute *attr,
+ char *buf)
+{
+ int i = get_password_instance_id(kobj);
+
+ if (i < 0)
+ return i;
+
+ if (bioscfg_drv.password_data[i].mechanism != PASSWORD)
+ return -EINVAL;
+
+ return sysfs_emit(buf, "%s\n",
+ passwd_mechanism_types[bioscfg_drv.password_data[i].mechanism]);
+}
+static struct kobj_attribute password_mechanism = __ATTR_RO(mechanism);
+
+static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
+ char *buf)
+{
+ return sysfs_emit(buf, "password\n");
+}
+static struct kobj_attribute password_type = __ATTR_RO(type);
+
+attribute_s_property_show(display_name, password);
+static struct kobj_attribute password_display_name =
+ __ATTR_RO(display_name);
+
+attribute_s_property_show(display_name_language_code, password);
+static struct kobj_attribute password_display_langcode =
+ __ATTR_RO(display_name_language_code);
+
+attribute_n_property_show(prerequisites_size, password);
+static struct kobj_attribute password_prerequisites_size_val =
+ __ATTR_RO(prerequisites_size);
+
+attribute_values_property_show(prerequisites, password);
+static struct kobj_attribute password_prerequisites_val =
+ __ATTR_RO(prerequisites);
+
+attribute_n_property_show(encodings_size, password);
+static struct kobj_attribute password_encodings_size_val =
+ __ATTR_RO(encodings_size);
+
+attribute_values_property_show(encodings, password);
+static struct kobj_attribute password_encodings_val =
+ __ATTR_RO(encodings);
+
+
+static struct attribute *password_attrs[] = {
+ &password_is_password_set.attr,
+ &password_min_password_length.attr,
+ &password_max_password_length.attr,
+ &password_current_password.attr,
+ &password_new_password.attr,
+ &password_role.attr,
+ &password_mechanism.attr,
+ &password_type.attr,
+ &password_display_name.attr,
+ &password_display_langcode.attr,
+ &password_prerequisites_size_val.attr,
+ &password_prerequisites_val.attr,
+ &password_encodings_val.attr,
+ &password_encodings_size_val.attr,
+ NULL,
+};
+
+static const struct attribute_group bios_password_attr_group = {
+ .attrs = password_attrs,
+};
+
+static const struct attribute_group system_password_attr_group = {
+ .attrs = password_attrs,
+};
+
+int alloc_password_data(void)
+{
+ int ret = 0;
+
+ bioscfg_drv.password_instances_count = get_instance_count(HP_WMI_BIOS_PASSWORD_GUID);
+ bioscfg_drv.password_data = kcalloc(bioscfg_drv.password_instances_count,
+ sizeof(struct password_data), GFP_KERNEL);
+ if (!bioscfg_drv.password_data) {
+ bioscfg_drv.password_instances_count = 0;
+ ret = -ENOMEM;
+ }
+
+ return ret;
+}
+
+/*
+ * populate_password_package_data -
+ * Populate all properties for an instance under password attribute
+ *
+ * @password_obj: ACPI object with password data
+ * @instance_id: The instance to enumerate
+ * @attr_name_kobj: The parent kernel object
+ */
+int populate_password_package_data(union acpi_object *password_obj, int instance_id,
+ struct kobject *attr_name_kobj)
+{
+ bioscfg_drv.password_data[instance_id].attr_name_kobj = attr_name_kobj;
+
+ populate_password_elements_from_package(password_obj,
+ password_obj->package.count,
+ instance_id,
+ HPWMI_PASSWORD_TYPE);
+
+ if (strcmp(attr_name_kobj->name, "Setup Password") == 0) {
+ /* Save system authentication instance for easy access */
+ return sysfs_create_group(attr_name_kobj, &bios_password_attr_group);
+ }
+
+ return sysfs_create_group(attr_name_kobj, &system_password_attr_group);
+}
+
+/* Expected Values types associated with each element */
+static acpi_object_type expected_password_types[] = {
+ [NAME] = ACPI_TYPE_STRING,
+ [VALUE] = ACPI_TYPE_STRING,
+ [PATH] = ACPI_TYPE_STRING,
+ [IS_READONLY] = ACPI_TYPE_INTEGER,
+ [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER,
+ [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER,
+ [SEQUENCE] = ACPI_TYPE_INTEGER,
+ [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER,
+ [PREREQUISITES] = ACPI_TYPE_STRING,
+ [SECURITY_LEVEL] = ACPI_TYPE_INTEGER,
+ [PSWD_MIN_LENGTH] = ACPI_TYPE_INTEGER,
+ [PSWD_MAX_LENGTH] = ACPI_TYPE_INTEGER,
+ [PSWD_SIZE] = ACPI_TYPE_INTEGER,
+ [PSWD_ENCODINGS] = ACPI_TYPE_STRING,
+ [PSWD_IS_SET] = ACPI_TYPE_INTEGER
+};
+
+
+int populate_password_elements_from_package(union acpi_object *password_obj,
+ int password_obj_count,
+ int instance_id,
+ enum hp_wmi_data_type type)
+{
+ char *str_value = NULL;
+ int value_len;
+ int ret = 0;
+ u32 size = 0;
+ u32 int_value;
+ int elem = 0;
+ int reqs;
+ int eloc;
+ int pos_values;
+
+
+ if (!password_obj)
+ return -EINVAL;
+
+ strscpy(bioscfg_drv.password_data[instance_id].display_name_language_code,
+ LANG_CODE_STR,
+ sizeof(bioscfg_drv.password_data[instance_id].display_name_language_code));
+
+ for (elem = 1, eloc = 1; elem < password_obj_count; elem++, eloc++) {
+
+ /* ONLY look at the first 'hp_wmi_elements_count[type]' elements */
+ if (eloc == hp_wmi_elements_count[type])
+ goto exit_password_package;
+
+ switch (password_obj[elem].type) {
+ case ACPI_TYPE_STRING:
+
+ if (PREREQUISITES != elem && PSWD_ENCODINGS != elem) {
+ ret = convert_hexstr_to_str(password_obj[elem].string.pointer,
+ password_obj[elem].string.length,
+ &str_value, &value_len);
+ if (ret)
+ continue;
+ }
+ break;
+ case ACPI_TYPE_INTEGER:
+ int_value = (u32)password_obj[elem].integer.value;
+ break;
+ default:
+ pr_warn("Unsupported object type [%d]\n", password_obj[elem].type);
+ continue;
+ }
+
+ /* Check that both expected and read object type match */
+ if (expected_password_types[eloc] != password_obj[elem].type) {
+ pr_err("Error expected type %d for elem %d, but got type %d instead\n",
+ expected_password_types[eloc], elem, password_obj[elem].type);
+ return -EIO;
+ }
+
+ /* Assign appropriate element value to corresponding field*/
+ switch (eloc) {
+ case VALUE:
+ break;
+ case PATH:
+ strscpy(bioscfg_drv.password_data[instance_id].path, str_value,
+ sizeof(bioscfg_drv.password_data[instance_id].path));
+ break;
+ case IS_READONLY:
+ bioscfg_drv.password_data[instance_id].is_readonly = int_value;
+ break;
+ case DISPLAY_IN_UI:
+ bioscfg_drv.password_data[instance_id].display_in_ui = int_value;
+ break;
+ case REQUIRES_PHYSICAL_PRESENCE:
+ bioscfg_drv.password_data[instance_id].requires_physical_presence = int_value;
+ break;
+ case SEQUENCE:
+ bioscfg_drv.password_data[instance_id].sequence = int_value;
+ break;
+ case PREREQUISITES_SIZE:
+ bioscfg_drv.password_data[instance_id].prerequisites_size = int_value;
+ if (int_value > MAX_PREREQUISITES_SIZE)
+ pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
+ /*
+ * This HACK is needed to keep the expected
+ * element list pointing to the right obj[elem].type
+ * when the size is zero. PREREQUISITES
+ * object is omitted by BIOS when the size is
+ * zero.
+ */
+ if (int_value == 0)
+ eloc++;
+ break;
+ case PREREQUISITES:
+ size = bioscfg_drv.password_data[instance_id].prerequisites_size;
+
+ for (reqs = 0; reqs < size; reqs++) {
+ ret = convert_hexstr_to_str(password_obj[elem + reqs].string.pointer,
+ password_obj[elem + reqs].string.length,
+ &str_value, &value_len);
+
+ if (ret)
+ break;
+
+ strscpy(bioscfg_drv.password_data[instance_id].prerequisites[reqs],
+ str_value,
+ sizeof(bioscfg_drv.password_data[instance_id].prerequisites[reqs]));
+
+ kfree(str_value);
+ str_value = NULL;
+ }
+ break;
+
+ case SECURITY_LEVEL:
+ bioscfg_drv.password_data[instance_id].security_level = int_value;
+ break;
+
+ case PSWD_MIN_LENGTH:
+ bioscfg_drv.password_data[instance_id].min_password_length = int_value;
+ break;
+ case PSWD_MAX_LENGTH:
+ bioscfg_drv.password_data[instance_id].max_password_length = int_value;
+ break;
+ case PSWD_SIZE:
+ bioscfg_drv.password_data[instance_id].encodings_size = int_value;
+ if (int_value > MAX_ENCODINGS_SIZE)
+ pr_warn("Password Encoding size value exceeded the maximum number of elements supported or data may be malformed\n");
+
+ /*
+ * This HACK is needed to keep the expected
+ * element list pointing to the right obj[elem].type
+ * when the size is zero. PSWD_ENCODINGS
+ * object is omitted by BIOS when the size is
+ * zero.
+ */
+ if (int_value == 0)
+ eloc++;
+ break;
+
+ case PSWD_ENCODINGS:
+ size = bioscfg_drv.password_data[instance_id].encodings_size;
+
+ for (pos_values = 0; pos_values < size && pos_values < MAX_ENCODINGS_SIZE; pos_values++) {
+ ret = convert_hexstr_to_str(password_obj[elem + pos_values].string.pointer,
+ password_obj[elem + pos_values].string.length,
+ &str_value, &value_len);
+ if (ret)
+ break;
+
+ strscpy(bioscfg_drv.password_data[instance_id].encodings[pos_values],
+ str_value,
+ sizeof(bioscfg_drv.password_data[instance_id].encodings[pos_values]));
+ kfree(str_value);
+ str_value = NULL;
+ }
+ break;
+ case PSWD_IS_SET:
+ bioscfg_drv.password_data[instance_id].is_enabled = int_value;
+ break;
+
+ default:
+ pr_warn("Invalid element: %d found in Password attribute or data may be malformed\n", elem);
+ break;
+ }
+ kfree(str_value);
+ str_value = NULL;
+ }
+
+exit_password_package:
+ kfree(str_value);
+ str_value = NULL;
+ return 0;
+}
+
+/*
+ * populate_password_buffer_data -
+ * Populate all properties for an instance under password object attribute
+ *
+ * @buffer_ptr: Buffer pointer
+ * @buffer_size: Buffer size
+ * @instance_id: The instance to enumerate
+ * @attr_name_kobj: The parent kernel object
+ */
+int populate_password_buffer_data(u8 *buffer_ptr, int *buffer_size, int instance_id,
+ struct kobject *attr_name_kobj)
+{
+ bioscfg_drv.password_data[instance_id].attr_name_kobj = attr_name_kobj;
+
+ /* Populate Password attributes */
+ populate_password_elements_from_buffer(buffer_ptr, buffer_size,
+ instance_id, HPWMI_PASSWORD_TYPE);
+ friendly_user_name_update(bioscfg_drv.password_data[instance_id].path,
+ attr_name_kobj->name,
+ bioscfg_drv.password_data[instance_id].display_name,
+ sizeof(bioscfg_drv.password_data[instance_id].display_name));
+ if (strcmp(attr_name_kobj->name, "Setup Password") == 0)
+ return sysfs_create_group(attr_name_kobj, &bios_password_attr_group);
+
+ return sysfs_create_group(attr_name_kobj, &system_password_attr_group);
+}
+
+int populate_password_elements_from_buffer(u8 *buffer_ptr, int *buffer_size,
+ int instance_id,
+ enum hp_wmi_data_type type)
+{
+ int ret;
+ char *dst = NULL;
+ int elem;
+ int reqs;
+ int integer;
+ int size = 0;
+ int values;
+ int dst_size = *buffer_size / sizeof(u16);
+
+ dst = kcalloc(dst_size, sizeof(char), GFP_KERNEL);
+ if (!dst)
+ return -ENOMEM;
+
+ elem = 0;
+ strscpy(bioscfg_drv.password_data[instance_id].display_name_language_code,
+ LANG_CODE_STR,
+ sizeof(bioscfg_drv.password_data[instance_id].display_name_language_code));
+
+ for (elem = 1; elem < 3; elem++) {
+
+ ret = get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
+ if (ret < 0)
+ continue;
+
+ switch (elem) {
+ case VALUE:
+ strscpy(bioscfg_drv.password_data[instance_id].current_password,
+ dst, sizeof(bioscfg_drv.password_data[instance_id].current_password));
+ break;
+ case PATH:
+ strscpy(bioscfg_drv.password_data[instance_id].path, dst,
+ sizeof(bioscfg_drv.password_data[instance_id].path));
+ break;
+ default:
+ pr_warn("Invalid element: %d found in Password attribute or data may be malformed\n", elem);
+ break;
+ }
+ }
+
+ for (elem = 3; elem < hp_wmi_elements_count[type]; elem++) {
+
+ if (elem != PREREQUISITES && elem != PSWD_ENCODINGS) {
+ ret = get_integer_from_buffer((int **)&buffer_ptr, buffer_size, (int *)&integer);
+ if (ret)
+ continue;
+ }
+
+ switch (elem) {
+ case IS_READONLY:
+ bioscfg_drv.password_data[instance_id].is_readonly = integer;
+ break;
+ case DISPLAY_IN_UI:
+ bioscfg_drv.password_data[instance_id].display_in_ui = integer;
+ break;
+ case REQUIRES_PHYSICAL_PRESENCE:
+ bioscfg_drv.password_data[instance_id].requires_physical_presence = integer;
+ break;
+ case SEQUENCE:
+ bioscfg_drv.password_data[instance_id].sequence = integer;
+ break;
+ case PREREQUISITES_SIZE:
+ bioscfg_drv.password_data[instance_id].prerequisites_size = integer;
+ if (integer > MAX_PREREQUISITES_SIZE)
+ pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
+
+ // PREREQUISITES:
+ elem++;
+ size = bioscfg_drv.password_data[instance_id].prerequisites_size;
+ for (reqs = 0; reqs < size && reqs > MAX_PREREQUISITES_SIZE; reqs++) {
+ ret = get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
+ if (ret < 0)
+ continue;
+
+ strscpy(bioscfg_drv.password_data[instance_id].prerequisites[reqs],
+ dst,
+ sizeof(bioscfg_drv.password_data[instance_id].prerequisites[reqs]));
+ }
+ break;
+ case SECURITY_LEVEL:
+ bioscfg_drv.password_data[instance_id].security_level = integer;
+ break;
+
+ case PSWD_MIN_LENGTH:
+ bioscfg_drv.password_data[instance_id].min_password_length = integer;
+ break;
+ case PSWD_MAX_LENGTH:
+ bioscfg_drv.password_data[instance_id].max_password_length = integer;
+ break;
+ case PSWD_SIZE:
+ bioscfg_drv.password_data[instance_id].encodings_size = integer;
+ if (integer > MAX_ENCODINGS_SIZE)
+ pr_warn("Password Encoding size value exceeded the maximum number of elements supported or data may be malformed\n");
+
+ // PSWD_ENCODINGS:
+ elem++;
+ size = bioscfg_drv.password_data[instance_id].encodings_size;
+ for (values = 0; values < size && values < MAX_ENCODINGS_SIZE; values++) {
+ ret = get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
+ if (ret < 0)
+ continue;
+
+ strscpy(bioscfg_drv.password_data[instance_id].encodings[values],
+ dst,
+ sizeof(bioscfg_drv.password_data[instance_id].encodings[values]));
+
+ }
+ break;
+ case PSWD_IS_SET:
+ bioscfg_drv.password_data[instance_id].is_enabled = integer;
+ break;
+ default:
+ pr_warn("Invalid element: %d found in Password attribute or data may be malformed\n", elem);
+ break;
+ }
+ }
+ kfree(dst);
+
+ return 0;
+}
+
+/*
+ * exit_password_attributes() - Clear all attribute data
+ *
+ * Clears all data allocated for this group of attributes
+ */
+void exit_password_attributes(void)
+{
+ int instance_id;
+
+ for (instance_id = 0; instance_id < bioscfg_drv.password_instances_count; instance_id++) {
+ if (bioscfg_drv.password_data[instance_id].attr_name_kobj) {
+ if (strcmp(bioscfg_drv.password_data[instance_id].attr_name_kobj->name, SETUP_PASSWD) == 0)
+ sysfs_remove_group(bioscfg_drv.password_data[instance_id].attr_name_kobj,
+ &bios_password_attr_group);
+ else
+ sysfs_remove_group(bioscfg_drv.password_data[instance_id].attr_name_kobj,
+ &system_password_attr_group);
+ }
+ }
+ bioscfg_drv.password_instances_count = 0;
+ kfree(bioscfg_drv.password_data);
+ bioscfg_drv.password_data = NULL;
+}
--
2.34.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH v6 3/4] Introduction of HP-BIOSCFG driver [3]
2023-03-09 20:10 [PATCH v6 0/4] Introduction of HP-BIOSCFG driver Jorge Lopez
2023-03-09 20:10 ` [PATCH v6 1/4] " Jorge Lopez
2023-03-09 20:10 ` [PATCH v6 2/4] Introduction of HP-BIOSCFG driver [2] Jorge Lopez
@ 2023-03-09 20:10 ` Jorge Lopez
2023-04-02 17:01 ` Thomas Weißschuh
2023-03-09 20:10 ` [PATCH v6 4/4] Introduction of HP-BIOSCFG driver [4] Jorge Lopez
3 siblings, 1 reply; 18+ messages in thread
From: Jorge Lopez @ 2023-03-09 20:10 UTC (permalink / raw)
To: hdegoede, platform-driver-x86
The purpose for this patch is submit HP BIOSCFG driver to be list of
HP Linux kernel drivers. The driver include a total of 12 files
broken in several patches.
HP BIOS Configuration driver purpose is to provide a driver supporting
the latest sysfs class firmware attributes framework allowing the user
to change BIOS settings and security solutions on HP Inc.’s commercial
notebooks.
Many features of HP Commercial PC’s can be managed using Windows
Management Instrumentation (WMI). WMI is an implementation of Web-Based
Enterprise Management (WBEM) that provides a standards-based interface
for changing and monitoring system settings. HP BISOCFG driver provides
a native Linux solution and the exposed features facilitates the
migration to Linux environments.
The Linux security features to be provided in hp-bioscfg driver enables
managing the BIOS settings and security solutions via sysfs, a virtual
filesystem that can be used by user-mode applications. The new
documentation cover features such Secure Platform Management, Sure
Admin, and Sure Start. Each section provides security feature
description and identifies sysfs directories and files exposed by
the driver.
Many HP Commercial PC’s include a feature called Secure Platform
Management (SPM), which replaces older password-based BIOS settings
management with public key cryptography. PC secure product management
begins when a target system is provisioned with cryptographic keys
that are used to ensure the integrity of communications between system
management utilities and the BIOS.
HP Commercial PC’s have several BIOS settings that control its behaviour
and capabilities, many of which are related to security. To prevent
unauthorized changes to these settings, the system can be configured
to use a Sure Admin cryptographic signature-based authorization string
that the BIOS will use to verify authorization to modify the setting.
Signed-off-by: Jorge Lopez <jorge.lopez2@hp.com>
---
Based on the latest platform-drivers-x86.git/for-next
History
Version 6
Breaks down the changes into 4 patches
SureAdmin-attributes was removed
Version 5
Remove version 4 patch 1
Address review changes proposed in Version 4
Reorganize all patches number and file order
---
drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 1017 +++++++++++++++++
drivers/platform/x86/hp/hp-bioscfg/bioscfg.h | 654 +++++++++++
.../x86/hp/hp-bioscfg/enum-attributes.c | 553 +++++++++
3 files changed, 2224 insertions(+)
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.c
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c
diff --git a/drivers/platform/x86/hp/hp-bioscfg/bioscfg.c b/drivers/platform/x86/hp/hp-bioscfg/bioscfg.c
new file mode 100644
index 000000000000..ca0710cbda7d
--- /dev/null
+++ b/drivers/platform/x86/hp/hp-bioscfg/bioscfg.c
@@ -0,0 +1,1017 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Common methods for use with hp-bioscfg driver
+ *
+ * Copyright (c) 2022 HP Development Company, L.P.
+ */
+
+#include <asm-generic/errno-base.h>
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
+#include <linux/fs.h>
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/wmi.h>
+#include "bioscfg.h"
+#include "../../firmware_attributes_class.h"
+#include <linux/nls.h>
+
+MODULE_AUTHOR("Jorge Lopez <jorge.lopez2@hp.com>");
+MODULE_DESCRIPTION("HP BIOS Configuration Driver");
+MODULE_LICENSE("GPL");
+
+struct bioscfg_priv bioscfg_drv = {
+ .mutex = __MUTEX_INITIALIZER(bioscfg_drv.mutex),
+};
+
+static struct class *fw_attr_class;
+
+int get_integer_from_buffer(int **buffer, int *buffer_size, int *integer)
+{
+ int *ptr = PTR_ALIGN(*buffer, 4);
+
+ /* Ensure there is enough space remaining to read the integer */
+ if (*buffer_size < sizeof(int))
+ return -EINVAL;
+
+ *integer = *(ptr++);
+ *buffer = ptr;
+ *buffer_size -= sizeof(int);
+
+ return 0;
+}
+
+
+int get_string_from_buffer(u8 **buffer, int *buffer_size, char *dst, int dst_size)
+{
+ u16 *src = (u16 *)*buffer;
+ u16 src_size;
+
+ u16 size;
+ int i;
+ int escape = 0;
+ int conv_dst_size;
+
+ if (*buffer_size < sizeof(u16))
+ return -EINVAL;
+
+ src_size = *(src++);
+ /* size value in u16 chars */
+ size = src_size / sizeof(u16);
+
+ /* Ensure there is enough space remaining to read and convert
+ * the string
+ */
+ if (*buffer_size < src_size)
+ return -EINVAL;
+
+ for (i = 0; i < size; i++)
+ if (src[i] == '\\' ||
+ src[i] == '\r' ||
+ src[i] == '\n' ||
+ src[i] == '\t')
+ escape++;
+
+ size += escape;
+
+ /*
+ * Conversion is limited to destination string max number of
+ * bytes.
+ */
+ conv_dst_size = size;
+ if (size > dst_size)
+ conv_dst_size = dst_size - 1;
+
+ /*
+ * convert from UTF-16 unicode to ASCII
+ */
+ utf16s_to_utf8s(src, src_size, UTF16_HOST_ENDIAN, dst, conv_dst_size);
+ dst[conv_dst_size] = 0;
+
+ for (i = 0; i < size && i < conv_dst_size; i++) {
+ if (*src == '\\' ||
+ *src == '\r' ||
+ *src == '\n' ||
+ *src == '\t')
+ dst[i++] = '\\';
+
+ if (*src == '\r')
+ dst[i] = 'r';
+ else if (*src == '\n')
+ dst[i] = 'n';
+ else if (*src == '\t')
+ dst[i] = 't';
+ else if (*src == '"')
+ dst[i] = '\'';
+ else
+ dst[i] = *src;
+ src++;
+ }
+
+ *buffer = (u8 *)src;
+ *buffer_size -= size * sizeof(u16);
+
+ return size;
+}
+
+
+/*
+ * calculate_string_buffer() - determines size of string buffer for use with BIOS communication
+ * @str: the string to calculate based upon
+ */
+size_t bioscfg_calculate_string_buffer(const char *str)
+{
+ int length = strlen(str);
+ int size;
+
+ /* BIOS expects 4 bytes when an empty string is found */
+ if (!length)
+ length = 1;
+
+
+ /* u16 length field + one UTF16 char for each input char */
+ size = sizeof(u16) + length * sizeof(u16);
+
+ return size;
+}
+
+static int bioscfg_wmi_error_and_message(int error_code, char *msg)
+{
+ char *error_msg = NULL;
+ int ret = -EIO;
+
+ switch (error_code) {
+ case SUCCESS:
+ error_msg = "Success";
+ ret = 0;
+ break;
+ case CMD_FAILED:
+ error_msg = "Command failed";
+ ret = -EINVAL;
+ break;
+ case INVALID_SIGN:
+ error_msg = "Invalid signature";
+ ret = -EINVAL;
+ break;
+ case INVALID_CMD_VALUE:
+ error_msg = "Invalid command value/Feature not supported";
+ ret = -EOPNOTSUPP;
+ break;
+ case INVALID_CMD_TYPE:
+ error_msg = "Invalid command type";
+ ret = -EINVAL;
+ break;
+ case INVALID_DATA_SIZE:
+ error_msg = "Invalid data size";
+ ret = -EINVAL;
+ break;
+ case INVALID_CMD_PARAM:
+ error_msg = "Invalid command parameter";
+ ret = -EINVAL;
+ break;
+ case ENCRYP_CMD_REQUIRED:
+ error_msg = "Secure/encrypted command required";
+ ret = -EACCES;
+ break;
+ case NO_SECURE_SESSION:
+ error_msg = "No secure session established";
+ ret = -EACCES;
+ break;
+ case SECURE_SESSION_FOUND:
+ error_msg = "Secure session already established";
+ ret = -EACCES;
+ break;
+ case SECURE_SESSION_FAILED:
+ error_msg = "Secure session failed";
+ ret = -EIO;
+ break;
+ case AUTH_FAILED:
+ error_msg = "Other permission/Authentication failed";
+ ret = -EACCES;
+ break;
+ case INVALID_BIOS_AUTH:
+ error_msg = "Invalid BIOS administrator password";
+ ret = -EINVAL;
+ break;
+ case NONCE_DID_NOT_MATCH:
+ error_msg = "Nonce did not match";
+ ret = -EINVAL;
+ break;
+ case GENERIC_ERROR:
+ error_msg = "Generic/Other error";
+ ret = -EIO;
+ break;
+ case BIOS_ADMIN_POLICY_NOT_MET:
+ error_msg = "BIOS Admin password does not meet password policy requirements";
+ ret = -EINVAL;
+ break;
+ case BIOS_ADMIN_NOT_SET:
+ error_msg = "BIOS Setup password is not set.";
+ ret = -EPERM;
+ break;
+ case P21_NO_PROVISIONED:
+ error_msg = "P21 is not provisioned";
+ ret = -EPERM;
+ break;
+ case P21_PROVISION_IN_PROGRESS:
+ error_msg = "P21 is already provisioned or provisioning is in progress and a signing key has already been sent.";
+ ret = -EINPROGRESS;
+ break;
+ case P21_IN_USE:
+ error_msg = "P21 in use (cannot deprovision)";
+ ret = -EPERM;
+ break;
+ case HEP_NOT_ACTIVE:
+ error_msg = "HEP not activated";
+ ret = -EPERM;
+ break;
+ case HEP_ALREADY_SET:
+ error_msg = "HEP Transport already set";
+ ret = -EINVAL;
+ break;
+ case HEP_CHECK_STATE:
+ error_msg = "Check the current HEP state";
+ ret = -EINVAL;
+ break;
+ default:
+ error_msg = "Generic/Other error";
+ ret = -EIO;
+ break;
+ }
+
+ if (msg != NULL)
+ return sysfs_emit(msg, "%d,\"%s\"", error_code, error_msg);
+ return error_code;
+}
+
+
+/*
+ * pending_reboot_show() - sysfs implementaton for read pending_reboot
+ * @kobj: Kernel object for this attribute
+ * @attr: Kernel object attribute
+ * @buf: The buffer to display to userspace
+ *
+ * Stores default value as 0
+ * When current_value is changed this attribute is set to 1 to notify reboot may be required
+ */
+static ssize_t pending_reboot_show(struct kobject *kobj,
+ struct kobj_attribute *attr,
+ char *buf)
+{
+ return sysfs_emit(buf, "%d\n", bioscfg_drv.pending_reboot);
+}
+static struct kobj_attribute pending_reboot = __ATTR_RO(pending_reboot);
+
+/*
+ * last_error_show() - sysfs implementaton for reporting the WMI
+ * error/success value.
+ * @kobj: Kernel object for this attribute
+ * @attr: Kernel object attribute
+ * @buf: The buffer to display to userspace
+ */
+static ssize_t last_error_show(struct kobject *kobj,
+ struct kobj_attribute *attr,
+ char *buf)
+{
+ return bioscfg_wmi_error_and_message(bioscfg_drv.last_wmi_status, buf);
+}
+
+static struct kobj_attribute last_error = __ATTR_RO(last_error);
+
+/*
+ * create_attributes_level_sysfs_files() - Creates reset_bios,
+ * pending_reboot, and last_error attributes
+ */
+static int create_attributes_level_sysfs_files(void)
+{
+ int ret;
+
+ ret = sysfs_create_file(&bioscfg_drv.main_dir_kset->kobj, &pending_reboot.attr);
+ if (ret)
+ return ret;
+
+ ret = sysfs_create_file(&bioscfg_drv.main_dir_kset->kobj, &last_error.attr);
+ if (ret)
+ return ret;
+
+ bioscfg_drv.last_wmi_status = 0;
+ return 0;
+}
+
+
+static ssize_t bioscfg_attr_show(struct kobject *kobj, struct attribute *attr,
+ char *buf)
+{
+ struct kobj_attribute *kattr;
+ ssize_t ret = -EIO;
+
+ kattr = container_of(attr, struct kobj_attribute, attr);
+ if (kattr->show)
+ ret = kattr->show(kobj, kattr, buf);
+ return ret;
+}
+
+static ssize_t bioscfg_attr_store(struct kobject *kobj, struct attribute *attr,
+ const char *buf, size_t count)
+{
+ struct kobj_attribute *kattr;
+ ssize_t ret = -EIO;
+
+ kattr = container_of(attr, struct kobj_attribute, attr);
+ if (kattr->store)
+ ret = kattr->store(kobj, kattr, buf, count);
+ return ret;
+}
+
+static const struct sysfs_ops bioscfg_kobj_sysfs_ops = {
+ .show = bioscfg_attr_show,
+ .store = bioscfg_attr_store,
+};
+
+static void attr_name_release(struct kobject *kobj)
+{
+ kfree(kobj);
+}
+
+static struct kobj_type attr_name_ktype = {
+ .release = attr_name_release,
+ .sysfs_ops = &bioscfg_kobj_sysfs_ops,
+};
+
+/*
+ * get_wmiobj_pointer() - Get Content of WMI block for particular instance
+ *
+ * @instance_id: WMI instance ID
+ * @guid_string: WMI GUID (in str form)
+ *
+ * Fetches the content for WMI block (instance_id) under GUID (guid_string)
+ * Caller must kfree the return
+ */
+union acpi_object *get_wmiobj_pointer(int instance_id, const char *guid_string)
+{
+ struct acpi_buffer out = { ACPI_ALLOCATE_BUFFER, NULL };
+ acpi_status status;
+
+ status = wmi_query_block(guid_string, instance_id, &out);
+ return ACPI_SUCCESS(status) ? (union acpi_object *)out.pointer : NULL;
+}
+
+/*
+ * get_instance_count() - Compute total number of instances under guid_string
+ *
+ * @guid_string: WMI GUID (in string form)
+ */
+int get_instance_count(const char *guid_string)
+{
+ union acpi_object *wmi_obj = NULL;
+ int i = 0;
+
+ do {
+ kfree(wmi_obj);
+ wmi_obj = get_wmiobj_pointer(i, guid_string);
+ i++;
+ } while (wmi_obj);
+
+ return (i-1);
+}
+
+/*
+ * alloc_attributes_data() - Allocate attributes data for a particular type
+ *
+ * @attr_type: Attribute type to allocate
+ */
+static int alloc_attributes_data(int attr_type)
+{
+ int retval = 0;
+
+ switch (attr_type) {
+ case HPWMI_STRING_TYPE:
+ retval = alloc_string_data();
+ break;
+ case HPWMI_INTEGER_TYPE:
+ retval = alloc_integer_data();
+ break;
+ case HPWMI_ENUMERATION_TYPE:
+ retval = alloc_enumeration_data();
+ break;
+ case HPWMI_ORDERED_LIST_TYPE:
+ retval = alloc_ordered_list_data();
+ break;
+ case HPWMI_PASSWORD_TYPE:
+ retval = alloc_password_data();
+ break;
+ default:
+ break;
+ }
+
+ return retval;
+}
+
+int convert_hexstr_to_str(const char *input, int input_len, char **str, int *len)
+{
+ int ret = 0;
+ int new_len = 0;
+ char tmp[] = "0x00";
+ char *new_str = NULL;
+ long ch;
+ int i;
+
+ if (input_len <= 0 || input == NULL || str == NULL || len == NULL)
+ return -EINVAL;
+
+ *len = 0;
+ *str = NULL;
+
+ new_str = kmalloc(input_len, GFP_KERNEL);
+ if (!new_str)
+ return -ENOMEM;
+
+ for (i = 0; i < input_len; i += 5) {
+ strncpy(tmp, input + i, strlen(tmp));
+ if (kstrtol(tmp, 16, &ch) == 0) {
+ // escape char
+ if (ch == '\\' || ch == '\r' || ch == '\n' || ch == '\t') {
+ if (ch == '\r')
+ ch = 'r';
+ else if (ch == '\n')
+ ch = 'n';
+ else if (ch == '\t')
+ ch = 't';
+ new_str[new_len++] = '\\';
+ }
+ new_str[new_len++] = ch;
+ if (ch == '\0')
+ break;
+ }
+ }
+
+ if (new_len) {
+ new_str[new_len] = '\0';
+ *str = krealloc(new_str, (new_len + 1) * sizeof(char), GFP_KERNEL);
+ if (*str)
+ *len = new_len;
+ else
+ ret = -ENOMEM;
+ } else {
+ ret = -EFAULT;
+ }
+
+ if (ret)
+ kfree(new_str);
+ return ret;
+}
+
+/* map output size to the corresponding WMI method id */
+int encode_outsize_for_pvsz(int outsize)
+{
+ if (outsize > 4096)
+ return -EINVAL;
+ if (outsize > 1024)
+ return 5;
+ if (outsize > 128)
+ return 4;
+ if (outsize > 4)
+ return 3;
+ if (outsize > 0)
+ return 2;
+ return 1;
+}
+
+/*
+ * Update friendly display name for several attributes associated to
+ * 'Schedule Power-On'
+ */
+void friendly_user_name_update(char *path, const char *attr_name,
+ char *attr_display, int attr_size)
+{
+ char *found = NULL;
+
+ found = strstr(path, SCHEDULE_POWER_ON);
+ if (found)
+ snprintf(attr_display,
+ attr_size,
+ "%s - %s",
+ SCHEDULE_POWER_ON,
+ attr_name);
+ else
+ strscpy(attr_display, attr_name, attr_size);
+}
+
+/*
+ * update_attribute_permissions() - Update attributes permissions when
+ * isReadOnly value is 1
+ *
+ * @isReadOnly: ReadOnly value
+ * @current_val: kobj_attribute corresponding to attribute.
+ *
+ */
+void update_attribute_permissions(u32 isReadOnly, struct kobj_attribute *current_val)
+{
+ if (isReadOnly)
+ current_val->attr.mode = (umode_t)0444;
+ else
+ current_val->attr.mode = (umode_t)0644;
+}
+
+
+/**
+ * destroy_attribute_objs() - Free a kset of kobjects
+ * @kset: The kset to destroy
+ *
+ * Fress kobjects created for each attribute_name under attribute type kset
+ */
+static void destroy_attribute_objs(struct kset *kset)
+{
+ struct kobject *pos, *next;
+
+ list_for_each_entry_safe(pos, next, &kset->list, entry)
+ kobject_put(pos);
+}
+
+/**
+ * release_attributes_data() - Clean-up all sysfs directories and files created
+ */
+static void release_attributes_data(void)
+{
+ mutex_lock(&bioscfg_drv.mutex);
+
+ exit_string_attributes();
+ exit_integer_attributes();
+ exit_enumeration_attributes();
+ exit_ordered_list_attributes();
+ exit_password_attributes();
+ exit_sure_start_attributes();
+ exit_secure_platform_attributes();
+
+ if (bioscfg_drv.authentication_dir_kset) {
+ destroy_attribute_objs(bioscfg_drv.authentication_dir_kset);
+ kset_unregister(bioscfg_drv.authentication_dir_kset);
+ bioscfg_drv.authentication_dir_kset = NULL;
+ }
+ if (bioscfg_drv.main_dir_kset) {
+ sysfs_remove_file(&bioscfg_drv.main_dir_kset->kobj, &pending_reboot.attr);
+ sysfs_remove_file(&bioscfg_drv.main_dir_kset->kobj, &last_error.attr);
+ destroy_attribute_objs(bioscfg_drv.main_dir_kset);
+ kset_unregister(bioscfg_drv.main_dir_kset);
+ bioscfg_drv.main_dir_kset = NULL;
+ }
+ mutex_unlock(&bioscfg_drv.mutex);
+}
+
+
+/*
+ * hp_add_other_attributes - Initialize HP custom attributes not reported by
+ * BIOS and required to support Secure Platform, Sure Start, and Sure
+ * Admin.
+ * @attr_type: Custom HP attribute not reported by BIOS
+ *
+ * Initialiaze all 3 types of attributes: Platform, Sure Start, and Sure
+ * Admin object. Populates each attrbute types respective properties
+ * under sysfs files.
+ *
+ * Returns zero(0) if successful. Otherwise, a negative value.
+ */
+static int hp_add_other_attributes(int attr_type)
+{
+ struct kobject *attr_name_kobj;
+ union acpi_object *obj = NULL;
+ int retval = 0;
+ u8 *attr_name;
+
+ mutex_lock(&bioscfg_drv.mutex);
+
+ attr_name_kobj = kzalloc(sizeof(*attr_name_kobj), GFP_KERNEL);
+ if (!attr_name_kobj) {
+ retval = -ENOMEM;
+ goto err_other_attr_init;
+ }
+
+ /* Check if attribute type is supported */
+ switch (attr_type) {
+ case HPWMI_SECURE_PLATFORM_TYPE:
+ attr_name_kobj->kset = bioscfg_drv.authentication_dir_kset;
+ attr_name = SPM_STR;
+ break;
+
+ case HPWMI_SURE_START_TYPE:
+ attr_name_kobj->kset = bioscfg_drv.main_dir_kset;
+ attr_name = SURE_START_STR;
+ break;
+
+ default:
+ pr_err("Error: Unknown attr_type: %d\n", attr_type);
+ retval = -EINVAL;
+ goto err_other_attr_init;
+ }
+
+ retval = kobject_init_and_add(attr_name_kobj, &attr_name_ktype,
+ NULL, "%s", attr_name);
+ if (retval) {
+ pr_err("Error encountered [%d]\n", retval);
+ kobject_put(attr_name_kobj);
+ goto err_other_attr_init;
+ }
+
+ /* Populate attribute data */
+ switch (attr_type) {
+ case HPWMI_SECURE_PLATFORM_TYPE:
+ retval = populate_secure_platform_data(attr_name_kobj);
+ break;
+
+ case HPWMI_SURE_START_TYPE:
+ retval = populate_sure_start_data(attr_name_kobj);
+ break;
+
+ default:
+ goto err_other_attr_init;
+ }
+
+ mutex_unlock(&bioscfg_drv.mutex);
+ return 0;
+
+err_other_attr_init:
+ mutex_unlock(&bioscfg_drv.mutex);
+ kfree(obj);
+ return retval;
+}
+
+/*
+ * hp_init_bios_attributes - Initialize all attributes for a type
+ * @attr_type: The attribute type to initialize
+ * @guid: The WMI GUID associated with this type to initialize
+ *
+ * Initialiaze all 5 types of attributes: enumeration, integer,
+ * string, password, ordered list object. Populates each attrbute types
+ * respective properties under sysfs files
+ */
+static int hp_init_bios_attributes(int attr_type, const char *guid)
+{
+ struct kobject *attr_name_kobj;
+ union acpi_object *obj = NULL;
+ union acpi_object *elements;
+ struct kset *tmp_set;
+ int min_elements;
+ char str[MAX_BUFF];
+
+ char *temp_str = NULL;
+ char *str_value = NULL;
+ int str_len;
+ int ret = 0;
+
+ u8 *buffer_ptr = NULL;
+ int buffer_size;
+
+
+ /* instance_id needs to be reset for each type GUID
+ * also, instance IDs are unique within GUID but not across
+ */
+ int instance_id = 0;
+ int retval = 0;
+
+ retval = alloc_attributes_data(attr_type);
+ if (retval)
+ return retval;
+
+ switch (attr_type) {
+ case HPWMI_STRING_TYPE:
+ min_elements = 12;
+ break;
+ case HPWMI_INTEGER_TYPE:
+ min_elements = 13;
+ break;
+ case HPWMI_ENUMERATION_TYPE:
+ min_elements = 13;
+ break;
+ case HPWMI_ORDERED_LIST_TYPE:
+ min_elements = 12;
+ break;
+ case HPWMI_PASSWORD_TYPE:
+ min_elements = 15;
+ break;
+ default:
+ pr_err("Error: Unknown attr_type: %d\n", attr_type);
+ return -EINVAL;
+ }
+
+ /* need to use specific instance_id and guid combination to get right data */
+ obj = get_wmiobj_pointer(instance_id, guid);
+ if (!obj)
+ return -ENODEV;
+
+ mutex_lock(&bioscfg_drv.mutex);
+ while (obj) {
+ if (obj->type != ACPI_TYPE_PACKAGE && obj->type != ACPI_TYPE_BUFFER) {
+ pr_err("Error: Expected ACPI-package or buffer type, got: %d\n", obj->type);
+ retval = -EIO;
+ goto err_attr_init;
+ }
+
+ /* Take action appropriate to each ACPI TYPE */
+ if (obj->type == ACPI_TYPE_PACKAGE) {
+ if (obj->package.count < min_elements) {
+ pr_err("ACPI-package does not have enough elements: %d < %d\n",
+ obj->package.count, min_elements);
+ goto nextobj;
+ }
+
+ elements = obj->package.elements;
+
+ /* sanity checking */
+ if (elements[NAME].type != ACPI_TYPE_STRING) {
+ pr_debug("incorrect element type\n");
+ goto nextobj;
+ }
+ if (strlen(elements[NAME].string.pointer) == 0) {
+ pr_debug("empty attribute found\n");
+ goto nextobj;
+ }
+
+ if (attr_type == HPWMI_PASSWORD_TYPE)
+ tmp_set = bioscfg_drv.authentication_dir_kset;
+ else
+ tmp_set = bioscfg_drv.main_dir_kset;
+
+ /* convert attribute name to string */
+ retval = convert_hexstr_to_str(elements[NAME].string.pointer,
+ elements[NAME].string.length,
+ &str_value, &str_len);
+
+ if (retval) {
+ pr_debug("Failed to populate integer package data. Error [0%0x]\n", ret);
+ kfree(str_value);
+ return ret;
+ }
+
+ if (kset_find_obj(tmp_set, str_value)) {
+ pr_debug("Duplicate attribute name found - %s\n",
+ str_value);
+ goto nextobj;
+ }
+
+ /* build attribute */
+ attr_name_kobj = kzalloc(sizeof(*attr_name_kobj), GFP_KERNEL);
+ if (!attr_name_kobj) {
+ retval = -ENOMEM;
+ goto err_attr_init;
+ }
+
+ attr_name_kobj->kset = tmp_set;
+
+ retval = kobject_init_and_add(attr_name_kobj, &attr_name_ktype,
+ NULL, "%s", str_value);
+
+ if (retval) {
+ kobject_put(attr_name_kobj);
+ goto err_attr_init;
+ }
+
+ /* enumerate all of these attributes */
+ switch (attr_type) {
+ case HPWMI_STRING_TYPE:
+ retval = populate_string_package_data(elements,
+ instance_id,
+ attr_name_kobj);
+ break;
+ case HPWMI_INTEGER_TYPE:
+ retval = populate_integer_package_data(elements,
+ instance_id,
+ attr_name_kobj);
+ break;
+ case HPWMI_ENUMERATION_TYPE:
+ retval = populate_enumeration_package_data(elements,
+ instance_id,
+ attr_name_kobj);
+ break;
+ case HPWMI_ORDERED_LIST_TYPE:
+ retval = populate_ordered_list_package_data(elements,
+ instance_id,
+ attr_name_kobj);
+ break;
+ case HPWMI_PASSWORD_TYPE:
+ retval = populate_password_package_data(elements,
+ instance_id,
+ attr_name_kobj);
+ break;
+ default:
+ break;
+ }
+
+ kfree(str_value);
+ str_value = NULL;
+ }
+
+ if (obj->type == ACPI_TYPE_BUFFER) {
+
+ buffer_size = obj->buffer.length;
+ buffer_ptr = obj->buffer.pointer;
+
+ retval = get_string_from_buffer(&buffer_ptr, &buffer_size, str, MAX_BUFF);
+ if (retval < 0)
+ goto err_attr_init;
+
+ if (attr_type == HPWMI_PASSWORD_TYPE || attr_type == HPWMI_SECURE_PLATFORM_TYPE)
+ tmp_set = bioscfg_drv.authentication_dir_kset;
+ else
+ tmp_set = bioscfg_drv.main_dir_kset;
+
+ if (kset_find_obj(tmp_set, str)) {
+ pr_warn("Duplicate attribute name found - %s\n", str);
+ goto nextobj;
+ }
+
+ /* build attribute */
+ attr_name_kobj = kzalloc(sizeof(*attr_name_kobj), GFP_KERNEL);
+ if (!attr_name_kobj) {
+ retval = -ENOMEM;
+ goto err_attr_init;
+ }
+
+ attr_name_kobj->kset = tmp_set;
+
+ temp_str = str;
+ if (attr_type == HPWMI_SECURE_PLATFORM_TYPE)
+ temp_str = "SPM";
+
+ retval = kobject_init_and_add(attr_name_kobj,
+ &attr_name_ktype, NULL, "%s",
+ temp_str);
+ if (retval) {
+ kobject_put(attr_name_kobj);
+ goto err_attr_init;
+ }
+
+ /* enumerate all of these attributes */
+ switch (attr_type) {
+ case HPWMI_STRING_TYPE:
+ retval = populate_string_buffer_data(buffer_ptr,
+ &buffer_size,
+ instance_id,
+ attr_name_kobj);
+ break;
+ case HPWMI_INTEGER_TYPE:
+ retval = populate_integer_buffer_data(buffer_ptr,
+ &buffer_size,
+ instance_id,
+ attr_name_kobj);
+ break;
+ case HPWMI_ENUMERATION_TYPE:
+ retval = populate_enumeration_buffer_data(buffer_ptr,
+ &buffer_size,
+ instance_id,
+ attr_name_kobj);
+ break;
+ case HPWMI_ORDERED_LIST_TYPE:
+ retval = populate_ordered_list_buffer_data(buffer_ptr,
+ &buffer_size,
+ instance_id,
+ attr_name_kobj);
+ break;
+ case HPWMI_PASSWORD_TYPE:
+ retval = populate_password_buffer_data(buffer_ptr,
+ &buffer_size,
+ instance_id,
+ attr_name_kobj);
+ break;
+ default:
+ break;
+ }
+ }
+
+ nextobj:
+ kfree(str_value);
+ kfree(obj);
+ instance_id++;
+ obj = get_wmiobj_pointer(instance_id, guid);
+ }
+ mutex_unlock(&bioscfg_drv.mutex);
+ return 0;
+
+err_attr_init:
+ mutex_unlock(&bioscfg_drv.mutex);
+ kfree(obj);
+ return retval;
+}
+
+static int __init bioscfg_init(void)
+{
+ int ret = 0;
+ int bios_capable = wmi_has_guid(HP_WMI_BIOS_GUID);
+
+ if (!bios_capable) {
+ pr_err("Unable to run on non-HP system\n");
+ return -ENODEV;
+ }
+
+ ret = init_bios_attr_set_interface();
+ if (ret)
+ return ret;
+
+ ret = init_bios_attr_pass_interface();
+ if (ret)
+ goto err_exit_bios_attr_set_interface;
+
+ if (!bioscfg_drv.bios_attr_wdev || !bioscfg_drv.password_attr_wdev) {
+ pr_debug("Failed to find set or pass interface\n");
+ ret = -ENODEV;
+ goto err_exit_bios_attr_pass_interface;
+ }
+
+ ret = fw_attributes_class_get(&fw_attr_class);
+ if (ret)
+ goto err_exit_bios_attr_pass_interface;
+
+ bioscfg_drv.class_dev = device_create(fw_attr_class, NULL, MKDEV(0, 0),
+ NULL, "%s", DRIVER_NAME);
+ if (IS_ERR(bioscfg_drv.class_dev)) {
+ ret = PTR_ERR(bioscfg_drv.class_dev);
+ goto err_unregister_class;
+ }
+
+ bioscfg_drv.main_dir_kset = kset_create_and_add("attributes", NULL,
+ &bioscfg_drv.class_dev->kobj);
+ if (!bioscfg_drv.main_dir_kset) {
+ ret = -ENOMEM;
+ pr_debug("Failed to create and add attributes\n");
+ goto err_destroy_classdev;
+ }
+
+ bioscfg_drv.authentication_dir_kset = kset_create_and_add("authentication", NULL,
+ &bioscfg_drv.class_dev->kobj);
+ if (!bioscfg_drv.authentication_dir_kset) {
+ ret = -ENOMEM;
+ pr_debug("Failed to create and add authentication\n");
+ goto err_release_attributes_data;
+ }
+
+ /*
+ * sysfs level attributes.
+ * - reset_bios
+ * - pending_reboot
+ * - last_error (WMI error)
+ */
+ ret = create_attributes_level_sysfs_files();
+ if (ret)
+ pr_debug("Failed to create sysfs level attributes\n");
+
+ ret = hp_init_bios_attributes(HPWMI_STRING_TYPE, HP_WMI_BIOS_STRING_GUID);
+ if (ret)
+ pr_debug("Failed to populate string type attributes\n");
+
+ ret = hp_init_bios_attributes(HPWMI_INTEGER_TYPE, HP_WMI_BIOS_INTEGER_GUID);
+ if (ret)
+ pr_debug("Failed to populate integer type attributes\n");
+
+ ret = hp_init_bios_attributes(HPWMI_ENUMERATION_TYPE, HP_WMI_BIOS_ENUMERATION_GUID);
+ if (ret)
+ pr_debug("Failed to populate enumeration type attributes\n");
+
+ ret = hp_init_bios_attributes(HPWMI_ORDERED_LIST_TYPE, HP_WMI_BIOS_ORDERED_LIST_GUID);
+ if (ret)
+ pr_debug("Failed to populate ordered list object type attributes\n");
+
+ ret = hp_init_bios_attributes(HPWMI_PASSWORD_TYPE, HP_WMI_BIOS_PASSWORD_GUID);
+ if (ret)
+ pr_debug("Failed to populate password object type attributes\n");
+
+ bioscfg_drv.spm_data.attr_name_kobj = NULL;
+ ret = hp_add_other_attributes(HPWMI_SECURE_PLATFORM_TYPE);
+ if (ret)
+ pr_debug("Failed to populate secure platform object type attribute\n");
+
+ bioscfg_drv.sure_start_attr_kobj = NULL;
+ ret = hp_add_other_attributes(HPWMI_SURE_START_TYPE);
+ if (ret)
+ pr_debug("Failed to populate sure start object type attribute\n");
+
+ return 0;
+
+err_release_attributes_data:
+ release_attributes_data();
+
+err_destroy_classdev:
+ device_destroy(fw_attr_class, MKDEV(0, 0));
+
+err_unregister_class:
+ fw_attributes_class_put();
+
+err_exit_bios_attr_pass_interface:
+ exit_bios_attr_pass_interface();
+
+err_exit_bios_attr_set_interface:
+ exit_bios_attr_set_interface();
+
+ return ret;
+}
+
+static void __exit bioscfg_exit(void)
+{
+ release_attributes_data();
+ device_destroy(fw_attr_class, MKDEV(0, 0));
+
+ fw_attributes_class_put();
+ exit_bios_attr_set_interface();
+ exit_bios_attr_pass_interface();
+}
+
+module_init(bioscfg_init);
+module_exit(bioscfg_exit);
diff --git a/drivers/platform/x86/hp/hp-bioscfg/bioscfg.h b/drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
new file mode 100644
index 000000000000..97915b18505a
--- /dev/null
+++ b/drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
@@ -0,0 +1,654 @@
+/* SPDX-License-Identifier: GPL-2.0
+ *
+ * Definitions for kernel modules using hp_bioscfg driver
+ *
+ * Copyright (c) 2022 HP Development Company, L.P.
+ */
+
+#ifndef _HP_BIOSCFG_H_
+#define _HP_BIOSCFG_H_
+
+#include <linux/wmi.h>
+#include <linux/types.h>
+#include <linux/device.h>
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/capability.h>
+#include <linux/nls.h>
+#include <linux/printk.h>
+
+
+#define DRIVER_NAME "hp-bioscfg"
+
+#define MAX_BUFF 512
+#define MAX_KEY_MOD 256
+#define MAX_PASSWD_SIZE 64
+#define MAX_MESSAGE_SIZE 256
+#define MAX_PREREQUISITES_SIZE 20
+#define MAX_REQ_ELEM_SIZE 128
+#define MAX_VALUES_SIZE 16
+#define MAX_ENCODINGS_SIZE 16
+#define MAX_ELEMENTS_SIZE 16
+
+#define SPM_STR_DESC "Secure Platform Management"
+#define SPM_STR "SPM"
+#define SURE_START_DESC "Sure Start"
+#define SURE_START_STR "Sure_Start"
+#define SETUP_PASSWD "Setup Password"
+#define POWER_ON_PASSWD "Power-On Password"
+
+#define LANG_CODE_STR "en_US.UTF-8"
+#define SCHEDULE_POWER_ON "Scheduled Power-On"
+
+/* Sure Admin Functions */
+
+#define UTF_PREFIX ((unsigned char *)"<utf-16/>")
+#define BEAM_PREFIX ((unsigned char *)"<BEAM/>")
+
+/* mechanism - Authentication attribute */
+
+#define MAX_MECHANISM_TYPES 3
+
+enum mechanism_values {
+ PASSWORD = 0x00,
+ NOT_PROVISION = 0x00,
+ SIGNING_KEY = 0x01,
+ ENDORSEMENT_KEY = 0x02
+};
+
+static const char * const spm_mechanism_types[] = {
+ "not provision",
+ "signing-key",
+ "endorsement-key"
+};
+
+static const char * const passwd_mechanism_types[] = {
+ "password",
+};
+
+/* roles - Authentication attribute */
+enum role_values {
+ BIOS_ADMIN = 0x00,
+ POWER_ON = 0x01,
+ BIOS_SPM = 0x02
+};
+
+static const char * const role_type[] = {
+ "bios-admin",
+ "power-on",
+ "enhanced-bios-auth"
+};
+
+
+#define HP_WMI_BIOS_GUID "5FB7F034-2C63-45e9-BE91-3D44E2C707E4"
+
+#define HP_WMI_BIOS_STRING_GUID "988D08E3-68F4-4c35-AF3E-6A1B8106F83C"
+#define HP_WMI_BIOS_INTEGER_GUID "8232DE3D-663D-4327-A8F4-E293ADB9BF05"
+#define HP_WMI_BIOS_ENUMERATION_GUID "2D114B49-2DFB-4130-B8FE-4A3C09E75133"
+#define HP_WMI_BIOS_ORDERED_LIST_GUID "14EA9746-CE1F-4098-A0E0-7045CB4DA745"
+#define HP_WMI_BIOS_PASSWORD_GUID "322F2028-0F84-4901-988E-015176049E2D"
+#define HP_WMI_SET_BIOS_SETTING_GUID "1F4C91EB-DC5C-460b-951D-C7CB9B4B8D5E"
+
+enum hp_wmi_spm_commandtype {
+ HPWMI_SECUREPLATFORM_GET_STATE = 0x10,
+ HPWMI_SECUREPLATFORM_SET_KEK = 0x11,
+ HPWMI_SECUREPLATFORM_SET_SK = 0x12,
+};
+
+enum hp_wmi_surestart_commandtype {
+ HPWMI_SURESTART_GET_LOG_COUNT = 0x01,
+ HPWMI_SURESTART_GET_LOG = 0x02,
+};
+
+enum hp_wmi_command {
+ HPWMI_READ = 0x01,
+ HPWMI_WRITE = 0x02,
+ HPWMI_ODM = 0x03,
+ HPWMI_SURESTART = 0x20006,
+ HPWMI_GM = 0x20008,
+ HPWMI_SECUREPLATFORM = 0x20010,
+};
+
+struct bios_return {
+ u32 sigpass;
+ u32 return_code;
+};
+
+enum hp_return_value {
+ HPWMI_RET_WRONG_SIGNATURE = 0x02,
+ HPWMI_RET_UNKNOWN_COMMAND = 0x03,
+ HPWMI_RET_UNKNOWN_CMDTYPE = 0x04,
+ HPWMI_RET_INVALID_PARAMETERS = 0x05,
+};
+
+enum wmi_error_values {
+ SUCCESS = 0x00,
+ CMD_FAILED = 0x01,
+ INVALID_SIGN = 0x02,
+ INVALID_CMD_VALUE = 0x03,
+ INVALID_CMD_TYPE = 0x04,
+ INVALID_DATA_SIZE = 0x05,
+ INVALID_CMD_PARAM = 0x06,
+ ENCRYP_CMD_REQUIRED = 0x07,
+ NO_SECURE_SESSION = 0x08,
+ SECURE_SESSION_FOUND = 0x09,
+ SECURE_SESSION_FAILED = 0x0A,
+ AUTH_FAILED = 0x0B,
+ INVALID_BIOS_AUTH = 0x0E,
+ NONCE_DID_NOT_MATCH = 0x18,
+ GENERIC_ERROR = 0x1C,
+ BIOS_ADMIN_POLICY_NOT_MET = 0x28,
+ BIOS_ADMIN_NOT_SET = 0x38,
+ P21_NO_PROVISIONED = 0x1000,
+ P21_PROVISION_IN_PROGRESS = 0x1001,
+ P21_IN_USE = 0x1002,
+ HEP_NOT_ACTIVE = 0x1004,
+ HEP_ALREADY_SET = 0x1006,
+ HEP_CHECK_STATE = 0x1007
+};
+
+enum spm_features {
+ HEP_ENABLED = 0x01,
+ PLATFORM_RECOVERY = 0x02,
+ ENHANCED_BIOS_AUTH_MODE = 0x04
+};
+
+
+/*
+ * struct bios_args buffer is dynamically allocated. New WMI command types
+ * were introduced that exceeds 128-byte data size. Changes to handle
+ * the data size allocation scheme were kept in hp_wmi_perform_qurey function.
+ */
+struct bios_args {
+ u32 signature;
+ u32 command;
+ u32 commandtype;
+ u32 datasize;
+ u8 data[];
+};
+
+struct secureplatform_provisioning_data {
+ u8 state;
+ u8 version[2];
+ u8 reserved1;
+ u32 features;
+ u32 nonce;
+ u8 reserved2[28];
+ u8 sk_mod[MAX_KEY_MOD];
+ u8 kek_mod[MAX_KEY_MOD];
+};
+
+struct string_data {
+ struct kobject *attr_name_kobj;
+ u8 display_name[MAX_BUFF];
+ u8 current_value[MAX_BUFF];
+ u8 new_value[MAX_BUFF];
+ u8 path[MAX_BUFF];
+ u32 is_readonly;
+ u32 display_in_ui;
+ u32 requires_physical_presence;
+ u32 sequence;
+ u32 prerequisites_size;
+ u8 prerequisites[MAX_PREREQUISITES_SIZE][MAX_BUFF];
+ u32 security_level;
+ u32 min_length;
+ u32 max_length;
+ u8 display_name_language_code[MAX_BUFF];
+};
+
+struct integer_data {
+ struct kobject *attr_name_kobj;
+ u8 display_name[MAX_BUFF];
+ u32 current_value;
+ u32 new_value;
+ u8 path[MAX_BUFF];
+ u32 is_readonly;
+ u32 display_in_ui;
+ u32 requires_physical_presence;
+ u32 sequence;
+ u32 prerequisites_size;
+ u8 prerequisites[MAX_PREREQUISITES_SIZE][MAX_BUFF];
+ u32 security_level;
+ u32 lower_bound;
+ u32 upper_bound;
+ u32 scalar_increment;
+ u8 display_name_language_code[MAX_BUFF];
+};
+
+struct enumeration_data {
+ struct kobject *attr_name_kobj;
+ u8 display_name[MAX_BUFF];
+ u8 path[MAX_BUFF];
+ u32 is_readonly;
+ u32 display_in_ui;
+ u32 requires_physical_presence;
+ u32 sequence;
+ u32 prerequisites_size;
+ u8 prerequisites[MAX_PREREQUISITES_SIZE][MAX_BUFF];
+ u32 security_level;
+ u8 current_value[MAX_BUFF];
+ u8 new_value[MAX_BUFF];
+ u32 possible_values_size;
+ u8 possible_values[MAX_VALUES_SIZE][MAX_BUFF];
+ u8 display_name_language_code[MAX_BUFF];
+};
+
+struct ordered_list_data {
+ struct kobject *attr_name_kobj;
+ u8 display_name[MAX_BUFF];
+ u8 current_value[MAX_BUFF];
+ u8 new_value[MAX_BUFF];
+ u8 path[MAX_BUFF];
+ u32 is_readonly;
+ u32 display_in_ui;
+ u32 requires_physical_presence;
+ u32 sequence;
+ u32 prerequisites_size;
+ u8 prerequisites[MAX_PREREQUISITES_SIZE][MAX_BUFF];
+ u32 security_level;
+ u32 elements_size;
+ u8 elements[MAX_ELEMENTS_SIZE][MAX_BUFF];;
+ u8 display_name_language_code[MAX_BUFF];
+};
+
+struct password_data {
+ struct kobject *attr_name_kobj;
+ u8 display_name[MAX_BUFF];
+ u8 current_password[MAX_PASSWD_SIZE];
+ u8 new_password[MAX_PASSWD_SIZE];
+ u8 path[MAX_BUFF];
+ u32 is_readonly;
+ u32 display_in_ui;
+ u32 requires_physical_presence;
+ u32 sequence;
+ u32 prerequisites_size;
+ u8 prerequisites[MAX_PREREQUISITES_SIZE][MAX_BUFF];
+ u32 security_level;
+ u32 min_password_length;
+ u32 max_password_length;
+ u32 encodings_size;
+ u8 encodings[MAX_ENCODINGS_SIZE][MAX_BUFF];
+ u8 display_name_language_code[MAX_BUFF];
+ u32 is_enabled;
+
+ // 'bios-admin' 'power-on'
+ u32 role;
+
+ //'password'
+ u32 mechanism;
+};
+
+struct secure_platform_data {
+ struct kobject *attr_name_kobj;
+ u8 attribute_name[MAX_BUFF];
+ u8 display_name[MAX_BUFF];
+
+ u8 *endorsement_key;
+ u8 *signing_key;
+ u8 *auth_token;
+
+ u32 is_enabled;
+ u32 mechanism;
+};
+
+struct bioscfg_priv {
+ struct wmi_device *password_attr_wdev;
+ struct wmi_device *bios_attr_wdev;
+ struct kset *authentication_dir_kset;
+ struct kset *main_dir_kset;
+ struct device *class_dev;
+ struct string_data *string_data;
+ u32 string_instances_count;
+ struct integer_data *integer_data;
+ u32 integer_instances_count;
+ struct enumeration_data *enumeration_data;
+ u32 enumeration_instances_count;
+ struct ordered_list_data *ordered_list_data;
+ u32 ordered_list_instances_count;
+ struct password_data *password_data;
+ u32 password_instances_count;
+
+ struct kobject *sure_start_attr_kobj;
+ struct secure_platform_data spm_data;
+
+ int last_wmi_status;
+ bool pending_reboot;
+ struct mutex mutex;
+};
+
+/* global structure used by multiple WMI interfaces */
+extern struct bioscfg_priv bioscfg_drv;
+
+enum hp_wmi_data_type {
+ HPWMI_STRING_TYPE = 0x00,
+ HPWMI_INTEGER_TYPE = 0x01,
+ HPWMI_ENUMERATION_TYPE = 0x02,
+ HPWMI_ORDERED_LIST_TYPE = 0x03,
+ HPWMI_PASSWORD_TYPE = 0x04,
+ HPWMI_SECURE_PLATFORM_TYPE = 0x05,
+ HPWMI_SURE_START_TYPE = 0x06,
+};
+
+enum hp_wmi_data_elements {
+
+ /* Common elements */
+ NAME = 0,
+ VALUE = 1,
+ PATH = 2,
+ IS_READONLY = 3,
+ DISPLAY_IN_UI = 4,
+ REQUIRES_PHYSICAL_PRESENCE = 5,
+ SEQUENCE = 6,
+ PREREQUISITES_SIZE = 7,
+ PREREQUISITES = 8,
+ SECURITY_LEVEL = 9,
+
+ /* String elements */
+ STR_MIN_LENGTH = 10,
+ STR_MAX_LENGTH = 11,
+
+ /* Integer elements */
+ INT_LOWER_BOUND = 10,
+ INT_UPPER_BOUND = 11,
+ INT_SCALAR_INCREMENT = 12,
+
+ /* Enumeration elements */
+ ENUM_CURRENT_VALUE = 10,
+ ENUM_SIZE = 11,
+ ENUM_POSSIBLE_VALUES = 12,
+
+ /* Ordered list elements */
+ ORD_LIST_SIZE = 10,
+ ORD_LIST_ELEMENTS = 11,
+
+ /* Password elements */
+ PSWD_MIN_LENGTH = 10,
+ PSWD_MAX_LENGTH = 11,
+ PSWD_SIZE = 12,
+ PSWD_ENCODINGS = 13,
+ PSWD_IS_SET = 14
+};
+
+
+static const int hp_wmi_elements_count[] = {
+ 12, // string
+ 13, // integer
+ 13, // enumeration
+ 12, // ordered list
+ 15 // password
+};
+
+#define get_instance_id(type) \
+ static int get_##type##_instance_id(struct kobject *kobj) \
+ { \
+ int i; \
+ \
+ for (i = 0; i <= bioscfg_drv.type##_instances_count; i++) { \
+ if (!(strcmp(kobj->name, bioscfg_drv.type##_data[i].attr_name_kobj->name))) \
+ return i; \
+ } \
+ return -EIO; \
+ }
+
+#define get_instance_id_for_attribute(type) \
+ static int get_instance_id_for_##type(char *attr_name) \
+ { \
+ int i; \
+ \
+ for (i = 0; i < bioscfg_drv.type##_instances_count; i++) { \
+ if (strcmp(bioscfg_drv.type##_data[i].attr_name_kobj->name, attr_name) == 0) \
+ return i; \
+ } \
+ return -EIO; \
+ }
+
+#define attribute_s_property_show(name, type) \
+ static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, \
+ char *buf) \
+ { \
+ int i = get_##type##_instance_id(kobj); \
+ if (i >= 0) \
+ return sysfs_emit(buf, "%s\n", bioscfg_drv.type##_data[i].name); \
+ return 0; \
+ }
+/* There is no need to keep track of default and current values
+ * separately
+ */
+#define attribute_s_default_property_show(name, type, new_name) \
+ static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, \
+ char *buf) \
+ { \
+ int i = get_##type##_instance_id(kobj); \
+ if (i >= 0) \
+ return sysfs_emit(buf, "%s\n", bioscfg_drv.type##_data[i].new_name); \
+ return 0; \
+ }
+
+#define attribute_n_default_property_show(name, type, new_name) \
+ static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, \
+ char *buf) \
+ { \
+ int i = get_##type##_instance_id(kobj); \
+ if (i >= 0) \
+ return sysfs_emit(buf, "%d\n", bioscfg_drv.type##_data[i].new_name); \
+ return 0; \
+ }
+
+#define attribute_n_property_show(name, type) \
+ static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, \
+ char *buf) \
+ { \
+ int i = get_##type##_instance_id(kobj); \
+ if (i >= 0) \
+ return sysfs_emit(buf, "%d\n", bioscfg_drv.type##_data[i].name); \
+ return 0; \
+ }
+
+
+#define attribute_property_store(curr_val, type) \
+ static ssize_t curr_val##_store(struct kobject *kobj, \
+ struct kobj_attribute *attr, \
+ const char *buf, size_t count) \
+ { \
+ char *p = NULL; \
+ char *attr_value = NULL; \
+ int i; \
+ int ret = -EIO; \
+ \
+ attr_value = kstrdup(buf, GFP_KERNEL); \
+ if (!attr_value) \
+ return -ENOMEM; \
+ \
+ p = memchr(attr_value, '\n', count); \
+ if (p != NULL) \
+ *p = '\0'; \
+ \
+ i = get_##type##_instance_id(kobj); \
+ if (i >= 0) \
+ ret = validate_##type##_input(i, attr_value); \
+ if (!ret) \
+ ret = hp_set_attribute(kobj->name, attr_value); \
+ if (!ret) \
+ update_##type##_value(i, attr_value); \
+ \
+ /* \
+ * Prevent leaving authentication tokens and password in \
+ * memory. \
+ */ \
+ clear_all_credentials(); \
+ kfree(attr_value); \
+ \
+ return ret ? ret : count; \
+ }
+
+#define attribute_spm_n_property_show(name, type) \
+ static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) \
+ { \
+ return sysfs_emit(buf, "%d\n", bioscfg_drv.type##_data.name); \
+ }
+
+#define attribute_spm_s_property_show(name, type) \
+ static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) \
+ { \
+ return sysfs_emit(buf, "%s\n", bioscfg_drv.type##_data.name); \
+ }
+
+#define check_property_type(attr, prop, valuetype) \
+ (attr##_obj[prop].type != valuetype)
+
+#define HPWMI_BINATTR_RW(_group, _name, _size) \
+ static struct bin_attribute _group##_##_name = \
+ __BIN_ATTR(_name, 0444 | 0200, _group##_##_name##_read, _group##_##_name##_write, _size)
+
+
+#define attribute_values_property_show(name, type) \
+ static ssize_t name##_show(struct kobject *kobj, \
+ struct kobj_attribute *attr, char *buf) \
+ { \
+ int i; \
+ int len = 0; \
+ int instance_id = get_##type##_instance_id(kobj); \
+ \
+ if (instance_id < 0) \
+ return 0; \
+ \
+ for (i = 0; i < bioscfg_drv.type##_data[instance_id].name##_size; i++) { \
+ if (i) \
+ len += sysfs_emit_at(buf, len, "%s", ";"); \
+ \
+ len += sysfs_emit_at(buf, len, "%s", \
+ bioscfg_drv.type##_data[instance_id].name[i]); \
+ } \
+ len += sysfs_emit_at(buf, len, "\n"); \
+ return len; \
+ }
+
+/*
+ * Prototypes
+ */
+union acpi_object *get_wmiobj_pointer(int instance_id, const char *guid_string);
+int get_instance_count(const char *guid_string);
+void update_attribute_permissions(u32 isReadOnly, struct kobj_attribute *current_val);
+void friendly_user_name_update(char *path, const char *attr_name,
+ char *attr_display, int attr_size);
+
+/* String attributes */
+int populate_string_buffer_data(u8 *buffer_ptr, int *buffer_size,
+ int instance_id,
+ struct kobject *attr_name_kobj);
+
+int populate_string_elements_from_buffer(u8 *buffer_ptr, int *buffer_size,
+ int instance_id,
+ enum hp_wmi_data_type type);
+int alloc_string_data(void);
+void exit_string_attributes(void);
+int populate_string_package_data(union acpi_object *str_obj,
+ int instance_id,
+ struct kobject *attr_name_kobj);
+int populate_string_elements_from_package(union acpi_object *str_obj,
+ int str_obj_count,
+ int instance_id,
+ enum hp_wmi_data_type type);
+
+/* Integer attributes */
+int populate_integer_buffer_data(u8 *buffer_ptr, int *buffer_size,
+ int instance_id,
+ struct kobject *attr_name_kobj);
+int populate_integer_elements_from_buffer(u8 *buffer_ptr, int *buffer_size,
+ int instance_id,
+ enum hp_wmi_data_type type);
+int alloc_integer_data(void);
+void exit_integer_attributes(void);
+int populate_integer_package_data(union acpi_object *integer_obj,
+ int instance_id,
+ struct kobject *attr_name_kobj);
+int populate_integer_elements_from_package(union acpi_object *integer_obj,
+ int integer_obj_count,
+ int instance_id,
+ enum hp_wmi_data_type type);
+
+/* Enumeration attributes */
+int populate_enumeration_buffer_data(u8 *buffer_ptr, int *buffer_size,
+ int instance_id,
+ struct kobject *attr_name_kobj);
+int populate_enumeration_elements_from_buffer(u8 *buffer_ptr, int *buffer_size,
+ int instance_id,
+ enum hp_wmi_data_type type);
+int alloc_enumeration_data(void);
+void exit_enumeration_attributes(void);
+int populate_enumeration_package_data(union acpi_object *enum_obj,
+ int instance_id,
+ struct kobject *attr_name_kobj);
+int populate_enumeration_elements_from_package(union acpi_object *enum_obj,
+ int enum_obj_count,
+ int instance_id,
+ enum hp_wmi_data_type type);
+
+/* Ordered list */
+int populate_ordered_list_buffer_data(u8 *buffer_ptr,
+ int *buffer_size,
+ int instance_id,
+ struct kobject *attr_name_kobj);
+int populate_ordered_list_elements_from_buffer(u8 *buffer_ptr,
+ int *buffer_size,
+ int instance_id,
+ enum hp_wmi_data_type type);
+int alloc_ordered_list_data(void);
+void exit_ordered_list_attributes(void);
+int populate_ordered_list_package_data(union acpi_object *order_obj,
+ int instance_id,
+ struct kobject *attr_name_kobj);
+int populate_ordered_list_elements_from_package(union acpi_object *order_obj,
+ int order_obj_count,
+ int instance_id,
+ enum hp_wmi_data_type type);
+
+/* Password authentication attributes */
+int populate_password_buffer_data(u8 *buffer_ptr, int *buffer_size,
+ int instance_id,
+ struct kobject *attr_name_kobj);
+int populate_password_elements_from_buffer(u8 *buffer_ptr, int *buffer_size,
+ int instance_id,
+ enum hp_wmi_data_type type);
+int populate_password_package_data(union acpi_object *password_obj,
+ int instance_id,
+ struct kobject *attr_name_kobj);
+int populate_password_elements_from_package(union acpi_object *password_obj,
+ int password_obj_count,
+ int instance_id,
+ enum hp_wmi_data_type type);
+int alloc_password_data(void);
+int alloc_secure_platform_data(void);
+void exit_password_attributes(void);
+void exit_secure_platform_attributes(void);
+int populate_secure_platform_data(struct kobject *attr_name_kobj);
+int password_is_set(const char *auth);
+int check_spm_is_enabled(void);
+int hp_wmi_set_bios_setting(u16 *input_buffer, u32 input_size);
+int hp_wmi_perform_query(int query, enum hp_wmi_command command,
+ void *buffer, int insize, int outsize);
+
+/* Sure Start attributes */
+void exit_sure_start_attributes(void);
+int populate_sure_start_data(struct kobject *attr_name_kobj);
+
+int set_bios_defaults(u8 defType);
+int get_password_instance_for_type(const char *name);
+int clear_all_credentials(void);
+int clear_passwords(const int instance);
+void exit_bios_attr_set_interface(void);
+int init_bios_attr_set_interface(void);
+size_t bioscfg_calculate_string_buffer(const char *str);
+size_t calculate_security_buffer(const char *authentication);
+void populate_security_buffer(u16 *buffer, const char *authentication);
+int set_new_password(const char *password_type, const char *new_password);
+int init_bios_attr_pass_interface(void);
+void exit_bios_attr_pass_interface(void);
+void *ascii_to_utf16_unicode(u16 *p, const u8 *str);
+int get_integer_from_buffer(int **buffer, int *buffer_size, int *integer);
+int get_string_from_buffer(u8 **buffer, int *buffer_size, char *dst, int dst_size);
+int convert_hexstr_to_str(const char *input, int input_len, char **str, int *len);
+int encode_outsize_for_pvsz(int outsize);
+int hp_set_attribute(const char *a_name, const char *a_value);
+
+#endif
diff --git a/drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c
new file mode 100644
index 000000000000..0bc2c19344d5
--- /dev/null
+++ b/drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c
@@ -0,0 +1,553 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Functions corresponding to enumeration type attributes under
+ * BIOS Enumeration GUID for use with hp-bioscfg driver.
+ *
+ * Copyright (c) 2022 HP Development Company, L.P.
+ */
+
+#include "bioscfg.h"
+
+get_instance_id(enumeration);
+
+static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
+{
+ int instance_id = get_enumeration_instance_id(kobj);
+ ssize_t ret;
+
+ if (instance_id < 0)
+ return -EIO;
+
+ ret = sysfs_emit(buf, "%s\n",
+ bioscfg_drv.enumeration_data[instance_id].current_value);
+
+ return ret;
+}
+
+/*
+ * validate_enumeration_input() -
+ * Validate input of current_value against possible values
+ *
+ * @instance_id: The instance on which input is validated
+ * @buf: Input value
+ */
+static int validate_enumeration_input(int instance_id, const char *buf)
+{
+ int ret = 0;
+ int found = 0;
+ int i;
+ int possible_values;
+
+ /* Is it a read only attribute */
+ if (bioscfg_drv.enumeration_data[instance_id].is_readonly)
+ return -EIO;
+
+ possible_values = bioscfg_drv.enumeration_data[instance_id].possible_values_size;
+ for (i = 0; i < possible_values && !found; i++)
+ if (!strcasecmp(bioscfg_drv.enumeration_data[instance_id].possible_values[i], buf))
+ found = 1;
+
+ if (!found) {
+ ret = -EINVAL;
+ goto exit_validate_enum_input;
+ }
+
+ /*
+ * set pending reboot flag depending on
+ * "RequiresPhysicalPresence" value
+ */
+ if (bioscfg_drv.enumeration_data[instance_id].requires_physical_presence)
+ bioscfg_drv.pending_reboot = TRUE;
+
+exit_validate_enum_input:
+ return ret;
+}
+
+static void update_enumeration_value(int instance_id, char *attr_value)
+{
+ strscpy(bioscfg_drv.enumeration_data[instance_id].current_value,
+ attr_value,
+ sizeof(bioscfg_drv.enumeration_data[instance_id].current_value));
+}
+
+attribute_s_property_show(display_name_language_code, enumeration);
+static struct kobj_attribute enumeration_display_langcode =
+ __ATTR_RO(display_name_language_code);
+
+attribute_s_property_show(display_name, enumeration);
+static struct kobj_attribute enumeration_display_name =
+ __ATTR_RO(display_name);
+
+attribute_property_store(current_value, enumeration);
+static struct kobj_attribute enumeration_current_val =
+ __ATTR_RW_MODE(current_value, 0644);
+
+attribute_n_property_show(prerequisites_size, enumeration);
+static struct kobj_attribute enumeration_prerequisites_size_val =
+ __ATTR_RO(prerequisites_size);
+
+attribute_values_property_show(prerequisites, enumeration);
+static struct kobj_attribute enumeration_prerequisites_val =
+ __ATTR_RO(prerequisites);
+
+attribute_n_property_show(possible_values_size, enumeration);
+static struct kobj_attribute enumeration_possible_values_size_val =
+ __ATTR_RO(possible_values_size);
+
+attribute_values_property_show(possible_values, enumeration);
+static struct kobj_attribute enumeration_poss_val =
+ __ATTR_RO(possible_values);
+
+static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
+ char *buf)
+{
+ return sysfs_emit(buf, "enumeration\n");
+}
+static struct kobj_attribute enumeration_type =
+ __ATTR_RO(type);
+
+static struct attribute *enumeration_attrs[] = {
+ &enumeration_display_langcode.attr,
+ &enumeration_display_name.attr,
+ &enumeration_current_val.attr,
+ &enumeration_prerequisites_size_val.attr,
+ &enumeration_prerequisites_val.attr,
+ &enumeration_possible_values_size_val.attr,
+ &enumeration_poss_val.attr,
+ &enumeration_type.attr,
+ NULL,
+};
+
+static const struct attribute_group enumeration_attr_group = {
+ .attrs = enumeration_attrs,
+};
+
+int alloc_enumeration_data(void)
+{
+ int ret = 0;
+
+ bioscfg_drv.enumeration_instances_count =
+ get_instance_count(HP_WMI_BIOS_ENUMERATION_GUID);
+
+ bioscfg_drv.enumeration_data = kcalloc(bioscfg_drv.enumeration_instances_count,
+ sizeof(struct enumeration_data), GFP_KERNEL);
+ if (!bioscfg_drv.enumeration_data) {
+ bioscfg_drv.enumeration_instances_count = 0;
+ ret = -ENOMEM;
+ }
+ return ret;
+}
+
+/* Expected Values types associated with each element */
+static acpi_object_type expected_enum_types[] = {
+ [NAME] = ACPI_TYPE_STRING,
+ [VALUE] = ACPI_TYPE_STRING,
+ [PATH] = ACPI_TYPE_STRING,
+ [IS_READONLY] = ACPI_TYPE_INTEGER,
+ [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER,
+ [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER,
+ [SEQUENCE] = ACPI_TYPE_INTEGER,
+ [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER,
+ [PREREQUISITES] = ACPI_TYPE_STRING,
+ [SECURITY_LEVEL] = ACPI_TYPE_INTEGER,
+ [ENUM_CURRENT_VALUE] = ACPI_TYPE_STRING,
+ [ENUM_SIZE] = ACPI_TYPE_INTEGER,
+ [ENUM_POSSIBLE_VALUES] = ACPI_TYPE_STRING
+};
+
+/*
+ * populate_enumeration_package_data() -
+ * Populate all properties of an instance under enumeration attribute
+ *
+ * @enum_obj: ACPI object with enumeration data
+ * @instance_id: The instance to enumerate
+ * @attr_name_kobj: The parent kernel object
+ */
+int populate_enumeration_package_data(union acpi_object *enum_obj,
+ int instance_id,
+ struct kobject *attr_name_kobj)
+{
+ bioscfg_drv.enumeration_data[instance_id].attr_name_kobj = attr_name_kobj;
+
+ populate_enumeration_elements_from_package(enum_obj,
+ enum_obj->package.count,
+ instance_id,
+ HPWMI_ENUMERATION_TYPE);
+ update_attribute_permissions(bioscfg_drv.enumeration_data[instance_id].is_readonly,
+ &enumeration_current_val);
+ /*
+ * Several attributes have names such "MONDAY". Friendly
+ * user nane is generated to make the name more descriptive
+ */
+ friendly_user_name_update(bioscfg_drv.enumeration_data[instance_id].path,
+ attr_name_kobj->name,
+ bioscfg_drv.enumeration_data[instance_id].display_name,
+ sizeof(bioscfg_drv.enumeration_data[instance_id].display_name));
+ return sysfs_create_group(attr_name_kobj, &enumeration_attr_group);
+}
+
+int populate_enumeration_elements_from_package(union acpi_object *enum_obj,
+ int enum_obj_count,
+ int instance_id,
+ enum hp_wmi_data_type type)
+{
+ char *str_value = NULL;
+ int value_len;
+ u32 size = 0;
+ u32 int_value;
+ int elem = 0;
+ int reqs;
+ int pos_values;
+ int ret;
+ int eloc;
+
+ strscpy(bioscfg_drv.enumeration_data[instance_id].display_name_language_code,
+ LANG_CODE_STR,
+ sizeof(bioscfg_drv.enumeration_data[instance_id].display_name_language_code));
+
+ for (elem = 1, eloc = 1; elem < enum_obj_count; elem++, eloc++) {
+
+ /* ONLY look at the first 'hp_wmi_elements_count[type]' elements */
+ if (eloc == hp_wmi_elements_count[type])
+ goto exit_enumeration_package;
+
+ switch (enum_obj[elem].type) {
+ case ACPI_TYPE_STRING:
+
+ if (PREREQUISITES != elem && ENUM_POSSIBLE_VALUES != elem) {
+ ret = convert_hexstr_to_str(enum_obj[elem].string.pointer,
+ enum_obj[elem].string.length,
+ &str_value, &value_len);
+ if (ret)
+ return -EINVAL;
+
+ }
+ break;
+ case ACPI_TYPE_INTEGER:
+ int_value = (u32)enum_obj[elem].integer.value;
+ break;
+ default:
+ pr_warn("Unsupported object type [%d]\n", enum_obj[elem].type);
+ continue;
+ }
+
+ /* Check that both expected and read object type match */
+ if (expected_enum_types[eloc] != enum_obj[elem].type) {
+ pr_err("Error expected type %d for elem %d, but got type %d instead\n",
+ expected_enum_types[eloc], elem, enum_obj[elem].type);
+ return -EIO;
+ }
+
+ /* Assign appropriate element value to corresponding field */
+ switch (eloc) {
+ case NAME:
+ case VALUE:
+ break;
+ case PATH:
+ strscpy(bioscfg_drv.enumeration_data[instance_id].path, str_value,
+ sizeof(bioscfg_drv.enumeration_data[instance_id].path));
+ break;
+ case IS_READONLY:
+ bioscfg_drv.enumeration_data[instance_id].is_readonly = int_value;
+ break;
+ case DISPLAY_IN_UI:
+ bioscfg_drv.enumeration_data[instance_id].display_in_ui = int_value;
+ break;
+ case REQUIRES_PHYSICAL_PRESENCE:
+ bioscfg_drv.enumeration_data[instance_id].requires_physical_presence = int_value;
+ break;
+ case SEQUENCE:
+ bioscfg_drv.enumeration_data[instance_id].sequence = int_value;
+ break;
+ case PREREQUISITES_SIZE:
+ bioscfg_drv.enumeration_data[instance_id].prerequisites_size = int_value;
+ if (int_value > MAX_PREREQUISITES_SIZE)
+ pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
+
+ /*
+ * This HACK is needed to keep the expected
+ * element list pointing to the right obj[elem].type
+ * when the size is zero. PREREQUISITES
+ * object is omitted by BIOS when the size is
+ * zero.
+ */
+ if (int_value == 0)
+ eloc++;
+ break;
+
+ case PREREQUISITES:
+
+ size = bioscfg_drv.enumeration_data[instance_id].prerequisites_size;
+
+ for (reqs = 0; reqs < size && reqs < MAX_PREREQUISITES_SIZE; reqs++) {
+ if (elem >= enum_obj_count) {
+ pr_err("Error enum-objects package is too small\n");
+ return -EINVAL;
+ }
+
+ ret = convert_hexstr_to_str(enum_obj[elem + reqs].string.pointer,
+ enum_obj[elem + reqs].string.length,
+ &str_value, &value_len);
+
+ if (ret)
+ return -EINVAL;
+
+ strlcpy(bioscfg_drv.enumeration_data[instance_id].prerequisites[reqs],
+ str_value,
+ sizeof(bioscfg_drv.enumeration_data[instance_id].prerequisites[reqs]));
+
+ kfree(str_value);
+ str_value = NULL;
+ }
+ break;
+
+ case SECURITY_LEVEL:
+ bioscfg_drv.enumeration_data[instance_id].security_level = int_value;
+ break;
+
+ case ENUM_CURRENT_VALUE:
+ strscpy(bioscfg_drv.enumeration_data[instance_id].current_value,
+ str_value, sizeof(bioscfg_drv.enumeration_data[instance_id].current_value));
+ break;
+ case ENUM_SIZE:
+ bioscfg_drv.enumeration_data[instance_id].possible_values_size = int_value;
+ if (int_value > MAX_VALUES_SIZE)
+ pr_warn("Possible number values size value exceeded the maximum number of elements supported or data may be malformed\n");
+
+ /*
+ * This HACK is needed to keep the expected
+ * element list pointing to the right obj[elem].type
+ * when the size is zero. POSSIBLE_VALUES
+ * object is omitted by BIOS when the size is zero.
+ */
+ if (int_value == 0)
+ eloc++;
+ break;
+
+ case ENUM_POSSIBLE_VALUES:
+ size = bioscfg_drv.enumeration_data[instance_id].possible_values_size;
+
+ for (pos_values = 0; pos_values < size && pos_values < MAX_VALUES_SIZE; pos_values++) {
+ if (elem >= enum_obj_count) {
+ pr_err("Error enum-objects package is too small\n");
+ return -EINVAL;
+ }
+
+ ret = convert_hexstr_to_str(enum_obj[elem + pos_values].string.pointer,
+ enum_obj[elem + pos_values].string.length,
+ &str_value, &value_len);
+
+ if (ret)
+ return -EINVAL;
+
+ /*
+ * ignore strings when possible values size
+ * is greater than MAX_VALUES_SIZE
+ */
+ if (size < MAX_VALUES_SIZE)
+ strlcpy(bioscfg_drv.enumeration_data[instance_id].possible_values[pos_values],
+ str_value,
+ sizeof(bioscfg_drv.enumeration_data[instance_id].possible_values[pos_values]));
+
+ kfree(str_value);
+ str_value = NULL;
+ }
+ break;
+ default:
+ pr_warn("Invalid element: %d found in Enumeration attribute or data may be malformed\n", elem);
+ break;
+ }
+
+ kfree(str_value);
+ str_value = NULL;
+ }
+
+exit_enumeration_package:
+ kfree(str_value);
+ str_value = NULL;
+ return 0;
+}
+
+/*
+ * populate_enumeration_buffer_data() -
+ * Populate all properties of an instance under enumeration attribute
+ *
+ * @buffer_ptr: Buffer pointer
+ * @buffer_size: Buffer size
+ * @enum_obj: ACPI object with enumeration data
+ * @instance_id: The instance to enumerate
+ * @attr_name_kobj: The parent kernel object
+ * @enumeration_property_count: Total properties count under enumeration type
+ */
+int populate_enumeration_buffer_data(u8 *buffer_ptr, int *buffer_size,
+ int instance_id,
+ struct kobject *attr_name_kobj)
+{
+
+ bioscfg_drv.enumeration_data[instance_id].attr_name_kobj = attr_name_kobj;
+
+ /* Populate enumeration elements */
+ populate_enumeration_elements_from_buffer(buffer_ptr, buffer_size,
+ instance_id,
+ HPWMI_ENUMERATION_TYPE);
+
+ update_attribute_permissions(bioscfg_drv.enumeration_data[instance_id].is_readonly,
+ &enumeration_current_val);
+ /*
+ * Several attributes have names such "MONDAY". A Friendlier
+ * user nane is generated to make the name more descriptive
+ */
+ friendly_user_name_update(bioscfg_drv.enumeration_data[instance_id].path,
+ attr_name_kobj->name,
+ bioscfg_drv.enumeration_data[instance_id].display_name,
+ sizeof(bioscfg_drv.enumeration_data[instance_id].display_name));
+
+ return sysfs_create_group(attr_name_kobj, &enumeration_attr_group);
+}
+
+int populate_enumeration_elements_from_buffer(u8 *buffer_ptr, int *buffer_size,
+ int instance_id,
+ enum hp_wmi_data_type type)
+{
+ char *dst = NULL;
+ int elem;
+ int reqs;
+ int integer;
+ int size = 0;
+ int values;
+ int ret;
+ int dst_size = *buffer_size / sizeof(u16);
+
+ dst = kcalloc(dst_size, sizeof(char), GFP_KERNEL);
+ if (!dst)
+ return -ENOMEM;
+
+ elem = 0;
+
+ strscpy(bioscfg_drv.enumeration_data[instance_id].display_name_language_code,
+ LANG_CODE_STR,
+ sizeof(bioscfg_drv.enumeration_data[instance_id].display_name_language_code));
+
+ for (elem = 1; elem < 3; elem++) {
+
+ ret = get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
+ /* Ignore. Zero length string values */
+ if (ret < 0)
+ continue;
+
+ switch (elem) {
+ case VALUE:
+ /* Skip 'Value' since 'CurrentValue' is reported. */
+ break;
+ case PATH:
+ strscpy(bioscfg_drv.enumeration_data[instance_id].path,
+ dst, sizeof(bioscfg_drv.enumeration_data[instance_id].path));
+ break;
+ default:
+ pr_warn("Invalid element: %d found in Enumeration attribute or data may be malformed\n", elem);
+ break;
+ }
+ }
+
+ for (elem = 3; elem < hp_wmi_elements_count[type]; elem++) {
+ if (PREREQUISITES != elem && ENUM_CURRENT_VALUE != elem && ENUM_POSSIBLE_VALUES != elem) {
+ ret = get_integer_from_buffer((int **)&buffer_ptr, buffer_size, (int *)&integer);
+ if (ret < 0)
+ continue;
+ }
+
+ switch (elem) {
+ case IS_READONLY:
+ bioscfg_drv.enumeration_data[instance_id].is_readonly = integer;
+ break;
+ case DISPLAY_IN_UI:
+ bioscfg_drv.enumeration_data[instance_id].display_in_ui = integer;
+ break;
+ case REQUIRES_PHYSICAL_PRESENCE:
+ bioscfg_drv.enumeration_data[instance_id].requires_physical_presence = integer;
+ break;
+ case SEQUENCE:
+ bioscfg_drv.enumeration_data[instance_id].sequence = integer;
+ break;
+ case PREREQUISITES_SIZE:
+ bioscfg_drv.enumeration_data[instance_id].prerequisites_size = integer;
+ if (integer > MAX_PREREQUISITES_SIZE)
+ pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
+
+ // PREREQUISITES:
+ elem++;
+
+ size = bioscfg_drv.enumeration_data[instance_id].prerequisites_size;
+ for (reqs = 0; reqs < size && reqs < MAX_PREREQUISITES_SIZE; reqs++) {
+ ret = get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
+ /* Ignore. expect zero length strings at the end of prerequisite values */
+ if (ret < 0)
+ continue;
+
+ strscpy(bioscfg_drv.enumeration_data[instance_id].prerequisites[reqs],
+ dst,
+ sizeof(bioscfg_drv.enumeration_data[instance_id].prerequisites[reqs]));
+ }
+ break;
+ case SECURITY_LEVEL:
+ bioscfg_drv.enumeration_data[instance_id].security_level = integer;
+ break;
+ case ENUM_CURRENT_VALUE:
+ ret = get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
+ if (ret < 0)
+ continue;
+
+ strscpy(bioscfg_drv.enumeration_data[instance_id].current_value,
+ dst,
+ sizeof(bioscfg_drv.enumeration_data[instance_id].current_value));
+ break;
+ case ENUM_SIZE:
+ bioscfg_drv.enumeration_data[instance_id].possible_values_size = integer;
+ if (integer > MAX_VALUES_SIZE)
+ pr_warn("Possible size value exceeded the maximum number of elements supported or data may be malformed\n");
+
+ // ENUM_POSSIBLE_VALUES:
+ elem++;
+
+ size = bioscfg_drv.enumeration_data[instance_id].possible_values_size;
+ for (values = 0; values < size && values < MAX_VALUES_SIZE; values++) {
+ ret = get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
+ /* Ignore expect zero size strings at the end of all possible values */
+ if (ret < 0)
+ continue;
+
+ strscpy(bioscfg_drv.enumeration_data[instance_id].possible_values[values],
+ dst,
+ sizeof(bioscfg_drv.enumeration_data[instance_id].possible_values[values]));
+ }
+ break;
+ default:
+ pr_warn("Invalid element: %d found in Enumeration attribute or data may be malformed\n", elem);
+ break;
+ }
+ }
+
+ kfree(dst);
+
+ return 0;
+}
+
+/**
+ * exit_enumeration_attributes() - Clear all attribute data
+ *
+ * Clears all data allocated for this group of attributes
+ */
+void exit_enumeration_attributes(void)
+{
+ int instance_id;
+
+ for (instance_id = 0; instance_id < bioscfg_drv.enumeration_instances_count; instance_id++) {
+ if (bioscfg_drv.enumeration_data[instance_id].attr_name_kobj)
+ sysfs_remove_group(bioscfg_drv.enumeration_data[instance_id].attr_name_kobj,
+ &enumeration_attr_group);
+ }
+ bioscfg_drv.enumeration_instances_count = 0;
+
+ kfree(bioscfg_drv.enumeration_data);
+ bioscfg_drv.enumeration_data = NULL;
+}
--
2.34.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH v6 4/4] Introduction of HP-BIOSCFG driver [4]
2023-03-09 20:10 [PATCH v6 0/4] Introduction of HP-BIOSCFG driver Jorge Lopez
` (2 preceding siblings ...)
2023-03-09 20:10 ` [PATCH v6 3/4] Introduction of HP-BIOSCFG driver [3] Jorge Lopez
@ 2023-03-09 20:10 ` Jorge Lopez
2023-04-01 11:58 ` Thomas Weißschuh
3 siblings, 1 reply; 18+ messages in thread
From: Jorge Lopez @ 2023-03-09 20:10 UTC (permalink / raw)
To: hdegoede, platform-driver-x86
The purpose for this patch is submit HP BIOSCFG driver to be list of
HP Linux kernel drivers. The driver include a total of 12 files
broken in several patches.
HP BIOS Configuration driver purpose is to provide a driver supporting
the latest sysfs class firmware attributes framework allowing the user
to change BIOS settings and security solutions on HP Inc.’s commercial
notebooks.
Many features of HP Commercial PC’s can be managed using Windows
Management Instrumentation (WMI). WMI is an implementation of Web-Based
Enterprise Management (WBEM) that provides a standards-based interface
for changing and monitoring system settings. HP BISOCFG driver provides
a native Linux solution and the exposed features facilitates the
migration to Linux environments.
The Linux security features to be provided in hp-bioscfg driver enables
managing the BIOS settings and security solutions via sysfs, a virtual
filesystem that can be used by user-mode applications. The new
documentation cover features such Secure Platform Management, Sure
Admin, and Sure Start. Each section provides security feature
description and identifies sysfs directories and files exposed by
the driver.
Many HP Commercial PC’s include a feature called Secure Platform
Management (SPM), which replaces older password-based BIOS settings
management with public key cryptography. PC secure product management
begins when a target system is provisioned with cryptographic keys
that are used to ensure the integrity of communications between system
management utilities and the BIOS.
HP Commercial PC’s have several BIOS settings that control its behaviour
and capabilities, many of which are related to security. To prevent
unauthorized changes to these settings, the system can be configured
to use a Sure Admin cryptographic signature-based authorization string
that the BIOS will use to verify authorization to modify the setting.
Signed-off-by: Jorge Lopez <jorge.lopez2@hp.com>
---
Based on the latest platform-drivers-x86.git/for-next
History
Version 6
Breaks down the changes into 4 patches
SureAdmin-attributes was removed
Version 5
Remove version 4 patch 1
Address review changes proposed in Version 4
Reorganize all patches number and file order
---
.../testing/sysfs-class-firmware-attributes | 107 ++++++-
MAINTAINERS | 6 +
drivers/platform/x86/hp/hp-bioscfg/Makefile | 13 +
.../x86/hp/hp-bioscfg/biosattr-interface.c | 303 ++++++++++++++++++
.../x86/hp/hp-bioscfg/passwdattr-interface.c | 51 +++
5 files changed, 479 insertions(+), 1 deletion(-)
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/Makefile
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/passwdattr-interface.c
diff --git a/Documentation/ABI/testing/sysfs-class-firmware-attributes b/Documentation/ABI/testing/sysfs-class-firmware-attributes
index 4cdba3477176..d1ae6b77da13 100644
--- a/Documentation/ABI/testing/sysfs-class-firmware-attributes
+++ b/Documentation/ABI/testing/sysfs-class-firmware-attributes
@@ -22,6 +22,13 @@ Description:
- integer: a range of numerical values
- string
+ HP specific types
+ -----------------
+ - ordered-list - a set of ordered list valid values
+ - sure-admin
+ - sure-start
+
+
All attribute types support the following values:
current_value:
@@ -126,6 +133,38 @@ Description:
value will not be effective through sysfs until this rule is
met.
+ HP specific class extensions
+ ------------------------------
+
+ On HP systems the following additional attributes are available:
+
+ "ordered-list"-type specific properties:
+
+ elements:
+ A file that can be read to obtain the possible
+ list of values of the <attr>. Values are separated using
+ semi-colon (``;``). The order individual elements are listed
+ according to their priority. An Element listed first has the
+ hightest priority. Writing the list in a different order to
+ current_value alters the priority order for the particular
+ attribute.
+
+ "sure-start"-type specific properties:
+
+ audit_log_entries:
+ A read-only file that returns the events in the log.
+
+ Audit log entry format
+
+ Byte 0-15: Requested Audit Log entry (Each Audit log is 16 bytes)
+ Byte 16-127: Unused
+
+ audit_log_entry_count:
+ A read-only file that returns the number of existing audit log events available to be read.
+
+ [No of entries],[log entry size],[Max number of entries supported]
+
+
What: /sys/class/firmware-attributes/*/authentication/
Date: February 2021
KernelVersion: 5.11
@@ -206,7 +245,7 @@ Description:
Drivers may emit a CHANGE uevent when a password is set or unset
userspace may check it again.
- On Dell and Lenovo systems, if Admin password is set, then all BIOS attributes
+ On Dell, Lenovo, and HP systems, if Admin password is set, then all BIOS attributes
require password validation.
On Lenovo systems if you change the Admin password the new password is not active until
the next boot.
@@ -296,6 +335,15 @@ Description:
echo "signature" > authentication/Admin/signature
echo "password" > authentication/Admin/certificate_to_password
+ HP specific class extensions
+ --------------------------------
+
+ On HP systems the following additional settings are available:
+
+ role: enhanced-bios-auth:
+ This role is specific to Secure Platform Management (SPM) attribute.
+ It requires configuring an endorsement (kek) and signing certificate (sk).
+
What: /sys/class/firmware-attributes/*/attributes/pending_reboot
Date: February 2021
@@ -364,3 +412,60 @@ Description:
use it to enable extra debug attributes or BIOS features for testing purposes.
Note that any changes to this attribute requires a reboot for changes to take effect.
+
+
+ HP specific class extensions
+ --------------------------------
+
+What: /sys/class/firmware-attributes/*/authentication/SPM/kek
+Date: March 29
+KernelVersion: 5.18
+Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
+Description: 'kek' is a write-only file that can be used to configure the
+ RSA public key that will be used by the BIOS to verify
+ signatures when setting the signing key. When written,
+ the bytes should correspond to the KEK certificate
+ (x509 .DER format containing an OU). The size of the
+ certificate must be less than or equal to 4095 bytes.
+
+
+What: /sys/class/firmware-attributes/*/authentication/SPM/sk
+Date: March 29
+KernelVersion: 5.18
+Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
+Description: 'sk' is a write-only file that can be used to configure the RSA
+ public key that will be used by the BIOS to verify signatures
+ when configuring BIOS settings and security features. When
+ written, the bytes should correspond to the modulus of the
+ public key. The exponent is assumed to be 0x10001.
+
+
+What: /sys/class/firmware-attributes/*/authentication/SPM/status
+Date: March 29
+KernelVersion: 5.18
+Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
+Description: 'status' is a read-only file that returns ASCII text reporting
+ the status information.
+
+ State: Not Provisioned / Provisioned / Provisioning in progress
+ Version: Major. Minor
+ Feature Bit Mask: <16-bit unsigned number display in hex>
+ SPM Counter: <16-bit unsigned number display in base 10>
+ Signing Key Public Key Modulus (base64):
+ KEK Public Key Modulus (base64):
+
+
+What: /sys/class/firmware-attributes/*/authentication/SPM/statusbin
+Date: March 29
+KernelVersion: 5.18
+Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
+Description: 'statusbin' is a read-only file that returns identical status
+ information reported by 'status' file in binary format.
+
+
+What: /sys/class/firmware-attributes/*/attributes/last_error
+Date: March 29
+KernelVersion: 5.18
+Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
+Description: 'last_error' is a read-only file that returns WMI error number
+ and message reported by last WMI command.
diff --git a/MAINTAINERS b/MAINTAINERS
index f32538373164..663ae73fb8be 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -9367,6 +9367,12 @@ S: Obsolete
W: http://w1.fi/hostap-driver.html
F: drivers/net/wireless/intersil/hostap/
+HP BIOSCFG DRIVER
+M: Jorge Lopez <jorge.lopez2@hp.com>
+L: platform-driver-x86@vger.kernel.org
+S: Maintained
+F: drivers/platform/x86/hp/hp-bioscfg/
+
HP COMPAQ TC1100 TABLET WMI EXTRAS DRIVER
L: platform-driver-x86@vger.kernel.org
S: Orphan
diff --git a/drivers/platform/x86/hp/hp-bioscfg/Makefile b/drivers/platform/x86/hp/hp-bioscfg/Makefile
new file mode 100644
index 000000000000..529eba6fa47f
--- /dev/null
+++ b/drivers/platform/x86/hp/hp-bioscfg/Makefile
@@ -0,0 +1,13 @@
+obj-$(CONFIG_HP_BIOSCFG) := hp-bioscfg.o
+
+hp-bioscfg-objs := bioscfg.o \
+ enum-attributes.o \
+ int-attributes.o \
+ string-attributes.o \
+ passwdobj-attributes.o \
+ biosattr-interface.o \
+ passwdattr-interface.o \
+ ordered-attributes.o \
+ surestart-attributes.o \
+ spmobj-attributes.o
+
diff --git a/drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c b/drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c
new file mode 100644
index 000000000000..903b055b31ce
--- /dev/null
+++ b/drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c
@@ -0,0 +1,303 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Functions corresponding to methods under BIOS interface GUID
+ * for use with hp-bioscfg driver.
+ *
+ * Copyright (c) 2022 Hewlett-Packard Inc.
+ */
+
+#include <linux/wmi.h>
+#include "bioscfg.h"
+
+#define SET_DEFAULT_VALUES_METHOD_ID 0x02
+#define SET_BIOS_DEFAULTS_METHOD_ID 0x03
+#define SET_ATTRIBUTE_METHOD_ID 0x04
+
+/*
+ * set_attribute() - Update an attribute value
+ * @a_name: The attribute name
+ * @a_value: The attribute value
+ *
+ * Sets an attribute to new value
+ */
+int hp_set_attribute(const char *a_name, const char *a_value)
+{
+ size_t security_area_size;
+ size_t a_name_size, a_value_size;
+ u16 *buffer = NULL;
+ u16 *start = NULL;
+ int buffer_size;
+ int ret;
+ int instance;
+ char *auth_empty_value = "";
+ char *auth_token_choice = NULL;
+
+
+ mutex_lock(&bioscfg_drv.mutex);
+ if (!bioscfg_drv.bios_attr_wdev) {
+ ret = -ENODEV;
+ goto out_set_attribute;
+ }
+
+ instance = get_password_instance_for_type(SETUP_PASSWD);
+ if (instance < 0)
+ goto out_set_attribute;
+
+ if (strlen(bioscfg_drv.password_data[instance].current_password) == 0)
+ strscpy(bioscfg_drv.password_data[instance].current_password,
+ auth_empty_value,
+ sizeof(bioscfg_drv.password_data[instance].current_password));
+
+ /* Select which auth token to use; password or [auth token] */
+
+ if (bioscfg_drv.spm_data.auth_token != NULL)
+ auth_token_choice = bioscfg_drv.spm_data.auth_token;
+ else
+ auth_token_choice = bioscfg_drv.password_data[instance].current_password;
+
+ a_name_size = bioscfg_calculate_string_buffer(a_name);
+ a_value_size = bioscfg_calculate_string_buffer(a_value);
+ security_area_size = calculate_security_buffer(auth_token_choice);
+ buffer_size = a_name_size + a_value_size + security_area_size;
+
+ buffer = kmalloc(buffer_size + 1, GFP_KERNEL);
+ if (!buffer) {
+ ret = -ENOMEM;
+ goto out_set_attribute;
+ }
+
+ /* build variables to set */
+ start = buffer;
+ start = ascii_to_utf16_unicode(start, a_name);
+ if (!start)
+ goto out_set_attribute;
+
+ start = ascii_to_utf16_unicode(start, a_value);
+ if (!start)
+ goto out_set_attribute;
+
+ populate_security_buffer(start, auth_token_choice);
+ ret = hp_wmi_set_bios_setting(buffer, buffer_size);
+
+
+out_set_attribute:
+ kfree(buffer);
+ mutex_unlock(&bioscfg_drv.mutex);
+ return ret;
+}
+
+/*
+ * hp_wmi_perform_query
+ *
+ * query: The commandtype (enum hp_wmi_commandtype)
+ * write: The command (enum hp_wmi_command)
+ * buffer: Buffer used as input and/or output
+ * insize: Size of input buffer
+ * outsize: Size of output buffer
+ *
+ * returns zero on success
+ * an HP WMI query specific error code (which is positive)
+ * -EINVAL if the query was not successful at all
+ * -EINVAL if the output buffer size exceeds buffersize
+ *
+ * Note: The buffersize must at least be the maximum of the input and output
+ * size. E.g. Battery info query is defined to have 1 byte input
+ * and 128 byte output. The caller would do:
+ * buffer = kzalloc(128, GFP_KERNEL);
+ * ret = hp_wmi_perform_query(HPWMI_BATTERY_QUERY, HPWMI_READ,
+ * buffer, 1, 128)
+ */
+int hp_wmi_perform_query(int query, enum hp_wmi_command command, void *buffer,
+ int insize, int outsize)
+{
+ struct acpi_buffer input, output = { ACPI_ALLOCATE_BUFFER, NULL };
+ struct bios_return *bios_return;
+ union acpi_object *obj = NULL;
+ struct bios_args *args = NULL;
+ int mid, actual_insize, actual_outsize;
+ size_t bios_args_size;
+ int ret;
+
+ mid = encode_outsize_for_pvsz(outsize);
+ if (WARN_ON(mid < 0))
+ return mid;
+
+ actual_insize = insize;
+ bios_args_size = struct_size(args, data, insize);
+ args = kmalloc(bios_args_size, GFP_KERNEL);
+ if (!args)
+ return -ENOMEM;
+
+ input.length = bios_args_size;
+ input.pointer = args;
+
+ args->signature = 0x55434553;
+ args->command = command;
+ args->commandtype = query;
+ args->datasize = insize;
+ memcpy(args->data, buffer, flex_array_size(args, data, insize));
+
+ ret = wmi_evaluate_method(HP_WMI_BIOS_GUID, 0, mid, &input, &output);
+ bioscfg_drv.last_wmi_status = ret;
+ if (ret)
+ goto out_free;
+
+ obj = output.pointer;
+ if (!obj) {
+ ret = -EINVAL;
+ goto out_free;
+ }
+
+ if (query != HPWMI_SECUREPLATFORM_GET_STATE &&
+ command != HPWMI_SECUREPLATFORM)
+ if (obj->type != ACPI_TYPE_BUFFER ||
+ obj->buffer.length > sizeof(*bios_return)) {
+ pr_warn("query 0x%x returned wrong type or too small buffer\n", query);
+ ret = -EINVAL;
+ goto out_free;
+ }
+
+ bios_return = (struct bios_return *)obj->buffer.pointer;
+ ret = bios_return->return_code;
+ bioscfg_drv.last_wmi_status = ret;
+ if (ret) {
+ if (ret != HPWMI_RET_UNKNOWN_COMMAND &&
+ ret != HPWMI_RET_UNKNOWN_CMDTYPE)
+ pr_warn("query 0x%x returned error 0x%x\n", query, ret);
+ goto out_free;
+ }
+
+ /* Ignore output data of zero size */
+ if (!outsize)
+ goto out_free;
+
+ actual_outsize = min(outsize, (int)(obj->buffer.length - sizeof(*bios_return)));
+ memcpy(buffer, obj->buffer.pointer + sizeof(*bios_return), actual_outsize);
+ memset(buffer + actual_outsize, 0, outsize - actual_outsize);
+
+out_free:
+ kfree(obj);
+ kfree(args);
+ return ret;
+}
+
+static void *utf16_empty_string(u16 *p)
+{
+ *p++ = 2;
+ *p++ = (u8)0x00;
+ return p;
+}
+
+/*
+ * ascii_to_utf16_unicode - Convert ascii string to UTF-16 unicode
+ *
+ * BIOS supports UTF-16 characters that are 2 bytes long. No variable
+ * multi-byte language supported.
+ *
+ * @p: Unicode buffer address
+ * @str: string to convert to unicode
+ *
+ * Returns a void pointer to the buffer containing unicode string
+ */
+void *ascii_to_utf16_unicode(u16 *p, const u8 *str)
+{
+ int len = strlen(str);
+ int ret;
+
+ /*
+ * Add null character when reading an empty string
+ * "02 00 00 00"
+ */
+ if (len == 0)
+ return utf16_empty_string(p);
+
+ /* Move pointer len * 2 number of bytes */
+ *p++ = len * 2;
+ ret = utf8s_to_utf16s(str, strlen(str), UTF16_HOST_ENDIAN, p, len);
+ if (ret < 0) {
+ dev_err(bioscfg_drv.class_dev, "UTF16 conversion failed\n");
+ goto ascii_to_utf16_unicode_out;
+ }
+
+ if ((ret * sizeof(u16)) > U16_MAX) {
+ dev_err(bioscfg_drv.class_dev, "Error string too long\n");
+ goto ascii_to_utf16_unicode_out;
+ }
+
+ascii_to_utf16_unicode_out:
+ p += len;
+ return p;
+}
+
+/*
+ * hp_wmi_set_bios_setting - Set setting's value in BIOS
+ *
+ * @input_buffer: Input buffer address
+ * @input_size: Input buffer size
+ *
+ * Returns: Count of unicode characters written to BIOS if successful, otherwise
+ * -ENOMEM unable to allocate memory
+ * -EINVAL buffer not allocated or too small
+ */
+int hp_wmi_set_bios_setting(u16 *input_buffer, u32 input_size)
+{
+ union acpi_object *obj;
+ struct acpi_buffer input = {input_size, input_buffer};
+ struct acpi_buffer output = {ACPI_ALLOCATE_BUFFER, NULL};
+ int ret = 0;
+
+ ret = wmi_evaluate_method(HP_WMI_SET_BIOS_SETTING_GUID, 0, 1, &input, &output);
+
+ obj = output.pointer;
+ if (!obj)
+ return -EINVAL;
+
+ if (obj->type != ACPI_TYPE_INTEGER)
+ ret = -EINVAL;
+
+ ret = obj->integer.value;
+ bioscfg_drv.last_wmi_status = ret;
+
+ kfree(obj);
+ return ret;
+}
+
+static int bios_attr_set_interface_probe(struct wmi_device *wdev, const void *context)
+{
+ mutex_lock(&bioscfg_drv.mutex);
+ bioscfg_drv.bios_attr_wdev = wdev;
+ mutex_unlock(&bioscfg_drv.mutex);
+ return 0;
+}
+
+static void bios_attr_set_interface_remove(struct wmi_device *wdev)
+{
+ mutex_lock(&bioscfg_drv.mutex);
+ bioscfg_drv.bios_attr_wdev = NULL;
+ mutex_unlock(&bioscfg_drv.mutex);
+}
+
+static const struct wmi_device_id bios_attr_set_interface_id_table[] = {
+ { .guid_string = HP_WMI_BIOS_GUID},
+ { },
+};
+static struct wmi_driver bios_attr_set_interface_driver = {
+ .driver = {
+ .name = DRIVER_NAME
+ },
+ .probe = bios_attr_set_interface_probe,
+ .remove = bios_attr_set_interface_remove,
+ .id_table = bios_attr_set_interface_id_table,
+};
+
+int init_bios_attr_set_interface(void)
+{
+ return wmi_driver_register(&bios_attr_set_interface_driver);
+}
+
+void exit_bios_attr_set_interface(void)
+{
+ wmi_driver_unregister(&bios_attr_set_interface_driver);
+}
+
+MODULE_DEVICE_TABLE(wmi, bios_attr_set_interface_id_table);
diff --git a/drivers/platform/x86/hp/hp-bioscfg/passwdattr-interface.c b/drivers/platform/x86/hp/hp-bioscfg/passwdattr-interface.c
new file mode 100644
index 000000000000..02fc766eb3cf
--- /dev/null
+++ b/drivers/platform/x86/hp/hp-bioscfg/passwdattr-interface.c
@@ -0,0 +1,51 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Functions corresponding to SET password methods under
+ * HP_WMI_SET_BIOS_SETTING_GUID for use with hp-bioscfg driver.
+ *
+ * Copyright (c) 2022 Hewlett-Packard Inc.
+ */
+
+#include <linux/wmi.h>
+#include "bioscfg.h"
+
+static int bios_attr_pass_interface_probe(struct wmi_device *wdev,
+ const void *context)
+{
+ mutex_lock(&bioscfg_drv.mutex);
+ bioscfg_drv.password_attr_wdev = wdev;
+ mutex_unlock(&bioscfg_drv.mutex);
+ return 0;
+}
+
+static void bios_attr_pass_interface_remove(struct wmi_device *wdev)
+{
+ mutex_lock(&bioscfg_drv.mutex);
+ bioscfg_drv.password_attr_wdev = NULL;
+ mutex_unlock(&bioscfg_drv.mutex);
+}
+
+static const struct wmi_device_id bios_attr_pass_interface_id_table[] = {
+ { .guid_string = HP_WMI_SET_BIOS_SETTING_GUID },
+ { },
+};
+static struct wmi_driver bios_attr_pass_interface_driver = {
+ .driver = {
+ .name = DRIVER_NAME"-password"
+ },
+ .probe = bios_attr_pass_interface_probe,
+ .remove = bios_attr_pass_interface_remove,
+ .id_table = bios_attr_pass_interface_id_table,
+};
+
+int init_bios_attr_pass_interface(void)
+{
+ return wmi_driver_register(&bios_attr_pass_interface_driver);
+}
+
+void exit_bios_attr_pass_interface(void)
+{
+ wmi_driver_unregister(&bios_attr_pass_interface_driver);
+}
+
+MODULE_DEVICE_TABLE(wmi, bios_attr_pass_interface_id_table);
--
2.34.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* Re: [PATCH v6 4/4] Introduction of HP-BIOSCFG driver [4]
2023-03-09 20:10 ` [PATCH v6 4/4] Introduction of HP-BIOSCFG driver [4] Jorge Lopez
@ 2023-04-01 11:58 ` Thomas Weißschuh
2023-04-02 0:47 ` Mark Pearson
2023-04-03 16:33 ` Jorge Lopez
0 siblings, 2 replies; 18+ messages in thread
From: Thomas Weißschuh @ 2023-04-01 11:58 UTC (permalink / raw)
To: Jorge Lopez; +Cc: hdegoede, platform-driver-x86, linux-kernel
Hi Jorge,
Hans asked me to do a review of your series, so this is it.
I'll start with patch 4 because it is the one with the docs and build
system changes.
Reviews of the other patches and the code of this patch will follow.
In my opinion the best way forward is to drop some of the non-core
and duplicated functionality.
The reduced scope will make review and rework easier and therefore speed
up the process.
Please also Cc the general kernel mailing list
linux-kernel@vger.kernel.org for future revisions.
This will make sure the patchset is picked up and tested by the bots.
On 2023-03-09 14:10:22-0600, Jorge Lopez wrote:
> The purpose for this patch is submit HP BIOSCFG driver to be list of
> HP Linux kernel drivers. The driver include a total of 12 files
> broken in several patches.
No need for this paragraph.
> HP BIOS Configuration driver purpose is to provide a driver supporting
> the latest sysfs class firmware attributes framework allowing the user
> to change BIOS settings and security solutions on HP Inc.’s commercial
> notebooks.
Here it says "notebooks", below "PC's". Does it also support
non-notebook machines?
> Many features of HP Commercial PC’s can be managed using Windows
> Management Instrumentation (WMI). WMI is an implementation of Web-Based
> Enterprise Management (WBEM) that provides a standards-based interface
> for changing and monitoring system settings. HP BISOCFG driver provides
> a native Linux solution and the exposed features facilitates the
> migration to Linux environments.
>
> The Linux security features to be provided in hp-bioscfg driver enables
> managing the BIOS settings and security solutions via sysfs, a virtual
> filesystem that can be used by user-mode applications. The new
> documentation cover features such Secure Platform Management, Sure
> Admin, and Sure Start. Each section provides security feature
> description and identifies sysfs directories and files exposed by
> the driver.
>
> Many HP Commercial PC’s include a feature called Secure Platform
> Management (SPM), which replaces older password-based BIOS settings
> management with public key cryptography. PC secure product management
> begins when a target system is provisioned with cryptographic keys
> that are used to ensure the integrity of communications between system
> management utilities and the BIOS.
>
> HP Commercial PC’s have several BIOS settings that control its behaviour
> and capabilities, many of which are related to security. To prevent
> unauthorized changes to these settings, the system can be configured
> to use a Sure Admin cryptographic signature-based authorization string
> that the BIOS will use to verify authorization to modify the setting.
>
> Signed-off-by: Jorge Lopez <jorge.lopez2@hp.com>
>
> ---
> Based on the latest platform-drivers-x86.git/for-next
>
> History
>
> Version 6
> Breaks down the changes into 4 patches
> SureAdmin-attributes was removed
>
> Version 5
> Remove version 4 patch 1
> Address review changes proposed in Version 4
> Reorganize all patches number and file order
> ---
> .../testing/sysfs-class-firmware-attributes | 107 ++++++-
> MAINTAINERS | 6 +
> drivers/platform/x86/hp/hp-bioscfg/Makefile | 13 +
> .../x86/hp/hp-bioscfg/biosattr-interface.c | 303 ++++++++++++++++++
> .../x86/hp/hp-bioscfg/passwdattr-interface.c | 51 +++
> 5 files changed, 479 insertions(+), 1 deletion(-)
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/Makefile
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/passwdattr-interface.c
>
> diff --git a/Documentation/ABI/testing/sysfs-class-firmware-attributes b/Documentation/ABI/testing/sysfs-class-firmware-attributes
> index 4cdba3477176..d1ae6b77da13 100644
> --- a/Documentation/ABI/testing/sysfs-class-firmware-attributes
> +++ b/Documentation/ABI/testing/sysfs-class-firmware-attributes
> @@ -22,6 +22,13 @@ Description:
> - integer: a range of numerical values
> - string
>
> + HP specific types
> + -----------------
> + - ordered-list - a set of ordered list valid values
> + - sure-admin
Does sure-admin still exist?
> + - sure-start
> +
> +
> All attribute types support the following values:
>
> current_value:
> @@ -126,6 +133,38 @@ Description:
> value will not be effective through sysfs until this rule is
> met.
>
> + HP specific class extensions
> + ------------------------------
> +
> + On HP systems the following additional attributes are available:
> +
> + "ordered-list"-type specific properties:
> +
> + elements:
> + A file that can be read to obtain the possible
> + list of values of the <attr>. Values are separated using
> + semi-colon (``;``). The order individual elements are listed
> + according to their priority. An Element listed first has the
> + hightest priority. Writing the list in a different order to
> + current_value alters the priority order for the particular
> + attribute.
> +
> + "sure-start"-type specific properties:
> +
> + audit_log_entries:
> + A read-only file that returns the events in the log.
> +
> + Audit log entry format
> +
> + Byte 0-15: Requested Audit Log entry (Each Audit log is 16 bytes)
> + Byte 16-127: Unused
> +
> + audit_log_entry_count:
> + A read-only file that returns the number of existing audit log events available to be read.
> +
> + [No of entries],[log entry size],[Max number of entries supported]
sysfs is based on the idea of "one-value-per-file".
The two properties above violate this idea.
Maybe a different interface is needed.
Are these properties very important for the first version of this
driver? If not I would propose to drop them for now and resubmit them
as separate patches after the main driver has been merged.
> +
> +
> What: /sys/class/firmware-attributes/*/authentication/
> Date: February 2021
> KernelVersion: 5.11
> @@ -206,7 +245,7 @@ Description:
> Drivers may emit a CHANGE uevent when a password is set or unset
> userspace may check it again.
>
> - On Dell and Lenovo systems, if Admin password is set, then all BIOS attributes
> + On Dell, Lenovo, and HP systems, if Admin password is set, then all BIOS attributes
No comma after "Lenovo".
> require password validation.
> On Lenovo systems if you change the Admin password the new password is not active until
> the next boot.
> @@ -296,6 +335,15 @@ Description:
> echo "signature" > authentication/Admin/signature
> echo "password" > authentication/Admin/certificate_to_password
>
> + HP specific class extensions
> + --------------------------------
> +
> + On HP systems the following additional settings are available:
> +
> + role: enhanced-bios-auth:
> + This role is specific to Secure Platform Management (SPM) attribute.
> + It requires configuring an endorsement (kek) and signing certificate (sk).
> +
>
> What: /sys/class/firmware-attributes/*/attributes/pending_reboot
> Date: February 2021
> @@ -364,3 +412,60 @@ Description:
> use it to enable extra debug attributes or BIOS features for testing purposes.
>
> Note that any changes to this attribute requires a reboot for changes to take effect.
> +
> +
> + HP specific class extensions
> + --------------------------------
> +
> +What: /sys/class/firmware-attributes/*/authentication/SPM/kek
> +Date: March 29
> +KernelVersion: 5.18
> +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
> +Description: 'kek' is a write-only file that can be used to configure the
> + RSA public key that will be used by the BIOS to verify
> + signatures when setting the signing key. When written,
> + the bytes should correspond to the KEK certificate
> + (x509 .DER format containing an OU). The size of the
> + certificate must be less than or equal to 4095 bytes.
> +
> +
> +What: /sys/class/firmware-attributes/*/authentication/SPM/sk
> +Date: March 29
> +KernelVersion: 5.18
> +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
> +Description: 'sk' is a write-only file that can be used to configure the RSA
> + public key that will be used by the BIOS to verify signatures
> + when configuring BIOS settings and security features. When
> + written, the bytes should correspond to the modulus of the
> + public key. The exponent is assumed to be 0x10001.
The names of the files 'SPM', 'kek' and 'sk' are cryptic.
> +
> +
> +What: /sys/class/firmware-attributes/*/authentication/SPM/status
> +Date: March 29
> +KernelVersion: 5.18
> +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
> +Description: 'status' is a read-only file that returns ASCII text reporting
> + the status information.
> +
> + State: Not Provisioned / Provisioned / Provisioning in progress
> + Version: Major. Minor
> + Feature Bit Mask: <16-bit unsigned number display in hex>
> + SPM Counter: <16-bit unsigned number display in base 10>
> + Signing Key Public Key Modulus (base64):
> + KEK Public Key Modulus (base64):
This also violates 'one-value-per-file'.
Can it be split into different files?
This would also remove the need for the statusbin file.
For the values:
Status: I think symbolic names are better for sysfs:
not_provisioned, provisioned, etc.
Feature Bit Mask: Use names.
Keys: It would be nicer if these could be shown directly in the files
that can be used to configure them.
As before, what is really needed and what can be added later?
> +
> +
> +What: /sys/class/firmware-attributes/*/authentication/SPM/statusbin
> +Date: March 29
> +KernelVersion: 5.18
> +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
> +Description: 'statusbin' is a read-only file that returns identical status
> + information reported by 'status' file in binary format.
How does this binary format work?
> +
> +
> +What: /sys/class/firmware-attributes/*/attributes/last_error
> +Date: March 29
> +KernelVersion: 5.18
> +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
> +Description: 'last_error' is a read-only file that returns WMI error number
> + and message reported by last WMI command.
Does this provide much value?
Or could this error just be logged via pr_warn_ratelimited()?
> diff --git a/MAINTAINERS b/MAINTAINERS
> index f32538373164..663ae73fb8be 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -9367,6 +9367,12 @@ S: Obsolete
> W: http://w1.fi/hostap-driver.html
> F: drivers/net/wireless/intersil/hostap/
>
> +HP BIOSCFG DRIVER
> +M: Jorge Lopez <jorge.lopez2@hp.com>
> +L: platform-driver-x86@vger.kernel.org
Broken whitespace
> +S: Maintained
> +F: drivers/platform/x86/hp/hp-bioscfg/
> +
> HP COMPAQ TC1100 TABLET WMI EXTRAS DRIVER
> L: platform-driver-x86@vger.kernel.org
> S: Orphan
> diff --git a/drivers/platform/x86/hp/hp-bioscfg/Makefile b/drivers/platform/x86/hp/hp-bioscfg/Makefile
> new file mode 100644
> index 000000000000..529eba6fa47f
> --- /dev/null
> +++ b/drivers/platform/x86/hp/hp-bioscfg/Makefile
> @@ -0,0 +1,13 @@
> +obj-$(CONFIG_HP_BIOSCFG) := hp-bioscfg.o
The kbuild part that defines CONFIG_HP_BIOSCFG is missing, so this is
never built.
drivers/platform/x86/hp/Makefile also needs to reference this Makefile.
After fixing up Kbuild please build the driver with "make W=1" and clean
up all the unused functions/variables.
(This won't catch unused stuff from bioscfg.c, so you have to check
these manually)
> +
> +hp-bioscfg-objs := bioscfg.o \
> + enum-attributes.o \
> + int-attributes.o \
> + string-attributes.o \
> + passwdobj-attributes.o \
> + biosattr-interface.o \
> + passwdattr-interface.o \
> + ordered-attributes.o \
> + surestart-attributes.o \
> + spmobj-attributes.o
> +
> [..] unreviewed code here.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v6 4/4] Introduction of HP-BIOSCFG driver [4]
2023-04-01 11:58 ` Thomas Weißschuh
@ 2023-04-02 0:47 ` Mark Pearson
2023-04-03 20:44 ` Jorge Lopez
2023-04-03 16:33 ` Jorge Lopez
1 sibling, 1 reply; 18+ messages in thread
From: Mark Pearson @ 2023-04-02 0:47 UTC (permalink / raw)
To: Thomas Weißschuh, Jorge Lopez
Cc: Hans de Goede, platform-driver-x86, linux-kernel
Hi Jorge,
As I implemented similar on our platforms I have a couple of suggestions which may or may not be helpful.
On Sat, Apr 1, 2023, at 7:58 AM, Thomas Weißschuh wrote:
> Hi Jorge,
>
<snip>
> On 2023-03-09 14:10:22-0600, Jorge Lopez wrote:
<snip>
>
>> Many features of HP Commercial PC’s can be managed using Windows
>> Management Instrumentation (WMI). WMI is an implementation of Web-Based
>> Enterprise Management (WBEM) that provides a standards-based interface
>> for changing and monitoring system settings. HP BISOCFG driver provides
>> a native Linux solution and the exposed features facilitates the
>> migration to Linux environments.
I'd remove this paragraph personally - but as a minor note, typo in BISOCFG
<snip>
>>
>> diff --git a/Documentation/ABI/testing/sysfs-class-firmware-attributes b/Documentation/ABI/testing/sysfs-class-firmware-attributes
>> index 4cdba3477176..d1ae6b77da13 100644
>> --- a/Documentation/ABI/testing/sysfs-class-firmware-attributes
>> +++ b/Documentation/ABI/testing/sysfs-class-firmware-attributes
<snip>
>> @@ -126,6 +133,38 @@ Description:
>> value will not be effective through sysfs until this rule is
>> met.
>>
>> + HP specific class extensions
>> + ------------------------------
>> +
>> + On HP systems the following additional attributes are available:
>> +
>> + "ordered-list"-type specific properties:
>> +
>> + elements:
>> + A file that can be read to obtain the possible
>> + list of values of the <attr>. Values are separated using
>> + semi-colon (``;``). The order individual elements are listed
>> + according to their priority. An Element listed first has the
>> + hightest priority. Writing the list in a different order to
>> + current_value alters the priority order for the particular
>> + attribute.
isn't this already covered in the 'possible_values' attribute - it's just a string of items? Curious as to when/how this would be used instead of possible_values (but I should probably read the code)
Typo in 'hightest'.
<snip>
>
>> +
>> +
>> What: /sys/class/firmware-attributes/*/authentication/
>> Date: February 2021
>> KernelVersion: 5.11
>> @@ -206,7 +245,7 @@ Description:
<snip>
>> @@ -296,6 +335,15 @@ Description:
>> echo "signature" > authentication/Admin/signature
>> echo "password" > authentication/Admin/certificate_to_password
>>
>> + HP specific class extensions
>> + --------------------------------
>> +
>> + On HP systems the following additional settings are available:
>> +
>> + role: enhanced-bios-auth:
>> + This role is specific to Secure Platform Management (SPM) attribute.
>> + It requires configuring an endorsement (kek) and signing certificate (sk).
>> +
Your implementation might be different on HP's; but on the Lenovo's this was still used along with the regular roles - it's just the authentication changed from password to a signature approach.
Just checking that you really need a whole new role and that it isn't part of the existing role.
<snip>
>> + HP specific class extensions
>> + --------------------------------
>> +
>> +What: /sys/class/firmware-attributes/*/authentication/SPM/kek
>> +Date: March 29
>> +KernelVersion: 5.18
>> +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
>> +Description: 'kek' is a write-only file that can be used to configure the
>> + RSA public key that will be used by the BIOS to verify
>> + signatures when setting the signing key. When written,
>> + the bytes should correspond to the KEK certificate
>> + (x509 .DER format containing an OU). The size of the
>> + certificate must be less than or equal to 4095 bytes.
>> +
>> +
>> +What: /sys/class/firmware-attributes/*/authentication/SPM/sk
>> +Date: March 29
>> +KernelVersion: 5.18
>> +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
>> +Description: 'sk' is a write-only file that can be used to configure the RSA
>> + public key that will be used by the BIOS to verify signatures
>> + when configuring BIOS settings and security features. When
>> + written, the bytes should correspond to the modulus of the
>> + public key. The exponent is assumed to be 0x10001.
>
I wondered if these could be combined with the signature and certificate fields that I implemented for the Lenovo platforms - and those be moved out of the Lenovo specific section and then made general (and optional)
kek looks like it corresponds to certificate and sk to signature?
>
>> +
>> +
>> +What: /sys/class/firmware-attributes/*/attributes/last_error
>> +Date: March 29
>> +KernelVersion: 5.18
>> +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
>> +Description: 'last_error' is a read-only file that returns WMI error number
>> + and message reported by last WMI command.
>
> Does this provide much value?
> Or could this error just be logged via pr_warn_ratelimited()?
This one seemed odd to me too - doesn't the driver return the error to the use on a failed WMI access?
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v6 1/4] Introduction of HP-BIOSCFG driver
2023-03-09 20:10 ` [PATCH v6 1/4] " Jorge Lopez
@ 2023-04-02 16:28 ` Thomas Weißschuh
2023-04-12 19:37 ` Jorge Lopez
0 siblings, 1 reply; 18+ messages in thread
From: Thomas Weißschuh @ 2023-04-02 16:28 UTC (permalink / raw)
To: Jorge Lopez; +Cc: hdegoede, platform-driver-x86
Hi Jorge,
below a few stylistic comments.
These are very general and do not only affect the commented locations
but the whole driver.
That said these are not critical.
First focus on removing dead code and nailing down the userspace API.
Then it depends on your motivation.
As said before I would focus on reducing the driver to the bare minimum
that makes it usable, get it merged / clean it up and then re-add pieces
bit-by-bit.
I'll probably go over all the files again when I am more familiar with
the driver.
On 2023-03-09 14:10:19-0600, Jorge Lopez wrote:
> The purpose for this patch is submit HP BIOSCFG driver to be list of
> HP Linux kernel drivers. The driver include a total of 12 files
> broken in several patches.
>
> HP BIOS Configuration driver purpose is to provide a driver supporting
> the latest sysfs class firmware attributes framework allowing the user
> to change BIOS settings and security solutions on HP Inc.’s commercial
> notebooks.
>
> Many features of HP Commercial PC’s can be managed using Windows
> Management Instrumentation (WMI). WMI is an implementation of Web-Based
> Enterprise Management (WBEM) that provides a standards-based interface
> for changing and monitoring system settings. HP BISOCFG driver provides
> a native Linux solution and the exposed features facilitates the
> migration to Linux environments.
>
> The Linux security features to be provided in hp-bioscfg driver enables
> managing the BIOS settings and security solutions via sysfs, a virtual
> filesystem that can be used by user-mode applications. The new
> documentation cover features such Secure Platform Management, Sure
> Admin, and Sure Start. Each section provides security feature
> description and identifies sysfs directories and files exposed by
> the driver.
>
> Many HP Commercial PC’s include a feature called Secure Platform
> Management (SPM), which replaces older password-based BIOS settings
> management with public key cryptography. PC secure product management
> begins when a target system is provisioned with cryptographic keys
> that are used to ensure the integrity of communications between system
> management utilities and the BIOS.
>
> HP Commercial PC’s have several BIOS settings that control its behaviour
> and capabilities, many of which are related to security. To prevent
> unauthorized changes to these settings, the system can be configured
> to use a Sure Admin cryptographic signature-based authorization string
> that the BIOS will use to verify authorization to modify the setting.
>
> Signed-off-by: Jorge Lopez <jorge.lopez2@hp.com>
>
> ---
> Based on the latest platform-drivers-x86.git/for-next
>
> History
>
> Version 6
> Breaks down the changes into 4 patches
> SureAdmin-attributes was removed
>
> Version 5
> Remove version 4 patch 1
> Address review changes proposed in Version 4
> Reorganize all patches number and file order
> ---
> .../x86/hp/hp-bioscfg/spmobj-attributes.c | 460 ++++++++++++++++++
> .../x86/hp/hp-bioscfg/string-attributes.c | 459 +++++++++++++++++
> .../x86/hp/hp-bioscfg/surestart-attributes.c | 149 ++++++
> 3 files changed, 1068 insertions(+)
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
>
> diff --git a/drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
> new file mode 100644
> index 000000000000..60a7bcfd7951
> --- /dev/null
> +++ b/drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
> @@ -0,0 +1,460 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Functions corresponding to secure platform management object type
> + * attributes under BIOS PASSWORD for use with hp-bioscfg driver
> + *
> + * Copyright (c) 2022 HP Development Company, L.P.
> + */
> +
> +#include "bioscfg.h"
> +
> +#define MAX_KEK_BLOB_SIZE 4160
> +#define MAX_SK_BLOB_SIZE 516
> +
> +enum spm_states_values {
> + NOT_PROVISIONED = 0x00,
> + PROVISIONED = 0x01,
> + PROVISIONING_IN_PROGRESS = 0x02
> +};
> +
> +static const char * const spm_state_types[] = {
> + "not provisioned",
> + "provisioned",
> + "provisioning in progress"
> +};
> +
> +
> +int check_spm_is_enabled(void)
> +{
> + /* do we need to check the admin password is also configured */
> + return bioscfg_drv.spm_data.is_enabled;
> +}
> +
> +/*
> + * calculate_security_buffer() - determines size of security buffer
> + * for authentication scheme
> + *
> + * @authentication: the authentication content
> + *
> + * Currently only supported type is Admin password
> + */
> +size_t calculate_security_buffer(const char *authentication)
> +{
> + int size;
> +
> + if (authentication != NULL && strlen(authentication) > 0) {
> +
> + size = (sizeof(u16) + (strlen(authentication) * sizeof(u16)));
> + if (strncmp(authentication, BEAM_PREFIX, strlen(BEAM_PREFIX)) != 0)
> + size += (strlen(UTF_PREFIX) * sizeof(u16));
> +
> + return size;
> + }
> +
> + size = sizeof(u16) * 2;
> + return size;
> +}
> +
> +/*
> + * populate_security_buffer() - builds a security buffer for
> + * authentication scheme
> + *
> + * @buffer: the buffer to populate
> + * @authentication: the authentication content
> + *
> + * Currently only supported type is PLAIN TEXT
> + */
> +void populate_security_buffer(u16 *buffer, const char *authentication)
> +{
> + u16 *auth = buffer;
> + char *strprefix = NULL;
> +
> + if (strncmp(authentication, BEAM_PREFIX, strlen(BEAM_PREFIX)) == 0) {
> + /*
> + * BEAM_PREFIX is append to buffer when a signature
> + * is provided and Sure Admin is enabled in BIOS
> + */
> + // BEAM_PREFIX found, convert part to unicode
> + auth = ascii_to_utf16_unicode(auth, authentication);
> + } else {
> + /*
> + * UTF-16 prefix is append to the * buffer when a BIOS
> + * admin password is configured in BIOS
> + */
> +
> + // append UTF_PREFIX to part and then convert it to unicode
> + strprefix = kasprintf(GFP_KERNEL, "%s%s", UTF_PREFIX,
> + authentication);
> + if (!strprefix)
> + goto out_populate_security_buffer;
> +
> + auth = ascii_to_utf16_unicode(auth, strprefix);
> + }
> +out_populate_security_buffer:
There is no need to have the name of the function in the label.
Just "out" would be enough.
> +
> + kfree(strprefix);
> + strprefix = NULL;
No need to clear stack variables.
> +}
> +
> +ssize_t update_spm_state(void)
> +{
> + int ret;
> + struct secureplatform_provisioning_data *data = NULL;
> +
> + data = kmalloc(sizeof(struct secureplatform_provisioning_data),
> + GFP_KERNEL);
Use "sizeof(*data)". It's shorter and more robust.
> + if (!data) {
> + ret = -ENOMEM;
> + goto spm_state_exit;
> + }
> +
> + ret = hp_wmi_perform_query(HPWMI_SECUREPLATFORM_GET_STATE,
> + HPWMI_SECUREPLATFORM, data, 0,
> + sizeof(struct secureplatform_provisioning_data));
Also sizeof(*data).
> + if (ret < 0)
> + goto spm_state_exit;
> +
> + bioscfg_drv.spm_data.mechanism = data->state;
> + if (bioscfg_drv.spm_data.mechanism)
> + bioscfg_drv.spm_data.is_enabled = 1;
> +
> +spm_state_exit:
> + kfree(data);
> +
> + return ret;
> +}
> +
> +/*
> + * statusbin - Reports SPM status in binary format
> + *
> + * @kobj: Pointer to a kernel object of things that show up as
> + * directory in the sysfs filesystem.
> + * @attr: Pointer to list of attributes for the operation
> + * @buf: Pointer to buffer
The parameters are the same for every attribute_show() function.
No need to document them.
Also if you document something use proper kerneldoc format:
https://docs.kernel.org/doc-guide/kernel-doc.html
> + *
> + * Returns number of bytes read on success. Otherwise,
> + * an HP WMI query specific error code (which is positive)
> + * -ENODEV if the query was not successful at all
> + *
> + */
> +ssize_t statusbin(struct kobject *kobj,
> + struct kobj_attribute *attr, char *buf)
> +{
> + int ret = hp_wmi_perform_query(HPWMI_SECUREPLATFORM_GET_STATE,
> + HPWMI_SECUREPLATFORM, buf, 0,
> + sizeof(struct secureplatform_provisioning_data));
> +
> + return ret ? -ENODEV : sizeof(struct secureplatform_provisioning_data);
> +}
> +
> +ssize_t statusbin_show(struct kobject *kobj,
> + struct kobj_attribute *attr, char *buf)
> +{
> + int ret;
> + struct secureplatform_provisioning_data *data = NULL;
> +
> + data = kmalloc(sizeof(struct secureplatform_provisioning_data),
> + GFP_KERNEL);
> + if (!data) {
> + ret = -ENOMEM;
> + goto statusbin_show_exit;
> + }
> +
> + ret = statusbin(kobj, attr, (char *)data);
> + if (ret < 0)
> + goto statusbin_show_exit;
> +
> + /* copy data to spm local structure */
> + memcpy(buf, data, sizeof(struct secureplatform_provisioning_data));
> +
> +statusbin_show_exit:
> + kfree(data);
> +
> + return ret ? ret : strnlen(buf, PAGE_SIZE);
> +}
> +struct kobj_attribute password_spm_statusbin = __ATTR_RO(statusbin);
> +
> +/*
> + * status_show - Reads SPM status
> + *
> + * @kobj: Pointer to a kernel object of things that show up as
> + * directory in the sysfs filesystem.
> + * @attr: Pointer to list of attributes for the operation
> + * @buf: Pointer to buffer
> + *
> + * Returns number of bytes read on success. Otherwise,
> + * an HP WMI query specific error code (which is positive)
> + * -ENODEV if the query was not successful at all
> + * -ENOMEM if cannot allocate required memory size
> + *
> + */
> +ssize_t status_show(struct kobject *kobj, struct kobj_attribute
> + *attr, char *buf)
> +{
> + int ret, i;
> + struct secureplatform_provisioning_data *data = NULL;
> +
> + data = kmalloc(sizeof(struct secureplatform_provisioning_data),
> + GFP_KERNEL);
> + if (!data) {
> + ret = -ENOMEM;
> + goto status_show_exit;
> + }
> +
> + ret = statusbin(kobj, attr, (char *)data);
> + if (ret < 0)
> + goto status_show_exit;
> +
> + sysfs_emit(buf, "%sState: %d\n", buf, data->state);
> + sysfs_emit(buf, "%sVersion: %d.%d\n", buf, data->version[0],
> + data->version[1]);
> +
> + /*
> + * state == 0 means secure platform management
> + * feature is not configured in BIOS.
> + */
> + if (data->state == 0)
> + goto status_show_exit;
> +
> + sysfs_emit(buf, "%sNonce: %d\n", buf, data->nonce);
> + sysfs_emit(buf, "%sFeaturesInUse: %d\n", buf, data->features);
> + sysfs_emit(buf, "%sEndorsementKeyMod: {", buf);
> +
> + for (i = 255; i >= 0; i--)
> + sysfs_emit(buf, "%s %u", buf, data->kek_mod[i]);
> +
> + sysfs_emit(buf, "%s }\n", buf);
> + sysfs_emit(buf, "%sSigningKeyMod: {", buf);
> +
> + for (i = 255; i >= 0; i--)
> + sysfs_emit(buf, "%s %u", buf, data->sk_mod[i]);
> +
> + /* Return buf contents */
> +
> + sysfs_emit(buf, "%s }\n", buf);
> +
> +status_show_exit:
> + kfree(data);
> +
> + return strnlen(buf, PAGE_SIZE);
> +}
> +
> +struct kobj_attribute password_spm_status = __ATTR_RO(status);
> +
> +attribute_spm_n_property_show(is_enabled, spm);
> +static struct kobj_attribute password_spm_is_key_enabled = __ATTR_RO(is_enabled);
> +
> +
> +static ssize_t key_mechanism_show(struct kobject *kobj, struct kobj_attribute *attr,
> + char *buf)
> +{
> + int ret;
> +
> + ret = sysfs_emit(buf, "%s\n",
> + spm_mechanism_types[bioscfg_drv.spm_data.mechanism]);
> + return ret;
No need for the temporary variable:
return sysfs_emit(buf, "%s\n", spm_mechanism_types[bioscfg_drv.spm_data.mechanism]);
> +}
> +static struct kobj_attribute password_spm_key_mechanism = __ATTR_RO(key_mechanism);
> +
> +static ssize_t sk_store(struct kobject *kobj,
> + struct kobj_attribute *attr,
> + const char *buf, size_t count)
> +{
> + int ret;
> + int length;
> +
> + length = count;
> + if (buf[length-1] == '\n')
> + length--;
> +
> + /* allocate space and copy current signing key */
> + bioscfg_drv.spm_data.signing_key = kmalloc(length, GFP_KERNEL);
> + if (!bioscfg_drv.spm_data.signing_key) {
> + ret = -ENOMEM;
> + goto exit_signing_key;
> + }
> +
> + memcpy(bioscfg_drv.spm_data.signing_key, buf, length);
> + bioscfg_drv.spm_data.signing_key[length] = '\0';
> +
> + /* submit signing key payload */
> + ret = hp_wmi_perform_query(HPWMI_SECUREPLATFORM_SET_SK,
> + HPWMI_SECUREPLATFORM,
> + (void *)bioscfg_drv.spm_data.signing_key,
> + length, 0);
> +
> + if (!ret) {
> + bioscfg_drv.spm_data.mechanism = SIGNING_KEY;
> + bioscfg_drv.pending_reboot = TRUE;
> + }
> +
> +exit_signing_key:
> + kfree(bioscfg_drv.spm_data.signing_key);
> + bioscfg_drv.spm_data.signing_key = NULL;
> +
> + return ret ? ret : count;
> +}
> +
> +static struct kobj_attribute password_spm_signing_key = __ATTR_WO(sk);
> +
> +static ssize_t kek_store(struct kobject *kobj,
> + struct kobj_attribute *attr,
> + const char *buf, size_t count)
> +{
> + int ret;
> + int length;
> +
> + length = count;
> + if (buf[length-1] == '\n')
> + length--;
> +
> + /* allocate space and copy current signing key */
> + bioscfg_drv.spm_data.endorsement_key = kmalloc(length, GFP_KERNEL);
> + if (!bioscfg_drv.spm_data.endorsement_key) {
> + ret = -ENOMEM;
> + goto exit_endorsement_key;
> + }
> +
> + memcpy(bioscfg_drv.spm_data.endorsement_key, buf, length);
> + bioscfg_drv.spm_data.endorsement_key[length] = '\0';
> +
> + ret = hp_wmi_perform_query(HPWMI_SECUREPLATFORM_SET_KEK,
> + HPWMI_SECUREPLATFORM,
> + (void *)bioscfg_drv.spm_data.endorsement_key,
> + count, 0);
> +
> + if (!ret) {
> + bioscfg_drv.spm_data.mechanism = ENDORSEMENT_KEY;
> + bioscfg_drv.pending_reboot = TRUE;
> + }
> +
> +exit_endorsement_key:
> + kfree(bioscfg_drv.spm_data.endorsement_key);
> + bioscfg_drv.spm_data.endorsement_key = NULL;
> +
> + return ret ? ret : count;
> +}
> +static struct kobj_attribute password_spm_endorsement_key = __ATTR_WO(kek);
> +
> +static ssize_t display_name_language_code_show(struct kobject *kobj,
> + struct kobj_attribute *attr,
> + char *buf)
> +{
> + return sysfs_emit(buf, "%s\n", LANG_CODE_STR);
> +}
> +
> +static struct kobj_attribute password_spm_display_langcode =
> + __ATTR_RO(display_name_language_code);
> +
> +
> +static ssize_t display_name_show(struct kobject *kobj,
> + struct kobj_attribute *attr, char *buf)
> +{
> + return sysfs_emit(buf, "%s\n", SPM_STR_DESC);
> +}
> +static struct kobj_attribute password_spm_display_name = __ATTR_RO(display_name);
> +
> +static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
> + char *buf)
> +{
> + return sysfs_emit(buf, "secure-platform-management\n");
> +}
> +static struct kobj_attribute password_spm_type = __ATTR_RO(type);
> +
> +static ssize_t role_show(struct kobject *kobj, struct kobj_attribute *attr,
> + char *buf)
> +{
> + return sysfs_emit(buf, "%s\n", role_type[BIOS_SPM]);
> +}
> +static struct kobj_attribute password_spm_role = __ATTR_RO(role);
> +
> +static ssize_t auth_token_store(struct kobject *kobj,
> + struct kobj_attribute *attr,
> + const char *buf, size_t count)
> +{
> + int ret = 0;
> + int length;
> +
> + length = count;
> + if (buf[length-1] == '\n')
> + length--;
> +
> + /* allocate space and copy current auth token */
> + bioscfg_drv.spm_data.auth_token = kmalloc(count, GFP_KERNEL);
> + if (!bioscfg_drv.spm_data.auth_token) {
> + ret = -ENOMEM;
> + goto exit_auth_token;
> + }
> +
> + memcpy(bioscfg_drv.spm_data.auth_token, buf, count);
> + bioscfg_drv.spm_data.auth_token[length] = '\0';
> + return count;
> +
> +
> +exit_auth_token:
> + kfree(bioscfg_drv.spm_data.auth_token);
> + bioscfg_drv.spm_data.auth_token = NULL;
> +
> + return ret;
> +
> +}
> +static struct kobj_attribute password_spm_auth_token = __ATTR_WO(auth_token);
> +
> +static struct attribute *secure_platform_attrs[] = {
> + &password_spm_display_name.attr,
> + &password_spm_display_langcode.attr,
> + &password_spm_is_key_enabled.attr,
> + &password_spm_signing_key.attr,
> + &password_spm_endorsement_key.attr,
> + &password_spm_key_mechanism.attr,
> + &password_spm_status.attr,
> + &password_spm_statusbin.attr,
> + &password_spm_type.attr,
> + &password_spm_role.attr,
> + &password_spm_auth_token.attr,
> + NULL,
> +};
> +
> +static const struct attribute_group secure_platform_attr_group = {
> + .attrs = secure_platform_attrs,
> +};
> +
> +void exit_secure_platform_attributes(void)
> +{
> + /* remove secure platform sysfs entry and free key data*/
> +
> + kfree(bioscfg_drv.spm_data.endorsement_key);
> + bioscfg_drv.spm_data.endorsement_key = NULL;
> +
> + kfree(bioscfg_drv.spm_data.signing_key);
> + bioscfg_drv.spm_data.signing_key = NULL;
> +
> + kfree(bioscfg_drv.spm_data.auth_token);
> + bioscfg_drv.spm_data.auth_token = NULL;
> +
> + if (bioscfg_drv.spm_data.attr_name_kobj)
> + sysfs_remove_group(bioscfg_drv.spm_data.attr_name_kobj,
> + &secure_platform_attr_group);
> +}
> +
> +int populate_secure_platform_data(struct kobject *attr_name_kobj)
> +{
> + /* Populate data for Secure Platform Management */
> + bioscfg_drv.spm_data.attr_name_kobj = attr_name_kobj;
> +
> + strscpy(bioscfg_drv.spm_data.attribute_name, SPM_STR,
> + sizeof(bioscfg_drv.spm_data.attribute_name));
> + strscpy(bioscfg_drv.spm_data.display_name, SPM_STR_DESC,
> + sizeof(bioscfg_drv.spm_data.display_name));
> +
> + bioscfg_drv.spm_data.is_enabled = 0;
> + bioscfg_drv.spm_data.mechanism = 0;
> + bioscfg_drv.pending_reboot = FALSE;
> + update_spm_state();
> +
> + bioscfg_drv.spm_data.endorsement_key = NULL;
> + bioscfg_drv.spm_data.signing_key = NULL;
> + bioscfg_drv.spm_data.auth_token = NULL;
> +
> + return sysfs_create_group(attr_name_kobj, &secure_platform_attr_group);
> +}
As mentioned in my first review mail the SPM attributes don't seem
necessary or at least too complex.
If they are to stay it will need more review, it feels there are some
bugs lurking.
> diff --git a/drivers/platform/x86/hp/hp-bioscfg/string-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
> new file mode 100644
> index 000000000000..79ec007fbcee
> --- /dev/null
> +++ b/drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
> @@ -0,0 +1,459 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Functions corresponding to string type attributes under
> + * HP_WMI_BIOS_STRING_GUID for use with hp-bioscfg driver.
> + *
> + * Copyright (c) 2022 HP Development Company, L.P.
> + */
> +
> +#include "bioscfg.h"
> +
> +#define WMI_STRING_TYPE "HPBIOS_BIOSString"
> +
> +get_instance_id(string);
This is weird to read. It looks like a function declaration.
maybe use DEFINE_GET_INSTANCE_ID(string).
> +
> +static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
> +{
> + ssize_t ret;
> + int instance_id = get_string_instance_id(kobj);
> +
> + if (instance_id < 0)
> + return -EIO;
> +
> + ret = sysfs_emit(buf, "%s\n",
> + bioscfg_drv.string_data[instance_id].current_value);
> +
> + return ret;
> +}
> +
> +/*
> + * validate_string_input() -
> + * Validate input of current_value against min and max lengths
> + *
> + * @instance_id: The instance on which input is validated
> + * @buf: Input value
> + */
> +static int validate_string_input(int instance_id, const char *buf)
Instead of passing around integer ids, that all the callees are using to
look up some global data, it would be nicer to pass a pointer to the
concrete instance struct to work on.
This makes the code simpler and removes reference to global state all
over the place.
> +{
> + int in_len = strlen(buf);
> +
> + /* BIOS treats it as a read only attribute */
> + if (bioscfg_drv.string_data[instance_id].is_readonly)
> + return -EIO;
> +
> + if ((in_len < bioscfg_drv.string_data[instance_id].min_length) ||
> + (in_len > bioscfg_drv.string_data[instance_id].max_length))
> + return -EINVAL;
-ERANGE?
> +
> + /*
> + * set pending reboot flag depending on
> + * "RequiresPhysicalPresence" value
> + */
> + if (bioscfg_drv.string_data[instance_id].requires_physical_presence)
> + bioscfg_drv.pending_reboot = TRUE;
Just use "true" or "false" instead of "TRUE" and "FALSE".
> + return 0;
> +}
> +
> +static void update_string_value(int instance_id, char *attr_value)
> +{
> + /* Write settings to BIOS */
> + strscpy(bioscfg_drv.string_data[instance_id].current_value,
> + attr_value,
> + sizeof(bioscfg_drv.string_data[instance_id].current_value));
> +}
> +
> +attribute_s_property_show(display_name_language_code, string);
> +static struct kobj_attribute string_display_langcode =
> + __ATTR_RO(display_name_language_code);
> +
> +attribute_s_property_show(display_name, string);
> +static struct kobj_attribute string_display_name =
> + __ATTR_RO(display_name);
> +
> +attribute_property_store(current_value, string);
> +static struct kobj_attribute string_current_val =
> + __ATTR_RW_MODE(current_value, 0644);
> +
> +attribute_n_property_show(min_length, string);
> +static struct kobj_attribute string_min_length =
> + __ATTR_RO(min_length);
> +
> +attribute_n_property_show(max_length, string);
> +static struct kobj_attribute string_max_length =
> + __ATTR_RO(max_length);
> +
> +attribute_n_property_show(prerequisites_size, string);
> +static struct kobj_attribute string_prerequisites_size_val =
> + __ATTR_RO(prerequisites_size);
> +
> +attribute_values_property_show(prerequisites, string);
> +static struct kobj_attribute string_prerequisites_val =
> + __ATTR_RO(prerequisites);
> +
> +static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
> + char *buf)
> +{
> + return sysfs_emit(buf, "string\n");
> +}
> +static struct kobj_attribute string_type =
> + __ATTR_RO(type);
> +
> +static struct attribute *string_attrs[] = {
> + &string_display_langcode.attr,
> + &string_display_name.attr,
> + &string_current_val.attr,
> + &string_min_length.attr,
> + &string_max_length.attr,
> + &string_prerequisites_size_val.attr,
> + &string_prerequisites_val.attr,
> + &string_type.attr,
> + NULL
> +};
> +
> +static const struct attribute_group string_attr_group = {
> + .attrs = string_attrs,
> +};
> +
> +int alloc_string_data(void)
> +{
> + int ret = 0;
> +
> + bioscfg_drv.string_instances_count = get_instance_count(HP_WMI_BIOS_STRING_GUID);
> + bioscfg_drv.string_data = kcalloc(bioscfg_drv.string_instances_count,
> + sizeof(struct string_data), GFP_KERNEL);
> + if (!bioscfg_drv.string_data) {
> + bioscfg_drv.string_instances_count = 0;
> + ret = -ENOMEM;
> + }
> + return ret;
> +}
> +
> +/* Expected Values types associated with each element */
> +static acpi_object_type expected_string_types[] = {
Seems this can be const.
> + [NAME] = ACPI_TYPE_STRING,
> + [VALUE] = ACPI_TYPE_STRING,
> + [PATH] = ACPI_TYPE_STRING,
> + [IS_READONLY] = ACPI_TYPE_INTEGER,
> + [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER,
> + [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER,
> + [SEQUENCE] = ACPI_TYPE_INTEGER,
> + [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER,
> + [PREREQUISITES] = ACPI_TYPE_STRING,
> + [SECURITY_LEVEL] = ACPI_TYPE_INTEGER,
> + [STR_MIN_LENGTH] = ACPI_TYPE_INTEGER,
> + [STR_MAX_LENGTH] = ACPI_TYPE_INTEGER
*Do* add a trailing comma after a non end-of-list marker.
> +};
> +
> +/*
> + * populate_string_package_data() -
> + * Populate all properties of an instance under string attribute
> + *
> + * @string_obj: ACPI object with string data
> + * @instance_id: The instance to enumerate
> + * @attr_name_kobj: The parent kernel object
> + */
> +int populate_string_package_data(union acpi_object *string_obj,
> + int instance_id,
> + struct kobject *attr_name_kobj)
> +{
> + bioscfg_drv.string_data[instance_id].attr_name_kobj = attr_name_kobj;
> +
> + populate_string_elements_from_package(string_obj,
> + string_obj->package.count,
> + instance_id,
> + HPWMI_STRING_TYPE);
> + update_attribute_permissions(bioscfg_drv.string_data[instance_id].is_readonly,
> + &string_current_val);
> + friendly_user_name_update(bioscfg_drv.string_data[instance_id].path,
> + attr_name_kobj->name,
> + bioscfg_drv.string_data[instance_id].display_name,
> + sizeof(bioscfg_drv.string_data[instance_id].display_name));
> + return sysfs_create_group(attr_name_kobj, &string_attr_group);
> +}
> +
> +int populate_string_elements_from_package(union acpi_object *string_obj,
> + int string_obj_count,
> + int instance_id,
> + enum hp_wmi_data_type type)
> +{
> + char *str_value = NULL;
> + int value_len;
> + int ret = 0;
> + u32 size = 0;
> + u32 int_value;
> + int elem = 0;
> + int reqs;
> + int eloc;
> +
> + if (!string_obj)
> + return -EINVAL;
> +
> + strscpy(bioscfg_drv.string_data[instance_id].display_name_language_code,
> + LANG_CODE_STR,
> + sizeof(bioscfg_drv.string_data[instance_id].display_name_language_code));
> +
> + for (elem = 1, eloc = 1; elem < string_obj_count; elem++, eloc++) {
> +
> + /* ONLY look at the first 'hp_wmi_elements_count[type]' elements */
> + if (eloc == hp_wmi_elements_count[type])
> + goto exit_string_package;
> +
> + switch (string_obj[elem].type) {
> + case ACPI_TYPE_STRING:
> +
> + if (elem != PREREQUISITES) {
> + ret = convert_hexstr_to_str(string_obj[elem].string.pointer,
> + string_obj[elem].string.length,
> + &str_value, &value_len);
> +
> + if (ret)
> + continue;
> + }
> + break;
> + case ACPI_TYPE_INTEGER:
> + int_value = (u32)string_obj[elem].integer.value;
> + break;
> + default:
> + pr_warn("Unsupported object type [%d]\n", string_obj[elem].type);
> + continue;
> + }
> +
> + /* Check that both expected and read object type match */
> + if (expected_string_types[eloc] != string_obj[elem].type) {
> + pr_err("Error expected type %d for elem %d, but got type %d instead\n",
> + expected_string_types[eloc], elem, string_obj[elem].type);
> + return -EIO;
> + }
> +
> + /* Assign appropriate element value to corresponding field*/
> + switch (eloc) {
> + case VALUE:
> + strscpy(bioscfg_drv.string_data[instance_id].current_value,
> + str_value, sizeof(bioscfg_drv.string_data[instance_id].current_value));
> + break;
> + case PATH:
> + strscpy(bioscfg_drv.string_data[instance_id].path, str_value,
> + sizeof(bioscfg_drv.string_data[instance_id].path));
> + break;
> + case IS_READONLY:
> + bioscfg_drv.string_data[instance_id].is_readonly = int_value;
> + break;
> + case DISPLAY_IN_UI:
> + bioscfg_drv.string_data[instance_id].display_in_ui = int_value;
> + break;
> + case REQUIRES_PHYSICAL_PRESENCE:
> + bioscfg_drv.string_data[instance_id].requires_physical_presence = int_value;
> + break;
> + case SEQUENCE:
> + bioscfg_drv.string_data[instance_id].sequence = int_value;
> + break;
> + case PREREQUISITES_SIZE:
> + bioscfg_drv.string_data[instance_id].prerequisites_size = int_value;
> + if (size > MAX_PREREQUISITES_SIZE)
> + pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
> + /*
> + * This HACK is needed to keep the expected
> + * element list pointing to the right obj[elem].type
> + * when the size is zero. PREREQUISITES
> + * object is omitted by BIOS when the size is
> + * zero.
> + */
> + if (int_value == 0)
> + eloc++;
> + break;
> + case PREREQUISITES:
> + size = bioscfg_drv.string_data[instance_id].prerequisites_size;
> +
> + for (reqs = 0; reqs < size && reqs < MAX_PREREQUISITES_SIZE; reqs++) {
> + if (elem >= string_obj_count) {
> + pr_err("Error elem-objects package is too small\n");
> + return -EINVAL;
> + }
> +
> + ret = convert_hexstr_to_str(string_obj[elem + reqs].string.pointer,
> + string_obj[elem + reqs].string.length,
> + &str_value, &value_len);
> +
> + if (ret)
> + continue;
> +
> + strscpy(bioscfg_drv.string_data[instance_id].prerequisites[reqs],
> + str_value,
> + sizeof(bioscfg_drv.string_data[instance_id].prerequisites[reqs]));
> + kfree(str_value);
> + str_value = NULL;
> + }
> + break;
> +
> + case SECURITY_LEVEL:
> + bioscfg_drv.string_data[instance_id].security_level = int_value;
> + break;
> + case STR_MIN_LENGTH:
> + bioscfg_drv.string_data[instance_id].min_length = int_value;
> + break;
> + case STR_MAX_LENGTH:
> + bioscfg_drv.string_data[instance_id].max_length = int_value;
> + break;
> + default:
> + pr_warn("Invalid element: %d found in String attribute or data may be malformed\n", elem);
> + break;
> + }
> +
> + kfree(str_value);
> + str_value = NULL;
> + }
> +
> +exit_string_package:
> + kfree(str_value);
> + str_value = NULL;
> + return 0;
> +}
> +
> +/*
> + * populate_string_data() -
> + * Populate all properties of an instance under string attribute
> + *
> + * @buffer_ptr: Buffer pointer
> + * @buffer_size: Buffer size
> + * @instance_id: The instance to enumerate
> + * @attr_name_kobj: The parent kernel object
> + */
> +int populate_string_buffer_data(u8 *buffer_ptr, int *buffer_size,
> + int instance_id,
> + struct kobject *attr_name_kobj)
> +{
> + bioscfg_drv.string_data[instance_id].attr_name_kobj = attr_name_kobj;
> +
> + populate_string_elements_from_buffer(buffer_ptr, buffer_size,
> + instance_id,
> + HPWMI_STRING_TYPE);
> +
> + update_attribute_permissions(bioscfg_drv.string_data[instance_id].is_readonly,
> + &string_current_val);
> + friendly_user_name_update(bioscfg_drv.string_data[instance_id].path,
> + attr_name_kobj->name,
> + bioscfg_drv.string_data[instance_id].display_name,
> + sizeof(bioscfg_drv.string_data[instance_id].display_name));
> +
> + return sysfs_create_group(attr_name_kobj, &string_attr_group);
> +}
> +
> +int populate_string_elements_from_buffer(u8 *buffer_ptr, int *buffer_size,
> + int instance_id,
> + enum hp_wmi_data_type type)
> +{
> + int ret;
> + char *dst = NULL;
> + int elem;
> + int reqs;
> + int int_value;
> + int size = 0;
> + int dst_size = *buffer_size / sizeof(u16);
> +
> + dst = kcalloc(dst_size, sizeof(char), GFP_KERNEL);
> + if (!dst)
> + return -ENOMEM;
> +
> + strscpy(bioscfg_drv.string_data[instance_id].display_name_language_code,
> + LANG_CODE_STR,
> + sizeof(bioscfg_drv.string_data[instance_id].display_name_language_code));
> +
> + for (elem = 1; elem < 3; elem++) {
> + ret = get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
> + /* Ignore. Zero length string values */
> + if (ret < 0)
> + continue;
> +
> + switch (elem) {
> + case VALUE:
> + strscpy(bioscfg_drv.string_data[instance_id].current_value,
> + dst, sizeof(bioscfg_drv.string_data[instance_id].current_value));
> + break;
> + case PATH:
> + strscpy(bioscfg_drv.string_data[instance_id].path, dst,
> + sizeof(bioscfg_drv.string_data[instance_id].path));
> + break;
> + default:
> + pr_warn("Invalid element: %d found in String attribute or data may be malformed\n", elem);
> + break;
> + }
> + }
> +
> + for (elem = 3; elem < hp_wmi_elements_count[type]; elem++) {
> + if (elem != PREREQUISITES) {
> + ret = get_integer_from_buffer((int **)&buffer_ptr,
> + buffer_size,
> + (int *)&int_value);
> + if (ret < 0)
> + continue;
> + }
> +
> + switch (elem) {
> + case IS_READONLY:
> + bioscfg_drv.string_data[instance_id].is_readonly = int_value;
> + break;
> + case DISPLAY_IN_UI:
> + bioscfg_drv.string_data[instance_id].display_in_ui = int_value;
> + break;
> + case REQUIRES_PHYSICAL_PRESENCE:
> + bioscfg_drv.string_data[instance_id].requires_physical_presence = int_value;
> + break;
> + case SEQUENCE:
> + bioscfg_drv.string_data[instance_id].sequence = int_value;
> + break;
> + case PREREQUISITES_SIZE:
> + bioscfg_drv.string_data[instance_id].prerequisites_size = int_value;
> + if (int_value > MAX_PREREQUISITES_SIZE)
> + pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
> + break;
> +
> + case PREREQUISITES:
> + size = bioscfg_drv.string_data[instance_id].prerequisites_size;
> + for (reqs = 0; reqs < size && reqs < MAX_PREREQUISITES_SIZE; reqs++) {
> + ret = get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
> + /* Ignore. Zero length string values */
> + if (ret < 0)
> + continue;
> + strscpy(bioscfg_drv.string_data[instance_id].prerequisites[reqs],
> + dst,
> + sizeof(bioscfg_drv.string_data[instance_id].prerequisites[reqs]));
> + }
> + break;
> + case SECURITY_LEVEL:
> + bioscfg_drv.string_data[instance_id].security_level = int_value;
> + break;
> + case STR_MIN_LENGTH:
> + bioscfg_drv.string_data[instance_id].min_length = int_value;
> + break;
> + case STR_MAX_LENGTH:
> + bioscfg_drv.string_data[instance_id].max_length = int_value;
> + break;
> + default:
> + pr_warn("Invalid element: %d found in String attribute or data may be malformed\n", elem);
> + break;
> + }
> + }
> + kfree(dst);
> +
> + return 0;
> +}
> +
> +/*
> + * exit_string_attributes() - Clear all attribute data
> + *
> + * Clears all data allocated for this group of attributes
> + */
> +void exit_string_attributes(void)
> +{
> + int instance_id;
> +
> + for (instance_id = 0; instance_id < bioscfg_drv.string_instances_count; instance_id++) {
You can declare loop variables inside the loop. This saves a bunch of
horizontal space.
> + if (bioscfg_drv.string_data[instance_id].attr_name_kobj)
> + sysfs_remove_group(bioscfg_drv.string_data[instance_id].attr_name_kobj,
> + &string_attr_group);
> + }
> + bioscfg_drv.string_instances_count = 0;
> +
> + kfree(bioscfg_drv.string_data);
> + bioscfg_drv.string_data = NULL;
> +}
> diff --git a/drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
> new file mode 100644
> index 000000000000..f9fa81444706
> --- /dev/null
> +++ b/drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
> @@ -0,0 +1,149 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Functions corresponding to sure start object type attributes under
> + * BIOS for use with hp-bioscfg driver
> + *
> + * Copyright (c) 2022 HP Development Company, L.P.
> + */
> +
> +#include "bioscfg.h"
> +#include <asm-generic/posix_types.h>
> +
> +#define LOG_MAX_ENTRIES 254
> +#define LOG_ENTRY_SIZE 16
> +
> +/*
> + * audit_log_entry_count_show - Reports the number of
> + * existing audit log entries available
> + * to be read
> + *
> + * @kobj: Pointer to a kernel object of things that show up as directory
> + * in the sysfs filesystem.
> + * @attr: Pointer to list of attributes for the operation
> + * @buf: Pointer to buffer
> + *
> + * Returns number of existing audit log entries available to be read,
> + * audit log entry size, and maximum number of entries
> + * supported. Otherwise, an HP WMI query specific error code
> + * (which is negative)
> + *
> + * [No of entries],[log entry size],[Max number of entries supported]
> + */
> +static ssize_t audit_log_entry_count_show(struct kobject *kobj,
> + struct kobj_attribute *attr, char *buf)
> +{
> + int ret;
> + u32 count = 0;
> +
> + ret = hp_wmi_perform_query(HPWMI_SURESTART_GET_LOG_COUNT,
> + HPWMI_SURESTART,
> + &count, 0, sizeof(count));
> + if (ret < 0)
> + return ret;
> +
> + return sysfs_emit(buf, "%d,%d,%d\n", count, LOG_ENTRY_SIZE,
> + LOG_MAX_ENTRIES);
> +}
> +
> +/*
> + * audit_log_entries_show() - Return all entries found in log file
> + *
> + * @kobj: Pointer to a kernel object of things that show up as
> + * directory in the sysfs filesystem.
> + * @attr: Pointer to list of attributes for the operation
> + * @buf: Pointer to buffer
> + *
> + * Returns number of bytes needed to read all audit logs entries to be read.
> + * Otherwise, an HP WMI query specific error code (which is negative)
> + * -EFAULT if the audit logs size exceeds 4KB
> + *
> + */
> +static ssize_t audit_log_entries_show(struct kobject *kobj,
> + struct kobj_attribute *attr, char *buf)
> +{
> + int ret;
> + int i;
> + u32 count = 0;
> +
> + // Get the number of event logs
> + ret = hp_wmi_perform_query(HPWMI_SURESTART_GET_LOG_COUNT,
> + HPWMI_SURESTART,
> + &count, 1, 4);
> +
> + /*
> + * The show() api will not work if the audit logs ever go
> + * beyond 4KB
> + */
> + if (count * LOG_ENTRY_SIZE > PAGE_SIZE)
> + return -EFAULT;
> +
> + if (ret < 0)
> + return ret;
> +
> + /*
> + * We are guaranteed the buffer is 4KB so today all the event
> + * logs will fit
> + */
> + for (i = 0; ((i < count) & (ret >= 0)); i++) {
> + *buf = (i + 1);
> + ret = hp_wmi_perform_query(HPWMI_SURESTART_GET_LOG,
> + HPWMI_SURESTART,
> + buf, 1, 128);
> + if (ret >= 0)
> + buf += LOG_ENTRY_SIZE;
> + }
> + return (count * LOG_ENTRY_SIZE);
> +}
> +
> +static struct kobj_attribute sure_start_audit_log_entry_count = __ATTR_RO(audit_log_entry_count);
> +struct kobj_attribute sure_start_audit_log_entries = __ATTR_RO(audit_log_entries);
> +
> +static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
> + char *buf)
> +{
> + return sysfs_emit(buf, "sure-start\n");
> +}
> +static struct kobj_attribute sure_start_type = __ATTR_RO(type);
> +
> +static ssize_t display_name_language_code_show(struct kobject *kobj,
> + struct kobj_attribute *attr,
> + char *buf)
> +{
> + return sysfs_emit(buf, "%s\n", LANG_CODE_STR);
> +}
> +
> +static struct kobj_attribute sure_start_display_langcode =
> + __ATTR_RO(display_name_language_code);
> +
> +
> +static ssize_t display_name_show(struct kobject *kobj,
> + struct kobj_attribute *attr, char *buf)
> +{
> + return sysfs_emit(buf, "%s\n", SURE_START_DESC);
> +}
> +static struct kobj_attribute sure_start_display_name = __ATTR_RO(display_name);
> +
> +static struct attribute *sure_start_attrs[] = {
> + &sure_start_display_name.attr,
> + &sure_start_display_langcode.attr,
> + &sure_start_audit_log_entry_count.attr,
> + &sure_start_audit_log_entries.attr,
> + &sure_start_type.attr,
> + NULL,
No trailing comma after end-of-array marker.
> +};
> +
> +static const struct attribute_group sure_start_attr_group = {
> + .attrs = sure_start_attrs,
> +};
> +
> +void exit_sure_start_attributes(void)
> +{
> + sysfs_remove_group(bioscfg_drv.sure_start_attr_kobj,
> + &sure_start_attr_group);
> +}
> +
> +int populate_sure_start_data(struct kobject *attr_name_kobj)
> +{
> + bioscfg_drv.sure_start_attr_kobj = attr_name_kobj;
> + return sysfs_create_group(attr_name_kobj, &sure_start_attr_group);
> +}
> --
> 2.34.1
>
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v6 3/4] Introduction of HP-BIOSCFG driver [3]
2023-03-09 20:10 ` [PATCH v6 3/4] Introduction of HP-BIOSCFG driver [3] Jorge Lopez
@ 2023-04-02 17:01 ` Thomas Weißschuh
2023-04-03 20:18 ` Jorge Lopez
0 siblings, 1 reply; 18+ messages in thread
From: Thomas Weißschuh @ 2023-04-02 17:01 UTC (permalink / raw)
To: Jorge Lopez; +Cc: hdegoede, platform-driver-x86
Hi Jorge,
some more style changes. Same comments as for PATCH 1 apply.
Another larger remark, for what may be a refactoring in the future:
Currently the driver stores all its state in driver-global static data.
The kobjects are stored without any state.
Inside the kobject attribute operations is some fiddly logic that tries
to figure out the corresponding state with a fiddly mechansims.
The more correct way would be to attach the corresponding state
directly to the kobject.
Let me know if you want to give this a shot and I'll give an example.
On 2023-03-09 14:10:21-0600, Jorge Lopez wrote:
> The purpose for this patch is submit HP BIOSCFG driver to be list of
> HP Linux kernel drivers. The driver include a total of 12 files
> broken in several patches.
>
> HP BIOS Configuration driver purpose is to provide a driver supporting
> the latest sysfs class firmware attributes framework allowing the user
> to change BIOS settings and security solutions on HP Inc.’s commercial
> notebooks.
>
> Many features of HP Commercial PC’s can be managed using Windows
> Management Instrumentation (WMI). WMI is an implementation of Web-Based
> Enterprise Management (WBEM) that provides a standards-based interface
> for changing and monitoring system settings. HP BISOCFG driver provides
> a native Linux solution and the exposed features facilitates the
> migration to Linux environments.
>
> The Linux security features to be provided in hp-bioscfg driver enables
> managing the BIOS settings and security solutions via sysfs, a virtual
> filesystem that can be used by user-mode applications. The new
> documentation cover features such Secure Platform Management, Sure
> Admin, and Sure Start. Each section provides security feature
> description and identifies sysfs directories and files exposed by
> the driver.
>
> Many HP Commercial PC’s include a feature called Secure Platform
> Management (SPM), which replaces older password-based BIOS settings
> management with public key cryptography. PC secure product management
> begins when a target system is provisioned with cryptographic keys
> that are used to ensure the integrity of communications between system
> management utilities and the BIOS.
>
> HP Commercial PC’s have several BIOS settings that control its behaviour
> and capabilities, many of which are related to security. To prevent
> unauthorized changes to these settings, the system can be configured
> to use a Sure Admin cryptographic signature-based authorization string
> that the BIOS will use to verify authorization to modify the setting.
>
> Signed-off-by: Jorge Lopez <jorge.lopez2@hp.com>
>
> ---
> Based on the latest platform-drivers-x86.git/for-next
>
> History
>
> Version 6
> Breaks down the changes into 4 patches
> SureAdmin-attributes was removed
>
> Version 5
> Remove version 4 patch 1
> Address review changes proposed in Version 4
> Reorganize all patches number and file order
> ---
> drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 1017 +++++++++++++++++
> drivers/platform/x86/hp/hp-bioscfg/bioscfg.h | 654 +++++++++++
> .../x86/hp/hp-bioscfg/enum-attributes.c | 553 +++++++++
> 3 files changed, 2224 insertions(+)
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.c
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c
>
> diff --git a/drivers/platform/x86/hp/hp-bioscfg/bioscfg.c b/drivers/platform/x86/hp/hp-bioscfg/bioscfg.c
> new file mode 100644
> index 000000000000..ca0710cbda7d
> --- /dev/null
> +++ b/drivers/platform/x86/hp/hp-bioscfg/bioscfg.c
> @@ -0,0 +1,1017 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Common methods for use with hp-bioscfg driver
> + *
> + * Copyright (c) 2022 HP Development Company, L.P.
> + */
> +
> +#include <asm-generic/errno-base.h>
Put this with the other includes.
Also <linux/errno.h> would be better.
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> +#include <linux/fs.h>
> +#include <linux/module.h>
> +#include <linux/kernel.h>
> +#include <linux/wmi.h>
> +#include "bioscfg.h"
> +#include "../../firmware_attributes_class.h"
> +#include <linux/nls.h>
> +
> +MODULE_AUTHOR("Jorge Lopez <jorge.lopez2@hp.com>");
> +MODULE_DESCRIPTION("HP BIOS Configuration Driver");
> +MODULE_LICENSE("GPL");
> +
> +struct bioscfg_priv bioscfg_drv = {
> + .mutex = __MUTEX_INITIALIZER(bioscfg_drv.mutex),
> +};
> +
> +static struct class *fw_attr_class;
> +
> +int get_integer_from_buffer(int **buffer, int *buffer_size, int *integer)
> +{
"buffer" seems to be used like a (u8 **).
Can "buffer_size" ever be negative? Maybe should be an unsigned type.
"integer" could be an s32/u32 to be more explicit.
> + int *ptr = PTR_ALIGN(*buffer, 4);
> +
> + /* Ensure there is enough space remaining to read the integer */
> + if (*buffer_size < sizeof(int))
> + return -EINVAL;
> +
> + *integer = *(ptr++);
This depends on endianess. Maybe put in a le32_to_cpu().
Or use get_unaligned_le32(). Then you can also drop the PTR_ALIGN above.
> + *buffer = ptr;
> + *buffer_size -= sizeof(int);
> +
> + return 0;
> +}
> +
> +
> +int get_string_from_buffer(u8 **buffer, int *buffer_size, char *dst, int dst_size)
> +{
> + u16 *src = (u16 *)*buffer;
> + u16 src_size;
> +
> + u16 size;
> + int i;
> + int escape = 0;
> + int conv_dst_size;
> +
> + if (*buffer_size < sizeof(u16))
> + return -EINVAL;
> +
> + src_size = *(src++);
> + /* size value in u16 chars */
> + size = src_size / sizeof(u16);
> +
> + /* Ensure there is enough space remaining to read and convert
> + * the string
> + */
> + if (*buffer_size < src_size)
> + return -EINVAL;
> +
> + for (i = 0; i < size; i++)
> + if (src[i] == '\\' ||
> + src[i] == '\r' ||
> + src[i] == '\n' ||
> + src[i] == '\t')
> + escape++;
> +
> + size += escape;
> +
> + /*
> + * Conversion is limited to destination string max number of
> + * bytes.
> + */
> + conv_dst_size = size;
> + if (size > dst_size)
> + conv_dst_size = dst_size - 1;
> +
> + /*
> + * convert from UTF-16 unicode to ASCII
> + */
> + utf16s_to_utf8s(src, src_size, UTF16_HOST_ENDIAN, dst, conv_dst_size);
> + dst[conv_dst_size] = 0;
> +
> + for (i = 0; i < size && i < conv_dst_size; i++) {
> + if (*src == '\\' ||
> + *src == '\r' ||
> + *src == '\n' ||
> + *src == '\t')
> + dst[i++] = '\\';
> +
> + if (*src == '\r')
> + dst[i] = 'r';
> + else if (*src == '\n')
> + dst[i] = 'n';
> + else if (*src == '\t')
> + dst[i] = 't';
> + else if (*src == '"')
> + dst[i] = '\'';
> + else
> + dst[i] = *src;
> + src++;
> + }
> +
> + *buffer = (u8 *)src;
> + *buffer_size -= size * sizeof(u16);
> +
> + return size;
> +}
> +
> +
> +/*
> + * calculate_string_buffer() - determines size of string buffer for use with BIOS communication
> + * @str: the string to calculate based upon
> + */
> +size_t bioscfg_calculate_string_buffer(const char *str)
> +{
> + int length = strlen(str);
> + int size;
> +
> + /* BIOS expects 4 bytes when an empty string is found */
> + if (!length)
> + length = 1;
> +
> +
> + /* u16 length field + one UTF16 char for each input char */
> + size = sizeof(u16) + length * sizeof(u16);
> +
> + return size;
> +}
> +
> +static int bioscfg_wmi_error_and_message(int error_code, char *msg)
> +{
> + char *error_msg = NULL;
> + int ret = -EIO;
> +
> + switch (error_code) {
> + case SUCCESS:
> + error_msg = "Success";
> + ret = 0;
> + break;
> + case CMD_FAILED:
> + error_msg = "Command failed";
> + ret = -EINVAL;
> + break;
> + case INVALID_SIGN:
> + error_msg = "Invalid signature";
> + ret = -EINVAL;
> + break;
> + case INVALID_CMD_VALUE:
> + error_msg = "Invalid command value/Feature not supported";
> + ret = -EOPNOTSUPP;
> + break;
> + case INVALID_CMD_TYPE:
> + error_msg = "Invalid command type";
> + ret = -EINVAL;
> + break;
> + case INVALID_DATA_SIZE:
> + error_msg = "Invalid data size";
> + ret = -EINVAL;
> + break;
> + case INVALID_CMD_PARAM:
> + error_msg = "Invalid command parameter";
> + ret = -EINVAL;
> + break;
> + case ENCRYP_CMD_REQUIRED:
> + error_msg = "Secure/encrypted command required";
> + ret = -EACCES;
> + break;
> + case NO_SECURE_SESSION:
> + error_msg = "No secure session established";
> + ret = -EACCES;
> + break;
> + case SECURE_SESSION_FOUND:
> + error_msg = "Secure session already established";
> + ret = -EACCES;
> + break;
> + case SECURE_SESSION_FAILED:
> + error_msg = "Secure session failed";
> + ret = -EIO;
> + break;
> + case AUTH_FAILED:
> + error_msg = "Other permission/Authentication failed";
> + ret = -EACCES;
> + break;
> + case INVALID_BIOS_AUTH:
> + error_msg = "Invalid BIOS administrator password";
> + ret = -EINVAL;
> + break;
> + case NONCE_DID_NOT_MATCH:
> + error_msg = "Nonce did not match";
> + ret = -EINVAL;
> + break;
> + case GENERIC_ERROR:
> + error_msg = "Generic/Other error";
> + ret = -EIO;
> + break;
> + case BIOS_ADMIN_POLICY_NOT_MET:
> + error_msg = "BIOS Admin password does not meet password policy requirements";
> + ret = -EINVAL;
> + break;
> + case BIOS_ADMIN_NOT_SET:
> + error_msg = "BIOS Setup password is not set.";
> + ret = -EPERM;
> + break;
> + case P21_NO_PROVISIONED:
> + error_msg = "P21 is not provisioned";
> + ret = -EPERM;
> + break;
> + case P21_PROVISION_IN_PROGRESS:
> + error_msg = "P21 is already provisioned or provisioning is in progress and a signing key has already been sent.";
> + ret = -EINPROGRESS;
> + break;
> + case P21_IN_USE:
> + error_msg = "P21 in use (cannot deprovision)";
> + ret = -EPERM;
> + break;
> + case HEP_NOT_ACTIVE:
> + error_msg = "HEP not activated";
> + ret = -EPERM;
> + break;
> + case HEP_ALREADY_SET:
> + error_msg = "HEP Transport already set";
> + ret = -EINVAL;
> + break;
> + case HEP_CHECK_STATE:
> + error_msg = "Check the current HEP state";
> + ret = -EINVAL;
> + break;
> + default:
> + error_msg = "Generic/Other error";
> + ret = -EIO;
> + break;
> + }
> +
> + if (msg != NULL)
> + return sysfs_emit(msg, "%d,\"%s\"", error_code, error_msg);
> + return error_code;
> +}
> +
> +
> +/*
> + * pending_reboot_show() - sysfs implementaton for read pending_reboot
> + * @kobj: Kernel object for this attribute
> + * @attr: Kernel object attribute
> + * @buf: The buffer to display to userspace
> + *
> + * Stores default value as 0
> + * When current_value is changed this attribute is set to 1 to notify reboot may be required
> + */
> +static ssize_t pending_reboot_show(struct kobject *kobj,
> + struct kobj_attribute *attr,
> + char *buf)
> +{
> + return sysfs_emit(buf, "%d\n", bioscfg_drv.pending_reboot);
> +}
> +static struct kobj_attribute pending_reboot = __ATTR_RO(pending_reboot);
> +
> +/*
> + * last_error_show() - sysfs implementaton for reporting the WMI
> + * error/success value.
> + * @kobj: Kernel object for this attribute
> + * @attr: Kernel object attribute
> + * @buf: The buffer to display to userspace
> + */
> +static ssize_t last_error_show(struct kobject *kobj,
> + struct kobj_attribute *attr,
> + char *buf)
> +{
> + return bioscfg_wmi_error_and_message(bioscfg_drv.last_wmi_status, buf);
> +}
> +
> +static struct kobj_attribute last_error = __ATTR_RO(last_error);
> +
> +/*
> + * create_attributes_level_sysfs_files() - Creates reset_bios,
> + * pending_reboot, and last_error attributes
> + */
> +static int create_attributes_level_sysfs_files(void)
> +{
> + int ret;
> +
> + ret = sysfs_create_file(&bioscfg_drv.main_dir_kset->kobj, &pending_reboot.attr);
> + if (ret)
> + return ret;
> +
> + ret = sysfs_create_file(&bioscfg_drv.main_dir_kset->kobj, &last_error.attr);
> + if (ret)
> + return ret;
You can use an attribute group to create multiple attributes at once.
This makes the logic shorter.
> +
> + bioscfg_drv.last_wmi_status = 0;
> + return 0;
> +}
> +
> +
> +static ssize_t bioscfg_attr_show(struct kobject *kobj, struct attribute *attr,
> + char *buf)
> +{
> + struct kobj_attribute *kattr;
> + ssize_t ret = -EIO;
> +
> + kattr = container_of(attr, struct kobj_attribute, attr);
> + if (kattr->show)
> + ret = kattr->show(kobj, kattr, buf);
> + return ret;
> +}
> +
> +static ssize_t bioscfg_attr_store(struct kobject *kobj, struct attribute *attr,
> + const char *buf, size_t count)
> +{
> + struct kobj_attribute *kattr;
> + ssize_t ret = -EIO;
> +
> + kattr = container_of(attr, struct kobj_attribute, attr);
> + if (kattr->store)
> + ret = kattr->store(kobj, kattr, buf, count);
> + return ret;
> +}
> +
> +static const struct sysfs_ops bioscfg_kobj_sysfs_ops = {
> + .show = bioscfg_attr_show,
> + .store = bioscfg_attr_store,
> +};
This is the same as kobj_sysfs_ops. Delete your custom implementation
and use the standard one.
> +
> +static void attr_name_release(struct kobject *kobj)
> +{
> + kfree(kobj);
> +}
> +
> +static struct kobj_type attr_name_ktype = {
can be const.
> + .release = attr_name_release,
> + .sysfs_ops = &bioscfg_kobj_sysfs_ops,
> +};
> +
> +/*
> + * get_wmiobj_pointer() - Get Content of WMI block for particular instance
> + *
> + * @instance_id: WMI instance ID
> + * @guid_string: WMI GUID (in str form)
> + *
> + * Fetches the content for WMI block (instance_id) under GUID (guid_string)
> + * Caller must kfree the return
> + */
> +union acpi_object *get_wmiobj_pointer(int instance_id, const char *guid_string)
> +{
> + struct acpi_buffer out = { ACPI_ALLOCATE_BUFFER, NULL };
> + acpi_status status;
> +
> + status = wmi_query_block(guid_string, instance_id, &out);
> + return ACPI_SUCCESS(status) ? (union acpi_object *)out.pointer : NULL;
> +}
> +
> +/*
> + * get_instance_count() - Compute total number of instances under guid_string
> + *
> + * @guid_string: WMI GUID (in string form)
> + */
> +int get_instance_count(const char *guid_string)
> +{
> + union acpi_object *wmi_obj = NULL;
> + int i = 0;
> +
> + do {
> + kfree(wmi_obj);
> + wmi_obj = get_wmiobj_pointer(i, guid_string);
> + i++;
> + } while (wmi_obj);
This leaks all the retrieved objects.
> +
> + return (i-1);
No braces here.
> +}
> +
> +/*
> + * alloc_attributes_data() - Allocate attributes data for a particular type
> + *
> + * @attr_type: Attribute type to allocate
> + */
> +static int alloc_attributes_data(int attr_type)
> +{
> + int retval = 0;
> +
> + switch (attr_type) {
> + case HPWMI_STRING_TYPE:
> + retval = alloc_string_data();
> + break;
> + case HPWMI_INTEGER_TYPE:
> + retval = alloc_integer_data();
> + break;
> + case HPWMI_ENUMERATION_TYPE:
> + retval = alloc_enumeration_data();
> + break;
> + case HPWMI_ORDERED_LIST_TYPE:
> + retval = alloc_ordered_list_data();
> + break;
> + case HPWMI_PASSWORD_TYPE:
> + retval = alloc_password_data();
> + break;
> + default:
> + break;
> + }
> +
> + return retval;
> +}
> +
> +int convert_hexstr_to_str(const char *input, int input_len, char **str, int *len)
> +{
> + int ret = 0;
> + int new_len = 0;
> + char tmp[] = "0x00";
> + char *new_str = NULL;
> + long ch;
> + int i;
> +
> + if (input_len <= 0 || input == NULL || str == NULL || len == NULL)
> + return -EINVAL;
> +
> + *len = 0;
> + *str = NULL;
> +
> + new_str = kmalloc(input_len, GFP_KERNEL);
> + if (!new_str)
> + return -ENOMEM;
> +
> + for (i = 0; i < input_len; i += 5) {
> + strncpy(tmp, input + i, strlen(tmp));
> + if (kstrtol(tmp, 16, &ch) == 0) {
> + // escape char
> + if (ch == '\\' || ch == '\r' || ch == '\n' || ch == '\t') {
> + if (ch == '\r')
> + ch = 'r';
> + else if (ch == '\n')
> + ch = 'n';
> + else if (ch == '\t')
> + ch = 't';
> + new_str[new_len++] = '\\';
> + }
> + new_str[new_len++] = ch;
> + if (ch == '\0')
> + break;
> + }
> + }
> +
> + if (new_len) {
> + new_str[new_len] = '\0';
> + *str = krealloc(new_str, (new_len + 1) * sizeof(char), GFP_KERNEL);
> + if (*str)
> + *len = new_len;
> + else
> + ret = -ENOMEM;
> + } else {
> + ret = -EFAULT;
> + }
> +
> + if (ret)
> + kfree(new_str);
> + return ret;
> +}
> +
> +/* map output size to the corresponding WMI method id */
> +int encode_outsize_for_pvsz(int outsize)
> +{
> + if (outsize > 4096)
> + return -EINVAL;
> + if (outsize > 1024)
> + return 5;
> + if (outsize > 128)
> + return 4;
> + if (outsize > 4)
> + return 3;
> + if (outsize > 0)
> + return 2;
> + return 1;
> +}
> +
> +/*
> + * Update friendly display name for several attributes associated to
> + * 'Schedule Power-On'
> + */
> +void friendly_user_name_update(char *path, const char *attr_name,
> + char *attr_display, int attr_size)
> +{
> + char *found = NULL;
> +
> + found = strstr(path, SCHEDULE_POWER_ON);
> + if (found)
> + snprintf(attr_display,
> + attr_size,
> + "%s - %s",
> + SCHEDULE_POWER_ON,
> + attr_name);
> + else
> + strscpy(attr_display, attr_name, attr_size);
> +}
> +
> +/*
> + * update_attribute_permissions() - Update attributes permissions when
> + * isReadOnly value is 1
> + *
> + * @isReadOnly: ReadOnly value
> + * @current_val: kobj_attribute corresponding to attribute.
> + *
> + */
> +void update_attribute_permissions(u32 isReadOnly, struct kobj_attribute *current_val)
> +{
> + if (isReadOnly)
> + current_val->attr.mode = (umode_t)0444;
> + else
> + current_val->attr.mode = (umode_t)0644;
> +}
> +
> +
> +/**
> + * destroy_attribute_objs() - Free a kset of kobjects
> + * @kset: The kset to destroy
> + *
> + * Fress kobjects created for each attribute_name under attribute type kset
> + */
> +static void destroy_attribute_objs(struct kset *kset)
> +{
> + struct kobject *pos, *next;
> +
> + list_for_each_entry_safe(pos, next, &kset->list, entry)
> + kobject_put(pos);
> +}
> +
> +/**
> + * release_attributes_data() - Clean-up all sysfs directories and files created
> + */
> +static void release_attributes_data(void)
> +{
> + mutex_lock(&bioscfg_drv.mutex);
> +
> + exit_string_attributes();
> + exit_integer_attributes();
> + exit_enumeration_attributes();
> + exit_ordered_list_attributes();
> + exit_password_attributes();
> + exit_sure_start_attributes();
> + exit_secure_platform_attributes();
> +
> + if (bioscfg_drv.authentication_dir_kset) {
> + destroy_attribute_objs(bioscfg_drv.authentication_dir_kset);
> + kset_unregister(bioscfg_drv.authentication_dir_kset);
> + bioscfg_drv.authentication_dir_kset = NULL;
> + }
> + if (bioscfg_drv.main_dir_kset) {
> + sysfs_remove_file(&bioscfg_drv.main_dir_kset->kobj, &pending_reboot.attr);
> + sysfs_remove_file(&bioscfg_drv.main_dir_kset->kobj, &last_error.attr);
> + destroy_attribute_objs(bioscfg_drv.main_dir_kset);
> + kset_unregister(bioscfg_drv.main_dir_kset);
> + bioscfg_drv.main_dir_kset = NULL;
> + }
> + mutex_unlock(&bioscfg_drv.mutex);
> +}
> +
> +
> +/*
> + * hp_add_other_attributes - Initialize HP custom attributes not reported by
> + * BIOS and required to support Secure Platform, Sure Start, and Sure
> + * Admin.
> + * @attr_type: Custom HP attribute not reported by BIOS
> + *
> + * Initialiaze all 3 types of attributes: Platform, Sure Start, and Sure
> + * Admin object. Populates each attrbute types respective properties
> + * under sysfs files.
> + *
> + * Returns zero(0) if successful. Otherwise, a negative value.
> + */
> +static int hp_add_other_attributes(int attr_type)
> +{
> + struct kobject *attr_name_kobj;
> + union acpi_object *obj = NULL;
> + int retval = 0;
> + u8 *attr_name;
> +
> + mutex_lock(&bioscfg_drv.mutex);
> +
> + attr_name_kobj = kzalloc(sizeof(*attr_name_kobj), GFP_KERNEL);
> + if (!attr_name_kobj) {
> + retval = -ENOMEM;
> + goto err_other_attr_init;
> + }
> +
> + /* Check if attribute type is supported */
> + switch (attr_type) {
> + case HPWMI_SECURE_PLATFORM_TYPE:
> + attr_name_kobj->kset = bioscfg_drv.authentication_dir_kset;
> + attr_name = SPM_STR;
> + break;
> +
> + case HPWMI_SURE_START_TYPE:
> + attr_name_kobj->kset = bioscfg_drv.main_dir_kset;
> + attr_name = SURE_START_STR;
> + break;
> +
> + default:
> + pr_err("Error: Unknown attr_type: %d\n", attr_type);
> + retval = -EINVAL;
> + goto err_other_attr_init;
> + }
> +
> + retval = kobject_init_and_add(attr_name_kobj, &attr_name_ktype,
> + NULL, "%s", attr_name);
> + if (retval) {
> + pr_err("Error encountered [%d]\n", retval);
> + kobject_put(attr_name_kobj);
> + goto err_other_attr_init;
> + }
> +
> + /* Populate attribute data */
> + switch (attr_type) {
> + case HPWMI_SECURE_PLATFORM_TYPE:
> + retval = populate_secure_platform_data(attr_name_kobj);
> + break;
> +
> + case HPWMI_SURE_START_TYPE:
> + retval = populate_sure_start_data(attr_name_kobj);
> + break;
> +
> + default:
> + goto err_other_attr_init;
> + }
> +
> + mutex_unlock(&bioscfg_drv.mutex);
> + return 0;
> +
> +err_other_attr_init:
> + mutex_unlock(&bioscfg_drv.mutex);
> + kfree(obj);
> + return retval;
> +}
> +
> +/*
> + * hp_init_bios_attributes - Initialize all attributes for a type
> + * @attr_type: The attribute type to initialize
> + * @guid: The WMI GUID associated with this type to initialize
> + *
> + * Initialiaze all 5 types of attributes: enumeration, integer,
> + * string, password, ordered list object. Populates each attrbute types
> + * respective properties under sysfs files
> + */
> +static int hp_init_bios_attributes(int attr_type, const char *guid)
> +{
> + struct kobject *attr_name_kobj;
> + union acpi_object *obj = NULL;
> + union acpi_object *elements;
> + struct kset *tmp_set;
> + int min_elements;
> + char str[MAX_BUFF];
> +
> + char *temp_str = NULL;
> + char *str_value = NULL;
> + int str_len;
> + int ret = 0;
> +
> + u8 *buffer_ptr = NULL;
> + int buffer_size;
> +
> +
> + /* instance_id needs to be reset for each type GUID
> + * also, instance IDs are unique within GUID but not across
> + */
> + int instance_id = 0;
> + int retval = 0;
> +
> + retval = alloc_attributes_data(attr_type);
> + if (retval)
> + return retval;
> +
> + switch (attr_type) {
> + case HPWMI_STRING_TYPE:
> + min_elements = 12;
> + break;
> + case HPWMI_INTEGER_TYPE:
> + min_elements = 13;
> + break;
> + case HPWMI_ENUMERATION_TYPE:
> + min_elements = 13;
> + break;
> + case HPWMI_ORDERED_LIST_TYPE:
> + min_elements = 12;
> + break;
> + case HPWMI_PASSWORD_TYPE:
> + min_elements = 15;
> + break;
> + default:
> + pr_err("Error: Unknown attr_type: %d\n", attr_type);
> + return -EINVAL;
> + }
> +
> + /* need to use specific instance_id and guid combination to get right data */
> + obj = get_wmiobj_pointer(instance_id, guid);
> + if (!obj)
> + return -ENODEV;
> +
> + mutex_lock(&bioscfg_drv.mutex);
> + while (obj) {
> + if (obj->type != ACPI_TYPE_PACKAGE && obj->type != ACPI_TYPE_BUFFER) {
> + pr_err("Error: Expected ACPI-package or buffer type, got: %d\n", obj->type);
> + retval = -EIO;
> + goto err_attr_init;
> + }
> +
> + /* Take action appropriate to each ACPI TYPE */
> + if (obj->type == ACPI_TYPE_PACKAGE) {
> + if (obj->package.count < min_elements) {
> + pr_err("ACPI-package does not have enough elements: %d < %d\n",
> + obj->package.count, min_elements);
> + goto nextobj;
> + }
> +
> + elements = obj->package.elements;
> +
> + /* sanity checking */
> + if (elements[NAME].type != ACPI_TYPE_STRING) {
> + pr_debug("incorrect element type\n");
> + goto nextobj;
> + }
> + if (strlen(elements[NAME].string.pointer) == 0) {
> + pr_debug("empty attribute found\n");
> + goto nextobj;
> + }
> +
> + if (attr_type == HPWMI_PASSWORD_TYPE)
> + tmp_set = bioscfg_drv.authentication_dir_kset;
> + else
> + tmp_set = bioscfg_drv.main_dir_kset;
> +
> + /* convert attribute name to string */
> + retval = convert_hexstr_to_str(elements[NAME].string.pointer,
> + elements[NAME].string.length,
> + &str_value, &str_len);
> +
> + if (retval) {
> + pr_debug("Failed to populate integer package data. Error [0%0x]\n", ret);
> + kfree(str_value);
> + return ret;
> + }
> +
> + if (kset_find_obj(tmp_set, str_value)) {
> + pr_debug("Duplicate attribute name found - %s\n",
> + str_value);
> + goto nextobj;
> + }
> +
> + /* build attribute */
> + attr_name_kobj = kzalloc(sizeof(*attr_name_kobj), GFP_KERNEL);
> + if (!attr_name_kobj) {
> + retval = -ENOMEM;
> + goto err_attr_init;
> + }
> +
> + attr_name_kobj->kset = tmp_set;
> +
> + retval = kobject_init_and_add(attr_name_kobj, &attr_name_ktype,
> + NULL, "%s", str_value);
> +
> + if (retval) {
> + kobject_put(attr_name_kobj);
> + goto err_attr_init;
> + }
> +
> + /* enumerate all of these attributes */
> + switch (attr_type) {
> + case HPWMI_STRING_TYPE:
> + retval = populate_string_package_data(elements,
> + instance_id,
> + attr_name_kobj);
> + break;
> + case HPWMI_INTEGER_TYPE:
> + retval = populate_integer_package_data(elements,
> + instance_id,
> + attr_name_kobj);
> + break;
> + case HPWMI_ENUMERATION_TYPE:
> + retval = populate_enumeration_package_data(elements,
> + instance_id,
> + attr_name_kobj);
> + break;
> + case HPWMI_ORDERED_LIST_TYPE:
> + retval = populate_ordered_list_package_data(elements,
> + instance_id,
> + attr_name_kobj);
> + break;
> + case HPWMI_PASSWORD_TYPE:
> + retval = populate_password_package_data(elements,
> + instance_id,
> + attr_name_kobj);
> + break;
> + default:
> + break;
> + }
> +
> + kfree(str_value);
> + str_value = NULL;
> + }
> +
> + if (obj->type == ACPI_TYPE_BUFFER) {
> +
> + buffer_size = obj->buffer.length;
> + buffer_ptr = obj->buffer.pointer;
> +
> + retval = get_string_from_buffer(&buffer_ptr, &buffer_size, str, MAX_BUFF);
> + if (retval < 0)
> + goto err_attr_init;
> +
> + if (attr_type == HPWMI_PASSWORD_TYPE || attr_type == HPWMI_SECURE_PLATFORM_TYPE)
> + tmp_set = bioscfg_drv.authentication_dir_kset;
> + else
> + tmp_set = bioscfg_drv.main_dir_kset;
> +
> + if (kset_find_obj(tmp_set, str)) {
> + pr_warn("Duplicate attribute name found - %s\n", str);
> + goto nextobj;
> + }
> +
> + /* build attribute */
> + attr_name_kobj = kzalloc(sizeof(*attr_name_kobj), GFP_KERNEL);
> + if (!attr_name_kobj) {
> + retval = -ENOMEM;
> + goto err_attr_init;
> + }
> +
> + attr_name_kobj->kset = tmp_set;
> +
> + temp_str = str;
> + if (attr_type == HPWMI_SECURE_PLATFORM_TYPE)
> + temp_str = "SPM";
> +
> + retval = kobject_init_and_add(attr_name_kobj,
> + &attr_name_ktype, NULL, "%s",
> + temp_str);
> + if (retval) {
> + kobject_put(attr_name_kobj);
> + goto err_attr_init;
> + }
> +
> + /* enumerate all of these attributes */
> + switch (attr_type) {
> + case HPWMI_STRING_TYPE:
> + retval = populate_string_buffer_data(buffer_ptr,
> + &buffer_size,
> + instance_id,
> + attr_name_kobj);
> + break;
> + case HPWMI_INTEGER_TYPE:
> + retval = populate_integer_buffer_data(buffer_ptr,
> + &buffer_size,
> + instance_id,
> + attr_name_kobj);
> + break;
> + case HPWMI_ENUMERATION_TYPE:
> + retval = populate_enumeration_buffer_data(buffer_ptr,
> + &buffer_size,
> + instance_id,
> + attr_name_kobj);
> + break;
> + case HPWMI_ORDERED_LIST_TYPE:
> + retval = populate_ordered_list_buffer_data(buffer_ptr,
> + &buffer_size,
> + instance_id,
> + attr_name_kobj);
> + break;
> + case HPWMI_PASSWORD_TYPE:
> + retval = populate_password_buffer_data(buffer_ptr,
> + &buffer_size,
> + instance_id,
> + attr_name_kobj);
> + break;
> + default:
> + break;
> + }
> + }
> +
> + nextobj:
> + kfree(str_value);
> + kfree(obj);
> + instance_id++;
> + obj = get_wmiobj_pointer(instance_id, guid);
> + }
> + mutex_unlock(&bioscfg_drv.mutex);
> + return 0;
> +
> +err_attr_init:
> + mutex_unlock(&bioscfg_drv.mutex);
> + kfree(obj);
> + return retval;
> +}
> +
> +static int __init bioscfg_init(void)
> +{
> + int ret = 0;
> + int bios_capable = wmi_has_guid(HP_WMI_BIOS_GUID);
> +
> + if (!bios_capable) {
> + pr_err("Unable to run on non-HP system\n");
> + return -ENODEV;
> + }
> +
> + ret = init_bios_attr_set_interface();
> + if (ret)
> + return ret;
> +
> + ret = init_bios_attr_pass_interface();
> + if (ret)
> + goto err_exit_bios_attr_set_interface;
> +
> + if (!bioscfg_drv.bios_attr_wdev || !bioscfg_drv.password_attr_wdev) {
> + pr_debug("Failed to find set or pass interface\n");
> + ret = -ENODEV;
> + goto err_exit_bios_attr_pass_interface;
> + }
> +
> + ret = fw_attributes_class_get(&fw_attr_class);
> + if (ret)
> + goto err_exit_bios_attr_pass_interface;
> +
> + bioscfg_drv.class_dev = device_create(fw_attr_class, NULL, MKDEV(0, 0),
> + NULL, "%s", DRIVER_NAME);
> + if (IS_ERR(bioscfg_drv.class_dev)) {
> + ret = PTR_ERR(bioscfg_drv.class_dev);
> + goto err_unregister_class;
> + }
> +
> + bioscfg_drv.main_dir_kset = kset_create_and_add("attributes", NULL,
> + &bioscfg_drv.class_dev->kobj);
> + if (!bioscfg_drv.main_dir_kset) {
> + ret = -ENOMEM;
> + pr_debug("Failed to create and add attributes\n");
> + goto err_destroy_classdev;
> + }
> +
> + bioscfg_drv.authentication_dir_kset = kset_create_and_add("authentication", NULL,
> + &bioscfg_drv.class_dev->kobj);
> + if (!bioscfg_drv.authentication_dir_kset) {
> + ret = -ENOMEM;
> + pr_debug("Failed to create and add authentication\n");
> + goto err_release_attributes_data;
> + }
> +
> + /*
> + * sysfs level attributes.
> + * - reset_bios
> + * - pending_reboot
> + * - last_error (WMI error)
> + */
> + ret = create_attributes_level_sysfs_files();
> + if (ret)
> + pr_debug("Failed to create sysfs level attributes\n");
> +
> + ret = hp_init_bios_attributes(HPWMI_STRING_TYPE, HP_WMI_BIOS_STRING_GUID);
> + if (ret)
> + pr_debug("Failed to populate string type attributes\n");
> +
> + ret = hp_init_bios_attributes(HPWMI_INTEGER_TYPE, HP_WMI_BIOS_INTEGER_GUID);
> + if (ret)
> + pr_debug("Failed to populate integer type attributes\n");
> +
> + ret = hp_init_bios_attributes(HPWMI_ENUMERATION_TYPE, HP_WMI_BIOS_ENUMERATION_GUID);
> + if (ret)
> + pr_debug("Failed to populate enumeration type attributes\n");
> +
> + ret = hp_init_bios_attributes(HPWMI_ORDERED_LIST_TYPE, HP_WMI_BIOS_ORDERED_LIST_GUID);
> + if (ret)
> + pr_debug("Failed to populate ordered list object type attributes\n");
> +
> + ret = hp_init_bios_attributes(HPWMI_PASSWORD_TYPE, HP_WMI_BIOS_PASSWORD_GUID);
> + if (ret)
> + pr_debug("Failed to populate password object type attributes\n");
> +
> + bioscfg_drv.spm_data.attr_name_kobj = NULL;
> + ret = hp_add_other_attributes(HPWMI_SECURE_PLATFORM_TYPE);
> + if (ret)
> + pr_debug("Failed to populate secure platform object type attribute\n");
> +
> + bioscfg_drv.sure_start_attr_kobj = NULL;
> + ret = hp_add_other_attributes(HPWMI_SURE_START_TYPE);
> + if (ret)
> + pr_debug("Failed to populate sure start object type attribute\n");
> +
> + return 0;
> +
> +err_release_attributes_data:
> + release_attributes_data();
> +
> +err_destroy_classdev:
> + device_destroy(fw_attr_class, MKDEV(0, 0));
> +
> +err_unregister_class:
> + fw_attributes_class_put();
> +
> +err_exit_bios_attr_pass_interface:
> + exit_bios_attr_pass_interface();
> +
> +err_exit_bios_attr_set_interface:
> + exit_bios_attr_set_interface();
> +
> + return ret;
> +}
> +
> +static void __exit bioscfg_exit(void)
> +{
> + release_attributes_data();
> + device_destroy(fw_attr_class, MKDEV(0, 0));
> +
> + fw_attributes_class_put();
> + exit_bios_attr_set_interface();
> + exit_bios_attr_pass_interface();
> +}
> +
> +module_init(bioscfg_init);
> +module_exit(bioscfg_exit);
> diff --git a/drivers/platform/x86/hp/hp-bioscfg/bioscfg.h b/drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
> new file mode 100644
> index 000000000000..97915b18505a
> --- /dev/null
> +++ b/drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
> @@ -0,0 +1,654 @@
> +/* SPDX-License-Identifier: GPL-2.0
> + *
> + * Definitions for kernel modules using hp_bioscfg driver
> + *
> + * Copyright (c) 2022 HP Development Company, L.P.
> + */
> +
> +#ifndef _HP_BIOSCFG_H_
> +#define _HP_BIOSCFG_H_
> +
> +#include <linux/wmi.h>
> +#include <linux/types.h>
> +#include <linux/device.h>
> +#include <linux/module.h>
> +#include <linux/kernel.h>
> +#include <linux/capability.h>
> +#include <linux/nls.h>
> +#include <linux/printk.h>
> +
> +
> +#define DRIVER_NAME "hp-bioscfg"
> +
> +#define MAX_BUFF 512
> +#define MAX_KEY_MOD 256
> +#define MAX_PASSWD_SIZE 64
> +#define MAX_MESSAGE_SIZE 256
> +#define MAX_PREREQUISITES_SIZE 20
> +#define MAX_REQ_ELEM_SIZE 128
> +#define MAX_VALUES_SIZE 16
> +#define MAX_ENCODINGS_SIZE 16
> +#define MAX_ELEMENTS_SIZE 16
> +
> +#define SPM_STR_DESC "Secure Platform Management"
> +#define SPM_STR "SPM"
> +#define SURE_START_DESC "Sure Start"
> +#define SURE_START_STR "Sure_Start"
> +#define SETUP_PASSWD "Setup Password"
> +#define POWER_ON_PASSWD "Power-On Password"
> +
> +#define LANG_CODE_STR "en_US.UTF-8"
> +#define SCHEDULE_POWER_ON "Scheduled Power-On"
> +
> +/* Sure Admin Functions */
> +
> +#define UTF_PREFIX ((unsigned char *)"<utf-16/>")
> +#define BEAM_PREFIX ((unsigned char *)"<BEAM/>")
These casts should not be needed anymore.
All chars are now unsigned.
> +
> +/* mechanism - Authentication attribute */
> +
> +#define MAX_MECHANISM_TYPES 3
> +
> +enum mechanism_values {
> + PASSWORD = 0x00,
> + NOT_PROVISION = 0x00,
> + SIGNING_KEY = 0x01,
> + ENDORSEMENT_KEY = 0x02
> +};
> +
> +static const char * const spm_mechanism_types[] = {
> + "not provision",
> + "signing-key",
> + "endorsement-key"
> +};
> +
> +static const char * const passwd_mechanism_types[] = {
> + "password",
> +};
> +
> +/* roles - Authentication attribute */
> +enum role_values {
> + BIOS_ADMIN = 0x00,
> + POWER_ON = 0x01,
> + BIOS_SPM = 0x02
> +};
> +
> +static const char * const role_type[] = {
> + "bios-admin",
> + "power-on",
> + "enhanced-bios-auth"
> +};
> +
> +
> +#define HP_WMI_BIOS_GUID "5FB7F034-2C63-45e9-BE91-3D44E2C707E4"
> +
> +#define HP_WMI_BIOS_STRING_GUID "988D08E3-68F4-4c35-AF3E-6A1B8106F83C"
> +#define HP_WMI_BIOS_INTEGER_GUID "8232DE3D-663D-4327-A8F4-E293ADB9BF05"
> +#define HP_WMI_BIOS_ENUMERATION_GUID "2D114B49-2DFB-4130-B8FE-4A3C09E75133"
> +#define HP_WMI_BIOS_ORDERED_LIST_GUID "14EA9746-CE1F-4098-A0E0-7045CB4DA745"
> +#define HP_WMI_BIOS_PASSWORD_GUID "322F2028-0F84-4901-988E-015176049E2D"
> +#define HP_WMI_SET_BIOS_SETTING_GUID "1F4C91EB-DC5C-460b-951D-C7CB9B4B8D5E"
> +
> +enum hp_wmi_spm_commandtype {
> + HPWMI_SECUREPLATFORM_GET_STATE = 0x10,
> + HPWMI_SECUREPLATFORM_SET_KEK = 0x11,
> + HPWMI_SECUREPLATFORM_SET_SK = 0x12,
> +};
> +
> +enum hp_wmi_surestart_commandtype {
> + HPWMI_SURESTART_GET_LOG_COUNT = 0x01,
> + HPWMI_SURESTART_GET_LOG = 0x02,
> +};
> +
> +enum hp_wmi_command {
> + HPWMI_READ = 0x01,
> + HPWMI_WRITE = 0x02,
> + HPWMI_ODM = 0x03,
> + HPWMI_SURESTART = 0x20006,
> + HPWMI_GM = 0x20008,
> + HPWMI_SECUREPLATFORM = 0x20010,
> +};
> +
> +struct bios_return {
> + u32 sigpass;
> + u32 return_code;
> +};
> +
> +enum hp_return_value {
> + HPWMI_RET_WRONG_SIGNATURE = 0x02,
> + HPWMI_RET_UNKNOWN_COMMAND = 0x03,
> + HPWMI_RET_UNKNOWN_CMDTYPE = 0x04,
> + HPWMI_RET_INVALID_PARAMETERS = 0x05,
> +};
> +
> +enum wmi_error_values {
> + SUCCESS = 0x00,
> + CMD_FAILED = 0x01,
> + INVALID_SIGN = 0x02,
> + INVALID_CMD_VALUE = 0x03,
> + INVALID_CMD_TYPE = 0x04,
> + INVALID_DATA_SIZE = 0x05,
> + INVALID_CMD_PARAM = 0x06,
> + ENCRYP_CMD_REQUIRED = 0x07,
> + NO_SECURE_SESSION = 0x08,
> + SECURE_SESSION_FOUND = 0x09,
> + SECURE_SESSION_FAILED = 0x0A,
> + AUTH_FAILED = 0x0B,
> + INVALID_BIOS_AUTH = 0x0E,
> + NONCE_DID_NOT_MATCH = 0x18,
> + GENERIC_ERROR = 0x1C,
> + BIOS_ADMIN_POLICY_NOT_MET = 0x28,
> + BIOS_ADMIN_NOT_SET = 0x38,
> + P21_NO_PROVISIONED = 0x1000,
> + P21_PROVISION_IN_PROGRESS = 0x1001,
> + P21_IN_USE = 0x1002,
> + HEP_NOT_ACTIVE = 0x1004,
> + HEP_ALREADY_SET = 0x1006,
> + HEP_CHECK_STATE = 0x1007
> +};
> +
> +enum spm_features {
> + HEP_ENABLED = 0x01,
> + PLATFORM_RECOVERY = 0x02,
> + ENHANCED_BIOS_AUTH_MODE = 0x04
> +};
> +
> +
> +/*
> + * struct bios_args buffer is dynamically allocated. New WMI command types
> + * were introduced that exceeds 128-byte data size. Changes to handle
> + * the data size allocation scheme were kept in hp_wmi_perform_qurey function.
> + */
> +struct bios_args {
> + u32 signature;
> + u32 command;
> + u32 commandtype;
> + u32 datasize;
> + u8 data[];
> +};
> +
> +struct secureplatform_provisioning_data {
> + u8 state;
> + u8 version[2];
> + u8 reserved1;
> + u32 features;
> + u32 nonce;
> + u8 reserved2[28];
> + u8 sk_mod[MAX_KEY_MOD];
> + u8 kek_mod[MAX_KEY_MOD];
> +};
> +
> +struct string_data {
> + struct kobject *attr_name_kobj;
> + u8 display_name[MAX_BUFF];
> + u8 current_value[MAX_BUFF];
> + u8 new_value[MAX_BUFF];
> + u8 path[MAX_BUFF];
> + u32 is_readonly;
> + u32 display_in_ui;
> + u32 requires_physical_presence;
> + u32 sequence;
> + u32 prerequisites_size;
> + u8 prerequisites[MAX_PREREQUISITES_SIZE][MAX_BUFF];
> + u32 security_level;
> + u32 min_length;
> + u32 max_length;
> + u8 display_name_language_code[MAX_BUFF];
> +};
Lots of these members are duplicated between all attribute types.
Moving them to some common struct would make the code shorter.
> +struct integer_data {
> + struct kobject *attr_name_kobj;
> + u8 display_name[MAX_BUFF];
> + u32 current_value;
> + u32 new_value;
> + u8 path[MAX_BUFF];
> + u32 is_readonly;
> + u32 display_in_ui;
> + u32 requires_physical_presence;
> + u32 sequence;
> + u32 prerequisites_size;
> + u8 prerequisites[MAX_PREREQUISITES_SIZE][MAX_BUFF];
> + u32 security_level;
> + u32 lower_bound;
> + u32 upper_bound;
> + u32 scalar_increment;
> + u8 display_name_language_code[MAX_BUFF];
> +};
> +
> +struct enumeration_data {
> + struct kobject *attr_name_kobj;
> + u8 display_name[MAX_BUFF];
> + u8 path[MAX_BUFF];
> + u32 is_readonly;
> + u32 display_in_ui;
> + u32 requires_physical_presence;
> + u32 sequence;
> + u32 prerequisites_size;
> + u8 prerequisites[MAX_PREREQUISITES_SIZE][MAX_BUFF];
> + u32 security_level;
> + u8 current_value[MAX_BUFF];
> + u8 new_value[MAX_BUFF];
> + u32 possible_values_size;
> + u8 possible_values[MAX_VALUES_SIZE][MAX_BUFF];
> + u8 display_name_language_code[MAX_BUFF];
> +};
> +
> +struct ordered_list_data {
> + struct kobject *attr_name_kobj;
> + u8 display_name[MAX_BUFF];
> + u8 current_value[MAX_BUFF];
> + u8 new_value[MAX_BUFF];
> + u8 path[MAX_BUFF];
> + u32 is_readonly;
> + u32 display_in_ui;
> + u32 requires_physical_presence;
> + u32 sequence;
> + u32 prerequisites_size;
> + u8 prerequisites[MAX_PREREQUISITES_SIZE][MAX_BUFF];
> + u32 security_level;
> + u32 elements_size;
> + u8 elements[MAX_ELEMENTS_SIZE][MAX_BUFF];;
> + u8 display_name_language_code[MAX_BUFF];
> +};
> +
> +struct password_data {
> + struct kobject *attr_name_kobj;
> + u8 display_name[MAX_BUFF];
> + u8 current_password[MAX_PASSWD_SIZE];
> + u8 new_password[MAX_PASSWD_SIZE];
> + u8 path[MAX_BUFF];
> + u32 is_readonly;
> + u32 display_in_ui;
> + u32 requires_physical_presence;
> + u32 sequence;
> + u32 prerequisites_size;
> + u8 prerequisites[MAX_PREREQUISITES_SIZE][MAX_BUFF];
> + u32 security_level;
> + u32 min_password_length;
> + u32 max_password_length;
> + u32 encodings_size;
> + u8 encodings[MAX_ENCODINGS_SIZE][MAX_BUFF];
> + u8 display_name_language_code[MAX_BUFF];
> + u32 is_enabled;
> +
> + // 'bios-admin' 'power-on'
> + u32 role;
> +
> + //'password'
> + u32 mechanism;
> +};
> +
> +struct secure_platform_data {
> + struct kobject *attr_name_kobj;
> + u8 attribute_name[MAX_BUFF];
> + u8 display_name[MAX_BUFF];
> +
> + u8 *endorsement_key;
> + u8 *signing_key;
> + u8 *auth_token;
> +
> + u32 is_enabled;
> + u32 mechanism;
> +};
> +
> +struct bioscfg_priv {
> + struct wmi_device *password_attr_wdev;
> + struct wmi_device *bios_attr_wdev;
> + struct kset *authentication_dir_kset;
> + struct kset *main_dir_kset;
> + struct device *class_dev;
> + struct string_data *string_data;
> + u32 string_instances_count;
> + struct integer_data *integer_data;
> + u32 integer_instances_count;
> + struct enumeration_data *enumeration_data;
> + u32 enumeration_instances_count;
> + struct ordered_list_data *ordered_list_data;
> + u32 ordered_list_instances_count;
> + struct password_data *password_data;
> + u32 password_instances_count;
> +
> + struct kobject *sure_start_attr_kobj;
> + struct secure_platform_data spm_data;
> +
> + int last_wmi_status;
> + bool pending_reboot;
> + struct mutex mutex;
> +};
> +
> +/* global structure used by multiple WMI interfaces */
> +extern struct bioscfg_priv bioscfg_drv;
> +
> +enum hp_wmi_data_type {
> + HPWMI_STRING_TYPE = 0x00,
> + HPWMI_INTEGER_TYPE = 0x01,
> + HPWMI_ENUMERATION_TYPE = 0x02,
> + HPWMI_ORDERED_LIST_TYPE = 0x03,
> + HPWMI_PASSWORD_TYPE = 0x04,
> + HPWMI_SECURE_PLATFORM_TYPE = 0x05,
> + HPWMI_SURE_START_TYPE = 0x06,
> +};
> +
> +enum hp_wmi_data_elements {
> +
> + /* Common elements */
> + NAME = 0,
> + VALUE = 1,
> + PATH = 2,
> + IS_READONLY = 3,
> + DISPLAY_IN_UI = 4,
> + REQUIRES_PHYSICAL_PRESENCE = 5,
> + SEQUENCE = 6,
> + PREREQUISITES_SIZE = 7,
> + PREREQUISITES = 8,
> + SECURITY_LEVEL = 9,
> +
> + /* String elements */
> + STR_MIN_LENGTH = 10,
> + STR_MAX_LENGTH = 11,
> +
> + /* Integer elements */
> + INT_LOWER_BOUND = 10,
> + INT_UPPER_BOUND = 11,
> + INT_SCALAR_INCREMENT = 12,
> +
> + /* Enumeration elements */
> + ENUM_CURRENT_VALUE = 10,
> + ENUM_SIZE = 11,
> + ENUM_POSSIBLE_VALUES = 12,
> +
> + /* Ordered list elements */
> + ORD_LIST_SIZE = 10,
> + ORD_LIST_ELEMENTS = 11,
> +
> + /* Password elements */
> + PSWD_MIN_LENGTH = 10,
> + PSWD_MAX_LENGTH = 11,
> + PSWD_SIZE = 12,
> + PSWD_ENCODINGS = 13,
> + PSWD_IS_SET = 14
> +};
> +
> +
> +static const int hp_wmi_elements_count[] = {
> + 12, // string
> + 13, // integer
> + 13, // enumeration
> + 12, // ordered list
> + 15 // password
> +};
> +
> +#define get_instance_id(type) \
> + static int get_##type##_instance_id(struct kobject *kobj) \
> + { \
> + int i; \
> + \
> + for (i = 0; i <= bioscfg_drv.type##_instances_count; i++) { \
> + if (!(strcmp(kobj->name, bioscfg_drv.type##_data[i].attr_name_kobj->name))) \
> + return i; \
> + } \
> + return -EIO; \
> + }
> +
> +#define get_instance_id_for_attribute(type) \
> + static int get_instance_id_for_##type(char *attr_name) \
> + { \
> + int i; \
> + \
> + for (i = 0; i < bioscfg_drv.type##_instances_count; i++) { \
> + if (strcmp(bioscfg_drv.type##_data[i].attr_name_kobj->name, attr_name) == 0) \
> + return i; \
> + } \
> + return -EIO; \
> + }
> +
> +#define attribute_s_property_show(name, type) \
> + static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, \
> + char *buf) \
> + { \
> + int i = get_##type##_instance_id(kobj); \
> + if (i >= 0) \
> + return sysfs_emit(buf, "%s\n", bioscfg_drv.type##_data[i].name); \
> + return 0; \
> + }
Is it really successful when the id was not found?
> +/* There is no need to keep track of default and current values
> + * separately
> + */
> +#define attribute_s_default_property_show(name, type, new_name) \
> + static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, \
> + char *buf) \
> + { \
> + int i = get_##type##_instance_id(kobj); \
> + if (i >= 0) \
> + return sysfs_emit(buf, "%s\n", bioscfg_drv.type##_data[i].new_name); \
> + return 0; \
> + }
> +
> +#define attribute_n_default_property_show(name, type, new_name) \
> + static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, \
> + char *buf) \
> + { \
> + int i = get_##type##_instance_id(kobj); \
> + if (i >= 0) \
> + return sysfs_emit(buf, "%d\n", bioscfg_drv.type##_data[i].new_name); \
> + return 0; \
> + }
> +
> +#define attribute_n_property_show(name, type) \
> + static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, \
> + char *buf) \
> + { \
> + int i = get_##type##_instance_id(kobj); \
> + if (i >= 0) \
> + return sysfs_emit(buf, "%d\n", bioscfg_drv.type##_data[i].name); \
> + return 0; \
> + }
> +
> +
> +#define attribute_property_store(curr_val, type) \
> + static ssize_t curr_val##_store(struct kobject *kobj, \
> + struct kobj_attribute *attr, \
> + const char *buf, size_t count) \
> + { \
> + char *p = NULL; \
> + char *attr_value = NULL; \
> + int i; \
> + int ret = -EIO; \
> + \
> + attr_value = kstrdup(buf, GFP_KERNEL); \
> + if (!attr_value) \
> + return -ENOMEM; \
> + \
> + p = memchr(attr_value, '\n', count); \
> + if (p != NULL) \
> + *p = '\0'; \
> + \
> + i = get_##type##_instance_id(kobj); \
> + if (i >= 0) \
> + ret = validate_##type##_input(i, attr_value); \
> + if (!ret) \
> + ret = hp_set_attribute(kobj->name, attr_value); \
> + if (!ret) \
> + update_##type##_value(i, attr_value); \
> + \
> + /* \
> + * Prevent leaving authentication tokens and password in \
> + * memory. \
> + */ \
> + clear_all_credentials(); \
> + kfree(attr_value); \
> + \
> + return ret ? ret : count; \
> + }
> +
> +#define attribute_spm_n_property_show(name, type) \
> + static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) \
> + { \
> + return sysfs_emit(buf, "%d\n", bioscfg_drv.type##_data.name); \
> + }
> +
> +#define attribute_spm_s_property_show(name, type) \
> + static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) \
> + { \
> + return sysfs_emit(buf, "%s\n", bioscfg_drv.type##_data.name); \
> + }
> +
> +#define check_property_type(attr, prop, valuetype) \
> + (attr##_obj[prop].type != valuetype)
> +
> +#define HPWMI_BINATTR_RW(_group, _name, _size) \
> + static struct bin_attribute _group##_##_name = \
> + __BIN_ATTR(_name, 0444 | 0200, _group##_##_name##_read, _group##_##_name##_write, _size)
> +
> +
> +#define attribute_values_property_show(name, type) \
> + static ssize_t name##_show(struct kobject *kobj, \
> + struct kobj_attribute *attr, char *buf) \
> + { \
> + int i; \
> + int len = 0; \
> + int instance_id = get_##type##_instance_id(kobj); \
> + \
> + if (instance_id < 0) \
> + return 0; \
> + \
> + for (i = 0; i < bioscfg_drv.type##_data[instance_id].name##_size; i++) { \
> + if (i) \
> + len += sysfs_emit_at(buf, len, "%s", ";"); \
> + \
> + len += sysfs_emit_at(buf, len, "%s", \
> + bioscfg_drv.type##_data[instance_id].name[i]); \
> + } \
> + len += sysfs_emit_at(buf, len, "\n"); \
> + return len; \
> + }
> +
> +/*
> + * Prototypes
> + */
> +union acpi_object *get_wmiobj_pointer(int instance_id, const char *guid_string);
> +int get_instance_count(const char *guid_string);
> +void update_attribute_permissions(u32 isReadOnly, struct kobj_attribute *current_val);
> +void friendly_user_name_update(char *path, const char *attr_name,
> + char *attr_display, int attr_size);
> +
> +/* String attributes */
> +int populate_string_buffer_data(u8 *buffer_ptr, int *buffer_size,
> + int instance_id,
> + struct kobject *attr_name_kobj);
> +
> +int populate_string_elements_from_buffer(u8 *buffer_ptr, int *buffer_size,
> + int instance_id,
> + enum hp_wmi_data_type type);
> +int alloc_string_data(void);
> +void exit_string_attributes(void);
> +int populate_string_package_data(union acpi_object *str_obj,
> + int instance_id,
> + struct kobject *attr_name_kobj);
> +int populate_string_elements_from_package(union acpi_object *str_obj,
> + int str_obj_count,
> + int instance_id,
> + enum hp_wmi_data_type type);
> +
> +/* Integer attributes */
> +int populate_integer_buffer_data(u8 *buffer_ptr, int *buffer_size,
> + int instance_id,
> + struct kobject *attr_name_kobj);
> +int populate_integer_elements_from_buffer(u8 *buffer_ptr, int *buffer_size,
> + int instance_id,
> + enum hp_wmi_data_type type);
> +int alloc_integer_data(void);
> +void exit_integer_attributes(void);
> +int populate_integer_package_data(union acpi_object *integer_obj,
> + int instance_id,
> + struct kobject *attr_name_kobj);
> +int populate_integer_elements_from_package(union acpi_object *integer_obj,
> + int integer_obj_count,
> + int instance_id,
> + enum hp_wmi_data_type type);
> +
> +/* Enumeration attributes */
> +int populate_enumeration_buffer_data(u8 *buffer_ptr, int *buffer_size,
> + int instance_id,
> + struct kobject *attr_name_kobj);
> +int populate_enumeration_elements_from_buffer(u8 *buffer_ptr, int *buffer_size,
> + int instance_id,
> + enum hp_wmi_data_type type);
> +int alloc_enumeration_data(void);
> +void exit_enumeration_attributes(void);
> +int populate_enumeration_package_data(union acpi_object *enum_obj,
> + int instance_id,
> + struct kobject *attr_name_kobj);
> +int populate_enumeration_elements_from_package(union acpi_object *enum_obj,
> + int enum_obj_count,
> + int instance_id,
> + enum hp_wmi_data_type type);
> +
> +/* Ordered list */
> +int populate_ordered_list_buffer_data(u8 *buffer_ptr,
> + int *buffer_size,
> + int instance_id,
> + struct kobject *attr_name_kobj);
> +int populate_ordered_list_elements_from_buffer(u8 *buffer_ptr,
> + int *buffer_size,
> + int instance_id,
> + enum hp_wmi_data_type type);
> +int alloc_ordered_list_data(void);
> +void exit_ordered_list_attributes(void);
> +int populate_ordered_list_package_data(union acpi_object *order_obj,
> + int instance_id,
> + struct kobject *attr_name_kobj);
> +int populate_ordered_list_elements_from_package(union acpi_object *order_obj,
> + int order_obj_count,
> + int instance_id,
> + enum hp_wmi_data_type type);
> +
> +/* Password authentication attributes */
> +int populate_password_buffer_data(u8 *buffer_ptr, int *buffer_size,
> + int instance_id,
> + struct kobject *attr_name_kobj);
> +int populate_password_elements_from_buffer(u8 *buffer_ptr, int *buffer_size,
> + int instance_id,
> + enum hp_wmi_data_type type);
> +int populate_password_package_data(union acpi_object *password_obj,
> + int instance_id,
> + struct kobject *attr_name_kobj);
> +int populate_password_elements_from_package(union acpi_object *password_obj,
> + int password_obj_count,
> + int instance_id,
> + enum hp_wmi_data_type type);
> +int alloc_password_data(void);
> +int alloc_secure_platform_data(void);
> +void exit_password_attributes(void);
> +void exit_secure_platform_attributes(void);
> +int populate_secure_platform_data(struct kobject *attr_name_kobj);
> +int password_is_set(const char *auth);
> +int check_spm_is_enabled(void);
> +int hp_wmi_set_bios_setting(u16 *input_buffer, u32 input_size);
> +int hp_wmi_perform_query(int query, enum hp_wmi_command command,
> + void *buffer, int insize, int outsize);
> +
> +/* Sure Start attributes */
> +void exit_sure_start_attributes(void);
> +int populate_sure_start_data(struct kobject *attr_name_kobj);
> +
> +int set_bios_defaults(u8 defType);
> +int get_password_instance_for_type(const char *name);
> +int clear_all_credentials(void);
> +int clear_passwords(const int instance);
> +void exit_bios_attr_set_interface(void);
> +int init_bios_attr_set_interface(void);
> +size_t bioscfg_calculate_string_buffer(const char *str);
> +size_t calculate_security_buffer(const char *authentication);
> +void populate_security_buffer(u16 *buffer, const char *authentication);
> +int set_new_password(const char *password_type, const char *new_password);
> +int init_bios_attr_pass_interface(void);
> +void exit_bios_attr_pass_interface(void);
> +void *ascii_to_utf16_unicode(u16 *p, const u8 *str);
> +int get_integer_from_buffer(int **buffer, int *buffer_size, int *integer);
> +int get_string_from_buffer(u8 **buffer, int *buffer_size, char *dst, int dst_size);
> +int convert_hexstr_to_str(const char *input, int input_len, char **str, int *len);
> +int encode_outsize_for_pvsz(int outsize);
> +int hp_set_attribute(const char *a_name, const char *a_value);
> +
> +#endif
> diff --git a/drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c
> new file mode 100644
> index 000000000000..0bc2c19344d5
> --- /dev/null
> +++ b/drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c
> @@ -0,0 +1,553 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Functions corresponding to enumeration type attributes under
> + * BIOS Enumeration GUID for use with hp-bioscfg driver.
> + *
> + * Copyright (c) 2022 HP Development Company, L.P.
> + */
> +
> +#include "bioscfg.h"
> +
> +get_instance_id(enumeration);
> +
> +static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
> +{
> + int instance_id = get_enumeration_instance_id(kobj);
> + ssize_t ret;
> +
> + if (instance_id < 0)
> + return -EIO;
> +
> + ret = sysfs_emit(buf, "%s\n",
> + bioscfg_drv.enumeration_data[instance_id].current_value);
> +
> + return ret;
> +}
> +
> +/*
> + * validate_enumeration_input() -
> + * Validate input of current_value against possible values
> + *
> + * @instance_id: The instance on which input is validated
> + * @buf: Input value
> + */
> +static int validate_enumeration_input(int instance_id, const char *buf)
> +{
> + int ret = 0;
> + int found = 0;
> + int i;
> + int possible_values;
> +
> + /* Is it a read only attribute */
> + if (bioscfg_drv.enumeration_data[instance_id].is_readonly)
> + return -EIO;
> +
> + possible_values = bioscfg_drv.enumeration_data[instance_id].possible_values_size;
> + for (i = 0; i < possible_values && !found; i++)
> + if (!strcasecmp(bioscfg_drv.enumeration_data[instance_id].possible_values[i], buf))
> + found = 1;
> +
> + if (!found) {
> + ret = -EINVAL;
> + goto exit_validate_enum_input;
> + }
> +
> + /*
> + * set pending reboot flag depending on
> + * "RequiresPhysicalPresence" value
> + */
> + if (bioscfg_drv.enumeration_data[instance_id].requires_physical_presence)
> + bioscfg_drv.pending_reboot = TRUE;
> +
> +exit_validate_enum_input:
> + return ret;
> +}
> +
> +static void update_enumeration_value(int instance_id, char *attr_value)
> +{
> + strscpy(bioscfg_drv.enumeration_data[instance_id].current_value,
> + attr_value,
> + sizeof(bioscfg_drv.enumeration_data[instance_id].current_value));
> +}
> +
> +attribute_s_property_show(display_name_language_code, enumeration);
> +static struct kobj_attribute enumeration_display_langcode =
> + __ATTR_RO(display_name_language_code);
> +
> +attribute_s_property_show(display_name, enumeration);
> +static struct kobj_attribute enumeration_display_name =
> + __ATTR_RO(display_name);
> +
> +attribute_property_store(current_value, enumeration);
> +static struct kobj_attribute enumeration_current_val =
> + __ATTR_RW_MODE(current_value, 0644);
> +
> +attribute_n_property_show(prerequisites_size, enumeration);
> +static struct kobj_attribute enumeration_prerequisites_size_val =
> + __ATTR_RO(prerequisites_size);
> +
> +attribute_values_property_show(prerequisites, enumeration);
> +static struct kobj_attribute enumeration_prerequisites_val =
> + __ATTR_RO(prerequisites);
> +
> +attribute_n_property_show(possible_values_size, enumeration);
> +static struct kobj_attribute enumeration_possible_values_size_val =
> + __ATTR_RO(possible_values_size);
> +
> +attribute_values_property_show(possible_values, enumeration);
> +static struct kobj_attribute enumeration_poss_val =
> + __ATTR_RO(possible_values);
> +
> +static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
> + char *buf)
> +{
> + return sysfs_emit(buf, "enumeration\n");
> +}
> +static struct kobj_attribute enumeration_type =
> + __ATTR_RO(type);
> +
> +static struct attribute *enumeration_attrs[] = {
> + &enumeration_display_langcode.attr,
> + &enumeration_display_name.attr,
> + &enumeration_current_val.attr,
> + &enumeration_prerequisites_size_val.attr,
> + &enumeration_prerequisites_val.attr,
> + &enumeration_possible_values_size_val.attr,
> + &enumeration_poss_val.attr,
> + &enumeration_type.attr,
> + NULL,
> +};
> +
> +static const struct attribute_group enumeration_attr_group = {
> + .attrs = enumeration_attrs,
> +};
> +
> +int alloc_enumeration_data(void)
> +{
> + int ret = 0;
> +
> + bioscfg_drv.enumeration_instances_count =
> + get_instance_count(HP_WMI_BIOS_ENUMERATION_GUID);
> +
> + bioscfg_drv.enumeration_data = kcalloc(bioscfg_drv.enumeration_instances_count,
> + sizeof(struct enumeration_data), GFP_KERNEL);
> + if (!bioscfg_drv.enumeration_data) {
> + bioscfg_drv.enumeration_instances_count = 0;
> + ret = -ENOMEM;
> + }
> + return ret;
> +}
> +
> +/* Expected Values types associated with each element */
> +static acpi_object_type expected_enum_types[] = {
> + [NAME] = ACPI_TYPE_STRING,
> + [VALUE] = ACPI_TYPE_STRING,
> + [PATH] = ACPI_TYPE_STRING,
> + [IS_READONLY] = ACPI_TYPE_INTEGER,
> + [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER,
> + [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER,
> + [SEQUENCE] = ACPI_TYPE_INTEGER,
> + [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER,
> + [PREREQUISITES] = ACPI_TYPE_STRING,
> + [SECURITY_LEVEL] = ACPI_TYPE_INTEGER,
> + [ENUM_CURRENT_VALUE] = ACPI_TYPE_STRING,
> + [ENUM_SIZE] = ACPI_TYPE_INTEGER,
> + [ENUM_POSSIBLE_VALUES] = ACPI_TYPE_STRING
> +};
> +
> +/*
> + * populate_enumeration_package_data() -
> + * Populate all properties of an instance under enumeration attribute
> + *
> + * @enum_obj: ACPI object with enumeration data
> + * @instance_id: The instance to enumerate
> + * @attr_name_kobj: The parent kernel object
> + */
> +int populate_enumeration_package_data(union acpi_object *enum_obj,
> + int instance_id,
> + struct kobject *attr_name_kobj)
> +{
> + bioscfg_drv.enumeration_data[instance_id].attr_name_kobj = attr_name_kobj;
> +
> + populate_enumeration_elements_from_package(enum_obj,
> + enum_obj->package.count,
> + instance_id,
> + HPWMI_ENUMERATION_TYPE);
> + update_attribute_permissions(bioscfg_drv.enumeration_data[instance_id].is_readonly,
> + &enumeration_current_val);
> + /*
> + * Several attributes have names such "MONDAY". Friendly
> + * user nane is generated to make the name more descriptive
> + */
> + friendly_user_name_update(bioscfg_drv.enumeration_data[instance_id].path,
> + attr_name_kobj->name,
> + bioscfg_drv.enumeration_data[instance_id].display_name,
> + sizeof(bioscfg_drv.enumeration_data[instance_id].display_name));
> + return sysfs_create_group(attr_name_kobj, &enumeration_attr_group);
> +}
> +
> +int populate_enumeration_elements_from_package(union acpi_object *enum_obj,
> + int enum_obj_count,
> + int instance_id,
> + enum hp_wmi_data_type type)
> +{
> + char *str_value = NULL;
> + int value_len;
> + u32 size = 0;
> + u32 int_value;
> + int elem = 0;
> + int reqs;
> + int pos_values;
> + int ret;
> + int eloc;
> +
> + strscpy(bioscfg_drv.enumeration_data[instance_id].display_name_language_code,
> + LANG_CODE_STR,
> + sizeof(bioscfg_drv.enumeration_data[instance_id].display_name_language_code));
> +
> + for (elem = 1, eloc = 1; elem < enum_obj_count; elem++, eloc++) {
> +
> + /* ONLY look at the first 'hp_wmi_elements_count[type]' elements */
> + if (eloc == hp_wmi_elements_count[type])
> + goto exit_enumeration_package;
> +
> + switch (enum_obj[elem].type) {
> + case ACPI_TYPE_STRING:
> +
> + if (PREREQUISITES != elem && ENUM_POSSIBLE_VALUES != elem) {
> + ret = convert_hexstr_to_str(enum_obj[elem].string.pointer,
> + enum_obj[elem].string.length,
> + &str_value, &value_len);
> + if (ret)
> + return -EINVAL;
> +
> + }
> + break;
> + case ACPI_TYPE_INTEGER:
> + int_value = (u32)enum_obj[elem].integer.value;
> + break;
> + default:
> + pr_warn("Unsupported object type [%d]\n", enum_obj[elem].type);
> + continue;
> + }
> +
> + /* Check that both expected and read object type match */
> + if (expected_enum_types[eloc] != enum_obj[elem].type) {
> + pr_err("Error expected type %d for elem %d, but got type %d instead\n",
> + expected_enum_types[eloc], elem, enum_obj[elem].type);
> + return -EIO;
> + }
> +
> + /* Assign appropriate element value to corresponding field */
> + switch (eloc) {
> + case NAME:
> + case VALUE:
> + break;
> + case PATH:
> + strscpy(bioscfg_drv.enumeration_data[instance_id].path, str_value,
> + sizeof(bioscfg_drv.enumeration_data[instance_id].path));
> + break;
> + case IS_READONLY:
> + bioscfg_drv.enumeration_data[instance_id].is_readonly = int_value;
> + break;
> + case DISPLAY_IN_UI:
> + bioscfg_drv.enumeration_data[instance_id].display_in_ui = int_value;
> + break;
> + case REQUIRES_PHYSICAL_PRESENCE:
> + bioscfg_drv.enumeration_data[instance_id].requires_physical_presence = int_value;
> + break;
> + case SEQUENCE:
> + bioscfg_drv.enumeration_data[instance_id].sequence = int_value;
> + break;
> + case PREREQUISITES_SIZE:
> + bioscfg_drv.enumeration_data[instance_id].prerequisites_size = int_value;
> + if (int_value > MAX_PREREQUISITES_SIZE)
> + pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
> +
> + /*
> + * This HACK is needed to keep the expected
> + * element list pointing to the right obj[elem].type
> + * when the size is zero. PREREQUISITES
> + * object is omitted by BIOS when the size is
> + * zero.
> + */
> + if (int_value == 0)
> + eloc++;
> + break;
> +
> + case PREREQUISITES:
> +
> + size = bioscfg_drv.enumeration_data[instance_id].prerequisites_size;
> +
> + for (reqs = 0; reqs < size && reqs < MAX_PREREQUISITES_SIZE; reqs++) {
> + if (elem >= enum_obj_count) {
> + pr_err("Error enum-objects package is too small\n");
> + return -EINVAL;
> + }
> +
> + ret = convert_hexstr_to_str(enum_obj[elem + reqs].string.pointer,
> + enum_obj[elem + reqs].string.length,
> + &str_value, &value_len);
> +
> + if (ret)
> + return -EINVAL;
> +
> + strlcpy(bioscfg_drv.enumeration_data[instance_id].prerequisites[reqs],
> + str_value,
> + sizeof(bioscfg_drv.enumeration_data[instance_id].prerequisites[reqs]));
> +
> + kfree(str_value);
> + str_value = NULL;
> + }
> + break;
> +
> + case SECURITY_LEVEL:
> + bioscfg_drv.enumeration_data[instance_id].security_level = int_value;
> + break;
> +
> + case ENUM_CURRENT_VALUE:
> + strscpy(bioscfg_drv.enumeration_data[instance_id].current_value,
> + str_value, sizeof(bioscfg_drv.enumeration_data[instance_id].current_value));
> + break;
> + case ENUM_SIZE:
> + bioscfg_drv.enumeration_data[instance_id].possible_values_size = int_value;
> + if (int_value > MAX_VALUES_SIZE)
> + pr_warn("Possible number values size value exceeded the maximum number of elements supported or data may be malformed\n");
> +
> + /*
> + * This HACK is needed to keep the expected
> + * element list pointing to the right obj[elem].type
> + * when the size is zero. POSSIBLE_VALUES
> + * object is omitted by BIOS when the size is zero.
> + */
> + if (int_value == 0)
> + eloc++;
> + break;
> +
> + case ENUM_POSSIBLE_VALUES:
> + size = bioscfg_drv.enumeration_data[instance_id].possible_values_size;
> +
> + for (pos_values = 0; pos_values < size && pos_values < MAX_VALUES_SIZE; pos_values++) {
> + if (elem >= enum_obj_count) {
> + pr_err("Error enum-objects package is too small\n");
> + return -EINVAL;
> + }
> +
> + ret = convert_hexstr_to_str(enum_obj[elem + pos_values].string.pointer,
> + enum_obj[elem + pos_values].string.length,
> + &str_value, &value_len);
> +
> + if (ret)
> + return -EINVAL;
> +
> + /*
> + * ignore strings when possible values size
> + * is greater than MAX_VALUES_SIZE
> + */
> + if (size < MAX_VALUES_SIZE)
> + strlcpy(bioscfg_drv.enumeration_data[instance_id].possible_values[pos_values],
> + str_value,
> + sizeof(bioscfg_drv.enumeration_data[instance_id].possible_values[pos_values]));
> +
> + kfree(str_value);
> + str_value = NULL;
> + }
> + break;
> + default:
> + pr_warn("Invalid element: %d found in Enumeration attribute or data may be malformed\n", elem);
> + break;
> + }
> +
> + kfree(str_value);
> + str_value = NULL;
> + }
> +
> +exit_enumeration_package:
> + kfree(str_value);
> + str_value = NULL;
> + return 0;
> +}
> +
> +/*
> + * populate_enumeration_buffer_data() -
> + * Populate all properties of an instance under enumeration attribute
> + *
> + * @buffer_ptr: Buffer pointer
> + * @buffer_size: Buffer size
> + * @enum_obj: ACPI object with enumeration data
> + * @instance_id: The instance to enumerate
> + * @attr_name_kobj: The parent kernel object
> + * @enumeration_property_count: Total properties count under enumeration type
> + */
> +int populate_enumeration_buffer_data(u8 *buffer_ptr, int *buffer_size,
> + int instance_id,
> + struct kobject *attr_name_kobj)
> +{
> +
> + bioscfg_drv.enumeration_data[instance_id].attr_name_kobj = attr_name_kobj;
> +
> + /* Populate enumeration elements */
> + populate_enumeration_elements_from_buffer(buffer_ptr, buffer_size,
> + instance_id,
> + HPWMI_ENUMERATION_TYPE);
> +
> + update_attribute_permissions(bioscfg_drv.enumeration_data[instance_id].is_readonly,
> + &enumeration_current_val);
> + /*
> + * Several attributes have names such "MONDAY". A Friendlier
> + * user nane is generated to make the name more descriptive
> + */
> + friendly_user_name_update(bioscfg_drv.enumeration_data[instance_id].path,
> + attr_name_kobj->name,
> + bioscfg_drv.enumeration_data[instance_id].display_name,
> + sizeof(bioscfg_drv.enumeration_data[instance_id].display_name));
> +
> + return sysfs_create_group(attr_name_kobj, &enumeration_attr_group);
> +}
> +
> +int populate_enumeration_elements_from_buffer(u8 *buffer_ptr, int *buffer_size,
> + int instance_id,
> + enum hp_wmi_data_type type)
> +{
> + char *dst = NULL;
> + int elem;
> + int reqs;
> + int integer;
> + int size = 0;
> + int values;
> + int ret;
> + int dst_size = *buffer_size / sizeof(u16);
> +
> + dst = kcalloc(dst_size, sizeof(char), GFP_KERNEL);
> + if (!dst)
> + return -ENOMEM;
> +
> + elem = 0;
> +
> + strscpy(bioscfg_drv.enumeration_data[instance_id].display_name_language_code,
> + LANG_CODE_STR,
> + sizeof(bioscfg_drv.enumeration_data[instance_id].display_name_language_code));
> +
> + for (elem = 1; elem < 3; elem++) {
> +
> + ret = get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
> + /* Ignore. Zero length string values */
> + if (ret < 0)
> + continue;
> +
> + switch (elem) {
> + case VALUE:
> + /* Skip 'Value' since 'CurrentValue' is reported. */
> + break;
> + case PATH:
> + strscpy(bioscfg_drv.enumeration_data[instance_id].path,
> + dst, sizeof(bioscfg_drv.enumeration_data[instance_id].path));
> + break;
> + default:
> + pr_warn("Invalid element: %d found in Enumeration attribute or data may be malformed\n", elem);
> + break;
> + }
> + }
> +
> + for (elem = 3; elem < hp_wmi_elements_count[type]; elem++) {
> + if (PREREQUISITES != elem && ENUM_CURRENT_VALUE != elem && ENUM_POSSIBLE_VALUES != elem) {
> + ret = get_integer_from_buffer((int **)&buffer_ptr, buffer_size, (int *)&integer);
> + if (ret < 0)
> + continue;
> + }
> +
> + switch (elem) {
> + case IS_READONLY:
> + bioscfg_drv.enumeration_data[instance_id].is_readonly = integer;
> + break;
> + case DISPLAY_IN_UI:
> + bioscfg_drv.enumeration_data[instance_id].display_in_ui = integer;
> + break;
> + case REQUIRES_PHYSICAL_PRESENCE:
> + bioscfg_drv.enumeration_data[instance_id].requires_physical_presence = integer;
> + break;
> + case SEQUENCE:
> + bioscfg_drv.enumeration_data[instance_id].sequence = integer;
> + break;
> + case PREREQUISITES_SIZE:
> + bioscfg_drv.enumeration_data[instance_id].prerequisites_size = integer;
> + if (integer > MAX_PREREQUISITES_SIZE)
> + pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
> +
> + // PREREQUISITES:
> + elem++;
> +
> + size = bioscfg_drv.enumeration_data[instance_id].prerequisites_size;
> + for (reqs = 0; reqs < size && reqs < MAX_PREREQUISITES_SIZE; reqs++) {
> + ret = get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
> + /* Ignore. expect zero length strings at the end of prerequisite values */
> + if (ret < 0)
> + continue;
> +
> + strscpy(bioscfg_drv.enumeration_data[instance_id].prerequisites[reqs],
> + dst,
> + sizeof(bioscfg_drv.enumeration_data[instance_id].prerequisites[reqs]));
> + }
> + break;
> + case SECURITY_LEVEL:
> + bioscfg_drv.enumeration_data[instance_id].security_level = integer;
> + break;
> + case ENUM_CURRENT_VALUE:
> + ret = get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
> + if (ret < 0)
> + continue;
> +
> + strscpy(bioscfg_drv.enumeration_data[instance_id].current_value,
> + dst,
> + sizeof(bioscfg_drv.enumeration_data[instance_id].current_value));
> + break;
> + case ENUM_SIZE:
> + bioscfg_drv.enumeration_data[instance_id].possible_values_size = integer;
> + if (integer > MAX_VALUES_SIZE)
> + pr_warn("Possible size value exceeded the maximum number of elements supported or data may be malformed\n");
> +
> + // ENUM_POSSIBLE_VALUES:
> + elem++;
> +
> + size = bioscfg_drv.enumeration_data[instance_id].possible_values_size;
> + for (values = 0; values < size && values < MAX_VALUES_SIZE; values++) {
> + ret = get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
> + /* Ignore expect zero size strings at the end of all possible values */
> + if (ret < 0)
> + continue;
> +
> + strscpy(bioscfg_drv.enumeration_data[instance_id].possible_values[values],
> + dst,
> + sizeof(bioscfg_drv.enumeration_data[instance_id].possible_values[values]));
> + }
> + break;
> + default:
> + pr_warn("Invalid element: %d found in Enumeration attribute or data may be malformed\n", elem);
> + break;
> + }
> + }
> +
> + kfree(dst);
> +
> + return 0;
> +}
> +
> +/**
> + * exit_enumeration_attributes() - Clear all attribute data
> + *
> + * Clears all data allocated for this group of attributes
> + */
> +void exit_enumeration_attributes(void)
> +{
> + int instance_id;
> +
> + for (instance_id = 0; instance_id < bioscfg_drv.enumeration_instances_count; instance_id++) {
> + if (bioscfg_drv.enumeration_data[instance_id].attr_name_kobj)
> + sysfs_remove_group(bioscfg_drv.enumeration_data[instance_id].attr_name_kobj,
> + &enumeration_attr_group);
> + }
> + bioscfg_drv.enumeration_instances_count = 0;
> +
> + kfree(bioscfg_drv.enumeration_data);
> + bioscfg_drv.enumeration_data = NULL;
> +}
> --
> 2.34.1
>
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v6 4/4] Introduction of HP-BIOSCFG driver [4]
2023-04-01 11:58 ` Thomas Weißschuh
2023-04-02 0:47 ` Mark Pearson
@ 2023-04-03 16:33 ` Jorge Lopez
2023-04-03 17:30 ` Thomas Weißschuh
1 sibling, 1 reply; 18+ messages in thread
From: Jorge Lopez @ 2023-04-03 16:33 UTC (permalink / raw)
To: Thomas Weißschuh; +Cc: hdegoede, platform-driver-x86, linux-kernel
Hi Thomas,
Please see my comments below.
On Sat, Apr 1, 2023 at 6:58 AM Thomas Weißschuh <thomas@t-8ch.de> wrote:
>
> Hi Jorge,
>
> Hans asked me to do a review of your series, so this is it.
>
> I'll start with patch 4 because it is the one with the docs and build
> system changes.
> Reviews of the other patches and the code of this patch will follow.
>
> In my opinion the best way forward is to drop some of the non-core
> and duplicated functionality.
> The reduced scope will make review and rework easier and therefore speed
> up the process.
>
> Please also Cc the general kernel mailing list
> linux-kernel@vger.kernel.org for future revisions.
> This will make sure the patchset is picked up and tested by the bots.
>
Will do.
> On 2023-03-09 14:10:22-0600, Jorge Lopez wrote:
> > The purpose for this patch is submit HP BIOSCFG driver to be list of
> > HP Linux kernel drivers. The driver include a total of 12 files
> > broken in several patches.
>
> No need for this paragraph.
I will remove it in the next submission.
>
> > HP BIOS Configuration driver purpose is to provide a driver supporting
> > the latest sysfs class firmware attributes framework allowing the user
> > to change BIOS settings and security solutions on HP Inc.’s commercial
> > notebooks.
>
> Here it says "notebooks", below "PC's". Does it also support
> non-notebook machines?
The initial release of the driver will be supported for business notebooks.
Although the driver is not targeted for non-notebooks machines, the
driver was tested on non-notebooks in the event a decision is made to
targets them
> > --- a/Documentation/ABI/testing/sysfs-class-firmware-attributes
> > +++ b/Documentation/ABI/testing/sysfs-class-firmware-attributes
> > @@ -22,6 +22,13 @@ Description:
> > - integer: a range of numerical values
> > - string
> >
> > + HP specific types
> > + -----------------
> > + - ordered-list - a set of ordered list valid values
> > + - sure-admin
>
> Does sure-admin still exist?
I will remove that entry. Sure-admin no longer exist as part of the driver
>> > + HP specific class extensions
> > + ------------------------------
> > +
> > + On HP systems the following additional attributes are available:
> > +
> > + "ordered-list"-type specific properties:
> > +
> > + elements:
> > + A file that can be read to obtain the possible
> > + list of values of the <attr>. Values are separated using
> > + semi-colon (``;``). The order individual elements are listed
> > + according to their priority. An Element listed first has the
> > + hightest priority. Writing the list in a different order to
> > + current_value alters the priority order for the particular
> > + attribute.
> > +
> > + "sure-start"-type specific properties:
> > +
> > + audit_log_entries:
> > + A read-only file that returns the events in the log.
> > +
> > + Audit log entry format
> > +
> > + Byte 0-15: Requested Audit Log entry (Each Audit log is 16 bytes)
> > + Byte 16-127: Unused
> > +
> > + audit_log_entry_count:
> > + A read-only file that returns the number of existing audit log events available to be read.
> > +
> > + [No of entries],[log entry size],[Max number of entries supported]
>
> sysfs is based on the idea of "one-value-per-file".
> The two properties above violate this idea.
> Maybe a different interface is needed.
>
Both properties report a single string separated by semicolon. This
is not different from listing all elements in a single string
separated by semicolon.
> Are these properties very important for the first version of this
> driver? If not I would propose to drop them for now and resubmit them
> as separate patches after the main driver has been merged.
>
We want the initial driver to have all predefined properties available
first. There are plans to add future properties and features which
will be submitted as patches.
> > +
> > +
> > What: /sys/class/firmware-attributes/*/authentication/
> > Date: February 2021
> > KernelVersion: 5.11
> > @@ -206,7 +245,7 @@ Description:
> > Drivers may emit a CHANGE uevent when a password is set or unset
> > userspace may check it again.
> >
> > - On Dell and Lenovo systems, if Admin password is set, then all BIOS attributes
> > + On Dell, Lenovo, and HP systems, if Admin password is set, then all BIOS attributes
>
> No comma after "Lenovo"
Will do
>
> > require password validation.
> > On Lenovo systems if you change the Admin password the new password is not active until
> > the next boot.
> > @@ -296,6 +335,15 @@ Description:
> > echo "signature" > authentication/Admin/signature
> > echo "password" > authentication/Admin/certificate_to_password
> >
> > + HP specific class extensions
> > + --------------------------------
> > +
> > + On HP systems the following additional settings are available:
> > +
> > + role: enhanced-bios-auth:
> > + This role is specific to Secure Platform Management (SPM) attribute.
> > + It requires configuring an endorsement (kek) and signing certificate (sk).
> > +
> >
> > What: /sys/class/firmware-attributes/*/attributes/pending_reboot
> > Date: February 2021
> > @@ -364,3 +412,60 @@ Description:
> > use it to enable extra debug attributes or BIOS features for testing purposes.
> >
> > Note that any changes to this attribute requires a reboot for changes to take effect.
> > +
> > +
> > + HP specific class extensions
> > + --------------------------------
> > +
> > +What: /sys/class/firmware-attributes/*/authentication/SPM/kek
> > +Date: March 29
> > +KernelVersion: 5.18
> > +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
> > +Description: 'kek' is a write-only file that can be used to configure the
> > + RSA public key that will be used by the BIOS to verify
> > + signatures when setting the signing key. When written,
> > + the bytes should correspond to the KEK certificate
> > + (x509 .DER format containing an OU). The size of the
> > + certificate must be less than or equal to 4095 bytes.
> > +
> > +
> > +What: /sys/class/firmware-attributes/*/authentication/SPM/sk
> > +Date: March 29
> > +KernelVersion: 5.18
> > +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
> > +Description: 'sk' is a write-only file that can be used to configure the RSA
> > + public key that will be used by the BIOS to verify signatures
> > + when configuring BIOS settings and security features. When
> > + written, the bytes should correspond to the modulus of the
> > + public key. The exponent is assumed to be 0x10001.
>
> The names of the files 'SPM', 'kek' and 'sk' are cryptic.
SPM - Secure Platform Manager
kek - Key-Encryption-Key (KEK)
sk - Signature Key (SK)
Those abbreviations were used because they are industry standard and
reduce the size of the commands. Any suggestions?
>
> > +
> > +
> > +What: /sys/class/firmware-attributes/*/authentication/SPM/status
> > +Date: March 29
> > +KernelVersion: 5.18
> > +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
> > +Description: 'status' is a read-only file that returns ASCII text reporting
> > + the status information.
> > +
> > + State: Not Provisioned / Provisioned / Provisioning in progress
> > + Version: Major. Minor
> > + Feature Bit Mask: <16-bit unsigned number display in hex>
> > + SPM Counter: <16-bit unsigned number display in base 10>
> > + Signing Key Public Key Modulus (base64):
> > + KEK Public Key Modulus (base64):
>
> This also violates 'one-value-per-file'.
> Can it be split into different files?
I will split the information in multiple files.
> This would also remove the need for the statusbin file.
>
Status bin is used by GUI applications where data is managed
accordingly instead of individual lines.
> For the values:
>
> Status: I think symbolic names are better for sysfs:
> not_provisioned, provisioned, etc.
> Feature Bit Mask: Use names.
> Keys: It would be nicer if these could be shown directly in the files
> that can be used to configure them.
>
> As before, what is really needed and what can be added later?
Status is needed when the user enables Secure Platform Manager in BIOS
and KEK and/or SK are configured.
>
> > +
> > +
> > +What: /sys/class/firmware-attributes/*/authentication/SPM/statusbin
> > +Date: March 29
> > +KernelVersion: 5.18
> > +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
> > +Description: 'statusbin' is a read-only file that returns identical status
> > + information reported by 'status' file in binary format.
>
> How does this binary format work?
Yes. Status bin is used by GUI applications where data is managed
accordingly instead of individual lines
>
> > +
> > +
> > +What: /sys/class/firmware-attributes/*/attributes/last_error
> > +Date: March 29
> > +KernelVersion: 5.18
> > +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
> > +Description: 'last_error' is a read-only file that returns WMI error number
> > + and message reported by last WMI command.
>
> Does this provide much value?
> Or could this error just be logged via pr_warn_ratelimited()?
It is specially needed to determine if WMI calls reported an error.
This property is similar to the one provided by both Dell and Lenovo
drivers
>
> > diff --git a/MAINTAINERS b/MAINTAINERS
> > index f32538373164..663ae73fb8be 100644
> > --- a/MAINTAINERS
> > +++ b/MAINTAINERS
> > @@ -9367,6 +9367,12 @@ S: Obsolete
> > W: http://w1.fi/hostap-driver.html
> > F: drivers/net/wireless/intersil/hostap/
> >
> > +HP BIOSCFG DRIVER
> > +M: Jorge Lopez <jorge.lopez2@hp.com>
> > +L: platform-driver-x86@vger.kernel.org
>
> Broken whitespace
I will be corrected.
>
> > +S: Maintained
> > +F: drivers/platform/x86/hp/hp-bioscfg/
> > +
> > HP COMPAQ TC1100 TABLET WMI EXTRAS DRIVER
> > L: platform-driver-x86@vger.kernel.org
> > S: Orphan
> > diff --git a/drivers/platform/x86/hp/hp-bioscfg/Makefile b/drivers/platform/x86/hp/hp-bioscfg/Makefile
> > new file mode 100644
> > index 000000000000..529eba6fa47f
> > --- /dev/null
> > +++ b/drivers/platform/x86/hp/hp-bioscfg/Makefile
> > @@ -0,0 +1,13 @@
> > +obj-$(CONFIG_HP_BIOSCFG) := hp-bioscfg.o
>
> The kbuild part that defines CONFIG_HP_BIOSCFG is missing, so this is
> never built.
>
This is an oversight on my part. The changes were made but never made
part of the review.
> drivers/platform/x86/hp/Makefile also needs to reference this Makefile.
>
> After fixing up Kbuild please build the driver with "make W=1" and clean
> up all the unused functions/variables.
> (This won't catch unused stuff from bioscfg.c, so you have to check
> these manually)
>
Thank you. I will make sure to include it
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v6 4/4] Introduction of HP-BIOSCFG driver [4]
2023-04-03 16:33 ` Jorge Lopez
@ 2023-04-03 17:30 ` Thomas Weißschuh
2023-04-03 19:33 ` Jorge Lopez
0 siblings, 1 reply; 18+ messages in thread
From: Thomas Weißschuh @ 2023-04-03 17:30 UTC (permalink / raw)
To: Jorge Lopez; +Cc: hdegoede, platform-driver-x86, linux-kernel
Hi Jorge,
On 2023-04-03 11:33:20-0500, Jorge Lopez wrote:
> Hi Thomas,
>
> Please see my comments below.
>
> On Sat, Apr 1, 2023 at 6:58 AM Thomas Weißschuh <thomas@t-8ch.de> wrote:
> > On 2023-03-09 14:10:22-0600, Jorge Lopez wrote:
> [..]
> > > HP BIOS Configuration driver purpose is to provide a driver supporting
> > > the latest sysfs class firmware attributes framework allowing the user
> > > to change BIOS settings and security solutions on HP Inc.’s commercial
> > > notebooks.
> >
> > Here it says "notebooks", below "PC's". Does it also support
> > non-notebook machines?
>
> The initial release of the driver will be supported for business notebooks.
> Although the driver is not targeted for non-notebooks machines, the
> driver was tested on non-notebooks in the event a decision is made to
> targets them
If it is not intended to support both, maybe the documentation could
consistently use "notebook".
> > > + "sure-start"-type specific properties:
> > > +
> > > + audit_log_entries:
> > > + A read-only file that returns the events in the log.
> > > +
> > > + Audit log entry format
> > > +
> > > + Byte 0-15: Requested Audit Log entry (Each Audit log is 16 bytes)
> > > + Byte 16-127: Unused
> > > +
> > > + audit_log_entry_count:
> > > + A read-only file that returns the number of existing audit log events available to be read.
> > > +
> > > + [No of entries],[log entry size],[Max number of entries supported]
> >
> > sysfs is based on the idea of "one-value-per-file".
> > The two properties above violate this idea.
> > Maybe a different interface is needed.
> >
>
> Both properties report a single string separated by semicolon. This
> is not different from listing all elements in a single string
> separated by semicolon.
The documentation does not mention semicolons.
The nice thing about descoping functionality is that we don't need to
worry about their details now.
Instead it can be added later without haste as the core functionality
can already be used by the users.
> > Are these properties very important for the first version of this
> > driver? If not I would propose to drop them for now and resubmit them
> > as separate patches after the main driver has been merged.
> >
> We want the initial driver to have all predefined properties available
> first. There are plans to add future properties and features which
> will be submitted as patches.
With "properties" do you mean the bios settings?
I agree that all these are good for the initial driver.
But the audit log, detailed error codes, etc... do not seem integral for
the functioning of the driver or for users.
> > > + HP specific class extensions
> > > + --------------------------------
> > > +
> > > +What: /sys/class/firmware-attributes/*/authentication/SPM/kek
> > > +Date: March 29
> > > +KernelVersion: 5.18
> > > +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
> > > +Description: 'kek' is a write-only file that can be used to configure the
> > > + RSA public key that will be used by the BIOS to verify
> > > + signatures when setting the signing key. When written,
> > > + the bytes should correspond to the KEK certificate
> > > + (x509 .DER format containing an OU). The size of the
> > > + certificate must be less than or equal to 4095 bytes.
> > > +
> > > +
> > > +What: /sys/class/firmware-attributes/*/authentication/SPM/sk
> > > +Date: March 29
> > > +KernelVersion: 5.18
> > > +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
> > > +Description: 'sk' is a write-only file that can be used to configure the RSA
> > > + public key that will be used by the BIOS to verify signatures
> > > + when configuring BIOS settings and security features. When
> > > + written, the bytes should correspond to the modulus of the
> > > + public key. The exponent is assumed to be 0x10001.
> >
> > The names of the files 'SPM', 'kek' and 'sk' are cryptic.
>
> SPM - Secure Platform Manager
> kek - Key-Encryption-Key (KEK)
> sk - Signature Key (SK)
>
> Those abbreviations were used because they are industry standard and
> reduce the size of the commands. Any suggestions?
Maybe mention the long names once in the documentation "Description".
> > > +
> > > +
> > > +What: /sys/class/firmware-attributes/*/authentication/SPM/status
> > > +Date: March 29
> > > +KernelVersion: 5.18
> > > +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
> > > +Description: 'status' is a read-only file that returns ASCII text reporting
> > > + the status information.
> > > +
> > > + State: Not Provisioned / Provisioned / Provisioning in progress
> > > + Version: Major. Minor
> > > + Feature Bit Mask: <16-bit unsigned number display in hex>
> > > + SPM Counter: <16-bit unsigned number display in base 10>
> > > + Signing Key Public Key Modulus (base64):
> > > + KEK Public Key Modulus (base64):
> >
> > This also violates 'one-value-per-file'.
> > Can it be split into different files?
>
> I will split the information in multiple files.
>
> > This would also remove the need for the statusbin file.
> >
> Status bin is used by GUI applications where data is managed
> accordingly instead of individual lines.
Can the GUI applications not use the split files?
> > For the values:
> >
> > Status: I think symbolic names are better for sysfs:
> > not_provisioned, provisioned, etc.
> > Feature Bit Mask: Use names.
> > Keys: It would be nicer if these could be shown directly in the files
> > that can be used to configure them.
> >
> > As before, what is really needed and what can be added later?
>
> Status is needed when the user enables Secure Platform Manager in BIOS
> and KEK and/or SK are configured.
Ok.
> >
> > > +
> > > +
> > > +What: /sys/class/firmware-attributes/*/authentication/SPM/statusbin
> > > +Date: March 29
> > > +KernelVersion: 5.18
> > > +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
> > > +Description: 'statusbin' is a read-only file that returns identical status
> > > + information reported by 'status' file in binary format.
> >
> > How does this binary format work?
>
> Yes. Status bin is used by GUI applications where data is managed
> accordingly instead of individual lines
But this format is not documented here at all.
So how can we determine if the implementation is correct?
> > > +
> > > +
> > > +What: /sys/class/firmware-attributes/*/attributes/last_error
> > > +Date: March 29
> > > +KernelVersion: 5.18
> > > +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
> > > +Description: 'last_error' is a read-only file that returns WMI error number
> > > + and message reported by last WMI command.
> >
> > Does this provide much value?
> > Or could this error just be logged via pr_warn_ratelimited()?
>
> It is specially needed to determine if WMI calls reported an error.
> This property is similar to the one provided by both Dell and Lenovo
> drivers
I don't see similar functionality for the other drivers.
Instead they seem to just return the error codes from the attribute
callbacks.
This may be useful but it does not seem *necessary* for the first
version.
Feel free to only submit the patch with the documentation for the next
revision. Then we can nail down the interface and initial functionality
and you don't always have to adapt the code to the changing interface.
Thomas
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v6 4/4] Introduction of HP-BIOSCFG driver [4]
2023-04-03 17:30 ` Thomas Weißschuh
@ 2023-04-03 19:33 ` Jorge Lopez
0 siblings, 0 replies; 18+ messages in thread
From: Jorge Lopez @ 2023-04-03 19:33 UTC (permalink / raw)
To: Thomas Weißschuh; +Cc: hdegoede, platform-driver-x86, linux-kernel
Hi Thomas,
Please see my comments below.
> > > > HP BIOS Configuration driver purpose is to provide a driver supporting
> > > > the latest sysfs class firmware attributes framework allowing the user
> > > > to change BIOS settings and security solutions on HP Inc.’s commercial
> > > > notebooks.
> > >
> > > Here it says "notebooks", below "PC's". Does it also support
> > > non-notebook machines?
> >
> > The initial release of the driver will be supported for business notebooks.
> > Although the driver is not targeted for non-notebooks machines, the
> > driver was tested on non-notebooks in the event a decision is made to
> > targets them
>
> If it is not intended to support both, maybe the documentation could
> consistently use "notebook".
Ok.
>
> > > > + "sure-start"-type specific properties:
> > > > +
> > > > + audit_log_entries:
> > > > + A read-only file that returns the events in the log.
> > > > +
> > > > + Audit log entry format
> > > > +
> > > > + Byte 0-15: Requested Audit Log entry (Each Audit log is 16 bytes)
> > > > + Byte 16-127: Unused
> > > > +
> > > > + audit_log_entry_count:
> > > > + A read-only file that returns the number of existing audit log events available to be read.
> > > > +
> > > > + [No of entries],[log entry size],[Max number of entries supported]
> > >
> > > sysfs is based on the idea of "one-value-per-file".
> > > The two properties above violate this idea.
> > > Maybe a different interface is needed.
> > >
> >
> > Both properties report a single string separated by semicolon. This
> > is not different from listing all elements in a single string
> > separated by semicolon.
>
> The documentation does not mention semicolons.
It should have been documented. I will update the docs.
>
> The nice thing about descoping functionality is that we don't need to
> worry about their details now.
> Instead it can be added later without haste as the core functionality
> can already be used by the users.
>
> > > Are these properties very important for the first version of this
> > > driver? If not I would propose to drop them for now and resubmit them
> > > as separate patches after the main driver has been merged.
> > >
> > We want the initial driver to have all predefined properties available
> > first. There are plans to add future properties and features which
> > will be submitted as patches.
>
> With "properties" do you mean the bios settings?
> I agree that all these are good for the initial driver.
Yes. All those properties are part of BIOS setting and security
related features.
>
> But the audit log, detailed error codes, etc... do not seem integral for
> the functioning of the driver or for users.
Error codes can be replaced as pr_warn() log when error is not zero.
Audit_log on the hand, it is part of the initial features we need.to
have.
>
> > > > + HP specific class extensions
> > > > + --------------------------------
> > > > +
> > > > +What: /sys/class/firmware-attributes/*/authentication/SPM/kek
> > > > +Date: March 29
> > > > +KernelVersion: 5.18
> > > > +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
> > > > +Description: 'kek' is a write-only file that can be used to configure the
> > > > + RSA public key that will be used by the BIOS to verify
> > > > + signatures when setting the signing key. When written,
> > > > + the bytes should correspond to the KEK certificate
> > > > + (x509 .DER format containing an OU). The size of the
> > > > + certificate must be less than or equal to 4095 bytes.
> > > > +
> > > > +
> > > > +What: /sys/class/firmware-attributes/*/authentication/SPM/sk
> > > > +Date: March 29
> > > > +KernelVersion: 5.18
> > > > +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
> > > > +Description: 'sk' is a write-only file that can be used to configure the RSA
> > > > + public key that will be used by the BIOS to verify signatures
> > > > + when configuring BIOS settings and security features. When
> > > > + written, the bytes should correspond to the modulus of the
> > > > + public key. The exponent is assumed to be 0x10001.
> > >
> > > The names of the files 'SPM', 'kek' and 'sk' are cryptic.
> >
> > SPM - Secure Platform Manager
> > kek - Key-Encryption-Key (KEK)
> > sk - Signature Key (SK)
> >
> > Those abbreviations were used because they are industry standard and
> > reduce the size of the commands. Any suggestions?
>
> Maybe mention the long names once in the documentation "Description".
Ok. I will do so.
>
> > > > +
> > > > +
> > > > +What: /sys/class/firmware-attributes/*/authentication/SPM/status
> > > > +Date: March 29
> > > > +KernelVersion: 5.18
> > > > +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
> > > > +Description: 'status' is a read-only file that returns ASCII text reporting
> > > > + the status information.
> > > > +
> > > > + State: Not Provisioned / Provisioned / Provisioning in progress
> > > > + Version: Major. Minor
> > > > + Feature Bit Mask: <16-bit unsigned number display in hex>
> > > > + SPM Counter: <16-bit unsigned number display in base 10>
> > > > + Signing Key Public Key Modulus (base64):
> > > > + KEK Public Key Modulus (base64):
> > >
> > > This also violates 'one-value-per-file'.
> > > Can it be split into different files?
> >
> > I will split the information in multiple files.
The data reported by status files is gathered by a single WMI called
(statusbin) and then reported by adding multiple headers (ie Feature
Bit Mask:). Do we still need to split the status lines? Instead of
making one call, the driver would be making multiple calls to
'statusbin' routine and then report the appropriate item for the file.
The additional complexity is unnecessary.
> >
> > > This would also remove the need for the statusbin file.
> > >
> > Status bin is used by GUI applications where data is managed
> > accordingly instead of individual lines.
>
> Can the GUI applications not use the split files?
The GUI applications could use the split lines but he data is just a
blob of binary data of sizeof struct
secureplatform_provisioning_data. The lack of headers on the left
handside ((ie Feature Bit Mask:) will eliminate having to split the
data read and make multiple calls to the driver.
>
> > > For the values:
> > >
> > > Status: I think symbolic names are better for sysfs:
> > > not_provisioned, provisioned, etc.
> > > Feature Bit Mask: Use names.
> > > Keys: It would be nicer if these could be shown directly in the files
> > > that can be used to configure them.
> > >
> > > As before, what is really needed and what can be added later?
> >
> > Status is needed when the user enables Secure Platform Manager in BIOS
> > and KEK and/or SK are configured.
>
> Ok.
>
> > >
> > > > +
> > > > +
> > > > +What: /sys/class/firmware-attributes/*/authentication/SPM/statusbin
> > > > +Date: March 29
> > > > +KernelVersion: 5.18
> > > > +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
> > > > +Description: 'statusbin' is a read-only file that returns identical status
> > > > + information reported by 'status' file in binary format.
> > >
> > > How does this binary format work?
> >
> > Yes. Status bin is used by GUI applications where data is managed
> > accordingly instead of individual lines
>
> But this format is not documented here at all.
> So how can we determine if the implementation is correct?
The data gathered by 'statusbin' routine is struct
secureplatform_provisioning_data. The validation is done in two ways.
the driver validates the return code from WMI call, and the other is
by inspecting the data reported by 'status' with some additional
headers..
> > > > +
> > > > +
> > > > +What: /sys/class/firmware-attributes/*/attributes/last_error
> > > > +Date: March 29
> > > > +KernelVersion: 5.18
> > > > +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
> > > > +Description: 'last_error' is a read-only file that returns WMI error number
> > > > + and message reported by last WMI command.
> > >
> > > Does this provide much value?
> > > Or could this error just be logged via pr_warn_ratelimited()?
> >
> > It is specially needed to determine if WMI calls reported an error.
> > This property is similar to the one provided by both Dell and Lenovo
> > drivers
>
> I don't see similar functionality for the other drivers.
> Instead they seem to just return the error codes from the attribute
> callbacks.
Ok. last_error can be replaced as pr_warn() log when error value is not zero.
>
> This may be useful but it does not seem *necessary* for the first
> version.
>
>
> Feel free to only submit the patch with the documentation for the next
> revision. Then we can nail down the interface and initial functionality
> and you don't always have to adapt the code to the changing interface.
>
Ok. I will submit the documentation by it self with the next revision.
Jorge
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v6 3/4] Introduction of HP-BIOSCFG driver [3]
2023-04-02 17:01 ` Thomas Weißschuh
@ 2023-04-03 20:18 ` Jorge Lopez
2023-04-04 16:32 ` Thomas Weißschuh
0 siblings, 1 reply; 18+ messages in thread
From: Jorge Lopez @ 2023-04-03 20:18 UTC (permalink / raw)
To: Thomas Weißschuh; +Cc: hdegoede, platform-driver-x86
Hi Thomas,
>
> Currently the driver stores all its state in driver-global static data.
> The kobjects are stored without any state.
> Inside the kobject attribute operations is some fiddly logic that tries
> to figure out the corresponding state with a fiddly mechansims.
>
> The more correct way would be to attach the corresponding state
> directly to the kobject.
>
> Let me know if you want to give this a shot and I'll give an example.
Yes. I would like to give it a shot. I can take a look at the code
and determine when we can implement it.
No promises.
Jorge.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v6 4/4] Introduction of HP-BIOSCFG driver [4]
2023-04-02 0:47 ` Mark Pearson
@ 2023-04-03 20:44 ` Jorge Lopez
0 siblings, 0 replies; 18+ messages in thread
From: Jorge Lopez @ 2023-04-03 20:44 UTC (permalink / raw)
To: Mark Pearson
Cc: Thomas Weißschuh, Hans de Goede, platform-driver-x86, linux-kernel
Hi Mark,
Please see my comments below.
On Sat, Apr 1, 2023 at 7:48 PM Mark Pearson <mpearson-lenovo@squebb.ca> wrote:
>
> Hi Jorge,
>
> As I implemented similar on our platforms I have a couple of suggestions which may or may not be helpful.
>
> On Sat, Apr 1, 2023, at 7:58 AM, Thomas Weißschuh wrote:
> > Hi Jorge,
> >
> <snip>
> > On 2023-03-09 14:10:22-0600, Jorge Lopez wrote:
> <snip>
> >
> >> Many features of HP Commercial PC’s can be managed using Windows
> >> Management Instrumentation (WMI). WMI is an implementation of Web-Based
> >> Enterprise Management (WBEM) that provides a standards-based interface
> >> for changing and monitoring system settings. HP BISOCFG driver provides
> >> a native Linux solution and the exposed features facilitates the
> >> migration to Linux environments.
>
> I'd remove this paragraph personally - but as a minor note, typo in BISOCFG
>
> <snip>
> >>
> >> diff --git a/Documentation/ABI/testing/sysfs-class-firmware-attributes b/Documentation/ABI/testing/sysfs-class-firmware-attributes
> >> index 4cdba3477176..d1ae6b77da13 100644
> >> --- a/Documentation/ABI/testing/sysfs-class-firmware-attributes
> >> +++ b/Documentation/ABI/testing/sysfs-class-firmware-attributes
> <snip>
> >> @@ -126,6 +133,38 @@ Description:
> >> value will not be effective through sysfs until this rule is
> >> met.
> >>
> >> + HP specific class extensions
> >> + ------------------------------
> >> +
> >> + On HP systems the following additional attributes are available:
> >> +
> >> + "ordered-list"-type specific properties:
> >> +
> >> + elements:
> >> + A file that can be read to obtain the possible
> >> + list of values of the <attr>. Values are separated using
> >> + semi-colon (``;``). The order individual elements are listed
> >> + according to their priority. An Element listed first has the
> >> + hightest priority. Writing the list in a different order to
> >> + current_value alters the priority order for the particular
> >> + attribute.
>
> isn't this already covered in the 'possible_values' attribute - it's just a string of items? Curious as to when/how this would be used instead of possible_values (but I should probably read the code)
> Typo in 'hightest'.
Done. Possible values provides a list of values in any order.
elements in Ordered-list list items in level of priority such it is
case of list of boot order values.
>
> <snip>
> >
> >> +
> >> +
> >> What: /sys/class/firmware-attributes/*/authentication/
> >> Date: February 2021
> >> KernelVersion: 5.11
> >> @@ -206,7 +245,7 @@ Description:
> <snip>
> >> @@ -296,6 +335,15 @@ Description:
> >> echo "signature" > authentication/Admin/signature
> >> echo "password" > authentication/Admin/certificate_to_password
> >>
> >> + HP specific class extensions
> >> + --------------------------------
> >> +
> >> + On HP systems the following additional settings are available:
> >> +
> >> + role: enhanced-bios-auth:
> >> + This role is specific to Secure Platform Management (SPM) attribute.
> >> + It requires configuring an endorsement (kek) and signing certificate (sk).
> >> +
>
> Your implementation might be different on HP's; but on the Lenovo's this was still used along with the regular roles - it's just the authentication changed from password to a signature approach.
>
> Just checking that you really need a whole new role and that it isn't part of the existing role.
>
Unfortunately, we need a whole new role.
> <snip>
>
> >> + HP specific class extensions
> >> + --------------------------------
> >> +
> >> +What: /sys/class/firmware-attributes/*/authentication/SPM/kek
> >> +Date: March 29
> >> +KernelVersion: 5.18
> >> +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
> >> +Description: 'kek' is a write-only file that can be used to configure the
> >> + RSA public key that will be used by the BIOS to verify
> >> + signatures when setting the signing key. When written,
> >> + the bytes should correspond to the KEK certificate
> >> + (x509 .DER format containing an OU). The size of the
> >> + certificate must be less than or equal to 4095 bytes.
> >> +
> >> +
> >> +What: /sys/class/firmware-attributes/*/authentication/SPM/sk
> >> +Date: March 29
> >> +KernelVersion: 5.18
> >> +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
> >> +Description: 'sk' is a write-only file that can be used to configure the RSA
> >> + public key that will be used by the BIOS to verify signatures
> >> + when configuring BIOS settings and security features. When
> >> + written, the bytes should correspond to the modulus of the
> >> + public key. The exponent is assumed to be 0x10001.
> >
>
> I wondered if these could be combined with the signature and certificate fields that I implemented for the Lenovo platforms - and those be moved out of the Lenovo specific section and then made general (and optional)
The behavior with Secure Platform Manager requires having KEK and SK separate.
> kek looks like it corresponds to certificate and sk to signature?
> KEK - Key-Encryption-Key
SK - Signature Key
> >
> >> +
> >> +
> >> +What: /sys/class/firmware-attributes/*/attributes/last_error
> >> +Date: March 29
> >> +KernelVersion: 5.18
> >> +Contact: "Jorge Lopez" <jorge.lopez2@hp.com>
> >> +Description: 'last_error' is a read-only file that returns WMI error number
> >> + and message reported by last WMI command.
> >
> > Does this provide much value?
> > Or could this error just be logged via pr_warn_ratelimited()?
>
> This one seemed odd to me too - doesn't the driver return the error to the use on a failed WMI access?
>
It was intended for debug purposes and to determine if the failure was
reported because of WMI error. The WMI error is masked by the driver
and the error reported by WMI is lost.
for instance, WMI error 6 is reported by driver as -EINVAL.
This attribute will be removed and replaced by pr_warn().
Jorge.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v6 3/4] Introduction of HP-BIOSCFG driver [3]
2023-04-03 20:18 ` Jorge Lopez
@ 2023-04-04 16:32 ` Thomas Weißschuh
2023-04-11 15:45 ` Jorge Lopez
0 siblings, 1 reply; 18+ messages in thread
From: Thomas Weißschuh @ 2023-04-04 16:32 UTC (permalink / raw)
To: Jorge Lopez; +Cc: hdegoede, platform-driver-x86
On 2023-04-03 15:18:31-0500, Jorge Lopez wrote:
> Hi Thomas,
>
>
> >
> > Currently the driver stores all its state in driver-global static data.
> > The kobjects are stored without any state.
> > Inside the kobject attribute operations is some fiddly logic that tries
> > to figure out the corresponding state with a fiddly mechansims.
> >
> > The more correct way would be to attach the corresponding state
> > directly to the kobject.
> >
> > Let me know if you want to give this a shot and I'll give an example.
>
> Yes. I would like to give it a shot. I can take a look at the code
> and determine when we can implement it.
> No promises.
/* data for each kernel object */
struct bios_property {
/* This is *not* a pointer, it will be used by the core sysfs
* code framework to manage this "object" */
struct kobject kobj;
int instance_id; /* instance ID to pass to WMI functions */
/* common members to all properties */
u8 display_name[MAX_BUFF];
u8 path[MAX_BUFF];
/* all the other common stuff */
const struct *property_ops ops;
union {
struct string_property_data {
u8 current_value[MAX_BUFF];
u8 new_value[MAX_BUFF];
u32 min_length;
u32 max_length;
} string_data;
/* same for other data types... */
};
};
struct property_ops {
ssize_t (*show_current_value)(struct bios_property *, char *);
ssize_t (*store_current_value)(struct bios_property *, const char *, size_t);
};
static ssize_t string_property_show_current_value(struct bios_property *prop, char *buf)
{
/* or read from WMI. Does it need to be cached? */
return sysfs_emit(buf, prop->string_data.current_value);
}
ssize_t string_property_store_current_value(struct bios_property *prop, const char *buf, size_t count)
{
int ret;
if (strlen(buf) > prop->string_data.max_length)
return -ERANGE;
ret = do_string_specifc_wmi_stuff(buf, count);
if (ret)
return ret;
strcpy(prop->current_value, buf);
return count;
}
/* different show/store functionality per property type */
static const struct property_ops string_property_ops = {
.store_current_value = string_property_show_current_value,
.show_current_value = string_property_show_current_value,
};
struct bioscfg_attribute {
struct attribute attr;
ssize_t (*show)(struct bioscfg_prop *prop, char *buf);
ssize_t (*store)(struct bioscfg_prop *prop, const char *buf, size_t count);
};
/* this is one implementation for *all* property types */
static ssize_t display_name_show(struct bioscfg_prop *prop, char *buf)
{
return sysfs_emit(buf, prop->display_name);
}
static struct bioscfg_attribute display_name = __ATTR_RO(display_name);
/* and all the other ones */
/* this dispatches into the type-specific property handlers */
static ssize_t current_value_show(struct bioscfg_prop *prop, char *buf)
{
return prop->ops->show_current_value(prop, buf);
}
static struct bioscfg_attribute current_value = __ATTR(current_value);
static struct attribute *attrs[] = {
&display_name.attr,
/* other attrs here */
NULL
};
/* reflect read-only mode in sysfs */
static umode_t bioscfg_attr_is_visible(struct kobject *kobj, struct attribute *attr, int n)
{
struct bios_property *prop = container_of(kobj, struct bios_property, kobj);
if (attr == ¤t_value.attr && prop->read_only)
return attr->mode ^ 0222; /* clear writable bits */
return attr->mode;
}
static const struct attribute_group attr_group = {
.attrs = attrs,
.is_visible = bioscfg_attr_is_visible,
};
/* the following two functions dispatch from your the core kobj pointer
* to your custom callbacks operating on nice bioscfg_attribute
*/
static ssize_t bioscfg_attr_show(struct kobject *kobj, struct attribute *attr,
char *buf)
{
struct bioscfg_attribute *kattr;
ssize_t ret = -EIO;
kattr = container_of(attr, struct bioscfg_attribute, attr);
if (kattr->show)
ret = kattr->show(kobj, kattr, buf);
return ret;
}
static ssize_t bioscfg_attr_store(struct kobject *kobj, struct attribute *attr,
const char *buf, size_t count)
{
struct bioscfg_attribute *kattr;
ssize_t ret = -EIO;
kattr = container_of(attr, struct bioscfg_attribute, attr);
if (kattr->store)
ret = kattr->store(kobj, kattr, buf, count);
return ret;
}
static const struct sysfs_ops bioscfg_kobj_sysfs_ops = {
.show = bioscfg_attr_show,
.store = bioscfg_attr_store,
};
/* to hook this into the generic kobject machinery */
static const struct kobj_type bioscfg_kobj_type = {
.release = free_struct_bios_property,
.sysfs_ops = &bios_property_sysfs_ops,
.default_groups = attr_groups,
};
static int probe(void)
{
struct bios_property *prop;
for (each property discovered via WMI) {
prop = kzalloc(sizeof(*prop));
prop->readonly = is_read_only(property);
/* other common properties */
if (is_string_property(property)) {
prop->ops = string_property_ops;
prop->string_data.current_value = "";
/* other type-specific properties */
} else {
; /* and so on for other types */
}
kobject_init(&prop->kobj, &bioscfg_kobj_type);
kobject_add(&prop->kobj, parent, name);
}
/* Now all properties and their memory are managed by the kernel */
}
Instead of having one kobj_type for all properties it would also be
possible to create a new one for each. But I don't think it's worth it.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v6 3/4] Introduction of HP-BIOSCFG driver [3]
2023-04-04 16:32 ` Thomas Weißschuh
@ 2023-04-11 15:45 ` Jorge Lopez
0 siblings, 0 replies; 18+ messages in thread
From: Jorge Lopez @ 2023-04-11 15:45 UTC (permalink / raw)
To: Thomas Weißschuh; +Cc: hdegoede, platform-driver-x86
Thanks, I'll check it out.
On Tue, Apr 4, 2023 at 11:32 AM Thomas Weißschuh <thomas@t-8ch.de> wrote:
>
> On 2023-04-03 15:18:31-0500, Jorge Lopez wrote:
> > Hi Thomas,
> >
> >
> > >
> > > Currently the driver stores all its state in driver-global static data.
> > > The kobjects are stored without any state.
> > > Inside the kobject attribute operations is some fiddly logic that tries
> > > to figure out the corresponding state with a fiddly mechansims.
> > >
> > > The more correct way would be to attach the corresponding state
> > > directly to the kobject.
> > >
> > > Let me know if you want to give this a shot and I'll give an example.
> >
> > Yes. I would like to give it a shot. I can take a look at the code
> > and determine when we can implement it.
> > No promises.
>
> /* data for each kernel object */
> struct bios_property {
> /* This is *not* a pointer, it will be used by the core sysfs
> * code framework to manage this "object" */
> struct kobject kobj;
> int instance_id; /* instance ID to pass to WMI functions */
> /* common members to all properties */
> u8 display_name[MAX_BUFF];
> u8 path[MAX_BUFF];
> /* all the other common stuff */
>
> const struct *property_ops ops;
> union {
> struct string_property_data {
> u8 current_value[MAX_BUFF];
> u8 new_value[MAX_BUFF];
> u32 min_length;
> u32 max_length;
> } string_data;
> /* same for other data types... */
> };
> };
>
> struct property_ops {
> ssize_t (*show_current_value)(struct bios_property *, char *);
> ssize_t (*store_current_value)(struct bios_property *, const char *, size_t);
> };
>
> static ssize_t string_property_show_current_value(struct bios_property *prop, char *buf)
> {
> /* or read from WMI. Does it need to be cached? */
> return sysfs_emit(buf, prop->string_data.current_value);
> }
>
> ssize_t string_property_store_current_value(struct bios_property *prop, const char *buf, size_t count)
> {
> int ret;
>
> if (strlen(buf) > prop->string_data.max_length)
> return -ERANGE;
>
> ret = do_string_specifc_wmi_stuff(buf, count);
> if (ret)
> return ret;
>
> strcpy(prop->current_value, buf);
> return count;
> }
>
> /* different show/store functionality per property type */
> static const struct property_ops string_property_ops = {
> .store_current_value = string_property_show_current_value,
> .show_current_value = string_property_show_current_value,
> };
>
> struct bioscfg_attribute {
> struct attribute attr;
> ssize_t (*show)(struct bioscfg_prop *prop, char *buf);
> ssize_t (*store)(struct bioscfg_prop *prop, const char *buf, size_t count);
> };
>
> /* this is one implementation for *all* property types */
> static ssize_t display_name_show(struct bioscfg_prop *prop, char *buf)
> {
> return sysfs_emit(buf, prop->display_name);
> }
> static struct bioscfg_attribute display_name = __ATTR_RO(display_name);
>
> /* and all the other ones */
>
> /* this dispatches into the type-specific property handlers */
> static ssize_t current_value_show(struct bioscfg_prop *prop, char *buf)
> {
> return prop->ops->show_current_value(prop, buf);
> }
> static struct bioscfg_attribute current_value = __ATTR(current_value);
>
> static struct attribute *attrs[] = {
> &display_name.attr,
> /* other attrs here */
> NULL
> };
>
> /* reflect read-only mode in sysfs */
> static umode_t bioscfg_attr_is_visible(struct kobject *kobj, struct attribute *attr, int n)
> {
> struct bios_property *prop = container_of(kobj, struct bios_property, kobj);
>
> if (attr == ¤t_value.attr && prop->read_only)
> return attr->mode ^ 0222; /* clear writable bits */
> return attr->mode;
> }
>
> static const struct attribute_group attr_group = {
> .attrs = attrs,
> .is_visible = bioscfg_attr_is_visible,
> };
>
> /* the following two functions dispatch from your the core kobj pointer
> * to your custom callbacks operating on nice bioscfg_attribute
> */
> static ssize_t bioscfg_attr_show(struct kobject *kobj, struct attribute *attr,
> char *buf)
> {
> struct bioscfg_attribute *kattr;
> ssize_t ret = -EIO;
>
> kattr = container_of(attr, struct bioscfg_attribute, attr);
> if (kattr->show)
> ret = kattr->show(kobj, kattr, buf);
> return ret;
> }
>
> static ssize_t bioscfg_attr_store(struct kobject *kobj, struct attribute *attr,
> const char *buf, size_t count)
> {
> struct bioscfg_attribute *kattr;
> ssize_t ret = -EIO;
>
> kattr = container_of(attr, struct bioscfg_attribute, attr);
> if (kattr->store)
> ret = kattr->store(kobj, kattr, buf, count);
> return ret;
> }
>
> static const struct sysfs_ops bioscfg_kobj_sysfs_ops = {
> .show = bioscfg_attr_show,
> .store = bioscfg_attr_store,
> };
>
> /* to hook this into the generic kobject machinery */
> static const struct kobj_type bioscfg_kobj_type = {
> .release = free_struct_bios_property,
> .sysfs_ops = &bios_property_sysfs_ops,
> .default_groups = attr_groups,
> };
>
> static int probe(void)
> {
> struct bios_property *prop;
>
> for (each property discovered via WMI) {
> prop = kzalloc(sizeof(*prop));
> prop->readonly = is_read_only(property);
> /* other common properties */
> if (is_string_property(property)) {
> prop->ops = string_property_ops;
> prop->string_data.current_value = "";
> /* other type-specific properties */
> } else {
> ; /* and so on for other types */
> }
>
> kobject_init(&prop->kobj, &bioscfg_kobj_type);
> kobject_add(&prop->kobj, parent, name);
> }
>
> /* Now all properties and their memory are managed by the kernel */
> }
>
> Instead of having one kobj_type for all properties it would also be
> possible to create a new one for each. But I don't think it's worth it.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v6 1/4] Introduction of HP-BIOSCFG driver
2023-04-02 16:28 ` Thomas Weißschuh
@ 2023-04-12 19:37 ` Jorge Lopez
2023-04-14 15:19 ` Thomas Weißschuh
0 siblings, 1 reply; 18+ messages in thread
From: Jorge Lopez @ 2023-04-12 19:37 UTC (permalink / raw)
To: Thomas Weißschuh; +Cc: hdegoede, platform-driver-x86
Hi Thomas,
Please see my comments below.
On Sun, Apr 2, 2023 at 11:28 AM Thomas Weißschuh <thomas@t-8ch.de> wrote:
>
> Hi Jorge,
>
> below a few stylistic comments.
> These are very general and do not only affect the commented locations
> but the whole driver.
>
> That said these are not critical.
>
> First focus on removing dead code and nailing down the userspace API.
> Then it depends on your motivation.
>
> As said before I would focus on reducing the driver to the bare minimum
> that makes it usable, get it merged / clean it up and then re-add pieces
> bit-by-bit.
The driver functionality is the proposed basic functionality. There
are plans to provide additional support for Sure Recover (Security
component) which is planned to be added in future patches.
>
> I'll probably go over all the files again when I am more familiar with
> the driver.
>
> > + // append UTF_PREFIX to part and then convert it to unicode
> > + strprefix = kasprintf(GFP_KERNEL, "%s%s", UTF_PREFIX,
> > + authentication);
> > + if (!strprefix)
> > + goto out_populate_security_buffer;
> > +
> > + auth = ascii_to_utf16_unicode(auth, strprefix);
> > + }
> > +out_populate_security_buffer:
>
> There is no need to have the name of the function in the label.
>
> Just "out" would be enough.
>
> > +
> > + kfree(strprefix);
> > + strprefix = NULL;
>
> No need to clear stack variables.
I will clear stack variables across all files.
>
> > +}
> > +
> > +ssize_t update_spm_state(void)
> > +{
> > + int ret;
> > + struct secureplatform_provisioning_data *data = NULL;
> > +
> > + data = kmalloc(sizeof(struct secureplatform_provisioning_data),
> > + GFP_KERNEL);
>
> Use "sizeof(*data)". It's shorter and more robust.
Done!
> > +/*
> > + * statusbin - Reports SPM status in binary format
> > + *
> > + * @kobj: Pointer to a kernel object of things that show up as
> > + * directory in the sysfs filesystem.
> > + * @attr: Pointer to list of attributes for the operation
> > + * @buf: Pointer to buffer
>
> The parameters are the same for every attribute_show() function.
> No need to document them.
>
> Also if you document something use proper kerneldoc format:
> https://docs.kernel.org/doc-guide/kernel-doc.html
I will remove any unnecessary documentation.
>
> > + ret = sysfs_emit(buf, "%s\n",
> > + spm_mechanism_types[bioscfg_drv.spm_data.mechanism]);
> > + return ret;
>
> No need for the temporary variable:
It was an oversight. Done!
>
> > diff --git a/drivers/platform/x86/hp/hp-bioscfg/string-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
> > new file mode 100644
> > index 000000000000..79ec007fbcee
> > --- /dev/null
> > +++ b/drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
> > @@ -0,0 +1,459 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/*
> > + * Functions corresponding to string type attributes under
> > + * HP_WMI_BIOS_STRING_GUID for use with hp-bioscfg driver.
> > + *
> > + * Copyright (c) 2022 HP Development Company, L.P.
> > + */
> > +
> > +#include "bioscfg.h"
> > +
> > +#define WMI_STRING_TYPE "HPBIOS_BIOSString"
> > +
> > +get_instance_id(string);
>
> This is weird to read. It looks like a function declaration.
> maybe use DEFINE_GET_INSTANCE_ID(string).
>
get_instance_id part of a group of functions defined in bioscfg.h.
The sample was taken from another driver which declared it in
lowercase. I will change all functions names declared as a macro to
uppercase and update the names across all files. The main purpose for
those functions was to avoid duplicating the same functions across all
files.
> > +
> > +static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
> > +{
> > + ssize_t ret;
> > + int instance_id = get_string_instance_id(kobj);
> > +
> > + if (instance_id < 0)
> > + return -EIO;
> > +
> > + ret = sysfs_emit(buf, "%s\n",
> > + bioscfg_drv.string_data[instance_id].current_value);
> > +
> > + return ret;
> > +}
> > +
> > +/*
> > + * validate_string_input() -
> > + * Validate input of current_value against min and max lengths
> > + *
> > + * @instance_id: The instance on which input is validated
> > + * @buf: Input value
> > + */
> > +static int validate_string_input(int instance_id, const char *buf)
>
> Instead of passing around integer ids, that all the callees are using to
> look up some global data, it would be nicer to pass a pointer to the
> concrete instance struct to work on.
>
validate_string_input is part of the defined function
ATTRIBUTE_PROPERTY_STORE in bioscfg.h (line 457).
> This makes the code simpler and removes reference to global state all
> over the place.
>
Changing the values from int to pointer will add unnecessary overhead
since the instance ID is searched only once earlier in the process.
> > +{
> > + int in_len = strlen(buf);
> > +
> > + /* BIOS treats it as a read only attribute */
> > + if (bioscfg_drv.string_data[instance_id].is_readonly)
> > + return -EIO;
> > +
> > + if ((in_len < bioscfg_drv.string_data[instance_id].min_length) ||
> > + (in_len > bioscfg_drv.string_data[instance_id].max_length))
> > + return -EINVAL;
>
> -ERANGE?
>
Done!
> > +
> > + /*
> > + * set pending reboot flag depending on
> > + * "RequiresPhysicalPresence" value
> > + */
> > + if (bioscfg_drv.string_data[instance_id].requires_physical_presence)
> > + bioscfg_drv.pending_reboot = TRUE;
>
> Just use "true" or "false" instead of "TRUE" and "FALSE".
>
Done!
> > +}
> > +
> > +/* Expected Values types associated with each element */
> > +static acpi_object_type expected_string_types[] = {
>
> Seems this can be const.
Done!
>
> > + [NAME] = ACPI_TYPE_STRING,
> > + [VALUE] = ACPI_TYPE_STRING,
> > + [PATH] = ACPI_TYPE_STRING,
> > + [IS_READONLY] = ACPI_TYPE_INTEGER,
> > + [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER,
> > + [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER,
> > + [SEQUENCE] = ACPI_TYPE_INTEGER,
> > + [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER,
> > + [PREREQUISITES] = ACPI_TYPE_STRING,
> > + [SECURITY_LEVEL] = ACPI_TYPE_INTEGER,
> > + [STR_MIN_LENGTH] = ACPI_TYPE_INTEGER,
> > + [STR_MAX_LENGTH] = ACPI_TYPE_INTEGER
>
> *Do* add a trailing comma after a non end-of-list marker.
>
Done!
> > +void exit_string_attributes(void)
> > +{
> > + int instance_id;
> > +
> > + for (instance_id = 0; instance_id < bioscfg_drv.string_instances_count; instance_id++) {
>
> You can declare loop variables inside the loop. This saves a bunch of
> horizontal space.
>
> > + if (bioscfg_drv.string_data[instance_id].attr_name_kobj)
> > + sysfs_remove_group(bioscfg_drv.string_data[instance_id].attr_name_kobj,
> > + &string_attr_group);
> > + }
> > + bioscfg_drv.string_instances_count = 0;
> > +
> > + kfree(bioscfg_drv.string_data);
> > + bioscfg_drv.string_data = NULL;
> > +}
Done! I will keep that in mind when I review the remaining files.
> > diff --git a/drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
> > +static struct attribute *sure_start_attrs[] = {
> > + &sure_start_display_name.attr,
> > + &sure_start_display_langcode.attr,
> > + &sure_start_audit_log_entry_count.attr,
> > + &sure_start_audit_log_entries.attr,
> > + &sure_start_type.attr,
> > + NULL,
>
> No trailing comma after end-of-array marker.
Done!
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v6 1/4] Introduction of HP-BIOSCFG driver
2023-04-12 19:37 ` Jorge Lopez
@ 2023-04-14 15:19 ` Thomas Weißschuh
0 siblings, 0 replies; 18+ messages in thread
From: Thomas Weißschuh @ 2023-04-14 15:19 UTC (permalink / raw)
To: Jorge Lopez; +Cc: hdegoede, platform-driver-x86
Hi Jorge,
On 2023-04-12 14:37:45-0500, Jorge Lopez wrote:
> On Sun, Apr 2, 2023 at 11:28 AM Thomas Weißschuh <thomas@t-8ch.de> wrote:
> > Instead of passing around integer ids, that all the callees are using to
> > look up some global data, it would be nicer to pass a pointer to the
> > concrete instance struct to work on.
> >
>
> validate_string_input is part of the defined function
> ATTRIBUTE_PROPERTY_STORE in bioscfg.h (line 457).
>
> > This makes the code simpler and removes reference to global state all
> > over the place.
> >
> Changing the values from int to pointer will add unnecessary overhead
> since the instance ID is searched only once earlier in the process.
Is this overhead measurable? If it can't be measured and/or does not
make a difference, code clarity should always trump performance.
On the other hand if you think the current way is clearer just keep it
as is.
Thomas
^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2023-04-14 15:19 UTC | newest]
Thread overview: 18+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-09 20:10 [PATCH v6 0/4] Introduction of HP-BIOSCFG driver Jorge Lopez
2023-03-09 20:10 ` [PATCH v6 1/4] " Jorge Lopez
2023-04-02 16:28 ` Thomas Weißschuh
2023-04-12 19:37 ` Jorge Lopez
2023-04-14 15:19 ` Thomas Weißschuh
2023-03-09 20:10 ` [PATCH v6 2/4] Introduction of HP-BIOSCFG driver [2] Jorge Lopez
2023-03-09 20:10 ` [PATCH v6 3/4] Introduction of HP-BIOSCFG driver [3] Jorge Lopez
2023-04-02 17:01 ` Thomas Weißschuh
2023-04-03 20:18 ` Jorge Lopez
2023-04-04 16:32 ` Thomas Weißschuh
2023-04-11 15:45 ` Jorge Lopez
2023-03-09 20:10 ` [PATCH v6 4/4] Introduction of HP-BIOSCFG driver [4] Jorge Lopez
2023-04-01 11:58 ` Thomas Weißschuh
2023-04-02 0:47 ` Mark Pearson
2023-04-03 20:44 ` Jorge Lopez
2023-04-03 16:33 ` Jorge Lopez
2023-04-03 17:30 ` Thomas Weißschuh
2023-04-03 19:33 ` Jorge Lopez
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.