2023-05-05 22:04:26

by Jorge Lopez

[permalink] [raw]
Subject: [PATCH v12 00/13] HP BIOSCFG driver

HP BIOS Configuration driver purpose is to provide a driver supporting
the latest sysfs class firmware attributes framework allowing the user
to change BIOS settings and security solutions on HP Inc.’s commercial
notebooks.

Many features of HP Commercial notebooks can be managed using Windows
Management Instrumentation (WMI). WMI is an implementation of Web-Based
Enterprise Management (WBEM) that provides a standards-based interface
for changing and monitoring system settings. HP BIOSCFG driver provides
a native Linux solution and the exposed features facilitates the
migration to Linux environments.

The Linux security features to be provided in hp-bioscfg driver enables
managing the BIOS settings and security solutions via sysfs, a virtual
filesystem that can be used by user-mode applications. The new
documentation cover HP-specific firmware sysfs attributes such Secure
Platform Management and Sure Start. Each section provides security
feature description and identifies sysfs directories and files exposed
by the driver.

Many HP Commercial notebooks include a feature called Secure Platform
Management (SPM), which replaces older password-based BIOS settings
management with public key cryptography. PC secure product management
begins when a target system is provisioned with cryptographic keys
that are used to ensure the integrity of communications between system
management utilities and the BIOS.

HP Commercial notebooks have several BIOS settings that control its
behaviour and capabilities, many of which are related to security.
To prevent unauthorized changes to these settings, the system can
be configured to use a cryptographic signature-based authorization
string that the BIOS will use to verify authorization to modify the
setting.

Linux Security components are under development and not published yet.
The only linux component is the driver (hp bioscfg) at this time.
Other published security components are under Windows.

Signed-off-by: Jorge Lopez <[email protected]>

---
Based on the latest platform-drivers-x86.git/for-next

History

Version 12
Only patches marked [update] changed between version 11 and 12

Patches
Documentation [update]
biosattr-interface [update]
bioscfg [update]
int-attributes [update]
ordered-attributes [update]
passwdobj-attributes [deleted]
string-attributes [update]
bioscfg-h [update]
enum-attributes [update]
passwdattr-interface [update]
spmobj-attributes [update]
surestart-attributes [update]
Makefile ../hp/Makefile ../hp/Kconfig [update]
MAINTAINERS


Version 11
Only patches marked [update] changed between version 10 and 11

Patches
Documentation
biosattr-interface [update]
bioscfg
int-attributes
ordered-attributes
passwdobj-attributes [update]
string-attributes
bioscfg-h
enum-attributes
passwdattr-interface
spmobj-attributes [update]
surestart-attributes [update]
Makefile ../hp/Makefile ../hp/Kconfig
MAINTAINERS

Version 10
Break down changes to single files per patch
Removed SPM/statusbin support
Patches
Documentation
biosattr-interface
bioscfg
int-attributes
ordered-attributes
passwdobj-attributes
string-attributes
bioscfg-h
enum-attributes
passwdattr-interface
spmobj-attributes
surestart-attributes
Makefile ../hp/Makefile ../hp/Kconfig
MAINTAINERS

Version 9
Includes only sysfs-class-firmware-attributes documentation

Version 8
Includes only sysfs-class-firmware-attributes documentation

Version 7
Includes only sysfs-class-firmware-attributes documentation

Version 6
Breaks down the changes into 4 patches
SureAdmin-attributes was removed

Version 5
Remove version 4 patch 1
Address review changes proposed in Version 4
Reorganize all patches number and file order


Jorge Lopez (13):
HP BIOSCFG driver - Documentation
HP BIOSCFG driver - biosattr-interface
HP BIOSCFG driver - bioscfg
HP BIOSCFG driver - int-attributes
HP BIOSCFG driver - ordered-attributes
HP BIOSCFG driver - passwdobj-attributes
HP BIOSCFG driver - string-attributes
HP BIOSCFG driver - bioscfg-h
HP BIOSCFG driver - enum-attributes
HP BIOSCFG driver - spmobj-attributes
HP BIOSCFG driver - surestart-attributes
HP BIOSCFG driver - Makefile
HP BIOSCFG driver - MAINTAINERS

.../testing/sysfs-class-firmware-attributes | 117 ++-
MAINTAINERS | 6 +
drivers/platform/x86/hp/Kconfig | 16 +
drivers/platform/x86/hp/Makefile | 1 +
drivers/platform/x86/hp/hp-bioscfg/Makefile | 12 +
.../x86/hp/hp-bioscfg/biosattr-interface.c | 319 ++++++
drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 982 ++++++++++++++++++
drivers/platform/x86/hp/hp-bioscfg/bioscfg.h | 523 ++++++++++
.../x86/hp/hp-bioscfg/enum-attributes.c | 482 +++++++++
.../x86/hp/hp-bioscfg/int-attributes.c | 448 ++++++++
.../x86/hp/hp-bioscfg/ordered-attributes.c | 443 ++++++++
.../x86/hp/hp-bioscfg/passwdobj-attributes.c | 584 +++++++++++
.../x86/hp/hp-bioscfg/spmobj-attributes.c | 381 +++++++
.../x86/hp/hp-bioscfg/string-attributes.c | 415 ++++++++
.../x86/hp/hp-bioscfg/surestart-attributes.c | 133 +++
15 files changed, 4860 insertions(+), 2 deletions(-)
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/Makefile
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.c
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c

--
2.34.1


2023-05-05 22:04:49

by Jorge Lopez

[permalink] [raw]
Subject: [PATCH v12 04/13] HP BIOSCFG driver - int-attributes

HP BIOS Configuration driver purpose is to provide a driver supporting
the latest sysfs class firmware attributes framework allowing the user
to change BIOS settings and security solutions on HP Inc.’s commercial
notebooks.

Many features of HP Commercial notebooks can be managed using Windows
Management Instrumentation (WMI). WMI is an implementation of Web-Based
Enterprise Management (WBEM) that provides a standards-based interface
for changing and monitoring system settings. HP BIOSCFG driver provides
a native Linux solution and the exposed features facilitates the
migration to Linux environments.

The Linux security features to be provided in hp-bioscfg driver enables
managing the BIOS settings and security solutions via sysfs, a virtual
filesystem that can be used by user-mode applications. The new
documentation cover HP-specific firmware sysfs attributes such Secure
Platform Management and Sure Start. Each section provides security
feature description and identifies sysfs directories and files exposed
by the driver.

Many HP Commercial notebooks include a feature called Secure Platform
Management (SPM), which replaces older password-based BIOS settings
management with public key cryptography. PC secure product management
begins when a target system is provisioned with cryptographic keys
that are used to ensure the integrity of communications between system
management utilities and the BIOS.

HP Commercial notebooks have several BIOS settings that control its
behaviour and capabilities, many of which are related to security.
To prevent unauthorized changes to these settings, the system can
be configured to use a cryptographic signature-based authorization
string that the BIOS will use to verify authorization to modify the
setting.

Linux Security components are under development and not published yet.
The only linux component is the driver (hp bioscfg) at this time.
Other published security components are under Windows.

Signed-off-by: Jorge Lopez <[email protected]>

---
Based on the latest platform-drivers-x86.git/for-next
---
.../x86/hp/hp-bioscfg/int-attributes.c | 448 ++++++++++++++++++
1 file changed, 448 insertions(+)
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/int-attributes.c

diff --git a/drivers/platform/x86/hp/hp-bioscfg/int-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
new file mode 100644
index 000000000000..1395043d5c9f
--- /dev/null
+++ b/drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
@@ -0,0 +1,448 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Functions corresponding to integer type attributes under
+ * BIOS Enumeration GUID for use with hp-bioscfg driver.
+ *
+ * Copyright (c) 2022 Hewlett-Packard Inc.
+ */
+
+#include "bioscfg.h"
+
+GET_INSTANCE_ID(integer);
+
+static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
+{
+ int instance_id = get_integer_instance_id(kobj);
+
+ if (instance_id < 0)
+ return -EIO;
+
+ return sysfs_emit(buf, "%d\n",
+ bioscfg_drv.integer_data[instance_id].current_value);
+}
+
+/*
+ * validate_integer_input() -
+ * Validate input of current_value against lower and upper bound
+ *
+ * @instance_id: The instance on which input is validated
+ * @buf: Input value
+ */
+static int validate_integer_input(int instance_id, char *buf)
+{
+ int in_val;
+ int ret;
+ struct integer_data *integer_data = &bioscfg_drv.integer_data[instance_id];
+
+ /* BIOS treats it as a read only attribute */
+ if (integer_data->common.is_readonly)
+ return -EIO;
+
+ ret = kstrtoint(buf, 10, &in_val);
+ if (ret < 0)
+ return ret;
+
+ if (in_val < integer_data->lower_bound ||
+ in_val > integer_data->upper_bound)
+ return -ERANGE;
+
+ /*
+ * set pending reboot flag depending on
+ * "RequiresPhysicalPresence" value
+ */
+ if (integer_data->common.requires_physical_presence)
+ set_reboot_and_signal_event();
+ return 0;
+}
+
+static void update_integer_value(int instance_id, char *attr_value)
+{
+ int in_val;
+ int ret;
+ struct integer_data *integer_data = &bioscfg_drv.integer_data[instance_id];
+
+ ret = kstrtoint(attr_value, 10, &in_val);
+ if (ret == 0)
+ integer_data->current_value = in_val;
+ else
+ pr_warn("Invalid integer value found: %s\n", attr_value);
+}
+
+ATTRIBUTE_S_COMMON_PROPERTY_SHOW(display_name_language_code, integer);
+static struct kobj_attribute integer_display_langcode =
+ __ATTR_RO(display_name_language_code);
+
+ATTRIBUTE_S_COMMON_PROPERTY_SHOW(display_name, integer);
+static struct kobj_attribute integer_display_name =
+ __ATTR_RO(display_name);
+
+ATTRIBUTE_PROPERTY_STORE(current_value, integer);
+static struct kobj_attribute integer_current_val =
+ __ATTR_RW_MODE(current_value, 0644);
+
+ATTRIBUTE_N_PROPERTY_SHOW(lower_bound, integer);
+static struct kobj_attribute integer_lower_bound =
+ __ATTR_RO(lower_bound);
+
+ATTRIBUTE_N_PROPERTY_SHOW(upper_bound, integer);
+static struct kobj_attribute integer_upper_bound =
+ __ATTR_RO(upper_bound);
+
+ATTRIBUTE_N_PROPERTY_SHOW(scalar_increment, integer);
+static struct kobj_attribute integer_scalar_increment =
+ __ATTR_RO(scalar_increment);
+
+static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
+ char *buf)
+{
+ return sysfs_emit(buf, "integer\n");
+}
+
+static struct kobj_attribute integer_type =
+ __ATTR_RO(type);
+
+static struct attribute *integer_attrs[] = {
+ &integer_display_langcode.attr,
+ &integer_display_name.attr,
+ &integer_current_val.attr,
+ &integer_lower_bound.attr,
+ &integer_upper_bound.attr,
+ &integer_scalar_increment.attr,
+ &integer_type.attr,
+ NULL,
+};
+
+static const struct attribute_group integer_attr_group = {
+ .attrs = integer_attrs,
+};
+
+int alloc_integer_data(void)
+{
+ bioscfg_drv.integer_instances_count = get_instance_count(HP_WMI_BIOS_INTEGER_GUID);
+ bioscfg_drv.integer_data = kcalloc(bioscfg_drv.integer_instances_count,
+ sizeof(struct integer_data), GFP_KERNEL);
+
+ if (!bioscfg_drv.integer_data) {
+ bioscfg_drv.integer_instances_count = 0;
+ return -ENOMEM;
+ }
+ return 0;
+}
+
+/* Expected Values types associated with each element */
+static const acpi_object_type expected_integer_types[] = {
+ [NAME] = ACPI_TYPE_STRING,
+ [VALUE] = ACPI_TYPE_STRING,
+ [PATH] = ACPI_TYPE_STRING,
+ [IS_READONLY] = ACPI_TYPE_INTEGER,
+ [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER,
+ [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER,
+ [SEQUENCE] = ACPI_TYPE_INTEGER,
+ [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER,
+ [PREREQUISITES] = ACPI_TYPE_STRING,
+ [SECURITY_LEVEL] = ACPI_TYPE_INTEGER,
+ [INT_LOWER_BOUND] = ACPI_TYPE_INTEGER,
+ [INT_UPPER_BOUND] = ACPI_TYPE_INTEGER,
+ [INT_SCALAR_INCREMENT] = ACPI_TYPE_INTEGER,
+};
+
+/*
+ * populate_int_data() -
+ * Populate all properties of an instance under integer attribute
+ *
+ * @integer_obj: ACPI object with integer data
+ * @instance_id: The instance to enumerate
+ * @attr_name_kobj: The parent kernel object
+ */
+int populate_integer_package_data(union acpi_object *integer_obj,
+ int instance_id,
+ struct kobject *attr_name_kobj)
+{
+ struct integer_data *integer_data = &bioscfg_drv.integer_data[instance_id];
+
+ integer_data->attr_name_kobj = attr_name_kobj;
+ populate_integer_elements_from_package(integer_obj,
+ integer_obj->package.count,
+ instance_id);
+ update_attribute_permissions(integer_data->common.is_readonly,
+ &integer_current_val);
+ friendly_user_name_update(integer_data->common.path,
+ attr_name_kobj->name,
+ integer_data->common.display_name,
+ sizeof(integer_data->common.display_name));
+ return sysfs_create_group(attr_name_kobj, &integer_attr_group);
+}
+
+int populate_integer_elements_from_package(union acpi_object *integer_obj,
+ int integer_obj_count,
+ int instance_id)
+{
+ char *str_value = NULL;
+ int value_len;
+ int ret;
+ u32 int_value;
+ int elem;
+ int reqs;
+ int eloc;
+ struct integer_data *integer_data = &bioscfg_drv.integer_data[instance_id];
+
+ if (!integer_obj)
+ return -EINVAL;
+
+ strscpy(integer_data->common.display_name_language_code,
+ LANG_CODE_STR,
+ sizeof(integer_data->common.display_name_language_code));
+
+ for (elem = 1, eloc = 1; elem < integer_obj_count; elem++, eloc++) {
+ /* ONLY look at the first INTEGER_ELEM_CNT elements */
+ if (eloc == INT_ELEM_CNT)
+ goto exit_integer_package;
+
+ switch (integer_obj[elem].type) {
+ case ACPI_TYPE_STRING:
+
+ if (elem != PREREQUISITES) {
+ ret = convert_hexstr_to_str(integer_obj[elem].string.pointer,
+ integer_obj[elem].string.length,
+ &str_value, &value_len);
+ if (ret)
+ continue;
+ }
+ break;
+ case ACPI_TYPE_INTEGER:
+ int_value = (u32)integer_obj[elem].integer.value;
+ break;
+ default:
+ pr_warn("Unsupported object type [%d]\n", integer_obj[elem].type);
+ continue;
+ }
+ /* Check that both expected and read object type match */
+ if (expected_integer_types[eloc] != integer_obj[elem].type) {
+ pr_err("Error expected type %d for elem %d, but got type %d instead\n",
+ expected_integer_types[eloc], elem, integer_obj[elem].type);
+ return -EIO;
+ }
+ /* Assign appropriate element value to corresponding field*/
+ switch (eloc) {
+ case VALUE:
+ ret = kstrtoint(str_value, 10, &int_value);
+ if (ret)
+ continue;
+
+ integer_data->current_value = int_value;
+ break;
+ case PATH:
+ strscpy(integer_data->common.path, str_value,
+ sizeof(integer_data->common.path));
+ break;
+ case IS_READONLY:
+ integer_data->common.is_readonly = int_value;
+ break;
+ case DISPLAY_IN_UI:
+ integer_data->common.display_in_ui = int_value;
+ break;
+ case REQUIRES_PHYSICAL_PRESENCE:
+ integer_data->common.requires_physical_presence = int_value;
+ break;
+ case SEQUENCE:
+ integer_data->common.sequence = int_value;
+ break;
+ case PREREQUISITES_SIZE:
+ if (integer_data->common.prerequisites_size > MAX_PREREQUISITES_SIZE)
+ pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
+ /*
+ * This HACK is needed to keep the expected
+ * element list pointing to the right obj[elem].type
+ * when the size is zero. PREREQUISITES
+ * object is omitted by BIOS when the size is
+ * zero.
+ */
+ if (integer_data->common.prerequisites_size == 0)
+ eloc++;
+ break;
+ case PREREQUISITES:
+ for (reqs = 0;
+ reqs < integer_data->common.prerequisites_size &&
+ reqs < MAX_PREREQUISITES_SIZE;
+ reqs++) {
+ if (elem >= integer_obj_count) {
+ pr_err("Error elem-objects package is too small\n");
+ return -EINVAL;
+ }
+
+ ret = convert_hexstr_to_str(integer_obj[elem + reqs].string.pointer,
+ integer_obj[elem + reqs].string.length,
+ &str_value, &value_len);
+
+ if (ret)
+ continue;
+
+ strscpy(integer_data->common.prerequisites[reqs],
+ str_value,
+ sizeof(integer_data->common.prerequisites[reqs]));
+ kfree(str_value);
+ }
+ break;
+
+ case SECURITY_LEVEL:
+ integer_data->common.security_level = int_value;
+ break;
+ case INT_LOWER_BOUND:
+ integer_data->lower_bound = int_value;
+ break;
+ case INT_UPPER_BOUND:
+ integer_data->upper_bound = int_value;
+ break;
+ case INT_SCALAR_INCREMENT:
+ integer_data->scalar_increment = int_value;
+ break;
+ default:
+ pr_warn("Invalid element: %d found in Integer attribute or data may be malformed\n", elem);
+ break;
+ }
+ }
+exit_integer_package:
+ kfree(str_value);
+ return 0;
+}
+
+/*
+ * populate_integer_buffer_data() -
+ * Populate all properties of an instance under integer attribute
+ *
+ * @buffer_ptr: Buffer pointer
+ * @buffer_size: Buffer size
+ * @instance_id: The instance to enumerate
+ * @attr_name_kobj: The parent kernel object
+ */
+int populate_integer_buffer_data(u8 *buffer_ptr, u32 *buffer_size, int instance_id,
+ struct kobject *attr_name_kobj)
+{
+ struct integer_data *integer_data = &bioscfg_drv.integer_data[instance_id];
+
+ integer_data->attr_name_kobj = attr_name_kobj;
+
+ /* Populate integer elements */
+ populate_integer_elements_from_buffer(buffer_ptr, buffer_size,
+ instance_id);
+ update_attribute_permissions(integer_data->common.is_readonly,
+ &integer_current_val);
+ friendly_user_name_update(integer_data->common.path,
+ attr_name_kobj->name,
+ integer_data->common.display_name,
+ sizeof(integer_data->common.display_name));
+
+ return sysfs_create_group(attr_name_kobj, &integer_attr_group);
+}
+
+int populate_integer_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
+ int instance_id)
+{
+ char *dst = NULL;
+ int reqs;
+ int ret;
+ int dst_size = *buffer_size / sizeof(u16);
+ struct integer_data *integer_data = &bioscfg_drv.integer_data[instance_id];
+
+ dst = kcalloc(dst_size, sizeof(char), GFP_KERNEL);
+ if (!dst)
+ return -ENOMEM;
+
+ strscpy(integer_data->common.display_name_language_code,
+ LANG_CODE_STR,
+ sizeof(integer_data->common.display_name_language_code));
+ /*
+ * Only data relevant to this driver and its functionality is
+ * read. BIOS defines the order in which each * element is
+ * read. Element 0 data is not relevant to this
+ * driver hence it is ignored. For clarity, all element names
+ * (DISPLAY_IN_UI) which defines the order in which is read
+ * and the name matches the variable where the data is stored.
+ */
+
+ // VALUE:
+ get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
+ ret = kstrtoint(dst, 10, &integer_data->current_value);
+ if (ret)
+ pr_warn("Unable to convert string to integer: %s\n", dst);
+
+ // PATH:
+ get_string_from_buffer(&buffer_ptr, buffer_size, integer_data->common.path,
+ sizeof(integer_data->common.path));
+
+ // IS_READONLY:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &integer_data->common.is_readonly);
+
+ //DISPLAY_IN_UI:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &integer_data->common.display_in_ui);
+
+ // REQUIRES_PHYSICAL_PRESENCE:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &integer_data->common.requires_physical_presence);
+
+ // SEQUENCE:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &integer_data->common.sequence);
+
+ // PREREQUISITES_SIZE:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &integer_data->common.prerequisites_size);
+
+ if (integer_data->common.prerequisites_size > MAX_PREREQUISITES_SIZE) {
+ /* Report a message and limit prerequisite size to maximum value */
+ pr_warn("Integer Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
+ integer_data->common.prerequisites_size = MAX_PREREQUISITES_SIZE;
+ }
+
+ // PREREQUISITES:
+ for (reqs = 0;
+ reqs < integer_data->common.prerequisites_size && reqs < MAX_PREREQUISITES_SIZE;
+ reqs++)
+ get_string_from_buffer(&buffer_ptr, buffer_size,
+ integer_data->common.prerequisites[reqs],
+ sizeof(integer_data->common.prerequisites[reqs]));
+
+ // SECURITY_LEVEL:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &integer_data->common.security_level);
+
+ // INT_LOWER_BOUND:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &integer_data->lower_bound);
+
+ // INT_UPPER_BOUND:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &integer_data->upper_bound);
+
+ // INT_SCALAR_INCREMENT:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &integer_data->scalar_increment);
+
+ kfree(dst);
+ return 0;
+}
+
+/*
+ * exit_integer_attributes() - Clear all attribute data
+ *
+ * Clears all data allocated for this group of attributes
+ */
+void exit_integer_attributes(void)
+{
+ int instance_id;
+
+ for (instance_id = 0; instance_id < bioscfg_drv.integer_instances_count;
+ instance_id++) {
+ struct kobject *attr_name_kobj =
+ bioscfg_drv.integer_data[instance_id].attr_name_kobj;
+
+ if (attr_name_kobj)
+ sysfs_remove_group(attr_name_kobj, &integer_attr_group);
+ }
+ bioscfg_drv.integer_instances_count = 0;
+
+ kfree(bioscfg_drv.integer_data);
+ bioscfg_drv.integer_data = NULL;
+}
--
2.34.1

2023-05-05 22:06:01

by Jorge Lopez

[permalink] [raw]
Subject: [PATCH v12 08/13] HP BIOSCFG driver - bioscfg-h

HP BIOS Configuration driver purpose is to provide a driver supporting
the latest sysfs class firmware attributes framework allowing the user
to change BIOS settings and security solutions on HP Inc.’s commercial
notebooks.

Many features of HP Commercial notebooks can be managed using Windows
Management Instrumentation (WMI). WMI is an implementation of Web-Based
Enterprise Management (WBEM) that provides a standards-based interface
for changing and monitoring system settings. HP BIOSCFG driver provides
a native Linux solution and the exposed features facilitates the
migration to Linux environments.

The Linux security features to be provided in hp-bioscfg driver enables
managing the BIOS settings and security solutions via sysfs, a virtual
filesystem that can be used by user-mode applications. The new
documentation cover HP-specific firmware sysfs attributes such Secure
Platform Management and Sure Start. Each section provides security
feature description and identifies sysfs directories and files exposed
by the driver.

Many HP Commercial notebooks include a feature called Secure Platform
Management (SPM), which replaces older password-based BIOS settings
management with public key cryptography. PC secure product management
begins when a target system is provisioned with cryptographic keys
that are used to ensure the integrity of communications between system
management utilities and the BIOS.

HP Commercial notebooks have several BIOS settings that control its
behaviour and capabilities, many of which are related to security.
To prevent unauthorized changes to these settings, the system can
be configured to use a cryptographic signature-based authorization
string that the BIOS will use to verify authorization to modify the
setting.

Linux Security components are under development and not published yet.
The only linux component is the driver (hp bioscfg) at this time.
Other published security components are under Windows.

Signed-off-by: Jorge Lopez <[email protected]>

---
Based on the latest platform-drivers-x86.git/for-next
---
drivers/platform/x86/hp/hp-bioscfg/bioscfg.h | 523 +++++++++++++++++++
1 file changed, 523 insertions(+)
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.h

diff --git a/drivers/platform/x86/hp/hp-bioscfg/bioscfg.h b/drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
new file mode 100644
index 000000000000..f27667d7ba9f
--- /dev/null
+++ b/drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
@@ -0,0 +1,523 @@
+/* SPDX-License-Identifier: GPL-2.0
+ *
+ * Definitions for kernel modules using hp_bioscfg driver
+ *
+ * Copyright (c) 2022 HP Development Company, L.P.
+ */
+
+#ifndef _HP_BIOSCFG_H_
+#define _HP_BIOSCFG_H_
+
+#include <linux/wmi.h>
+#include <linux/types.h>
+#include <linux/device.h>
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/capability.h>
+#include <linux/nls.h>
+
+#define DRIVER_NAME "hp-bioscfg"
+
+#define MAX_BUFF 512
+#define MAX_KEY_MOD 256
+#define MAX_PASSWD_SIZE 64
+#define MAX_MESSAGE_SIZE 256
+#define MAX_PREREQUISITES_SIZE 20
+#define MAX_REQ_ELEM_SIZE 128
+#define MAX_VALUES_SIZE 16
+#define MAX_ENCODINGS_SIZE 16
+#define MAX_ELEMENTS_SIZE 16
+
+#define SPM_STR_DESC "Secure Platform Management"
+#define SPM_STR "SPM"
+#define SURE_START_DESC "Sure Start"
+#define SURE_START_STR "Sure_Start"
+#define SETUP_PASSWD "Setup Password"
+#define POWER_ON_PASSWD "Power-On Password"
+
+#define LANG_CODE_STR "en_US.UTF-8"
+#define SCHEDULE_POWER_ON "Scheduled Power-On"
+
+#define COMMA_SEP ","
+#define SEMICOLON_SEP ";"
+
+/* Sure Admin Functions */
+
+#define UTF_PREFIX "<utf-16/>"
+#define BEAM_PREFIX "<BEAM/>"
+
+/* mechanism - Authentication attribute */
+
+#define MAX_MECHANISM_TYPES 3
+
+enum mechanism_values {
+ PASSWORD = 0x00,
+ NOT_PROVISION = 0x00,
+ SIGNING_KEY = 0x01,
+ ENDORSEMENT_KEY = 0x02,
+};
+
+#define BIOS_ADMIN "bios-admin"
+#define POWER_ON "power-on"
+#define BIOS_SPM "enhanced-bios-auth"
+
+#define PASSWD_MECHANISM_TYPES "password"
+
+#define HP_WMI_BIOS_GUID "5FB7F034-2C63-45e9-BE91-3D44E2C707E4"
+
+#define HP_WMI_BIOS_STRING_GUID "988D08E3-68F4-4c35-AF3E-6A1B8106F83C"
+#define HP_WMI_BIOS_INTEGER_GUID "8232DE3D-663D-4327-A8F4-E293ADB9BF05"
+#define HP_WMI_BIOS_ENUMERATION_GUID "2D114B49-2DFB-4130-B8FE-4A3C09E75133"
+#define HP_WMI_BIOS_ORDERED_LIST_GUID "14EA9746-CE1F-4098-A0E0-7045CB4DA745"
+#define HP_WMI_BIOS_PASSWORD_GUID "322F2028-0F84-4901-988E-015176049E2D"
+#define HP_WMI_SET_BIOS_SETTING_GUID "1F4C91EB-DC5C-460b-951D-C7CB9B4B8D5E"
+
+enum hp_wmi_spm_commandtype {
+ HPWMI_SECUREPLATFORM_GET_STATE = 0x10,
+ HPWMI_SECUREPLATFORM_SET_KEK = 0x11,
+ HPWMI_SECUREPLATFORM_SET_SK = 0x12,
+};
+
+enum hp_wmi_surestart_commandtype {
+ HPWMI_SURESTART_GET_LOG_COUNT = 0x01,
+ HPWMI_SURESTART_GET_LOG = 0x02,
+};
+
+enum hp_wmi_command {
+ HPWMI_READ = 0x01,
+ HPWMI_WRITE = 0x02,
+ HPWMI_ODM = 0x03,
+ HPWMI_SURESTART = 0x20006,
+ HPWMI_GM = 0x20008,
+ HPWMI_SECUREPLATFORM = 0x20010,
+};
+
+struct bios_return {
+ u32 sigpass;
+ u32 return_code;
+};
+
+enum wmi_error_values {
+ SUCCESS = 0x00,
+ CMD_FAILED = 0x01,
+ INVALID_SIGN = 0x02,
+ INVALID_CMD_VALUE = 0x03,
+ INVALID_CMD_TYPE = 0x04,
+ INVALID_DATA_SIZE = 0x05,
+ INVALID_CMD_PARAM = 0x06,
+ ENCRYP_CMD_REQUIRED = 0x07,
+ NO_SECURE_SESSION = 0x08,
+ SECURE_SESSION_FOUND = 0x09,
+ SECURE_SESSION_FAILED = 0x0A,
+ AUTH_FAILED = 0x0B,
+ INVALID_BIOS_AUTH = 0x0E,
+ NONCE_DID_NOT_MATCH = 0x18,
+ GENERIC_ERROR = 0x1C,
+ BIOS_ADMIN_POLICY_NOT_MET = 0x28,
+ BIOS_ADMIN_NOT_SET = 0x38,
+ P21_NO_PROVISIONED = 0x1000,
+ P21_PROVISION_IN_PROGRESS = 0x1001,
+ P21_IN_USE = 0x1002,
+ HEP_NOT_ACTIVE = 0x1004,
+ HEP_ALREADY_SET = 0x1006,
+ HEP_CHECK_STATE = 0x1007,
+};
+
+enum spm_features {
+ HEP_ENABLED = 0x01,
+ PLATFORM_RECOVERY = 0x02,
+ ENHANCED_BIOS_AUTH_MODE = 0x04,
+};
+
+enum spm_states_values {
+ NOT_PROVISIONED = 0x00,
+ PROVISIONED = 0x01,
+ PROVISIONING_IN_PROGRESS = 0x02,
+};
+
+struct common_data {
+ u8 display_name[MAX_BUFF];
+ u8 path[MAX_BUFF];
+ u32 is_readonly;
+ u32 display_in_ui;
+ u32 requires_physical_presence;
+ u32 sequence;
+ u32 prerequisites_size;
+ u8 prerequisites[MAX_PREREQUISITES_SIZE][MAX_BUFF];
+ u32 security_level;
+ u8 display_name_language_code[MAX_BUFF];
+};
+
+struct string_data {
+ struct common_data common;
+ struct kobject *attr_name_kobj;
+ u8 current_value[MAX_BUFF];
+ u8 new_value[MAX_BUFF];
+ u32 min_length;
+ u32 max_length;
+};
+
+struct integer_data {
+ struct common_data common;
+ struct kobject *attr_name_kobj;
+ u32 current_value;
+ u32 new_value;
+ u32 lower_bound;
+ u32 upper_bound;
+ u32 scalar_increment;
+};
+
+struct enumeration_data {
+ struct common_data common;
+ struct kobject *attr_name_kobj;
+ u8 current_value[MAX_BUFF];
+ u8 new_value[MAX_BUFF];
+ u32 possible_values_size;
+ u8 possible_values[MAX_VALUES_SIZE][MAX_BUFF];
+};
+
+struct ordered_list_data {
+ struct common_data common;
+ struct kobject *attr_name_kobj;
+ u8 current_value[MAX_BUFF];
+ u8 new_value[MAX_BUFF];
+ u32 elements_size;
+ u8 elements[MAX_ELEMENTS_SIZE][MAX_BUFF];
+};
+
+struct password_data {
+ struct common_data common;
+ struct kobject *attr_name_kobj;
+ u8 current_password[MAX_PASSWD_SIZE];
+ u8 new_password[MAX_PASSWD_SIZE];
+ u32 min_password_length;
+ u32 max_password_length;
+ u32 encodings_size;
+ u8 encodings[MAX_ENCODINGS_SIZE][MAX_BUFF];
+ u32 is_enabled;
+
+ // 'bios-admin' 'power-on'
+ u32 role;
+
+ //'password'
+ u32 mechanism;
+};
+
+struct secure_platform_data {
+ struct kobject *attr_name_kobj;
+ u8 attribute_name[MAX_BUFF];
+ u8 *endorsement_key;
+ u8 *signing_key;
+ u8 *auth_token;
+ u32 is_enabled;
+ u32 mechanism;
+};
+
+struct bioscfg_priv {
+ struct wmi_device *bios_attr_wdev;
+ struct kset *authentication_dir_kset;
+ struct kset *main_dir_kset;
+ struct device *class_dev;
+ struct string_data *string_data;
+ u32 string_instances_count;
+ struct integer_data *integer_data;
+ u32 integer_instances_count;
+ struct enumeration_data *enumeration_data;
+ u32 enumeration_instances_count;
+ struct ordered_list_data *ordered_list_data;
+ u32 ordered_list_instances_count;
+ struct password_data *password_data;
+ u32 password_instances_count;
+
+ struct kobject *sure_start_attr_kobj;
+ struct secure_platform_data spm_data;
+
+ bool pending_reboot;
+ struct mutex mutex;
+};
+
+/* global structure used by multiple WMI interfaces */
+extern struct bioscfg_priv bioscfg_drv;
+
+enum hp_wmi_data_type {
+ HPWMI_STRING_TYPE = 0x00,
+ HPWMI_INTEGER_TYPE = 0x01,
+ HPWMI_ENUMERATION_TYPE = 0x02,
+ HPWMI_ORDERED_LIST_TYPE = 0x03,
+ HPWMI_PASSWORD_TYPE = 0x04,
+ HPWMI_SECURE_PLATFORM_TYPE = 0x05,
+ HPWMI_SURE_START_TYPE = 0x06,
+};
+
+enum hp_wmi_data_elements {
+ /* Common elements */
+ NAME = 0,
+ VALUE = 1,
+ PATH = 2,
+ IS_READONLY = 3,
+ DISPLAY_IN_UI = 4,
+ REQUIRES_PHYSICAL_PRESENCE = 5,
+ SEQUENCE = 6,
+ PREREQUISITES_SIZE = 7,
+ PREREQUISITES = 8,
+ SECURITY_LEVEL = 9,
+
+ /* String elements */
+ STR_MIN_LENGTH = 10,
+ STR_MAX_LENGTH = 11,
+ STR_ELEM_CNT = 12,
+
+ /* Integer elements */
+ INT_LOWER_BOUND = 10,
+ INT_UPPER_BOUND = 11,
+ INT_SCALAR_INCREMENT = 12,
+ INT_ELEM_CNT = 13,
+
+ /* Enumeration elements */
+ ENUM_CURRENT_VALUE = 10,
+ ENUM_SIZE = 11,
+ ENUM_POSSIBLE_VALUES = 12,
+ ENUM_ELEM_CNT = 13,
+
+ /* Ordered list elements */
+ ORD_LIST_SIZE = 10,
+ ORD_LIST_ELEMENTS = 11,
+ ORD_ELEM_CNT = 12,
+
+ /* Password elements */
+ PSWD_MIN_LENGTH = 10,
+ PSWD_MAX_LENGTH = 11,
+ PSWD_SIZE = 12,
+ PSWD_ENCODINGS = 13,
+ PSWD_IS_SET = 14,
+ PSWD_ELEM_CNT = 15,
+};
+
+#define GET_INSTANCE_ID(type) \
+ static int get_##type##_instance_id(struct kobject *kobj) \
+ { \
+ int i; \
+ \
+ for (i = 0; i <= bioscfg_drv.type##_instances_count; i++) { \
+ if (!strcmp(kobj->name, bioscfg_drv.type##_data[i].attr_name_kobj->name)) \
+ return i; \
+ } \
+ return -EIO; \
+ }
+
+#define ATTRIBUTE_S_PROPERTY_SHOW(name, type) \
+ static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, \
+ char *buf) \
+ { \
+ int i = get_##type##_instance_id(kobj); \
+ if (i >= 0) \
+ return sysfs_emit(buf, "%s\n", bioscfg_drv.type##_data[i].name); \
+ return -EIO; \
+ }
+
+#define ATTRIBUTE_N_PROPERTY_SHOW(name, type) \
+ static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, \
+ char *buf) \
+ { \
+ int i = get_##type##_instance_id(kobj); \
+ if (i >= 0) \
+ return sysfs_emit(buf, "%d\n", bioscfg_drv.type##_data[i].name); \
+ return -EIO; \
+ }
+
+#define ATTRIBUTE_PROPERTY_STORE(curr_val, type) \
+ static ssize_t curr_val##_store(struct kobject *kobj, \
+ struct kobj_attribute *attr, \
+ const char *buf, size_t count) \
+ { \
+ char *attr_value = NULL; \
+ int i; \
+ int ret = -EIO; \
+ \
+ attr_value = kstrdup(buf, GFP_KERNEL); \
+ if (!attr_value) \
+ return -ENOMEM; \
+ \
+ ret = enforce_single_line_input(attr_value, count); \
+ if (!ret) { \
+ i = get_##type##_instance_id(kobj); \
+ if (i >= 0) \
+ ret = validate_##type##_input(i, attr_value); \
+ } \
+ if (!ret) \
+ ret = hp_set_attribute(kobj->name, attr_value); \
+ if (!ret) \
+ update_##type##_value(i, attr_value); \
+ \
+ clear_all_credentials(); \
+ kfree(attr_value); \
+ \
+ return ret ? ret : count; \
+ }
+
+#define ATTRIBUTE_SPM_N_PROPERTY_SHOW(name, type) \
+ static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) \
+ { \
+ return sysfs_emit(buf, "%d\n", bioscfg_drv.type##_data.name); \
+ }
+
+#define ATTRIBUTE_SPM_S_PROPERTY_SHOW(name, type) \
+ static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) \
+ { \
+ return sysfs_emit(buf, "%s\n", bioscfg_drv.type##_data.name); \
+ }
+
+#define ATTRIBUTE_VALUES_PROPERTY_SHOW(name, type, sep) \
+ static ssize_t name##_show(struct kobject *kobj, \
+ struct kobj_attribute *attr, char *buf) \
+ { \
+ int i; \
+ int len = 0; \
+ int instance_id = get_##type##_instance_id(kobj); \
+ \
+ if (instance_id < 0) \
+ return 0; \
+ \
+ for (i = 0; i < bioscfg_drv.type##_data[instance_id].name##_size; i++) { \
+ if (i) \
+ len += sysfs_emit_at(buf, len, "%s", sep); \
+ \
+ len += sysfs_emit_at(buf, len, "%s", \
+ bioscfg_drv.type##_data[instance_id].name[i]); \
+ } \
+ len += sysfs_emit_at(buf, len, "\n"); \
+ return len; \
+ }
+
+#define ATTRIBUTE_S_COMMON_PROPERTY_SHOW(name, type) \
+ static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, \
+ char *buf) \
+ { \
+ int i = get_##type##_instance_id(kobj); \
+ if (i >= 0) \
+ return sysfs_emit(buf, "%s\n", bioscfg_drv.type##_data[i].common.name); \
+ return -EIO; \
+ }
+
+/*
+ * Prototypes
+ */
+union acpi_object *get_wmiobj_pointer(int instance_id, const char *guid_string);
+int get_instance_count(const char *guid_string);
+void update_attribute_permissions(u32 isreadonly, struct kobj_attribute *current_val);
+void friendly_user_name_update(char *path, const char *attr_name,
+ char *attr_display, int attr_size);
+int hp_wmi_error_and_message(int error_code);
+
+/* String attributes */
+int populate_string_buffer_data(u8 *buffer_ptr, u32 *buffer_size,
+ int instance_id,
+ struct kobject *attr_name_kobj);
+
+int populate_string_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
+ int instance_id);
+int alloc_string_data(void);
+void exit_string_attributes(void);
+int populate_string_package_data(union acpi_object *str_obj,
+ int instance_id,
+ struct kobject *attr_name_kobj);
+int populate_string_elements_from_package(union acpi_object *str_obj,
+ int str_obj_count,
+ int instance_id);
+
+/* Integer attributes */
+int populate_integer_buffer_data(u8 *buffer_ptr, u32 *buffer_size,
+ int instance_id,
+ struct kobject *attr_name_kobj);
+int populate_integer_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
+ int instance_id);
+int alloc_integer_data(void);
+void exit_integer_attributes(void);
+int populate_integer_package_data(union acpi_object *integer_obj,
+ int instance_id,
+ struct kobject *attr_name_kobj);
+int populate_integer_elements_from_package(union acpi_object *integer_obj,
+ int integer_obj_count,
+ int instance_id);
+
+/* Enumeration attributes */
+int populate_enumeration_buffer_data(u8 *buffer_ptr, u32 *buffer_size,
+ int instance_id,
+ struct kobject *attr_name_kobj);
+int populate_enumeration_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
+ int instance_id);
+int alloc_enumeration_data(void);
+void exit_enumeration_attributes(void);
+int populate_enumeration_package_data(union acpi_object *enum_obj,
+ int instance_id,
+ struct kobject *attr_name_kobj);
+int populate_enumeration_elements_from_package(union acpi_object *enum_obj,
+ int enum_obj_count,
+ int instance_id);
+
+/* Ordered list */
+int populate_ordered_list_buffer_data(u8 *buffer_ptr,
+ u32 *buffer_size,
+ int instance_id,
+ struct kobject *attr_name_kobj);
+int populate_ordered_list_elements_from_buffer(u8 *buffer_ptr,
+ u32 *buffer_size,
+ int instance_id);
+int alloc_ordered_list_data(void);
+void exit_ordered_list_attributes(void);
+int populate_ordered_list_package_data(union acpi_object *order_obj,
+ int instance_id,
+ struct kobject *attr_name_kobj);
+int populate_ordered_list_elements_from_package(union acpi_object *order_obj,
+ int order_obj_count,
+ int instance_id);
+
+/* Password authentication attributes */
+int populate_password_buffer_data(u8 *buffer_ptr, u32 *buffer_size,
+ int instance_id,
+ struct kobject *attr_name_kobj);
+int populate_password_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
+ int instance_id);
+int populate_password_package_data(union acpi_object *password_obj,
+ int instance_id,
+ struct kobject *attr_name_kobj);
+int populate_password_elements_from_package(union acpi_object *password_obj,
+ int password_obj_count,
+ int instance_id);
+int alloc_password_data(void);
+int alloc_secure_platform_data(void);
+void exit_password_attributes(void);
+void exit_secure_platform_attributes(void);
+int populate_secure_platform_data(struct kobject *attr_name_kobj);
+int check_spm_is_enabled(void);
+int hp_wmi_set_bios_setting(u16 *input_buffer, u32 input_size);
+int hp_wmi_perform_query(int query, enum hp_wmi_command command,
+ void *buffer, u32 insize, u32 outsize);
+int validate_password_input(int instance_id, const char *buf);
+
+/* Sure Start attributes */
+void exit_sure_start_attributes(void);
+int populate_sure_start_data(struct kobject *attr_name_kobj);
+
+int set_bios_defaults(u8 deftype);
+int get_password_instance_for_type(const char *name);
+int clear_all_credentials(void);
+int clear_passwords(const int instance);
+void exit_hp_attr_set_interface(void);
+int init_hp_attr_set_interface(void);
+size_t hp_calculate_string_buffer(const char *str);
+size_t calculate_security_buffer(const char *authentication);
+int populate_security_buffer(u16 *buffer, const char *authentication);
+int set_new_password(const char *password_type, const char *new_password);
+int init_hp_attr_pass_interface(void);
+void exit_hp_attr_pass_interface(void);
+void *hp_ascii_to_utf16_unicode(u16 *p, const u8 *str);
+int get_integer_from_buffer(u8 **buffer, u32 *buffer_size, u32 *integer);
+int get_string_from_buffer(u8 **buffer, u32 *buffer_size, char *dst, u32 dst_size);
+int convert_hexstr_to_str(const char *input, u32 input_len, char **str, int *len);
+int encode_outsize_for_pvsz(int outsize);
+int hp_set_attribute(const char *a_name, const char *a_value);
+int enforce_single_line_input(char *buf, size_t count);
+void set_reboot_and_signal_event(void);
+
+#endif
--
2.34.1

2023-05-05 22:06:46

by Jorge Lopez

[permalink] [raw]
Subject: [PATCH v12 12/13] HP BIOSCFG driver - Makefile

HP BIOS Configuration driver purpose is to provide a driver supporting
the latest sysfs class firmware attributes framework allowing the user
to change BIOS settings and security solutions on HP Inc.’s commercial
notebooks.

Many features of HP Commercial notebooks can be managed using Windows
Management Instrumentation (WMI). WMI is an implementation of Web-Based
Enterprise Management (WBEM) that provides a standards-based interface
for changing and monitoring system settings. HP BIOSCFG driver provides
a native Linux solution and the exposed features facilitates the
migration to Linux environments.

The Linux security features to be provided in hp-bioscfg driver enables
managing the BIOS settings and security solutions via sysfs, a virtual
filesystem that can be used by user-mode applications. The new
documentation cover HP-specific firmware sysfs attributes such Secure
Platform Management and Sure Start. Each section provides security
feature description and identifies sysfs directories and files exposed
by the driver.

Many HP Commercial notebooks include a feature called Secure Platform
Management (SPM), which replaces older password-based BIOS settings
management with public key cryptography. PC secure product management
begins when a target system is provisioned with cryptographic keys
that are used to ensure the integrity of communications between system
management utilities and the BIOS.

HP Commercial notebooks have several BIOS settings that control its
behaviour and capabilities, many of which are related to security.
To prevent unauthorized changes to these settings, the system can
be configured to use a cryptographic signature-based authorization
string that the BIOS will use to verify authorization to modify the
setting.

Linux Security components are under development and not published yet.
The only linux component is the driver (hp bioscfg) at this time.
Other published security components are under Windows.

Signed-off-by: Jorge Lopez <[email protected]>

---
Based on the latest platform-drivers-x86.git/for-next
---
drivers/platform/x86/hp/Kconfig | 16 ++++++++++++++++
drivers/platform/x86/hp/Makefile | 1 +
drivers/platform/x86/hp/hp-bioscfg/Makefile | 12 ++++++++++++
3 files changed, 29 insertions(+)
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/Makefile

diff --git a/drivers/platform/x86/hp/Kconfig b/drivers/platform/x86/hp/Kconfig
index ae165955311c..7fef4f12e498 100644
--- a/drivers/platform/x86/hp/Kconfig
+++ b/drivers/platform/x86/hp/Kconfig
@@ -60,4 +60,20 @@ config TC1100_WMI
This is a driver for the WMI extensions (wireless and bluetooth power
control) of the HP Compaq TC1100 tablet.

+config HP_BIOSCFG
+ tristate "HP BIOS Configuration Driver"
+ default m
+ depends on ACPI_WMI
+ select NLS
+ select FW_ATTR_CLASS
+ help
+ This driver enables administrators to securely manage BIOS settings
+ using digital certificates and public-key cryptography that eliminate
+ the need for passwords for both remote and local management. It supports
+ changing BIOS settings on many HP machines from 2018 and newer without
+ the use of any additional software.
+
+ To compile this driver as a module, choose M here: the module will
+ be called hp-bioscfg.
+
endif # X86_PLATFORM_DRIVERS_HP
diff --git a/drivers/platform/x86/hp/Makefile b/drivers/platform/x86/hp/Makefile
index db1eed4cd7c7..e4f908a61acf 100644
--- a/drivers/platform/x86/hp/Makefile
+++ b/drivers/platform/x86/hp/Makefile
@@ -8,3 +8,4 @@
obj-$(CONFIG_HP_ACCEL) += hp_accel.o
obj-$(CONFIG_HP_WMI) += hp-wmi.o
obj-$(CONFIG_TC1100_WMI) += tc1100-wmi.o
+obj-$(CONFIG_HP_BIOSCFG) += hp-bioscfg/
diff --git a/drivers/platform/x86/hp/hp-bioscfg/Makefile b/drivers/platform/x86/hp/hp-bioscfg/Makefile
new file mode 100644
index 000000000000..78a347298873
--- /dev/null
+++ b/drivers/platform/x86/hp/hp-bioscfg/Makefile
@@ -0,0 +1,12 @@
+obj-$(CONFIG_HP_BIOSCFG) := hp-bioscfg.o
+
+hp-bioscfg-objs := bioscfg.o \
+ enum-attributes.o \
+ int-attributes.o \
+ string-attributes.o \
+ passwdobj-attributes.o \
+ biosattr-interface.o \
+ ordered-attributes.o \
+ surestart-attributes.o \
+ spmobj-attributes.o
+
--
2.34.1

2023-05-05 22:06:50

by Jorge Lopez

[permalink] [raw]
Subject: [PATCH v12 07/13] HP BIOSCFG driver - string-attributes

HP BIOS Configuration driver purpose is to provide a driver supporting
the latest sysfs class firmware attributes framework allowing the user
to change BIOS settings and security solutions on HP Inc.’s commercial
notebooks.

Many features of HP Commercial notebooks can be managed using Windows
Management Instrumentation (WMI). WMI is an implementation of Web-Based
Enterprise Management (WBEM) that provides a standards-based interface
for changing and monitoring system settings. HP BIOSCFG driver provides
a native Linux solution and the exposed features facilitates the
migration to Linux environments.

The Linux security features to be provided in hp-bioscfg driver enables
managing the BIOS settings and security solutions via sysfs, a virtual
filesystem that can be used by user-mode applications. The new
documentation cover HP-specific firmware sysfs attributes such Secure
Platform Management and Sure Start. Each section provides security
feature description and identifies sysfs directories and files exposed
by the driver.

Many HP Commercial notebooks include a feature called Secure Platform
Management (SPM), which replaces older password-based BIOS settings
management with public key cryptography. PC secure product management
begins when a target system is provisioned with cryptographic keys
that are used to ensure the integrity of communications between system
management utilities and the BIOS.

HP Commercial notebooks have several BIOS settings that control its
behaviour and capabilities, many of which are related to security.
To prevent unauthorized changes to these settings, the system can
be configured to use a cryptographic signature-based authorization
string that the BIOS will use to verify authorization to modify the
setting.

Linux Security components are under development and not published yet.
The only linux component is the driver (hp bioscfg) at this time.
Other published security components are under Windows.

Signed-off-by: Jorge Lopez <[email protected]>

---
Based on the latest platform-drivers-x86.git/for-next
---
.../x86/hp/hp-bioscfg/string-attributes.c | 415 ++++++++++++++++++
1 file changed, 415 insertions(+)
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/string-attributes.c

diff --git a/drivers/platform/x86/hp/hp-bioscfg/string-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
new file mode 100644
index 000000000000..d74ecc973703
--- /dev/null
+++ b/drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
@@ -0,0 +1,415 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Functions corresponding to string type attributes under
+ * HP_WMI_BIOS_STRING_GUID for use with hp-bioscfg driver.
+ *
+ * Copyright (c) 2022 HP Development Company, L.P.
+ */
+
+#include "bioscfg.h"
+
+#define WMI_STRING_TYPE "HPBIOS_BIOSString"
+
+GET_INSTANCE_ID(string);
+
+static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
+{
+ int instance_id = get_string_instance_id(kobj);
+
+ if (instance_id < 0)
+ return -EIO;
+
+ return sysfs_emit(buf, "%s\n",
+ bioscfg_drv.string_data[instance_id].current_value);
+}
+
+/*
+ * validate_string_input() -
+ * Validate input of current_value against min and max lengths
+ *
+ * @instance_id: The instance on which input is validated
+ * @buf: Input value
+ */
+static int validate_string_input(int instance_id, const char *buf)
+{
+ int in_len = strlen(buf);
+ struct string_data *string_data = &bioscfg_drv.string_data[instance_id];
+
+ /* BIOS treats it as a read only attribute */
+ if (string_data->common.is_readonly)
+ return -EIO;
+
+ if (in_len < string_data->min_length ||
+ in_len > string_data->max_length)
+ return -ERANGE;
+
+ /*
+ * set pending reboot flag depending on
+ * "RequiresPhysicalPresence" value
+ */
+ if (string_data->common.requires_physical_presence)
+ set_reboot_and_signal_event();
+ return 0;
+}
+
+static void update_string_value(int instance_id, char *attr_value)
+{
+ struct string_data *string_data = &bioscfg_drv.string_data[instance_id];
+
+ /* Write settings to BIOS */
+ strscpy(string_data->current_value,
+ attr_value,
+ sizeof(string_data->current_value));
+}
+
+ATTRIBUTE_S_COMMON_PROPERTY_SHOW(display_name_language_code, string);
+static struct kobj_attribute string_display_langcode =
+ __ATTR_RO(display_name_language_code);
+
+ATTRIBUTE_S_COMMON_PROPERTY_SHOW(display_name, string);
+static struct kobj_attribute string_display_name =
+ __ATTR_RO(display_name);
+
+ATTRIBUTE_PROPERTY_STORE(current_value, string);
+static struct kobj_attribute string_current_val =
+ __ATTR_RW_MODE(current_value, 0644);
+
+ATTRIBUTE_N_PROPERTY_SHOW(min_length, string);
+static struct kobj_attribute string_min_length =
+ __ATTR_RO(min_length);
+
+ATTRIBUTE_N_PROPERTY_SHOW(max_length, string);
+static struct kobj_attribute string_max_length =
+ __ATTR_RO(max_length);
+
+static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
+ char *buf)
+{
+ return sysfs_emit(buf, "string\n");
+}
+
+static struct kobj_attribute string_type =
+ __ATTR_RO(type);
+
+static struct attribute *string_attrs[] = {
+ &string_display_langcode.attr,
+ &string_display_name.attr,
+ &string_current_val.attr,
+ &string_min_length.attr,
+ &string_max_length.attr,
+ &string_type.attr,
+ NULL,
+};
+
+static const struct attribute_group string_attr_group = {
+ .attrs = string_attrs,
+};
+
+int alloc_string_data(void)
+{
+ bioscfg_drv.string_instances_count = get_instance_count(HP_WMI_BIOS_STRING_GUID);
+ bioscfg_drv.string_data = kcalloc(bioscfg_drv.string_instances_count,
+ sizeof(struct string_data), GFP_KERNEL);
+ if (!bioscfg_drv.string_data) {
+ bioscfg_drv.string_instances_count = 0;
+ return -ENOMEM;
+ }
+ return 0;
+}
+
+/* Expected Values types associated with each element */
+static const acpi_object_type expected_string_types[] = {
+ [NAME] = ACPI_TYPE_STRING,
+ [VALUE] = ACPI_TYPE_STRING,
+ [PATH] = ACPI_TYPE_STRING,
+ [IS_READONLY] = ACPI_TYPE_INTEGER,
+ [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER,
+ [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER,
+ [SEQUENCE] = ACPI_TYPE_INTEGER,
+ [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER,
+ [PREREQUISITES] = ACPI_TYPE_STRING,
+ [SECURITY_LEVEL] = ACPI_TYPE_INTEGER,
+ [STR_MIN_LENGTH] = ACPI_TYPE_INTEGER,
+ [STR_MAX_LENGTH] = ACPI_TYPE_INTEGER,
+};
+
+/*
+ * populate_string_package_data() -
+ * Populate all properties of an instance under string attribute
+ *
+ * @string_obj: ACPI object with string data
+ * @instance_id: The instance to enumerate
+ * @attr_name_kobj: The parent kernel object
+ */
+int populate_string_package_data(union acpi_object *string_obj,
+ int instance_id,
+ struct kobject *attr_name_kobj)
+{
+ struct string_data *string_data = &bioscfg_drv.string_data[instance_id];
+
+ string_data->attr_name_kobj = attr_name_kobj;
+
+ populate_string_elements_from_package(string_obj,
+ string_obj->package.count,
+ instance_id);
+
+ update_attribute_permissions(string_data->common.is_readonly,
+ &string_current_val);
+ friendly_user_name_update(string_data->common.path,
+ attr_name_kobj->name,
+ string_data->common.display_name,
+ sizeof(string_data->common.display_name));
+ return sysfs_create_group(attr_name_kobj, &string_attr_group);
+}
+
+int populate_string_elements_from_package(union acpi_object *string_obj,
+ int string_obj_count,
+ int instance_id)
+{
+ char *str_value = NULL;
+ int value_len;
+ int ret = 0;
+ u32 int_value;
+ int elem;
+ int reqs;
+ int eloc;
+ struct string_data *string_data = &bioscfg_drv.string_data[instance_id];
+
+ if (!string_obj)
+ return -EINVAL;
+
+ strscpy(string_data->common.display_name_language_code,
+ LANG_CODE_STR,
+ sizeof(string_data->common.display_name_language_code));
+
+ for (elem = 1, eloc = 1; elem < string_obj_count; elem++, eloc++) {
+ /* ONLY look at the first STRING_ELEM_CNT elements */
+ if (eloc == STR_ELEM_CNT)
+ goto exit_string_package;
+
+ switch (string_obj[elem].type) {
+ case ACPI_TYPE_STRING:
+
+ if (elem != PREREQUISITES) {
+ ret = convert_hexstr_to_str(string_obj[elem].string.pointer,
+ string_obj[elem].string.length,
+ &str_value, &value_len);
+
+ if (ret)
+ continue;
+ }
+ break;
+ case ACPI_TYPE_INTEGER:
+ int_value = (u32)string_obj[elem].integer.value;
+ break;
+ default:
+ pr_warn("Unsupported object type [%d]\n", string_obj[elem].type);
+ continue;
+ }
+
+ /* Check that both expected and read object type match */
+ if (expected_string_types[eloc] != string_obj[elem].type) {
+ pr_err("Error expected type %d for elem %d, but got type %d instead\n",
+ expected_string_types[eloc], elem, string_obj[elem].type);
+ return -EIO;
+ }
+
+ /* Assign appropriate element value to corresponding field*/
+ switch (eloc) {
+ case VALUE:
+ strscpy(string_data->current_value,
+ str_value, sizeof(string_data->current_value));
+ break;
+ case PATH:
+ strscpy(string_data->common.path, str_value,
+ sizeof(string_data->common.path));
+ break;
+ case IS_READONLY:
+ string_data->common.is_readonly = int_value;
+ break;
+ case DISPLAY_IN_UI:
+ string_data->common.display_in_ui = int_value;
+ break;
+ case REQUIRES_PHYSICAL_PRESENCE:
+ string_data->common.requires_physical_presence = int_value;
+ break;
+ case SEQUENCE:
+ string_data->common.sequence = int_value;
+ break;
+ case PREREQUISITES_SIZE:
+ if (string_data->common.prerequisites_size > MAX_PREREQUISITES_SIZE)
+ pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
+ /*
+ * This HACK is needed to keep the expected
+ * element list pointing to the right obj[elem].type
+ * when the size is zero. PREREQUISITES
+ * object is omitted by BIOS when the size is
+ * zero.
+ */
+ if (string_data->common.prerequisites_size == 0)
+ eloc++;
+ break;
+ case PREREQUISITES:
+ for (reqs = 0;
+ reqs < string_data->common.prerequisites_size && reqs < MAX_PREREQUISITES_SIZE;
+ reqs++) {
+ if (elem >= string_obj_count) {
+ pr_err("Error elem-objects package is too small\n");
+ return -EINVAL;
+ }
+
+ ret = convert_hexstr_to_str(string_obj[elem + reqs].string.pointer,
+ string_obj[elem + reqs].string.length,
+ &str_value, &value_len);
+
+ if (ret)
+ continue;
+
+ strscpy(string_data->common.prerequisites[reqs],
+ str_value,
+ sizeof(string_data->common.prerequisites[reqs]));
+ kfree(str_value);
+ }
+ break;
+
+ case SECURITY_LEVEL:
+ string_data->common.security_level = int_value;
+ break;
+ case STR_MIN_LENGTH:
+ string_data->min_length = int_value;
+ break;
+ case STR_MAX_LENGTH:
+ string_data->max_length = int_value;
+ break;
+ default:
+ pr_warn("Invalid element: %d found in String attribute or data may be malformed\n", elem);
+ break;
+ }
+
+ kfree(str_value);
+ }
+
+exit_string_package:
+ kfree(str_value);
+ return 0;
+}
+
+/*
+ * populate_string_data() -
+ * Populate all properties of an instance under string attribute
+ *
+ * @buffer_ptr: Buffer pointer
+ * @buffer_size: Buffer size
+ * @instance_id: The instance to enumerate
+ * @attr_name_kobj: The parent kernel object
+ */
+int populate_string_buffer_data(u8 *buffer_ptr, u32 *buffer_size,
+ int instance_id,
+ struct kobject *attr_name_kobj)
+{
+ struct string_data *string_data = &bioscfg_drv.string_data[instance_id];
+
+ string_data->attr_name_kobj = attr_name_kobj;
+
+ populate_string_elements_from_buffer(buffer_ptr, buffer_size,
+ instance_id);
+
+ update_attribute_permissions(string_data->common.is_readonly,
+ &string_current_val);
+ friendly_user_name_update(string_data->common.path,
+ attr_name_kobj->name,
+ string_data->common.display_name,
+ sizeof(string_data->common.display_name));
+
+ return sysfs_create_group(attr_name_kobj, &string_attr_group);
+}
+
+int populate_string_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
+ int instance_id)
+{
+ int reqs;
+ struct string_data *string_data = &bioscfg_drv.string_data[instance_id];
+
+ strscpy(string_data->common.display_name_language_code,
+ LANG_CODE_STR,
+ sizeof(string_data->common.display_name_language_code));
+
+ // VALUE:
+ get_string_from_buffer(&buffer_ptr, buffer_size, string_data->current_value,
+ sizeof(string_data->current_value));
+
+ // PATH:
+ get_string_from_buffer(&buffer_ptr, buffer_size, string_data->common.path,
+ sizeof(string_data->common.path));
+
+ // IS_READONLY:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &string_data->common.is_readonly);
+
+ //DISPLAY_IN_UI:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &string_data->common.display_in_ui);
+
+ // REQUIRES_PHYSICAL_PRESENCE:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &string_data->common.requires_physical_presence);
+
+ // SEQUENCE:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &string_data->common.sequence);
+
+ // PREREQUISITES_SIZE:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &string_data->common.prerequisites_size);
+
+ if (string_data->common.prerequisites_size > MAX_PREREQUISITES_SIZE) {
+ /* Report a message and limit prerequisite size to maximum value */
+ pr_warn("String Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
+ string_data->common.prerequisites_size = MAX_PREREQUISITES_SIZE;
+ }
+
+ // PREREQUISITES:
+ for (reqs = 0;
+ reqs < string_data->common.prerequisites_size && reqs < MAX_PREREQUISITES_SIZE;
+ reqs++)
+ get_string_from_buffer(&buffer_ptr, buffer_size,
+ string_data->common.prerequisites[reqs],
+ sizeof(string_data->common.prerequisites[reqs]));
+
+ // SECURITY_LEVEL:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &string_data->common.security_level);
+
+ // STR_MIN_LENGTH:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &string_data->min_length);
+
+ // STR_MAX_LENGTH:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &string_data->max_length);
+
+ return 0;
+}
+
+/*
+ * exit_string_attributes() - Clear all attribute data
+ *
+ * Clears all data allocated for this group of attributes
+ */
+void exit_string_attributes(void)
+{
+ int instance_id;
+
+ for (instance_id = 0; instance_id < bioscfg_drv.string_instances_count;
+ instance_id++) {
+ struct kobject *attr_name_kobj =
+ bioscfg_drv.string_data[instance_id].attr_name_kobj;
+
+ if (attr_name_kobj)
+ sysfs_remove_group(attr_name_kobj, &string_attr_group);
+ }
+ bioscfg_drv.string_instances_count = 0;
+
+ kfree(bioscfg_drv.string_data);
+ bioscfg_drv.string_data = NULL;
+}
--
2.34.1

2023-05-05 22:07:16

by Jorge Lopez

[permalink] [raw]
Subject: [PATCH v12 11/13] HP BIOSCFG driver - surestart-attributes

HP BIOS Configuration driver purpose is to provide a driver supporting
the latest sysfs class firmware attributes framework allowing the user
to change BIOS settings and security solutions on HP Inc.’s commercial
notebooks.

Many features of HP Commercial notebooks can be managed using Windows
Management Instrumentation (WMI). WMI is an implementation of Web-Based
Enterprise Management (WBEM) that provides a standards-based interface
for changing and monitoring system settings. HP BIOSCFG driver provides
a native Linux solution and the exposed features facilitates the
migration to Linux environments.

The Linux security features to be provided in hp-bioscfg driver enables
managing the BIOS settings and security solutions via sysfs, a virtual
filesystem that can be used by user-mode applications. The new
documentation cover HP-specific firmware sysfs attributes such Secure
Platform Management and Sure Start. Each section provides security
feature description and identifies sysfs directories and files exposed
by the driver.

Many HP Commercial notebooks include a feature called Secure Platform
Management (SPM), which replaces older password-based BIOS settings
management with public key cryptography. PC secure product management
begins when a target system is provisioned with cryptographic keys
that are used to ensure the integrity of communications between system
management utilities and the BIOS.

HP Commercial notebooks have several BIOS settings that control its
behaviour and capabilities, many of which are related to security.
To prevent unauthorized changes to these settings, the system can
be configured to use a cryptographic signature-based authorization
string that the BIOS will use to verify authorization to modify the
setting.

Linux Security components are under development and not published yet.
The only linux component is the driver (hp bioscfg) at this time.
Other published security components are under Windows.

Signed-off-by: Jorge Lopez <[email protected]>

---
Based on the latest platform-drivers-x86.git/for-next
---
.../x86/hp/hp-bioscfg/surestart-attributes.c | 133 ++++++++++++++++++
1 file changed, 133 insertions(+)
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c

diff --git a/drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
new file mode 100644
index 000000000000..b627c324f6a6
--- /dev/null
+++ b/drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
@@ -0,0 +1,133 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Functions corresponding to sure start object type attributes under
+ * BIOS for use with hp-bioscfg driver
+ *
+ * Copyright (c) 2022 HP Development Company, L.P.
+ */
+
+#include "bioscfg.h"
+#include <linux/types.h>
+
+/* Maximum number of log entries supported when log entry size is 16
+ * bytes. This value is calculated by dividing 4096 (page size) by
+ * log entry size.
+ */
+#define LOG_MAX_ENTRIES 254
+
+/*
+ * Current Log entry size. This value size will change in the
+ * future. The driver reads a total of 128 bytes for each log entry
+ * provided by BIOS but only the first 16 bytes are used/read.
+ */
+#define LOG_ENTRY_SIZE 16
+
+/*
+ * audit_log_entry_count_show - Reports the number of
+ * existing audit log entries available
+ * to be read
+ */
+static ssize_t audit_log_entry_count_show(struct kobject *kobj,
+ struct kobj_attribute *attr, char *buf)
+{
+ int ret;
+ u32 count = 0;
+
+ ret = hp_wmi_perform_query(HPWMI_SURESTART_GET_LOG_COUNT,
+ HPWMI_SURESTART,
+ &count, 1, sizeof(count));
+
+ if (ret < 0)
+ return ret;
+
+ return sysfs_emit(buf, "%d,%d,%d\n", count, LOG_ENTRY_SIZE,
+ LOG_MAX_ENTRIES);
+}
+
+/*
+ * audit_log_entries_show() - Return all entries found in log file
+ */
+static ssize_t audit_log_entries_show(struct kobject *kobj,
+ struct kobj_attribute *attr, char *buf)
+{
+ int ret;
+ int i;
+ u32 count = 0;
+ u8 audit_log_buffer[128];
+
+ // Get the number of event logs
+ ret = hp_wmi_perform_query(HPWMI_SURESTART_GET_LOG_COUNT,
+ HPWMI_SURESTART,
+ &count, 1, sizeof(count));
+
+ if (ret < 0)
+ return ret;
+
+ /*
+ * The show() api will not work if the audit logs ever go
+ * beyond 4KB
+ */
+ if (count * LOG_ENTRY_SIZE > PAGE_SIZE)
+ return -EIO;
+
+ /*
+ * We are guaranteed the buffer is 4KB so today all the event
+ * logs will fit
+ */
+ for (i = 0; i < count; i++) {
+ audit_log_buffer[0] = (i + 1);
+
+ /*
+ * read audit log entry at a time. 'buf' input value
+ * provides the audit log entry to be read. On
+ * input, Byte 0 = Audit Log entry number from
+ * beginning (1..254)
+ * Entry number 1 is the newest entry whereas the
+ * highest entry number (number of entries) is the
+ * oldest entry.
+ */
+ ret = hp_wmi_perform_query(HPWMI_SURESTART_GET_LOG,
+ HPWMI_SURESTART,
+ audit_log_buffer, 1, 128);
+
+ if (ret >= 0 && (LOG_ENTRY_SIZE * i) < PAGE_SIZE) {
+ memcpy(buf, audit_log_buffer, LOG_ENTRY_SIZE);
+ buf += LOG_ENTRY_SIZE;
+ } else {
+ /*
+ * Encountered a failure while reading
+ * individual logs. Only a partial list of
+ * audit log will be returned.
+ */
+ count = i + 1;
+ break;
+ }
+ }
+
+ return count * LOG_ENTRY_SIZE;
+}
+
+static struct kobj_attribute sure_start_audit_log_entry_count = __ATTR_RO(audit_log_entry_count);
+static struct kobj_attribute sure_start_audit_log_entries = __ATTR_RO(audit_log_entries);
+
+static struct attribute *sure_start_attrs[] = {
+ &sure_start_audit_log_entry_count.attr,
+ &sure_start_audit_log_entries.attr,
+ NULL,
+};
+
+static const struct attribute_group sure_start_attr_group = {
+ .attrs = sure_start_attrs,
+};
+
+void exit_sure_start_attributes(void)
+{
+ sysfs_remove_group(bioscfg_drv.sure_start_attr_kobj,
+ &sure_start_attr_group);
+}
+
+int populate_sure_start_data(struct kobject *attr_name_kobj)
+{
+ bioscfg_drv.sure_start_attr_kobj = attr_name_kobj;
+ return sysfs_create_group(attr_name_kobj, &sure_start_attr_group);
+}
--
2.34.1

2023-05-05 22:11:23

by Jorge Lopez

[permalink] [raw]
Subject: [PATCH v12 13/13] HP BIOSCFG driver - MAINTAINERS

HP BIOS Configuration driver purpose is to provide a driver supporting
the latest sysfs class firmware attributes framework allowing the user
to change BIOS settings and security solutions on HP Inc.’s commercial
notebooks.

Many features of HP Commercial notebooks can be managed using Windows
Management Instrumentation (WMI). WMI is an implementation of Web-Based
Enterprise Management (WBEM) that provides a standards-based interface
for changing and monitoring system settings. HP BIOSCFG driver provides
a native Linux solution and the exposed features facilitates the
migration to Linux environments.

The Linux security features to be provided in hp-bioscfg driver enables
managing the BIOS settings and security solutions via sysfs, a virtual
filesystem that can be used by user-mode applications. The new
documentation cover HP-specific firmware sysfs attributes such Secure
Platform Management and Sure Start. Each section provides security
feature description and identifies sysfs directories and files exposed
by the driver.

Many HP Commercial notebooks include a feature called Secure Platform
Management (SPM), which replaces older password-based BIOS settings
management with public key cryptography. PC secure product management
begins when a target system is provisioned with cryptographic keys
that are used to ensure the integrity of communications between system
management utilities and the BIOS.

HP Commercial notebooks have several BIOS settings that control its
behaviour and capabilities, many of which are related to security.
To prevent unauthorized changes to these settings, the system can
be configured to use a cryptographic signature-based authorization
string that the BIOS will use to verify authorization to modify the
setting.

Linux Security components are under development and not published yet.
The only linux component is the driver (hp bioscfg) at this time.
Other published security components are under Windows.

Signed-off-by: Jorge Lopez <[email protected]>

---
Based on the latest platform-drivers-x86.git/for-next
---
MAINTAINERS | 6 ++++++
1 file changed, 6 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 0c9011f5fc17..7d1f261af539 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -9367,6 +9367,12 @@ S: Obsolete
W: http://w1.fi/hostap-driver.html
F: drivers/net/wireless/intersil/hostap/

+HP BIOSCFG DRIVER
+M: Jorge Lopez <[email protected]>
+L: [email protected]
+S: Maintained
+F: drivers/platform/x86/hp/hp-bioscfg/
+
HP COMPAQ TC1100 TABLET WMI EXTRAS DRIVER
L: [email protected]
S: Orphan
--
2.34.1

2023-05-05 22:14:46

by Jorge Lopez

[permalink] [raw]
Subject: [PATCH v12 05/13] HP BIOSCFG driver - ordered-attributes

HP BIOS Configuration driver purpose is to provide a driver supporting
the latest sysfs class firmware attributes framework allowing the user
to change BIOS settings and security solutions on HP Inc.’s commercial
notebooks.

Many features of HP Commercial notebooks can be managed using Windows
Management Instrumentation (WMI). WMI is an implementation of Web-Based
Enterprise Management (WBEM) that provides a standards-based interface
for changing and monitoring system settings. HP BIOSCFG driver provides
a native Linux solution and the exposed features facilitates the
migration to Linux environments.

The Linux security features to be provided in hp-bioscfg driver enables
managing the BIOS settings and security solutions via sysfs, a virtual
filesystem that can be used by user-mode applications. The new
documentation cover HP-specific firmware sysfs attributes such Secure
Platform Management and Sure Start. Each section provides security
feature description and identifies sysfs directories and files exposed
by the driver.

Many HP Commercial notebooks include a feature called Secure Platform
Management (SPM), which replaces older password-based BIOS settings
management with public key cryptography. PC secure product management
begins when a target system is provisioned with cryptographic keys
that are used to ensure the integrity of communications between system
management utilities and the BIOS.

HP Commercial notebooks have several BIOS settings that control its
behaviour and capabilities, many of which are related to security.
To prevent unauthorized changes to these settings, the system can
be configured to use a cryptographic signature-based authorization
string that the BIOS will use to verify authorization to modify the
setting.

Linux Security components are under development and not published yet.
The only linux component is the driver (hp bioscfg) at this time.
Other published security components are under Windows.

Signed-off-by: Jorge Lopez <[email protected]>

---
Based on the latest platform-drivers-x86.git/for-next
---
.../x86/hp/hp-bioscfg/ordered-attributes.c | 443 ++++++++++++++++++
1 file changed, 443 insertions(+)
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c

diff --git a/drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c
new file mode 100644
index 000000000000..1d06fbefceca
--- /dev/null
+++ b/drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c
@@ -0,0 +1,443 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Functions corresponding to ordered list type attributes under
+ * BIOS ORDERED LIST GUID for use with hp-bioscfg driver.
+ *
+ * Copyright (c) 2022 HP Development Company, L.P.
+ */
+
+#include "bioscfg.h"
+
+GET_INSTANCE_ID(ordered_list);
+
+static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
+{
+ int instance_id = get_ordered_list_instance_id(kobj);
+
+ if (instance_id < 0)
+ return -EIO;
+
+ return sysfs_emit(buf, "%s\n",
+ bioscfg_drv.ordered_list_data[instance_id].current_value);
+}
+
+/**
+ * validate_ordered_list_input() -
+ * Validate input of current_value against possible values
+ *
+ * @instance_id: The instance on which input is validated
+ * @buf: Input value
+ */
+static int validate_ordered_list_input(int instance_id, const char *buf)
+{
+ struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
+
+ if (ordered_list_data->common.requires_physical_presence)
+ set_reboot_and_signal_event();
+
+ return 0;
+}
+
+static void update_ordered_list_value(int instance_id, char *attr_value)
+{
+ struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
+
+ strscpy(ordered_list_data->current_value,
+ attr_value,
+ sizeof(ordered_list_data->current_value));
+}
+
+ATTRIBUTE_S_COMMON_PROPERTY_SHOW(display_name_language_code, ordered_list);
+static struct kobj_attribute ordered_list_display_langcode =
+ __ATTR_RO(display_name_language_code);
+
+ATTRIBUTE_S_COMMON_PROPERTY_SHOW(display_name, ordered_list);
+static struct kobj_attribute ordered_list_display_name =
+ __ATTR_RO(display_name);
+
+ATTRIBUTE_PROPERTY_STORE(current_value, ordered_list);
+static struct kobj_attribute ordered_list_current_val =
+ __ATTR_RW_MODE(current_value, 0644);
+
+ATTRIBUTE_VALUES_PROPERTY_SHOW(elements, ordered_list, COMMA_SEP);
+static struct kobj_attribute ordered_list_elements_val =
+ __ATTR_RO(elements);
+
+static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
+ char *buf)
+{
+ return sysfs_emit(buf, "ordered-list\n");
+}
+
+static struct kobj_attribute ordered_list_type =
+ __ATTR_RO(type);
+
+static struct attribute *ordered_list_attrs[] = {
+ &ordered_list_display_langcode.attr,
+ &ordered_list_display_name.attr,
+ &ordered_list_current_val.attr,
+ &ordered_list_elements_val.attr,
+ &ordered_list_type.attr,
+ NULL,
+};
+
+static const struct attribute_group ordered_list_attr_group = {
+ .attrs = ordered_list_attrs,
+};
+
+int alloc_ordered_list_data(void)
+{
+ bioscfg_drv.ordered_list_instances_count =
+ get_instance_count(HP_WMI_BIOS_ORDERED_LIST_GUID);
+ bioscfg_drv.ordered_list_data = kcalloc(bioscfg_drv.ordered_list_instances_count,
+ sizeof(struct ordered_list_data), GFP_KERNEL);
+ if (!bioscfg_drv.ordered_list_data) {
+ bioscfg_drv.ordered_list_instances_count = 0;
+ return -ENOMEM;
+ }
+ return 0;
+}
+
+/**
+ * populate_ordered_list_package_data() -
+ * Populate all properties of an instance under ordered_list attribute
+ *
+ * @order_obj: ACPI object with ordered_list data
+ * @instance_id: The instance to enumerate
+ * @attr_name_kobj: The parent kernel object
+ */
+int populate_ordered_list_package_data(union acpi_object *order_obj, int instance_id,
+ struct kobject *attr_name_kobj)
+{
+ struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
+
+ ordered_list_data->attr_name_kobj = attr_name_kobj;
+
+ populate_ordered_list_elements_from_package(order_obj,
+ order_obj->package.count,
+ instance_id);
+ update_attribute_permissions(ordered_list_data->common.is_readonly,
+ &ordered_list_current_val);
+ friendly_user_name_update(ordered_list_data->common.path,
+ attr_name_kobj->name,
+ ordered_list_data->common.display_name,
+ sizeof(ordered_list_data->common.display_name));
+ return sysfs_create_group(attr_name_kobj, &ordered_list_attr_group);
+}
+
+/* Expected Values types associated with each element */
+static const acpi_object_type expected_order_types[] = {
+ [NAME] = ACPI_TYPE_STRING,
+ [VALUE] = ACPI_TYPE_STRING,
+ [PATH] = ACPI_TYPE_STRING,
+ [IS_READONLY] = ACPI_TYPE_INTEGER,
+ [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER,
+ [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER,
+ [SEQUENCE] = ACPI_TYPE_INTEGER,
+ [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER,
+ [PREREQUISITES] = ACPI_TYPE_STRING,
+ [SECURITY_LEVEL] = ACPI_TYPE_INTEGER,
+ [ORD_LIST_SIZE] = ACPI_TYPE_INTEGER,
+ [ORD_LIST_ELEMENTS] = ACPI_TYPE_STRING,
+};
+
+int populate_ordered_list_elements_from_package(union acpi_object *order_obj,
+ int order_obj_count,
+ int instance_id)
+{
+ char *str_value = NULL;
+ int value_len;
+ int ret;
+ u32 size;
+ u32 int_value;
+ int elem;
+ int reqs;
+ int eloc;
+ char *tmpstr = NULL;
+ char *part_tmp = NULL;
+ int tmp_len = 0;
+ char *part = NULL;
+ struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
+
+ if (!order_obj)
+ return -EINVAL;
+
+ strscpy(ordered_list_data->common.display_name_language_code,
+ LANG_CODE_STR,
+ sizeof(ordered_list_data->common.display_name_language_code));
+
+ for (elem = 1, eloc = 1; elem < order_obj_count; elem++, eloc++) {
+ /* ONLY look at the first ORDERED_ELEM_CNT elements */
+ if (eloc == ORD_ELEM_CNT)
+ goto exit_list_package;
+
+ switch (order_obj[elem].type) {
+ case ACPI_TYPE_STRING:
+
+ if (elem != PREREQUISITES && elem != ORD_LIST_ELEMENTS) {
+ ret = convert_hexstr_to_str(order_obj[elem].string.pointer,
+ order_obj[elem].string.length,
+ &str_value, &value_len);
+ if (ret)
+ continue;
+ }
+ break;
+ case ACPI_TYPE_INTEGER:
+ int_value = (u32)order_obj[elem].integer.value;
+ break;
+ default:
+ pr_warn("Unsupported object type [%d]\n", order_obj[elem].type);
+ continue;
+ }
+
+ /* Check that both expected and read object type match */
+ if (expected_order_types[eloc] != order_obj[elem].type) {
+ pr_err("Error expected type %d for elem %d, but got type %d instead\n",
+ expected_order_types[eloc], elem, order_obj[elem].type);
+ return -EIO;
+ }
+
+ /* Assign appropriate element value to corresponding field*/
+ switch (eloc) {
+ case VALUE:
+ strscpy(ordered_list_data->current_value,
+ str_value, sizeof(ordered_list_data->current_value));
+ break;
+ case PATH:
+ strscpy(ordered_list_data->common.path, str_value,
+ sizeof(ordered_list_data->common.path));
+ break;
+ case IS_READONLY:
+ ordered_list_data->common.is_readonly = int_value;
+ break;
+ case DISPLAY_IN_UI:
+ ordered_list_data->common.display_in_ui = int_value;
+ break;
+ case REQUIRES_PHYSICAL_PRESENCE:
+ ordered_list_data->common.requires_physical_presence = int_value;
+ break;
+ case SEQUENCE:
+ ordered_list_data->common.sequence = int_value;
+ break;
+ case PREREQUISITES_SIZE:
+ ordered_list_data->common.prerequisites_size = int_value;
+ if (int_value > MAX_PREREQUISITES_SIZE)
+ pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
+
+ /*
+ * This HACK is needed to keep the expected
+ * element list pointing to the right obj[elem].type
+ * when the size is zero. PREREQUISITES
+ * object is omitted by BIOS when the size is
+ * zero.
+ */
+ if (int_value == 0)
+ eloc++;
+ break;
+ case PREREQUISITES:
+ size = ordered_list_data->common.prerequisites_size;
+
+ for (reqs = 0; reqs < size && reqs < MAX_PREREQUISITES_SIZE; reqs++) {
+ ret = convert_hexstr_to_str(order_obj[elem + reqs].string.pointer,
+ order_obj[elem + reqs].string.length,
+ &str_value, &value_len);
+
+ if (ret)
+ continue;
+
+ strscpy(ordered_list_data->common.prerequisites[reqs],
+ str_value,
+ sizeof(ordered_list_data->common.prerequisites[reqs]));
+
+ kfree(str_value);
+ }
+ break;
+
+ case SECURITY_LEVEL:
+ ordered_list_data->common.security_level = int_value;
+ break;
+
+ case ORD_LIST_SIZE:
+ ordered_list_data->elements_size = int_value;
+ if (int_value > MAX_ELEMENTS_SIZE)
+ pr_warn("Ordered List size value exceeded the maximum number of elements supported or data may be malformed\n");
+ /*
+ * This HACK is needed to keep the expected
+ * element list pointing to the right obj[elem].type
+ * when the size is zero. ORD_LIST_ELEMENTS
+ * object is omitted by BIOS when the size is
+ * zero.
+ */
+ if (int_value == 0)
+ eloc++;
+ break;
+ case ORD_LIST_ELEMENTS:
+ size = ordered_list_data->elements_size;
+
+ /*
+ * Ordered list data is stored in hex and comma separated format
+ * Convert the data and split it to show each element
+ */
+ ret = convert_hexstr_to_str(str_value, value_len, &tmpstr, &tmp_len);
+ if (ret)
+ goto exit_list_package;
+
+ part_tmp = tmpstr;
+ part = strsep(&part_tmp, ",");
+ if (!part)
+ strscpy(ordered_list_data->elements[0],
+ tmpstr,
+ sizeof(ordered_list_data->elements[0]));
+
+ for (elem = 1; elem < MAX_ELEMENTS_SIZE && part; elem++) {
+ strscpy(ordered_list_data->elements[elem],
+ part,
+ sizeof(ordered_list_data->elements[elem]));
+ part = strsep(&part_tmp, ",");
+ }
+
+ kfree(tmpstr);
+ break;
+ default:
+ pr_warn("Invalid element: %d found in Ordered_List attribute or data may be malformed\n", elem);
+ break;
+ }
+ kfree(tmpstr);
+ kfree(str_value);
+ }
+
+exit_list_package:
+ kfree(tmpstr);
+ kfree(str_value);
+ return 0;
+}
+
+/**
+ * populate_ordered_list_buffer_data() - Populate all properties of an
+ * instance under ordered list attribute
+ *
+ * @buffer_ptr: Buffer pointer
+ * @buffer_size: Buffer size
+ * @instance_id: The instance to enumerate
+ * @attr_name_kobj: The parent kernel object
+ */
+int populate_ordered_list_buffer_data(u8 *buffer_ptr, u32 *buffer_size, int instance_id,
+ struct kobject *attr_name_kobj)
+{
+ struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
+
+ ordered_list_data->attr_name_kobj = attr_name_kobj;
+
+ /* Populate ordered list elements */
+ populate_ordered_list_elements_from_buffer(buffer_ptr, buffer_size,
+ instance_id);
+ update_attribute_permissions(ordered_list_data->common.is_readonly,
+ &ordered_list_current_val);
+ friendly_user_name_update(ordered_list_data->common.path,
+ attr_name_kobj->name,
+ ordered_list_data->common.display_name,
+ sizeof(ordered_list_data->common.display_name));
+
+ return sysfs_create_group(attr_name_kobj, &ordered_list_attr_group);
+}
+
+int populate_ordered_list_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
+ int instance_id)
+{
+ int reqs;
+ int values;
+ struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
+
+ strscpy(ordered_list_data->common.display_name_language_code,
+ LANG_CODE_STR,
+ sizeof(ordered_list_data->common.display_name_language_code));
+
+ // VALUE:
+ get_string_from_buffer(&buffer_ptr, buffer_size, ordered_list_data->current_value,
+ sizeof(ordered_list_data->current_value));
+
+ // PATH:
+ get_string_from_buffer(&buffer_ptr, buffer_size, ordered_list_data->common.path,
+ sizeof(ordered_list_data->common.path));
+
+ // IS_READONLY:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &ordered_list_data->common.is_readonly);
+
+ //DISPLAY_IN_UI:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &ordered_list_data->common.display_in_ui);
+
+ // REQUIRES_PHYSICAL_PRESENCE:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &ordered_list_data->common.requires_physical_presence);
+
+ // SEQUENCE:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &ordered_list_data->common.sequence);
+
+ // PREREQUISITES_SIZE:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &ordered_list_data->common.prerequisites_size);
+
+ if (ordered_list_data->common.prerequisites_size > MAX_PREREQUISITES_SIZE) {
+ /* Report a message and limit prerequisite size to maximum value */
+ pr_warn("String Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
+ ordered_list_data->common.prerequisites_size = MAX_PREREQUISITES_SIZE;
+ }
+
+ // PREREQUISITES:
+ for (reqs = 0;
+ reqs < ordered_list_data->common.prerequisites_size && reqs < MAX_PREREQUISITES_SIZE;
+ reqs++)
+ get_string_from_buffer(&buffer_ptr, buffer_size,
+ ordered_list_data->common.prerequisites[reqs],
+ sizeof(ordered_list_data->common.prerequisites[reqs]));
+
+ // SECURITY_LEVEL:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &ordered_list_data->common.security_level);
+
+ // ORD_LIST_SIZE:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &ordered_list_data->elements_size);
+
+ if (ordered_list_data->elements_size > MAX_ELEMENTS_SIZE) {
+ /* Report a message and limit elements size to maximum value */
+ pr_warn("Ordered List size value exceeded the maximum number of elements supported or data may be malformed\n");
+ ordered_list_data->elements_size = MAX_ELEMENTS_SIZE;
+ }
+
+ // ORD_LIST_ELEMENTS:
+ for (values = 0; values < ordered_list_data->elements_size && values < MAX_ELEMENTS_SIZE;
+ values++)
+ get_string_from_buffer(&buffer_ptr, buffer_size,
+ ordered_list_data->elements[values],
+ sizeof(ordered_list_data->elements[values]));
+
+ return 0;
+}
+
+/**
+ * exit_ordered_list_attributes() - Clear all attribute data
+ *
+ * Clears all data allocated for this group of attributes
+ */
+void exit_ordered_list_attributes(void)
+{
+ int instance_id;
+
+ for (instance_id = 0; instance_id < bioscfg_drv.ordered_list_instances_count;
+ instance_id++) {
+ struct kobject *attr_name_kobj =
+ bioscfg_drv.ordered_list_data[instance_id].attr_name_kobj;
+
+ if (attr_name_kobj)
+ sysfs_remove_group(attr_name_kobj,
+ &ordered_list_attr_group);
+ }
+ bioscfg_drv.ordered_list_instances_count = 0;
+
+ kfree(bioscfg_drv.ordered_list_data);
+ bioscfg_drv.ordered_list_data = NULL;
+}
--
2.34.1

2023-05-05 22:16:26

by Jorge Lopez

[permalink] [raw]
Subject: [PATCH v12 06/13] HP BIOSCFG driver - passwdobj-attributes

HP BIOS Configuration driver purpose is to provide a driver supporting
the latest sysfs class firmware attributes framework allowing the user
to change BIOS settings and security solutions on HP Inc.’s commercial
notebooks.

Many features of HP Commercial notebooks can be managed using Windows
Management Instrumentation (WMI). WMI is an implementation of Web-Based
Enterprise Management (WBEM) that provides a standards-based interface
for changing and monitoring system settings. HP BIOSCFG driver provides
a native Linux solution and the exposed features facilitates the
migration to Linux environments.

The Linux security features to be provided in hp-bioscfg driver enables
managing the BIOS settings and security solutions via sysfs, a virtual
filesystem that can be used by user-mode applications. The new
documentation cover HP-specific firmware sysfs attributes such Secure
Platform Management and Sure Start. Each section provides security
feature description and identifies sysfs directories and files exposed
by the driver.

Many HP Commercial notebooks include a feature called Secure Platform
Management (SPM), which replaces older password-based BIOS settings
management with public key cryptography. PC secure product management
begins when a target system is provisioned with cryptographic keys
that are used to ensure the integrity of communications between system
management utilities and the BIOS.

HP Commercial notebooks have several BIOS settings that control its
behaviour and capabilities, many of which are related to security.
To prevent unauthorized changes to these settings, the system can
be configured to use a cryptographic signature-based authorization
string that the BIOS will use to verify authorization to modify the
setting.

Linux Security components are under development and not published yet.
The only linux component is the driver (hp bioscfg) at this time.
Other published security components are under Windows.

Signed-off-by: Jorge Lopez <[email protected]>

---
Based on the latest platform-drivers-x86.git/for-next
---
.../x86/hp/hp-bioscfg/passwdobj-attributes.c | 584 ++++++++++++++++++
1 file changed, 584 insertions(+)
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c

diff --git a/drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c
new file mode 100644
index 000000000000..7f3bd58ab3fd
--- /dev/null
+++ b/drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c
@@ -0,0 +1,584 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Functions corresponding to password object type attributes under
+ * BIOS PASSWORD for use with hp-bioscfg driver.
+ *
+ * Copyright (c) 2022 HP Development Company, L.P.
+ */
+
+#include "bioscfg.h"
+#include <asm-generic/posix_types.h>
+
+GET_INSTANCE_ID(password);
+/*
+ * Clear all passwords copied to memory for a particular
+ * authentication instance
+ */
+int clear_passwords(const int instance)
+{
+ struct password_data *password_data = &bioscfg_drv.password_data[instance];
+
+ if (!password_data->is_enabled)
+ return 0;
+
+ memset(password_data->current_password,
+ 0, sizeof(password_data->current_password));
+ memset(password_data->new_password,
+ 0, sizeof(password_data->new_password));
+
+ return 0;
+}
+
+/*
+ * Clear all credentials copied to memory for both Power-ON and Setup
+ * BIOS instances
+ */
+int clear_all_credentials(void)
+{
+ int instance;
+
+ /* clear all passwords */
+ for (instance = 0; instance < bioscfg_drv.password_instances_count; instance++)
+ clear_passwords(instance);
+
+ /* clear auth_token */
+ kfree(bioscfg_drv.spm_data.auth_token);
+ bioscfg_drv.spm_data.auth_token = NULL;
+
+ return 0;
+}
+
+int get_password_instance_for_type(const char *name)
+{
+ int count = bioscfg_drv.password_instances_count;
+ int instance;
+
+ for (instance = 0; instance < count; instance++) {
+ if (strcmp(bioscfg_drv.password_data[instance].common.display_name, name) == 0)
+ return instance;
+ }
+ return -EINVAL;
+}
+
+int validate_password_input(int instance_id, const char *buf)
+{
+ int length;
+ struct password_data *password_data = &bioscfg_drv.password_data[instance_id];
+
+ length = strlen(buf);
+ if (buf[length - 1] == '\n')
+ length--;
+
+ if (length > MAX_PASSWD_SIZE)
+ return INVALID_BIOS_AUTH;
+
+ if (password_data->min_password_length > length ||
+ password_data->max_password_length < length)
+ return INVALID_BIOS_AUTH;
+ return SUCCESS;
+}
+
+ATTRIBUTE_N_PROPERTY_SHOW(is_enabled, password);
+static struct kobj_attribute password_is_password_set = __ATTR_RO(is_enabled);
+
+static ssize_t current_password_store(struct kobject *kobj,
+ struct kobj_attribute *attr,
+ const char *buf, size_t count)
+{
+ char *buf_cp;
+ int id, ret = 0;
+
+ buf_cp = kstrdup(buf, GFP_KERNEL);
+ if (!buf_cp) {
+ ret = -ENOMEM;
+ goto exit_password;
+ }
+
+ ret = enforce_single_line_input(buf_cp, count);
+ if (!ret) {
+ id = get_password_instance_id(kobj);
+
+ if (id >= 0)
+ ret = validate_password_input(id, buf_cp);
+ }
+
+ if (!ret) {
+ strscpy(bioscfg_drv.password_data[id].current_password,
+ buf_cp,
+ sizeof(bioscfg_drv.password_data[id].current_password));
+ /*
+ * set pending reboot flag depending on
+ * "RequiresPhysicalPresence" value
+ */
+ if (bioscfg_drv.password_data[id].common.requires_physical_presence)
+ set_reboot_and_signal_event();
+ }
+
+exit_password:
+ kfree(buf_cp);
+ return ret ? ret : count;
+}
+
+static struct kobj_attribute password_current_password = __ATTR_WO(current_password);
+
+static ssize_t new_password_store(struct kobject *kobj,
+ struct kobj_attribute *attr,
+ const char *buf, size_t count)
+{
+ char *buf_cp = NULL;
+ int id = 0;
+ int ret = -EIO;
+
+ buf_cp = kstrdup(buf, GFP_KERNEL);
+ if (!buf_cp) {
+ ret = -ENOMEM;
+ goto exit_password;
+ }
+
+ ret = enforce_single_line_input(buf_cp, count);
+ if (!ret) {
+ id = get_password_instance_id(kobj);
+
+ if (id >= 0)
+ ret = validate_password_input(id, buf_cp);
+ }
+
+ if (!ret)
+ strscpy(bioscfg_drv.password_data[id].new_password,
+ buf_cp,
+ sizeof(bioscfg_drv.password_data[id].new_password));
+
+ if (!ret)
+ ret = hp_set_attribute(kobj->name, buf_cp);
+
+exit_password:
+ /*
+ * Regardless of the results both new and current passwords
+ * will be set to zero and avoid security issues
+ */
+ clear_passwords(id);
+
+ kfree(buf_cp);
+ return ret ? ret : count;
+}
+
+static struct kobj_attribute password_new_password = __ATTR_WO(new_password);
+
+ATTRIBUTE_N_PROPERTY_SHOW(min_password_length, password);
+static struct kobj_attribute password_min_password_length = __ATTR_RO(min_password_length);
+
+ATTRIBUTE_N_PROPERTY_SHOW(max_password_length, password);
+static struct kobj_attribute password_max_password_length = __ATTR_RO(max_password_length);
+
+static ssize_t role_show(struct kobject *kobj, struct kobj_attribute *attr,
+ char *buf)
+{
+ if (strcmp(kobj->name, SETUP_PASSWD) == 0)
+ return sysfs_emit(buf, "%s\n", BIOS_ADMIN);
+
+ if (strcmp(kobj->name, POWER_ON_PASSWD) == 0)
+ return sysfs_emit(buf, "%s\n", POWER_ON);
+
+ return -EIO;
+}
+
+static struct kobj_attribute password_role = __ATTR_RO(role);
+
+static ssize_t mechanism_show(struct kobject *kobj, struct kobj_attribute *attr,
+ char *buf)
+{
+ int i = get_password_instance_id(kobj);
+
+ if (i < 0)
+ return i;
+
+ if (bioscfg_drv.password_data[i].mechanism != PASSWORD)
+ return -EINVAL;
+
+ return sysfs_emit(buf, "%s\n", PASSWD_MECHANISM_TYPES);
+}
+
+static struct kobj_attribute password_mechanism = __ATTR_RO(mechanism);
+
+ATTRIBUTE_VALUES_PROPERTY_SHOW(encodings, password, SEMICOLON_SEP);
+static struct kobj_attribute password_encodings_val =
+ __ATTR_RO(encodings);
+
+static struct attribute *password_attrs[] = {
+ &password_is_password_set.attr,
+ &password_min_password_length.attr,
+ &password_max_password_length.attr,
+ &password_current_password.attr,
+ &password_new_password.attr,
+ &password_role.attr,
+ &password_mechanism.attr,
+ &password_encodings_val.attr,
+ NULL,
+};
+
+static const struct attribute_group password_attr_group = {
+ .attrs = password_attrs
+};
+
+int alloc_password_data(void)
+{
+ int ret = 0;
+
+ bioscfg_drv.password_instances_count = get_instance_count(HP_WMI_BIOS_PASSWORD_GUID);
+ bioscfg_drv.password_data = kcalloc(bioscfg_drv.password_instances_count,
+ sizeof(struct password_data), GFP_KERNEL);
+ if (!bioscfg_drv.password_data) {
+ bioscfg_drv.password_instances_count = 0;
+ ret = -ENOMEM;
+ }
+
+ return ret;
+}
+
+/*
+ * populate_password_package_data -
+ * Populate all properties for an instance under password attribute
+ *
+ * @password_obj: ACPI object with password data
+ * @instance_id: The instance to enumerate
+ * @attr_name_kobj: The parent kernel object
+ */
+int populate_password_package_data(union acpi_object *password_obj, int instance_id,
+ struct kobject *attr_name_kobj)
+{
+ struct password_data *password_data = &bioscfg_drv.password_data[instance_id];
+
+ password_data->attr_name_kobj = attr_name_kobj;
+
+ populate_password_elements_from_package(password_obj,
+ password_obj->package.count,
+ instance_id);
+
+ if (strcmp(attr_name_kobj->name, SETUP_PASSWD) == 0) {
+ /* Save system authentication instance for easy access */
+ return sysfs_create_group(attr_name_kobj, &password_attr_group);
+ }
+
+ return sysfs_create_group(attr_name_kobj, &password_attr_group);
+}
+
+/* Expected Values types associated with each element */
+static const acpi_object_type expected_password_types[] = {
+ [NAME] = ACPI_TYPE_STRING,
+ [VALUE] = ACPI_TYPE_STRING,
+ [PATH] = ACPI_TYPE_STRING,
+ [IS_READONLY] = ACPI_TYPE_INTEGER,
+ [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER,
+ [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER,
+ [SEQUENCE] = ACPI_TYPE_INTEGER,
+ [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER,
+ [PREREQUISITES] = ACPI_TYPE_STRING,
+ [SECURITY_LEVEL] = ACPI_TYPE_INTEGER,
+ [PSWD_MIN_LENGTH] = ACPI_TYPE_INTEGER,
+ [PSWD_MAX_LENGTH] = ACPI_TYPE_INTEGER,
+ [PSWD_SIZE] = ACPI_TYPE_INTEGER,
+ [PSWD_ENCODINGS] = ACPI_TYPE_STRING,
+ [PSWD_IS_SET] = ACPI_TYPE_INTEGER,
+};
+
+int populate_password_elements_from_package(union acpi_object *password_obj,
+ int password_obj_count,
+ int instance_id)
+{
+ char *str_value = NULL;
+ int value_len;
+ int ret;
+ u32 size;
+ u32 int_value;
+ int elem;
+ int reqs;
+ int eloc;
+ int pos_values;
+ struct password_data *password_data = &bioscfg_drv.password_data[instance_id];
+
+ if (!password_obj)
+ return -EINVAL;
+
+ for (elem = 1, eloc = 1; elem < password_obj_count; elem++, eloc++) {
+ /* ONLY look at the first PASSWORD_ELEM_CNT elements */
+ if (eloc == PSWD_ELEM_CNT)
+ goto exit_package;
+
+ switch (password_obj[elem].type) {
+ case ACPI_TYPE_STRING:
+
+ if (PREREQUISITES != elem && PSWD_ENCODINGS != elem) {
+ ret = convert_hexstr_to_str(password_obj[elem].string.pointer,
+ password_obj[elem].string.length,
+ &str_value, &value_len);
+ if (ret)
+ continue;
+ }
+ break;
+ case ACPI_TYPE_INTEGER:
+ int_value = (u32)password_obj[elem].integer.value;
+ break;
+ default:
+ pr_warn("Unsupported object type [%d]\n", password_obj[elem].type);
+ continue;
+ }
+
+ /* Check that both expected and read object type match */
+ if (expected_password_types[eloc] != password_obj[elem].type) {
+ pr_err("Error expected type %d for elem %d, but got type %d instead\n",
+ expected_password_types[eloc], elem, password_obj[elem].type);
+ return -EIO;
+ }
+
+ /* Assign appropriate element value to corresponding field*/
+ switch (eloc) {
+ case VALUE:
+ break;
+ case PATH:
+ strscpy(password_data->common.path, str_value,
+ sizeof(password_data->common.path));
+ break;
+ case IS_READONLY:
+ password_data->common.is_readonly = int_value;
+ break;
+ case DISPLAY_IN_UI:
+ password_data->common.display_in_ui = int_value;
+ break;
+ case REQUIRES_PHYSICAL_PRESENCE:
+ password_data->common.requires_physical_presence = int_value;
+ break;
+ case SEQUENCE:
+ password_data->common.sequence = int_value;
+ break;
+ case PREREQUISITES_SIZE:
+ password_data->common.prerequisites_size = int_value;
+ if (int_value > MAX_PREREQUISITES_SIZE)
+ pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
+ /*
+ * This HACK is needed to keep the expected
+ * element list pointing to the right obj[elem].type
+ * when the size is zero. PREREQUISITES
+ * object is omitted by BIOS when the size is
+ * zero.
+ */
+ if (int_value == 0)
+ eloc++;
+ break;
+ case PREREQUISITES:
+ size = password_data->common.prerequisites_size;
+
+ for (reqs = 0; reqs < size; reqs++) {
+ ret = convert_hexstr_to_str(password_obj[elem + reqs].string.pointer,
+ password_obj[elem + reqs].string.length,
+ &str_value, &value_len);
+
+ if (ret)
+ break;
+
+ strscpy(password_data->common.prerequisites[reqs],
+ str_value,
+ sizeof(password_data->common.prerequisites[reqs]));
+
+ kfree(str_value);
+ }
+ break;
+
+ case SECURITY_LEVEL:
+ password_data->common.security_level = int_value;
+ break;
+
+ case PSWD_MIN_LENGTH:
+ password_data->min_password_length = int_value;
+ break;
+ case PSWD_MAX_LENGTH:
+ password_data->max_password_length = int_value;
+ break;
+ case PSWD_SIZE:
+ password_data->encodings_size = int_value;
+ if (int_value > MAX_ENCODINGS_SIZE)
+ pr_warn("Password Encoding size value exceeded the maximum number of elements supported or data may be malformed\n");
+
+ /*
+ * This HACK is needed to keep the expected
+ * element list pointing to the right obj[elem].type
+ * when the size is zero. PSWD_ENCODINGS
+ * object is omitted by BIOS when the size is
+ * zero.
+ */
+ if (int_value == 0)
+ eloc++;
+ break;
+
+ case PSWD_ENCODINGS:
+ size = password_data->encodings_size;
+
+ for (pos_values = 0; pos_values < size && pos_values < MAX_ENCODINGS_SIZE;
+ pos_values++) {
+ ret = convert_hexstr_to_str(password_obj[elem + pos_values].string.pointer,
+ password_obj[elem + pos_values].string.length,
+ &str_value, &value_len);
+ if (ret)
+ break;
+
+ strscpy(password_data->encodings[pos_values],
+ str_value,
+ sizeof(password_data->encodings[pos_values]));
+ kfree(str_value);
+ }
+ break;
+ case PSWD_IS_SET:
+ password_data->is_enabled = int_value;
+ break;
+
+ default:
+ pr_warn("Invalid element: %d found in Password attribute or data may be malformed\n", elem);
+ break;
+ }
+ kfree(str_value);
+ }
+
+exit_package:
+ kfree(str_value);
+ return 0;
+}
+
+/**
+ * populate_password_buffer_data -
+ * Populate all properties for an instance under password object attribute
+ *
+ * @buffer_ptr: Buffer pointer
+ * @buffer_size: Buffer size
+ * @instance_id: The instance to enumerate
+ * @attr_name_kobj: The parent kernel object
+ */
+int populate_password_buffer_data(u8 *buffer_ptr, u32 *buffer_size, int instance_id,
+ struct kobject *attr_name_kobj)
+{
+ struct password_data *password_data = &bioscfg_drv.password_data[instance_id];
+
+ password_data->attr_name_kobj = attr_name_kobj;
+
+ /* Populate Password attributes */
+ populate_password_elements_from_buffer(buffer_ptr, buffer_size,
+ instance_id);
+ friendly_user_name_update(password_data->common.path,
+ attr_name_kobj->name,
+ password_data->common.display_name,
+ sizeof(password_data->common.display_name));
+ if (strcmp(attr_name_kobj->name, "Setup Password") == 0)
+ return sysfs_create_group(attr_name_kobj, &password_attr_group);
+
+ return sysfs_create_group(attr_name_kobj, &password_attr_group);
+}
+
+int populate_password_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
+ int instance_id)
+{
+ int reqs;
+ int values;
+ struct password_data *password_data = &bioscfg_drv.password_data[instance_id];
+
+ // VALUE:
+ get_string_from_buffer(&buffer_ptr, buffer_size, password_data->current_password,
+ sizeof(password_data->current_password));
+
+ // PATH:
+ get_string_from_buffer(&buffer_ptr, buffer_size, password_data->common.path,
+ sizeof(password_data->common.path));
+
+ // IS_READONLY:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &password_data->common.is_readonly);
+
+ //DISPLAY_IN_UI:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &password_data->common.display_in_ui);
+
+ // REQUIRES_PHYSICAL_PRESENCE:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &password_data->common.requires_physical_presence);
+
+ // SEQUENCE:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &password_data->common.sequence);
+
+ // PREREQUISITES_SIZE:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &password_data->common.prerequisites_size);
+
+ if (password_data->common.prerequisites_size > MAX_PREREQUISITES_SIZE) {
+ /* Report a message and limit prerequisite size to maximum value */
+ pr_warn("Password Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
+ password_data->common.prerequisites_size = MAX_PREREQUISITES_SIZE;
+ }
+
+ // PREREQUISITES:
+ for (reqs = 0;
+ reqs < password_data->common.prerequisites_size && reqs < MAX_PREREQUISITES_SIZE;
+ reqs++)
+ get_string_from_buffer(&buffer_ptr, buffer_size,
+ password_data->common.prerequisites[reqs],
+ sizeof(password_data->common.prerequisites[reqs]));
+
+ // SECURITY_LEVEL:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &password_data->common.security_level);
+
+ // PSWD_MIN_LENGTH:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &password_data->min_password_length);
+
+ // PSWD_MAX_LENGTH:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &password_data->max_password_length);
+
+ // PSWD_SIZE:
+ if (password_data->encodings_size > MAX_ENCODINGS_SIZE) {
+ /* Report a message and limit possible values size to maximum value */
+ pr_warn("Password Encoding size value exceeded the maximum number of elements supported or data may be malformed\n");
+ password_data->encodings_size = MAX_ENCODINGS_SIZE;
+ }
+
+ // PSWD_ENCODINGS:
+
+ for (values = 0;
+ values < password_data->encodings_size && values < MAX_VALUES_SIZE;
+ values++)
+ get_string_from_buffer(&buffer_ptr, buffer_size,
+ password_data->encodings[values],
+ sizeof(password_data->encodings[values]));
+
+ // PSWD_IS_SET:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &password_data->is_enabled);
+
+ return 0;
+}
+
+/*
+ * exit_password_attributes() - Clear all attribute data
+ *
+ * Clears all data allocated for this group of attributes
+ */
+void exit_password_attributes(void)
+{
+ int instance_id;
+
+ for (instance_id = 0; instance_id < bioscfg_drv.password_instances_count;
+ instance_id++) {
+ struct kobject *attr_name_kobj =
+ bioscfg_drv.password_data[instance_id].attr_name_kobj;
+
+ if (attr_name_kobj) {
+ if (strcmp(attr_name_kobj->name, SETUP_PASSWD) == 0)
+ sysfs_remove_group(attr_name_kobj,
+ &password_attr_group);
+ else
+ sysfs_remove_group(attr_name_kobj,
+ &password_attr_group);
+ }
+ }
+ bioscfg_drv.password_instances_count = 0;
+ kfree(bioscfg_drv.password_data);
+ bioscfg_drv.password_data = NULL;
+}
--
2.34.1

2023-05-05 22:21:20

by Jorge Lopez

[permalink] [raw]
Subject: [PATCH v12 01/13] HP BIOSCFG driver - Documentation

HP BIOS Configuration driver purpose is to provide a driver supporting
the latest sysfs class firmware attributes framework allowing the user
to change BIOS settings and security solutions on HP Inc.’s commercial
notebooks.

Many features of HP Commercial notebooks can be managed using Windows
Management Instrumentation (WMI). WMI is an implementation of Web-Based
Enterprise Management (WBEM) that provides a standards-based interface
for changing and monitoring system settings. HP BIOSCFG driver provides
a native Linux solution and the exposed features facilitates the
migration to Linux environments.

The Linux security features to be provided in hp-bioscfg driver enables
managing the BIOS settings and security solutions via sysfs, a virtual
filesystem that can be used by user-mode applications. The new
documentation cover HP-specific firmware sysfs attributes such Secure
Platform Management and Sure Start. Each section provides security
feature description and identifies sysfs directories and files exposed
by the driver.

Many HP Commercial notebooks include a feature called Secure Platform
Management (SPM), which replaces older password-based BIOS settings
management with public key cryptography. PC secure product management
begins when a target system is provisioned with cryptographic keys
that are used to ensure the integrity of communications between system
management utilities and the BIOS.

HP Commercial notebooks have several BIOS settings that control its
behaviour and capabilities, many of which are related to security.
To prevent unauthorized changes to these settings, the system can
be configured to use a cryptographic signature-based authorization
string that the BIOS will use to verify authorization to modify the
setting.

Linux Security components are under development and not published yet.
The only linux component is the driver (hp bioscfg) at this time.
Other published security components are under Windows.

Signed-off-by: Jorge Lopez <[email protected]>

---
Based on the latest platform-drivers-x86.git/for-next
---
.../testing/sysfs-class-firmware-attributes | 117 +++++++++++++++++-
1 file changed, 115 insertions(+), 2 deletions(-)

diff --git a/Documentation/ABI/testing/sysfs-class-firmware-attributes b/Documentation/ABI/testing/sysfs-class-firmware-attributes
index 4cdba3477176..ad65102ef7cf 100644
--- a/Documentation/ABI/testing/sysfs-class-firmware-attributes
+++ b/Documentation/ABI/testing/sysfs-class-firmware-attributes
@@ -22,6 +22,11 @@ Description:
- integer: a range of numerical values
- string

+ HP specific types
+ -----------------
+ - ordered-list - a set of ordered list valid values
+
+
All attribute types support the following values:

current_value:
@@ -126,6 +131,22 @@ Description:
value will not be effective through sysfs until this rule is
met.

+ HP specific class extensions
+ ------------------------------
+
+ On HP systems the following additional attributes are available:
+
+ "ordered-list"-type specific properties:
+
+ elements:
+ A file that can be read to obtain the possible
+ list of values of the <attr>. Values are separated using
+ semi-colon (``,``). The order individual elements are listed
+ according to their priority. An element listed first has the
+ highest priority. Writing the list in a different order to
+ current_value alters the priority order for the particular
+ attribute.
+
What: /sys/class/firmware-attributes/*/authentication/
Date: February 2021
KernelVersion: 5.11
@@ -206,7 +227,7 @@ Description:
Drivers may emit a CHANGE uevent when a password is set or unset
userspace may check it again.

- On Dell and Lenovo systems, if Admin password is set, then all BIOS attributes
+ On Dell, Lenovo and HP systems, if Admin password is set, then all BIOS attributes
require password validation.
On Lenovo systems if you change the Admin password the new password is not active until
the next boot.
@@ -296,6 +317,15 @@ Description:
echo "signature" > authentication/Admin/signature
echo "password" > authentication/Admin/certificate_to_password

+ HP specific class extensions
+ --------------------------------
+
+ On HP systems the following additional settings are available:
+
+ role: enhanced-bios-auth:
+ This role is specific to Secure Platform Management (SPM) attribute.
+ It requires configuring an endorsement (kek) and signing certificate (sk).
+

What: /sys/class/firmware-attributes/*/attributes/pending_reboot
Date: February 2021
@@ -311,7 +341,7 @@ Description:
== =========================================
0 All BIOS attributes setting are current
1 A reboot is necessary to get pending BIOS
- attribute changes applied
+ attribute changes applied
== =========================================

Note, userspace applications need to follow below steps for efficient
@@ -364,3 +394,86 @@ Description:
use it to enable extra debug attributes or BIOS features for testing purposes.

Note that any changes to this attribute requires a reboot for changes to take effect.
+
+
+ HP specific class extensions - Secure Platform Manager (SPM)
+ --------------------------------
+
+What: /sys/class/firmware-attributes/*/authentication/SPM/kek
+Date: March 29
+KernelVersion: 5.18
+Contact: "Jorge Lopez" <[email protected]>
+Description:
+ 'kek' Key-Encryption-Key is a write-only file that can be used to configure the
+ RSA public key that will be used by the BIOS to verify
+ signatures when setting the signing key. When written,
+ the bytes should correspond to the KEK certificate
+ (x509 .DER format containing an OU). The size of the
+ certificate must be less than or equal to 4095 bytes.
+
+What: /sys/class/firmware-attributes/*/authentication/SPM/sk
+Date: March 29
+KernelVersion: 5.18
+Contact: "Jorge Lopez" <[email protected]>
+Description:
+ 'sk' Signature Key is a write-only file that can be used to configure the RSA
+ public key that will be used by the BIOS to verify signatures
+ when configuring BIOS settings and security features. When
+ written, the bytes should correspond to the modulus of the
+ public key. The exponent is assumed to be 0x10001.
+
+What: /sys/class/firmware-attributes/*/authentication/SPM/status
+Date: March 29
+KernelVersion: 5.18
+Contact: "Jorge Lopez" <[email protected]>
+Description:
+ 'status' is a read-only file that returns ASCII text in JSON format reporting
+ the status information.
+
+ "State": "not provisioned | provisioned | provisioning in progress ",
+ "Version": " Major. Minor ",
+ "Nonce": <16-bit unsigned number display in base 10>,
+ "FeaturesInUse": <16-bit unsigned number display in base 10>,
+ "EndorsementKeyMod": "<256 bytes in base64>",
+ "SigningKeyMod": "<256 bytes in base64>"
+
+What: /sys/class/firmware-attributes/*/authentication/SPM/status
+Date: March 29
+KernelVersion: 5.18
+Contact: "Jorge Lopez" <[email protected]>
+Description:
+ 'status' is a read-only file that returns ASCII text in JSON format reporting
+ the status information.
+
+ "State": "not provisioned | provisioned | provisioning in progress ",
+ "Version": " Major. Minor ",
+ "Nonce": <16-bit unsigned number display in base 10>,
+ "FeaturesInUse": <16-bit unsigned number display in base 10>,
+ "EndorsementKeyMod": "<256 bytes in base64>",
+ "SigningKeyMod": "<256 bytes in base64>"
+
+What: /sys/class/firmware-attributes/*/attributes/Sure_Start/audit_log_entries
+Date: March 29
+KernelVersion: 5.18
+Contact: "Jorge Lopez" <[email protected]>
+Description:
+ 'audit_log_entries' is a read-only file that returns the events in the log.
+
+ Audit log entry format
+
+ Byte 0-15: Requested Audit Log entry (Each Audit log is 16 bytes)
+ Byte 16-127: Unused
+
+What: /sys/class/firmware-attributes/*/attributes/Sure_Start/audit_log_entry_count
+Date: March 29
+KernelVersion: 5.18
+Contact: "Jorge Lopez" <[email protected]>
+Description:
+ 'audit_log_entry_count' is a read-only file that returns the number of existing
+ audit log events available to be read. Values are separated using comma (``,``)
+
+ [No of entries],[log entry size],[Max number of entries supported]
+
+ log entry size identifies audit log size for the current BIOS version.
+ The current size is 16 bytes but it can be to up to 128 bytes long
+ in future BIOS versions.
--
2.34.1

2023-05-05 22:30:05

by Jorge Lopez

[permalink] [raw]
Subject: [PATCH v12 09/13] HP BIOSCFG driver - enum-attributes

HP BIOS Configuration driver purpose is to provide a driver supporting
the latest sysfs class firmware attributes framework allowing the user
to change BIOS settings and security solutions on HP Inc.’s commercial
notebooks.

Many features of HP Commercial notebooks can be managed using Windows
Management Instrumentation (WMI). WMI is an implementation of Web-Based
Enterprise Management (WBEM) that provides a standards-based interface
for changing and monitoring system settings. HP BIOSCFG driver provides
a native Linux solution and the exposed features facilitates the
migration to Linux environments.

The Linux security features to be provided in hp-bioscfg driver enables
managing the BIOS settings and security solutions via sysfs, a virtual
filesystem that can be used by user-mode applications. The new
documentation cover HP-specific firmware sysfs attributes such Secure
Platform Management and Sure Start. Each section provides security
feature description and identifies sysfs directories and files exposed
by the driver.

Many HP Commercial notebooks include a feature called Secure Platform
Management (SPM), which replaces older password-based BIOS settings
management with public key cryptography. PC secure product management
begins when a target system is provisioned with cryptographic keys
that are used to ensure the integrity of communications between system
management utilities and the BIOS.

HP Commercial notebooks have several BIOS settings that control its
behaviour and capabilities, many of which are related to security.
To prevent unauthorized changes to these settings, the system can
be configured to use a cryptographic signature-based authorization
string that the BIOS will use to verify authorization to modify the
setting.

Linux Security components are under development and not published yet.
The only linux component is the driver (hp bioscfg) at this time.
Other published security components are under Windows.

Signed-off-by: Jorge Lopez <[email protected]>

---
Based on the latest platform-drivers-x86.git/for-next
---
.../x86/hp/hp-bioscfg/enum-attributes.c | 482 ++++++++++++++++++
1 file changed, 482 insertions(+)
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c

diff --git a/drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c
new file mode 100644
index 000000000000..d83b092ba7d8
--- /dev/null
+++ b/drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c
@@ -0,0 +1,482 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Functions corresponding to enumeration type attributes under
+ * BIOS Enumeration GUID for use with hp-bioscfg driver.
+ *
+ * Copyright (c) 2022 HP Development Company, L.P.
+ */
+
+#include "bioscfg.h"
+
+GET_INSTANCE_ID(enumeration);
+
+static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
+{
+ int instance_id = get_enumeration_instance_id(kobj);
+
+ if (instance_id < 0)
+ return -EIO;
+
+ return sysfs_emit(buf, "%s\n",
+ bioscfg_drv.enumeration_data[instance_id].current_value);
+}
+
+/**
+ * validate_enumeration_input() -
+ * Validate input of current_value against possible values
+ *
+ * @instance_id: The instance on which input is validated
+ * @buf: Input value
+ */
+static int validate_enumeration_input(int instance_id, const char *buf)
+{
+ int i;
+ int found = 0;
+ struct enumeration_data *enum_data = &bioscfg_drv.enumeration_data[instance_id];
+
+ /* Is it a read only attribute */
+ if (enum_data->common.is_readonly)
+ return -EIO;
+
+ for (i = 0; i < enum_data->possible_values_size && !found; i++)
+ if (!strcasecmp(enum_data->possible_values[i], buf))
+ found = 1;
+
+ if (!found)
+ return -EINVAL;
+
+ /*
+ * set pending reboot flag depending on
+ * "RequiresPhysicalPresence" value
+ */
+ if (enum_data->common.requires_physical_presence)
+ set_reboot_and_signal_event();
+
+ return 0;
+}
+
+static void update_enumeration_value(int instance_id, char *attr_value)
+{
+ struct enumeration_data *enum_data = &bioscfg_drv.enumeration_data[instance_id];
+
+ strscpy(enum_data->current_value,
+ attr_value,
+ sizeof(enum_data->current_value));
+}
+
+ATTRIBUTE_S_COMMON_PROPERTY_SHOW(display_name_language_code, enumeration);
+static struct kobj_attribute enumeration_display_langcode =
+ __ATTR_RO(display_name_language_code);
+
+ATTRIBUTE_S_COMMON_PROPERTY_SHOW(display_name, enumeration);
+static struct kobj_attribute enumeration_display_name =
+ __ATTR_RO(display_name);
+
+ATTRIBUTE_PROPERTY_STORE(current_value, enumeration);
+static struct kobj_attribute enumeration_current_val =
+ __ATTR_RW(current_value);
+
+ATTRIBUTE_VALUES_PROPERTY_SHOW(possible_values, enumeration, SEMICOLON_SEP);
+static struct kobj_attribute enumeration_poss_val =
+ __ATTR_RO(possible_values);
+
+static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
+ char *buf)
+{
+ return sysfs_emit(buf, "enumeration\n");
+}
+
+static struct kobj_attribute enumeration_type =
+ __ATTR_RO(type);
+
+static struct attribute *enumeration_attrs[] = {
+ &enumeration_display_langcode.attr,
+ &enumeration_display_name.attr,
+ &enumeration_current_val.attr,
+ &enumeration_poss_val.attr,
+ &enumeration_type.attr,
+ NULL,
+};
+
+static const struct attribute_group enumeration_attr_group = {
+ .attrs = enumeration_attrs,
+};
+
+int alloc_enumeration_data(void)
+{
+ bioscfg_drv.enumeration_instances_count =
+ get_instance_count(HP_WMI_BIOS_ENUMERATION_GUID);
+
+ bioscfg_drv.enumeration_data = kcalloc(bioscfg_drv.enumeration_instances_count,
+ sizeof(struct enumeration_data), GFP_KERNEL);
+ if (!bioscfg_drv.enumeration_data) {
+ bioscfg_drv.enumeration_instances_count = 0;
+ return -ENOMEM;
+ }
+ return 0;
+}
+
+/* Expected Values types associated with each element */
+static const acpi_object_type expected_enum_types[] = {
+ [NAME] = ACPI_TYPE_STRING,
+ [VALUE] = ACPI_TYPE_STRING,
+ [PATH] = ACPI_TYPE_STRING,
+ [IS_READONLY] = ACPI_TYPE_INTEGER,
+ [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER,
+ [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER,
+ [SEQUENCE] = ACPI_TYPE_INTEGER,
+ [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER,
+ [PREREQUISITES] = ACPI_TYPE_STRING,
+ [SECURITY_LEVEL] = ACPI_TYPE_INTEGER,
+ [ENUM_CURRENT_VALUE] = ACPI_TYPE_STRING,
+ [ENUM_SIZE] = ACPI_TYPE_INTEGER,
+ [ENUM_POSSIBLE_VALUES] = ACPI_TYPE_STRING,
+};
+
+/**
+ * populate_enumeration_package_data() -
+ * Populate all properties of an instance under enumeration attribute
+ *
+ * @enum_obj: ACPI object with enumeration data
+ * @instance_id: The instance to enumerate
+ * @attr_name_kobj: The parent kernel object
+ */
+int populate_enumeration_package_data(union acpi_object *enum_obj,
+ int instance_id,
+ struct kobject *attr_name_kobj)
+{
+ struct enumeration_data *enum_data = &bioscfg_drv.enumeration_data[instance_id];
+
+ enum_data->attr_name_kobj = attr_name_kobj;
+
+ populate_enumeration_elements_from_package(enum_obj,
+ enum_obj->package.count,
+ instance_id);
+ update_attribute_permissions(enum_data->common.is_readonly,
+ &enumeration_current_val);
+ /*
+ * Several attributes have names such "MONDAY". Friendly
+ * user nane is generated to make the name more descriptive
+ */
+ friendly_user_name_update(enum_data->common.path,
+ attr_name_kobj->name,
+ enum_data->common.display_name,
+ sizeof(enum_data->common.display_name));
+ return sysfs_create_group(attr_name_kobj, &enumeration_attr_group);
+}
+
+int populate_enumeration_elements_from_package(union acpi_object *enum_obj,
+ int enum_obj_count,
+ int instance_id)
+{
+ char *str_value = NULL;
+ int value_len;
+ u32 size = 0;
+ u32 int_value;
+ int elem = 0;
+ int reqs;
+ int pos_values;
+ int ret;
+ int eloc;
+ struct enumeration_data *enum_data = &bioscfg_drv.enumeration_data[instance_id];
+
+ strscpy(enum_data->common.display_name_language_code,
+ LANG_CODE_STR,
+ sizeof(enum_data->common.display_name_language_code));
+
+ for (elem = 1, eloc = 1; elem < enum_obj_count; elem++, eloc++) {
+ /* ONLY look at the first ENUM_ELEM_CNT elements */
+ if (eloc == ENUM_ELEM_CNT)
+ goto exit_enumeration_package;
+
+ switch (enum_obj[elem].type) {
+ case ACPI_TYPE_STRING:
+
+ if (PREREQUISITES != elem && ENUM_POSSIBLE_VALUES != elem) {
+ ret = convert_hexstr_to_str(enum_obj[elem].string.pointer,
+ enum_obj[elem].string.length,
+ &str_value, &value_len);
+ if (ret)
+ return -EINVAL;
+ }
+ break;
+ case ACPI_TYPE_INTEGER:
+ int_value = (u32)enum_obj[elem].integer.value;
+ break;
+ default:
+ pr_warn("Unsupported object type [%d]\n", enum_obj[elem].type);
+ continue;
+ }
+
+ /* Check that both expected and read object type match */
+ if (expected_enum_types[eloc] != enum_obj[elem].type) {
+ pr_err("Error expected type %d for elem %d, but got type %d instead\n",
+ expected_enum_types[eloc], elem, enum_obj[elem].type);
+ return -EIO;
+ }
+
+ /* Assign appropriate element value to corresponding field */
+ switch (eloc) {
+ case NAME:
+ case VALUE:
+ break;
+ case PATH:
+ strscpy(enum_data->common.path, str_value,
+ sizeof(enum_data->common.path));
+ break;
+ case IS_READONLY:
+ enum_data->common.is_readonly = int_value;
+ break;
+ case DISPLAY_IN_UI:
+ enum_data->common.display_in_ui = int_value;
+ break;
+ case REQUIRES_PHYSICAL_PRESENCE:
+ enum_data->common.requires_physical_presence = int_value;
+ break;
+ case SEQUENCE:
+ enum_data->common.sequence = int_value;
+ break;
+ case PREREQUISITES_SIZE:
+ enum_data->common.prerequisites_size = int_value;
+ if (int_value > MAX_PREREQUISITES_SIZE)
+ pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
+
+ /*
+ * This HACK is needed to keep the expected
+ * element list pointing to the right obj[elem].type
+ * when the size is zero. PREREQUISITES
+ * object is omitted by BIOS when the size is
+ * zero.
+ */
+ if (int_value == 0)
+ eloc++;
+ break;
+
+ case PREREQUISITES:
+
+ size = enum_data->common.prerequisites_size;
+
+ for (reqs = 0; reqs < size && reqs < MAX_PREREQUISITES_SIZE; reqs++) {
+ if (elem >= enum_obj_count) {
+ pr_err("Error enum-objects package is too small\n");
+ return -EINVAL;
+ }
+
+ ret = convert_hexstr_to_str(enum_obj[elem + reqs].string.pointer,
+ enum_obj[elem + reqs].string.length,
+ &str_value, &value_len);
+
+ if (ret)
+ return -EINVAL;
+
+ strscpy(enum_data->common.prerequisites[reqs],
+ str_value,
+ sizeof(enum_data->common.prerequisites[reqs]));
+
+ kfree(str_value);
+ }
+ break;
+
+ case SECURITY_LEVEL:
+ enum_data->common.security_level = int_value;
+ break;
+
+ case ENUM_CURRENT_VALUE:
+ strscpy(enum_data->current_value,
+ str_value, sizeof(enum_data->current_value));
+ break;
+ case ENUM_SIZE:
+ enum_data->possible_values_size = int_value;
+ if (int_value > MAX_VALUES_SIZE)
+ pr_warn("Possible number values size value exceeded the maximum number of elements supported or data may be malformed\n");
+
+ /*
+ * This HACK is needed to keep the expected
+ * element list pointing to the right obj[elem].type
+ * when the size is zero. POSSIBLE_VALUES
+ * object is omitted by BIOS when the size is zero.
+ */
+ if (int_value == 0)
+ eloc++;
+ break;
+
+ case ENUM_POSSIBLE_VALUES:
+ size = enum_data->possible_values_size;
+
+ for (pos_values = 0; pos_values < size && pos_values < MAX_VALUES_SIZE;
+ pos_values++) {
+ if (elem >= enum_obj_count) {
+ pr_err("Error enum-objects package is too small\n");
+ return -EINVAL;
+ }
+
+ ret = convert_hexstr_to_str(enum_obj[elem + pos_values].string.pointer,
+ enum_obj[elem + pos_values].string.length,
+ &str_value, &value_len);
+
+ if (ret)
+ return -EINVAL;
+
+ /*
+ * ignore strings when possible values size
+ * is greater than MAX_VALUES_SIZE
+ */
+ if (size < MAX_VALUES_SIZE)
+ strscpy(enum_data->possible_values[pos_values],
+ str_value,
+ sizeof(enum_data->possible_values[pos_values]));
+
+ kfree(str_value);
+ }
+ break;
+ default:
+ pr_warn("Invalid element: %d found in Enumeration attribute or data may be malformed\n", elem);
+ break;
+ }
+
+ kfree(str_value);
+ }
+
+exit_enumeration_package:
+ kfree(str_value);
+ return 0;
+}
+
+/**
+ * populate_enumeration_buffer_data() -
+ * Populate all properties of an instance under enumeration attribute
+ *
+ * @buffer_ptr: Buffer pointer
+ * @buffer_size: Buffer size
+ * @instance_id: The instance to enumerate
+ * @attr_name_kobj: The parent kernel object
+ */
+int populate_enumeration_buffer_data(u8 *buffer_ptr, u32 *buffer_size,
+ int instance_id,
+ struct kobject *attr_name_kobj)
+{
+ struct enumeration_data *enum_data = &bioscfg_drv.enumeration_data[instance_id];
+
+ enum_data->attr_name_kobj = attr_name_kobj;
+
+ /* Populate enumeration elements */
+ populate_enumeration_elements_from_buffer(buffer_ptr, buffer_size,
+ instance_id);
+
+ update_attribute_permissions(enum_data->common.is_readonly,
+ &enumeration_current_val);
+ /*
+ * Several attributes have names such "MONDAY". A Friendlier
+ * user nane is generated to make the name more descriptive
+ */
+ friendly_user_name_update(enum_data->common.path,
+ attr_name_kobj->name,
+ enum_data->common.display_name,
+ sizeof(enum_data->common.display_name));
+
+ return sysfs_create_group(attr_name_kobj, &enumeration_attr_group);
+}
+
+int populate_enumeration_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
+ int instance_id)
+{
+ int reqs;
+ int values;
+ struct enumeration_data *enum_data = &bioscfg_drv.enumeration_data[instance_id];
+
+ strscpy(enum_data->common.display_name_language_code,
+ LANG_CODE_STR,
+ sizeof(enum_data->common.display_name_language_code));
+
+ // VALUE:
+ get_string_from_buffer(&buffer_ptr, buffer_size, enum_data->current_value,
+ sizeof(enum_data->current_value));
+
+ // PATH:
+ get_string_from_buffer(&buffer_ptr, buffer_size, enum_data->common.path,
+ sizeof(enum_data->common.path));
+
+ // IS_READONLY:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &enum_data->common.is_readonly);
+
+ //DISPLAY_IN_UI:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &enum_data->common.display_in_ui);
+
+ // REQUIRES_PHYSICAL_PRESENCE:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &enum_data->common.requires_physical_presence);
+
+ // SEQUENCE:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &enum_data->common.sequence);
+
+ // PREREQUISITES_SIZE:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &enum_data->common.prerequisites_size);
+
+ if (enum_data->common.prerequisites_size > MAX_PREREQUISITES_SIZE) {
+ /* Report a message and limit prerequisite size to maximum value */
+ pr_warn("Enum Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
+ enum_data->common.prerequisites_size = MAX_PREREQUISITES_SIZE;
+ }
+
+ // PREREQUISITES:
+ for (reqs = 0; reqs < enum_data->common.prerequisites_size && reqs < MAX_PREREQUISITES_SIZE;
+ reqs++)
+ get_string_from_buffer(&buffer_ptr, buffer_size,
+ enum_data->common.prerequisites[reqs],
+ sizeof(enum_data->common.prerequisites[reqs]));
+
+ // SECURITY_LEVEL:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &enum_data->common.security_level);
+
+ // ENUM_CURRENT_VALUE:
+ get_string_from_buffer(&buffer_ptr, buffer_size,
+ enum_data->current_value,
+ sizeof(enum_data->current_value));
+ // ENUM_SIZE:
+ get_integer_from_buffer(&buffer_ptr, buffer_size,
+ &enum_data->possible_values_size);
+
+ if (enum_data->possible_values_size > MAX_VALUES_SIZE) {
+ /* Report a message and limit possible values size to maximum value */
+ pr_warn("Enum Possible size value exceeded the maximum number of elements supported or data may be malformed\n");
+ enum_data->possible_values_size = MAX_VALUES_SIZE;
+ }
+
+ // ENUM_POSSIBLE_VALUES:
+
+ for (values = 0; values < enum_data->possible_values_size && values < MAX_VALUES_SIZE;
+ values++)
+ get_string_from_buffer(&buffer_ptr, buffer_size,
+ enum_data->possible_values[values],
+ sizeof(enum_data->possible_values[values]));
+
+ return 0;
+}
+
+/**
+ * exit_enumeration_attributes() - Clear all attribute data
+ *
+ * Clears all data allocated for this group of attributes
+ */
+void exit_enumeration_attributes(void)
+{
+ int instance_id;
+
+ for (instance_id = 0; instance_id < bioscfg_drv.enumeration_instances_count;
+ instance_id++) {
+ struct enumeration_data *enum_data = &bioscfg_drv.enumeration_data[instance_id];
+ struct kobject *attr_name_kobj = enum_data->attr_name_kobj;
+
+ if (attr_name_kobj)
+ sysfs_remove_group(attr_name_kobj, &enumeration_attr_group);
+ }
+ bioscfg_drv.enumeration_instances_count = 0;
+
+ kfree(bioscfg_drv.enumeration_data);
+ bioscfg_drv.enumeration_data = NULL;
+}
--
2.34.1

2023-05-05 22:35:10

by Jorge Lopez

[permalink] [raw]
Subject: [PATCH v12 10/13] HP BIOSCFG driver - spmobj-attributes

HP BIOS Configuration driver purpose is to provide a driver supporting
the latest sysfs class firmware attributes framework allowing the user
to change BIOS settings and security solutions on HP Inc.’s commercial
notebooks.

Many features of HP Commercial notebooks can be managed using Windows
Management Instrumentation (WMI). WMI is an implementation of Web-Based
Enterprise Management (WBEM) that provides a standards-based interface
for changing and monitoring system settings. HP BIOSCFG driver provides
a native Linux solution and the exposed features facilitates the
migration to Linux environments.

The Linux security features to be provided in hp-bioscfg driver enables
managing the BIOS settings and security solutions via sysfs, a virtual
filesystem that can be used by user-mode applications. The new
documentation cover HP-specific firmware sysfs attributes such Secure
Platform Management and Sure Start. Each section provides security
feature description and identifies sysfs directories and files exposed
by the driver.

Many HP Commercial notebooks include a feature called Secure Platform
Management (SPM), which replaces older password-based BIOS settings
management with public key cryptography. PC secure product management
begins when a target system is provisioned with cryptographic keys
that are used to ensure the integrity of communications between system
management utilities and the BIOS.

HP Commercial notebooks have several BIOS settings that control its
behaviour and capabilities, many of which are related to security.
To prevent unauthorized changes to these settings, the system can
be configured to use a cryptographic signature-based authorization
string that the BIOS will use to verify authorization to modify the
setting.

Linux Security components are under development and not published yet.
The only linux component is the driver (hp bioscfg) at this time.
Other published security components are under Windows.

Signed-off-by: Jorge Lopez <[email protected]>

---
Based on the latest platform-drivers-x86.git/for-next
---
.../x86/hp/hp-bioscfg/spmobj-attributes.c | 381 ++++++++++++++++++
1 file changed, 381 insertions(+)
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c

diff --git a/drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
new file mode 100644
index 000000000000..f08f7aae9423
--- /dev/null
+++ b/drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
@@ -0,0 +1,381 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Functions corresponding to secure platform management object type
+ * attributes under BIOS PASSWORD for use with hp-bioscfg driver
+ *
+ * Copyright (c) 2022 HP Development Company, L.P.
+ */
+
+#include "bioscfg.h"
+
+static const char * const spm_state_types[] = {
+ "not provisioned",
+ "provisioned",
+ "provisioning in progress",
+};
+
+static const char * const spm_mechanism_types[] = {
+ "not provisioned",
+ "signing-key",
+ "endorsement-key",
+};
+
+struct secureplatform_provisioning_data {
+ u8 state;
+ u8 version[2];
+ u8 reserved1;
+ u32 features;
+ u32 nonce;
+ u8 reserved2[28];
+ u8 sk_mod[MAX_KEY_MOD];
+ u8 kek_mod[MAX_KEY_MOD];
+};
+
+int check_spm_is_enabled(void)
+{
+ /* do we need to check the admin password is also configured */
+ return bioscfg_drv.spm_data.is_enabled;
+}
+
+/**
+ * calculate_security_buffer() - determines size of security buffer
+ * for authentication scheme
+ *
+ * @authentication: the authentication content
+ *
+ * Currently only supported type is Admin password
+ */
+size_t calculate_security_buffer(const char *authentication)
+{
+ int size;
+
+ if (authentication && strlen(authentication) > 0) {
+ size = sizeof(u16) + (strlen(authentication) * sizeof(u16));
+ if (!strstarts(authentication, BEAM_PREFIX))
+ size += strlen(UTF_PREFIX) * sizeof(u16);
+
+ return size;
+ }
+
+ size = sizeof(u16) * 2;
+ return size;
+}
+
+/**
+ * populate_security_buffer() - builds a security buffer for
+ * authentication scheme
+ *
+ * @buffer: the buffer to populate
+ * @authentication: the authentication content
+ *
+ * Currently only supported type is PLAIN TEXT
+ */
+int populate_security_buffer(u16 *buffer, const char *authentication)
+{
+ u16 *auth = buffer;
+ u16 *retbuffer;
+ char *strprefix = NULL;
+ int ret = 0;
+
+ if (strstarts(authentication, BEAM_PREFIX)) {
+ /*
+ * BEAM_PREFIX is append to buffer when a signature
+ * is provided and Sure Admin is enabled in BIOS
+ */
+ // BEAM_PREFIX found, convert part to unicode
+ retbuffer = hp_ascii_to_utf16_unicode(auth, authentication);
+ if (!retbuffer) {
+ ret = -EINVAL;
+ goto out_buffer;
+ }
+ auth = retbuffer;
+
+ } else {
+ /*
+ * UTF-16 prefix is append to the * buffer when a BIOS
+ * admin password is configured in BIOS
+ */
+
+ // append UTF_PREFIX to part and then convert it to unicode
+ strprefix = kasprintf(GFP_KERNEL, "%s%s", UTF_PREFIX,
+ authentication);
+ if (!strprefix)
+ goto out_buffer;
+
+ retbuffer = hp_ascii_to_utf16_unicode(auth, strprefix);
+ if (!retbuffer) {
+ ret = -EINVAL;
+ goto out_buffer;
+ }
+ auth = retbuffer;
+ }
+
+out_buffer:
+ kfree(strprefix);
+ return ret;
+}
+
+static ssize_t update_spm_state(void)
+{
+ int ret;
+ struct secureplatform_provisioning_data data;
+
+ ret = hp_wmi_perform_query(HPWMI_SECUREPLATFORM_GET_STATE,
+ HPWMI_SECUREPLATFORM, &data, 0,
+ sizeof(data));
+ if (ret < 0)
+ goto state_exit;
+
+ bioscfg_drv.spm_data.mechanism = data.state;
+ if (bioscfg_drv.spm_data.mechanism)
+ bioscfg_drv.spm_data.is_enabled = 1;
+
+state_exit:
+ return ret;
+}
+
+static ssize_t statusbin(struct kobject *kobj,
+ struct kobj_attribute *attr,
+ struct secureplatform_provisioning_data *buf)
+{
+ int ret = hp_wmi_perform_query(HPWMI_SECUREPLATFORM_GET_STATE,
+ HPWMI_SECUREPLATFORM, buf, 0,
+ sizeof(struct secureplatform_provisioning_data));
+
+ return ret < 0 ? ret : sizeof(struct secureplatform_provisioning_data);
+}
+
+/*
+ * status_show - Reads SPM status
+ */
+static ssize_t status_show(struct kobject *kobj, struct kobj_attribute
+ *attr, char *buf)
+{
+ int ret, i;
+ struct secureplatform_provisioning_data data;
+
+ ret = statusbin(kobj, attr, &data);
+ if (ret < 0)
+ goto status_exit;
+
+ sysfs_emit(buf, "%s{\n", buf);
+ sysfs_emit(buf, "%s\t\"State\": \"%s\",\n", buf,
+ spm_state_types[data.state]);
+ sysfs_emit(buf, "%s\t\"Version\": \"%d.%d\",\n", buf, data.version[0],
+ data.version[1]);
+
+ /*
+ * state == 0 means secure platform management
+ * feature is not configured in BIOS.
+ */
+ if (data.state == 0)
+ goto status_exit;
+
+ sysfs_emit(buf, "%s\t\"Nonce\": %d,\n", buf, data.nonce);
+ sysfs_emit(buf, "%s\t\"FeaturesInUse\": %d,\n", buf, data.features);
+ sysfs_emit(buf, "%s\t\"EndorsementKeyMod\": \"", buf);
+
+ for (i = 255; i >= 0; i--)
+ sysfs_emit(buf, "%s %u", buf, data.kek_mod[i]);
+
+ sysfs_emit(buf, "%s \",\n", buf);
+ sysfs_emit(buf, "%s\t\"SigningKeyMod\": \"", buf);
+
+ for (i = 255; i >= 0; i--)
+ sysfs_emit(buf, "%s %u", buf, data.sk_mod[i]);
+
+ /* Return buf contents */
+
+ sysfs_emit(buf, "%s \"\n", buf);
+ sysfs_emit(buf, "%s}\n", buf);
+
+status_exit:
+ return strnlen(buf, PAGE_SIZE);
+}
+
+static struct kobj_attribute password_spm_status = __ATTR_RO(status);
+
+ATTRIBUTE_SPM_N_PROPERTY_SHOW(is_enabled, spm);
+static struct kobj_attribute password_spm_is_key_enabled = __ATTR_RO(is_enabled);
+
+static ssize_t key_mechanism_show(struct kobject *kobj, struct kobj_attribute *attr,
+ char *buf)
+{
+ return sysfs_emit(buf, "%s\n",
+ spm_mechanism_types[bioscfg_drv.spm_data.mechanism]);
+}
+
+static struct kobj_attribute password_spm_key_mechanism = __ATTR_RO(key_mechanism);
+
+static ssize_t sk_store(struct kobject *kobj,
+ struct kobj_attribute *attr,
+ const char *buf, size_t count)
+{
+ int ret;
+ int length;
+
+ length = count;
+ if (buf[length - 1] == '\n')
+ length--;
+
+ /* allocate space and copy current signing key */
+ bioscfg_drv.spm_data.signing_key = kmalloc(length, GFP_KERNEL);
+ if (!bioscfg_drv.spm_data.signing_key) {
+ ret = -ENOMEM;
+ goto exit_sk;
+ }
+
+ strscpy(bioscfg_drv.spm_data.signing_key, buf, length);
+ bioscfg_drv.spm_data.signing_key[length] = '\0';
+
+ /* submit signing key payload */
+ ret = hp_wmi_perform_query(HPWMI_SECUREPLATFORM_SET_SK,
+ HPWMI_SECUREPLATFORM,
+ (void *)bioscfg_drv.spm_data.signing_key,
+ length, 0);
+
+ if (!ret) {
+ bioscfg_drv.spm_data.mechanism = SIGNING_KEY;
+ set_reboot_and_signal_event();
+ }
+
+exit_sk:
+ kfree(bioscfg_drv.spm_data.signing_key);
+ bioscfg_drv.spm_data.signing_key = NULL;
+
+ return ret ? ret : count;
+}
+
+static struct kobj_attribute password_spm_signing_key = __ATTR_WO(sk);
+
+static ssize_t kek_store(struct kobject *kobj,
+ struct kobj_attribute *attr,
+ const char *buf, size_t count)
+{
+ int ret;
+ int length;
+
+ length = count;
+ if (buf[length - 1] == '\n')
+ length--;
+
+ /* allocate space and copy current signing key */
+ bioscfg_drv.spm_data.endorsement_key = kmalloc(length, GFP_KERNEL);
+ if (!bioscfg_drv.spm_data.endorsement_key) {
+ ret = -ENOMEM;
+ goto exit_kek;
+ }
+
+ memcpy(bioscfg_drv.spm_data.endorsement_key, buf, length);
+ bioscfg_drv.spm_data.endorsement_key[length] = '\0';
+
+ ret = hp_wmi_perform_query(HPWMI_SECUREPLATFORM_SET_KEK,
+ HPWMI_SECUREPLATFORM,
+ (void *)bioscfg_drv.spm_data.endorsement_key,
+ count, 0);
+
+ if (!ret) {
+ bioscfg_drv.spm_data.mechanism = ENDORSEMENT_KEY;
+ set_reboot_and_signal_event();
+ }
+
+exit_kek:
+ kfree(bioscfg_drv.spm_data.endorsement_key);
+ bioscfg_drv.spm_data.endorsement_key = NULL;
+
+ return ret ? ret : count;
+}
+
+static struct kobj_attribute password_spm_endorsement_key = __ATTR_WO(kek);
+
+static ssize_t role_show(struct kobject *kobj, struct kobj_attribute *attr,
+ char *buf)
+{
+ return sysfs_emit(buf, "%s\n", BIOS_SPM);
+}
+
+static struct kobj_attribute password_spm_role = __ATTR_RO(role);
+
+static ssize_t auth_token_store(struct kobject *kobj,
+ struct kobj_attribute *attr,
+ const char *buf, size_t count)
+{
+ int ret = 0;
+ int length;
+
+ length = count;
+ if (buf[length - 1] == '\n')
+ length--;
+
+ /* allocate space and copy current auth token */
+ bioscfg_drv.spm_data.auth_token = kmalloc(count, GFP_KERNEL);
+ if (!bioscfg_drv.spm_data.auth_token) {
+ ret = -ENOMEM;
+ goto exit_token;
+ }
+
+ memcpy(bioscfg_drv.spm_data.auth_token, buf, count);
+ bioscfg_drv.spm_data.auth_token[length] = '\0';
+ return count;
+
+exit_token:
+ kfree(bioscfg_drv.spm_data.auth_token);
+ bioscfg_drv.spm_data.auth_token = NULL;
+
+ return ret;
+}
+
+static struct kobj_attribute password_spm_auth_token = __ATTR_WO(auth_token);
+
+static struct attribute *secure_platform_attrs[] = {
+ &password_spm_is_key_enabled.attr,
+ &password_spm_signing_key.attr,
+ &password_spm_endorsement_key.attr,
+ &password_spm_key_mechanism.attr,
+ &password_spm_status.attr,
+ &password_spm_role.attr,
+ &password_spm_auth_token.attr,
+ NULL,
+};
+
+static const struct attribute_group secure_platform_attr_group = {
+ .attrs = secure_platform_attrs,
+};
+
+void exit_secure_platform_attributes(void)
+{
+ /* remove secure platform sysfs entry and free key data*/
+
+ kfree(bioscfg_drv.spm_data.endorsement_key);
+ bioscfg_drv.spm_data.endorsement_key = NULL;
+
+ kfree(bioscfg_drv.spm_data.signing_key);
+ bioscfg_drv.spm_data.signing_key = NULL;
+
+ kfree(bioscfg_drv.spm_data.auth_token);
+ bioscfg_drv.spm_data.auth_token = NULL;
+
+ if (bioscfg_drv.spm_data.attr_name_kobj)
+ sysfs_remove_group(bioscfg_drv.spm_data.attr_name_kobj,
+ &secure_platform_attr_group);
+}
+
+int populate_secure_platform_data(struct kobject *attr_name_kobj)
+{
+ /* Populate data for Secure Platform Management */
+ bioscfg_drv.spm_data.attr_name_kobj = attr_name_kobj;
+
+ strscpy(bioscfg_drv.spm_data.attribute_name, SPM_STR,
+ sizeof(bioscfg_drv.spm_data.attribute_name));
+
+ bioscfg_drv.spm_data.is_enabled = 0;
+ bioscfg_drv.spm_data.mechanism = 0;
+ bioscfg_drv.pending_reboot = false;
+ update_spm_state();
+
+ bioscfg_drv.spm_data.endorsement_key = NULL;
+ bioscfg_drv.spm_data.signing_key = NULL;
+ bioscfg_drv.spm_data.auth_token = NULL;
+
+ return sysfs_create_group(attr_name_kobj, &secure_platform_attr_group);
+}
--
2.34.1

2023-05-05 22:35:10

by Jorge Lopez

[permalink] [raw]
Subject: [PATCH v12 03/13] HP BIOSCFG driver - bioscfg

HP BIOS Configuration driver purpose is to provide a driver supporting
the latest sysfs class firmware attributes framework allowing the user
to change BIOS settings and security solutions on HP Inc.’s commercial
notebooks.

Many features of HP Commercial notebooks can be managed using Windows
Management Instrumentation (WMI). WMI is an implementation of Web-Based
Enterprise Management (WBEM) that provides a standards-based interface
for changing and monitoring system settings. HP BIOSCFG driver provides
a native Linux solution and the exposed features facilitates the
migration to Linux environments.

The Linux security features to be provided in hp-bioscfg driver enables
managing the BIOS settings and security solutions via sysfs, a virtual
filesystem that can be used by user-mode applications. The new
documentation cover HP-specific firmware sysfs attributes such Secure
Platform Management and Sure Start. Each section provides security
feature description and identifies sysfs directories and files exposed
by the driver.

Many HP Commercial notebooks include a feature called Secure Platform
Management (SPM), which replaces older password-based BIOS settings
management with public key cryptography. PC secure product management
begins when a target system is provisioned with cryptographic keys
that are used to ensure the integrity of communications between system
management utilities and the BIOS.

HP Commercial notebooks have several BIOS settings that control its
behaviour and capabilities, many of which are related to security.
To prevent unauthorized changes to these settings, the system can
be configured to use a cryptographic signature-based authorization
string that the BIOS will use to verify authorization to modify the
setting.

Linux Security components are under development and not published yet.
The only linux component is the driver (hp bioscfg) at this time.
Other published security components are under Windows.

Signed-off-by: Jorge Lopez <[email protected]>

---
Based on the latest platform-drivers-x86.git/for-next
---
drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 982 +++++++++++++++++++
1 file changed, 982 insertions(+)
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.c

diff --git a/drivers/platform/x86/hp/hp-bioscfg/bioscfg.c b/drivers/platform/x86/hp/hp-bioscfg/bioscfg.c
new file mode 100644
index 000000000000..0079aedaded5
--- /dev/null
+++ b/drivers/platform/x86/hp/hp-bioscfg/bioscfg.c
@@ -0,0 +1,982 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Common methods for use with hp-bioscfg driver
+ *
+ * Copyright (c) 2022 HP Development Company, L.P.
+ */
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
+#include <linux/fs.h>
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/wmi.h>
+#include "bioscfg.h"
+#include "../../firmware_attributes_class.h"
+#include <linux/nls.h>
+#include <linux/errno.h>
+
+MODULE_AUTHOR("Jorge Lopez <[email protected]>");
+MODULE_DESCRIPTION("HP BIOS Configuration Driver");
+MODULE_LICENSE("GPL");
+
+struct bioscfg_priv bioscfg_drv = {
+ .mutex = __MUTEX_INITIALIZER(bioscfg_drv.mutex),
+};
+
+static struct class *fw_attr_class;
+
+int get_integer_from_buffer(u8 **buffer, u32 *buffer_size, u32 *integer)
+{
+ int *ptr = PTR_ALIGN((int *)*buffer, 4);
+
+ /* Ensure there is enough space remaining to read the integer */
+ if (*buffer_size < sizeof(int))
+ return -EINVAL;
+
+ *integer = *(ptr++);
+ *buffer = (u8 *)ptr;
+ *buffer_size -= sizeof(int);
+
+ return 0;
+}
+
+int get_string_from_buffer(u8 **buffer, u32 *buffer_size, char *dst, u32 dst_size)
+{
+ u16 *src = (u16 *)*buffer;
+ u16 src_size;
+
+ u16 size;
+ int i;
+ int conv_dst_size;
+
+ if (*buffer_size < sizeof(u16))
+ return -EINVAL;
+
+ src_size = *(src++);
+ /* size value in u16 chars */
+ size = src_size / sizeof(u16);
+
+ /* Ensure there is enough space remaining to read and convert
+ * the string
+ */
+ if (*buffer_size < src_size)
+ return -EINVAL;
+
+ for (i = 0; i < size; i++)
+ if (src[i] == '\\' ||
+ src[i] == '\r' ||
+ src[i] == '\n' ||
+ src[i] == '\t')
+ size++;
+
+ /*
+ * Conversion is limited to destination string max number of
+ * bytes.
+ */
+ conv_dst_size = size;
+ if (size > dst_size)
+ conv_dst_size = dst_size - 1;
+
+ /*
+ * convert from UTF-16 unicode to ASCII
+ */
+ utf16s_to_utf8s(src, src_size, UTF16_HOST_ENDIAN, dst, conv_dst_size);
+ dst[conv_dst_size] = 0;
+
+ for (i = 0; i < size && i < conv_dst_size; i++) {
+ if (*src == '\\' ||
+ *src == '\r' ||
+ *src == '\n' ||
+ *src == '\t')
+ dst[i++] = '\\';
+
+ if (*src == '\r')
+ dst[i] = 'r';
+ else if (*src == '\n')
+ dst[i] = 'n';
+ else if (*src == '\t')
+ dst[i] = 't';
+ else if (*src == '"')
+ dst[i] = '\'';
+ else
+ dst[i] = *src;
+ src++;
+ }
+
+ *buffer = (u8 *)src;
+ *buffer_size -= size * sizeof(u16);
+
+ return size;
+}
+
+int enforce_single_line_input(char *buf, size_t count)
+{
+ char *p;
+
+ p = memchr(buf, '\n', count);
+
+ if (p == buf + count - 1)
+ *p = '\0'; /* strip trailing newline */
+ else if (p)
+ return -EINVAL; /* enforce single line input */
+
+ return 0;
+}
+
+/* Set pending reboot value and generate KOBJ_NAME event */
+void set_reboot_and_signal_event(void)
+{
+ bioscfg_drv.pending_reboot = true;
+ kobject_uevent(&bioscfg_drv.class_dev->kobj, KOBJ_CHANGE);
+}
+
+/*
+ * calculate_string_buffer() - determines size of string buffer for
+ * use with BIOS communication
+ *
+ * @str: the string to calculate based upon
+ */
+size_t hp_calculate_string_buffer(const char *str)
+{
+ int length = strlen(str);
+
+ /* BIOS expects 4 bytes when an empty string is found */
+ if (length == 0)
+ return 4;
+
+ /* u16 length field + one UTF16 char for each input char */
+ return sizeof(u16) + strlen(str) * sizeof(u16);
+}
+
+int hp_wmi_error_and_message(int error_code)
+{
+ char *error_msg = NULL;
+ int ret;
+
+ switch (error_code) {
+ case SUCCESS:
+ error_msg = "Success";
+ ret = 0;
+ break;
+ case CMD_FAILED:
+ error_msg = "Command failed";
+ ret = -EINVAL;
+ break;
+ case INVALID_SIGN:
+ error_msg = "Invalid signature";
+ ret = -EINVAL;
+ break;
+ case INVALID_CMD_VALUE:
+ error_msg = "Invalid command value/Feature not supported";
+ ret = -EOPNOTSUPP;
+ break;
+ case INVALID_CMD_TYPE:
+ error_msg = "Invalid command type";
+ ret = -EINVAL;
+ break;
+ case INVALID_DATA_SIZE:
+ error_msg = "Invalid data size";
+ ret = -EINVAL;
+ break;
+ case INVALID_CMD_PARAM:
+ error_msg = "Invalid command parameter";
+ ret = -EINVAL;
+ break;
+ case ENCRYP_CMD_REQUIRED:
+ error_msg = "Secure/encrypted command required";
+ ret = -EACCES;
+ break;
+ case NO_SECURE_SESSION:
+ error_msg = "No secure session established";
+ ret = -EACCES;
+ break;
+ case SECURE_SESSION_FOUND:
+ error_msg = "Secure session already established";
+ ret = -EACCES;
+ break;
+ case SECURE_SESSION_FAILED:
+ error_msg = "Secure session failed";
+ ret = -EIO;
+ break;
+ case AUTH_FAILED:
+ error_msg = "Other permission/Authentication failed";
+ ret = -EACCES;
+ break;
+ case INVALID_BIOS_AUTH:
+ error_msg = "Invalid BIOS administrator password";
+ ret = -EINVAL;
+ break;
+ case NONCE_DID_NOT_MATCH:
+ error_msg = "Nonce did not match";
+ ret = -EINVAL;
+ break;
+ case GENERIC_ERROR:
+ error_msg = "Generic/Other error";
+ ret = -EIO;
+ break;
+ case BIOS_ADMIN_POLICY_NOT_MET:
+ error_msg = "BIOS Admin password does not meet password policy requirements";
+ ret = -EINVAL;
+ break;
+ case BIOS_ADMIN_NOT_SET:
+ error_msg = "BIOS Setup password is not set.";
+ ret = -EPERM;
+ break;
+ case P21_NO_PROVISIONED:
+ error_msg = "P21 is not provisioned";
+ ret = -EPERM;
+ break;
+ case P21_PROVISION_IN_PROGRESS:
+ error_msg = "P21 is already provisioned or provisioning is in progress and a signing key has already been sent.";
+ ret = -EINPROGRESS;
+ break;
+ case P21_IN_USE:
+ error_msg = "P21 in use (cannot deprovision)";
+ ret = -EPERM;
+ break;
+ case HEP_NOT_ACTIVE:
+ error_msg = "HEP not activated";
+ ret = -EPERM;
+ break;
+ case HEP_ALREADY_SET:
+ error_msg = "HEP Transport already set";
+ ret = -EINVAL;
+ break;
+ case HEP_CHECK_STATE:
+ error_msg = "Check the current HEP state";
+ ret = -EINVAL;
+ break;
+ default:
+ error_msg = "Generic/Other error";
+ ret = -EIO;
+ break;
+ }
+
+ if (error_code)
+ pr_warn_ratelimited("Returned error 0x%x, \"%s\"\n", error_code, error_msg);
+
+ return ret;
+}
+
+static ssize_t pending_reboot_show(struct kobject *kobj,
+ struct kobj_attribute *attr,
+ char *buf)
+{
+ return sysfs_emit(buf, "%d\n", bioscfg_drv.pending_reboot);
+}
+
+static struct kobj_attribute pending_reboot = __ATTR_RO(pending_reboot);
+
+/*
+ * create_attributes_level_sysfs_files() - Creates pending_reboot attributes
+ */
+static int create_attributes_level_sysfs_files(void)
+{
+ return sysfs_create_file(&bioscfg_drv.main_dir_kset->kobj,
+ &pending_reboot.attr);
+}
+
+static void attr_name_release(struct kobject *kobj)
+{
+ kfree(kobj);
+}
+
+static const struct kobj_type attr_name_ktype = {
+ .release = attr_name_release,
+ .sysfs_ops = &kobj_sysfs_ops,
+};
+
+/*
+ * get_wmiobj_pointer() - Get Content of WMI block for particular instance
+ *
+ * @instance_id: WMI instance ID
+ * @guid_string: WMI GUID (in str form)
+ *
+ * Fetches the content for WMI block (instance_id) under GUID (guid_string)
+ * Caller must kfree the return
+ */
+union acpi_object *get_wmiobj_pointer(int instance_id, const char *guid_string)
+{
+ struct acpi_buffer out = { ACPI_ALLOCATE_BUFFER, NULL };
+ acpi_status status;
+
+ status = wmi_query_block(guid_string, instance_id, &out);
+ return ACPI_SUCCESS(status) ? (union acpi_object *)out.pointer : NULL;
+}
+
+/*
+ * get_instance_count() - Compute total number of instances under guid_string
+ *
+ * @guid_string: WMI GUID (in string form)
+ */
+int get_instance_count(const char *guid_string)
+{
+ union acpi_object *wmi_obj = NULL;
+ int i = 0;
+
+ do {
+ kfree(wmi_obj);
+ wmi_obj = get_wmiobj_pointer(i, guid_string);
+ i++;
+ } while (wmi_obj);
+
+ return i - 1;
+}
+
+/*
+ * alloc_attributes_data() - Allocate attributes data for a particular type
+ *
+ * @attr_type: Attribute type to allocate
+ */
+static int alloc_attributes_data(int attr_type)
+{
+ switch (attr_type) {
+ case HPWMI_STRING_TYPE:
+ return alloc_string_data();
+
+ case HPWMI_INTEGER_TYPE:
+ return alloc_integer_data();
+
+ case HPWMI_ENUMERATION_TYPE:
+ return alloc_enumeration_data();
+
+ case HPWMI_ORDERED_LIST_TYPE:
+ return alloc_ordered_list_data();
+
+ case HPWMI_PASSWORD_TYPE:
+ return alloc_password_data();
+
+ default:
+ return 0;
+ }
+}
+
+int convert_hexstr_to_str(const char *input, u32 input_len, char **str, int *len)
+{
+ int ret = 0;
+ int new_len = 0;
+ char tmp[] = "0x00";
+ char *new_str = NULL;
+ long ch;
+ int i;
+
+ if (input_len <= 0 || !input || !str || !len)
+ return -EINVAL;
+
+ *len = 0;
+ *str = NULL;
+
+ new_str = kmalloc(input_len, GFP_KERNEL);
+ if (!new_str)
+ return -ENOMEM;
+
+ for (i = 0; i < input_len; i += 5) {
+ strncpy(tmp, input + i, strlen(tmp));
+ if (kstrtol(tmp, 16, &ch) == 0) {
+ // escape char
+ if (ch == '\\' ||
+ ch == '\r' ||
+ ch == '\n' || ch == '\t') {
+ if (ch == '\r')
+ ch = 'r';
+ else if (ch == '\n')
+ ch = 'n';
+ else if (ch == '\t')
+ ch = 't';
+ new_str[new_len++] = '\\';
+ }
+ new_str[new_len++] = ch;
+ if (ch == '\0')
+ break;
+ }
+ }
+
+ if (new_len) {
+ new_str[new_len] = '\0';
+ *str = krealloc(new_str, (new_len + 1) * sizeof(char),
+ GFP_KERNEL);
+ if (*str)
+ *len = new_len;
+ else
+ ret = -ENOMEM;
+ } else {
+ ret = -EFAULT;
+ }
+
+ if (ret)
+ kfree(new_str);
+ return ret;
+}
+
+/* map output size to the corresponding WMI method id */
+int encode_outsize_for_pvsz(int outsize)
+{
+ if (outsize > 4096)
+ return -EINVAL;
+ if (outsize > 1024)
+ return 5;
+ if (outsize > 128)
+ return 4;
+ if (outsize > 4)
+ return 3;
+ if (outsize > 0)
+ return 2;
+ return 1;
+}
+
+/*
+ * Update friendly display name for several attributes associated to
+ * 'Schedule Power-On'
+ */
+void friendly_user_name_update(char *path, const char *attr_name,
+ char *attr_display, int attr_size)
+{
+ if (strstr(path, SCHEDULE_POWER_ON))
+ snprintf(attr_display,
+ attr_size,
+ "%s - %s",
+ SCHEDULE_POWER_ON,
+ attr_name);
+ else
+ strscpy(attr_display, attr_name, attr_size);
+}
+
+/*
+ * update_attribute_permissions() - Update attributes permissions when
+ * isReadOnly value is 1
+ *
+ * @isReadOnly: ReadOnly value
+ * @current_val: kobj_attribute corresponding to attribute.
+ *
+ */
+void update_attribute_permissions(u32 is_readonly, struct kobj_attribute *current_val)
+{
+ if (is_readonly)
+ current_val->attr.mode = 0444;
+ else
+ current_val->attr.mode = 0644;
+}
+
+/**
+ * destroy_attribute_objs() - Free a kset of kobjects
+ * @kset: The kset to destroy
+ *
+ * Fress kobjects created for each attribute_name under attribute type kset
+ */
+static void destroy_attribute_objs(struct kset *kset)
+{
+ struct kobject *pos, *next;
+
+ list_for_each_entry_safe(pos, next, &kset->list, entry)
+ kobject_put(pos);
+}
+
+/**
+ * release_attributes_data() - Clean-up all sysfs directories and files created
+ */
+static void release_attributes_data(void)
+{
+ mutex_lock(&bioscfg_drv.mutex);
+
+ exit_string_attributes();
+ exit_integer_attributes();
+ exit_enumeration_attributes();
+ exit_ordered_list_attributes();
+ exit_password_attributes();
+ exit_sure_start_attributes();
+ exit_secure_platform_attributes();
+
+ if (bioscfg_drv.authentication_dir_kset) {
+ destroy_attribute_objs(bioscfg_drv.authentication_dir_kset);
+ kset_unregister(bioscfg_drv.authentication_dir_kset);
+ bioscfg_drv.authentication_dir_kset = NULL;
+ }
+ if (bioscfg_drv.main_dir_kset) {
+ sysfs_remove_file(&bioscfg_drv.main_dir_kset->kobj, &pending_reboot.attr);
+ destroy_attribute_objs(bioscfg_drv.main_dir_kset);
+ kset_unregister(bioscfg_drv.main_dir_kset);
+ bioscfg_drv.main_dir_kset = NULL;
+ }
+ mutex_unlock(&bioscfg_drv.mutex);
+}
+
+/*
+ * hp_add_other_attributes - Initialize HP custom attributes not reported by
+ * BIOS and required to support Secure Platform, Sure Start, and Sure
+ * Admin.
+ * @attr_type: Custom HP attribute not reported by BIOS
+ *
+ * Initialize all 2 types of attributes: Platform and Sure Start
+ * object. Populates each attribute types respective properties
+ * under sysfs files.
+ *
+ * Returns zero(0) if successful. Otherwise, a negative value.
+ */
+static int hp_add_other_attributes(int attr_type)
+{
+ struct kobject *attr_name_kobj;
+ union acpi_object *obj = NULL;
+ int retval;
+ char *attr_name;
+
+ mutex_lock(&bioscfg_drv.mutex);
+
+ attr_name_kobj = kzalloc(sizeof(*attr_name_kobj), GFP_KERNEL);
+ if (!attr_name_kobj) {
+ retval = -ENOMEM;
+ goto err_other_attr_init;
+ }
+
+ /* Check if attribute type is supported */
+ switch (attr_type) {
+ case HPWMI_SECURE_PLATFORM_TYPE:
+ attr_name_kobj->kset = bioscfg_drv.authentication_dir_kset;
+ attr_name = SPM_STR;
+ break;
+
+ case HPWMI_SURE_START_TYPE:
+ attr_name_kobj->kset = bioscfg_drv.main_dir_kset;
+ attr_name = SURE_START_STR;
+ break;
+
+ default:
+ pr_err("Error: Unknown attr_type: %d\n", attr_type);
+ retval = -EINVAL;
+ goto err_other_attr_init;
+ }
+
+ retval = kobject_init_and_add(attr_name_kobj, &attr_name_ktype,
+ NULL, "%s", attr_name);
+ if (retval) {
+ pr_err("Error encountered [%d]\n", retval);
+ kobject_put(attr_name_kobj);
+ goto err_other_attr_init;
+ }
+
+ /* Populate attribute data */
+ switch (attr_type) {
+ case HPWMI_SECURE_PLATFORM_TYPE:
+ retval = populate_secure_platform_data(attr_name_kobj);
+ break;
+
+ case HPWMI_SURE_START_TYPE:
+ retval = populate_sure_start_data(attr_name_kobj);
+ break;
+
+ default:
+ goto err_other_attr_init;
+ }
+
+ mutex_unlock(&bioscfg_drv.mutex);
+ return 0;
+
+err_other_attr_init:
+ mutex_unlock(&bioscfg_drv.mutex);
+ kfree(obj);
+ return retval;
+}
+
+static int hp_init_bios_package_attribute(enum hp_wmi_data_type attr_type,
+ union acpi_object *obj,
+ const char *guid, int min_elements,
+ int instance_id)
+{
+ struct kobject *attr_name_kobj;
+ union acpi_object *elements;
+ struct kset *temp_kset;
+
+ char *str_value = NULL;
+ int str_len;
+ int retval = 0;
+
+ /* Take action appropriate to each ACPI TYPE */
+ if (obj->package.count < min_elements) {
+ pr_err("ACPI-package does not have enough elements: %d < %d\n",
+ obj->package.count, min_elements);
+ goto pack_attr_exit;
+ }
+
+ elements = obj->package.elements;
+
+ /* sanity checking */
+ if (elements[NAME].type != ACPI_TYPE_STRING) {
+ pr_debug("incorrect element type\n");
+ goto pack_attr_exit;
+ }
+ if (strlen(elements[NAME].string.pointer) == 0) {
+ pr_debug("empty attribute found\n");
+ goto pack_attr_exit;
+ }
+
+ if (attr_type == HPWMI_PASSWORD_TYPE)
+ temp_kset = bioscfg_drv.authentication_dir_kset;
+ else
+ temp_kset = bioscfg_drv.main_dir_kset;
+
+ /* convert attribute name to string */
+ retval = convert_hexstr_to_str(elements[NAME].string.pointer,
+ elements[NAME].string.length,
+ &str_value, &str_len);
+
+ if (retval) {
+ pr_debug("Failed to populate integer package data. Error [0%0x]\n",
+ retval);
+ kfree(str_value);
+ return retval;
+ }
+
+ /* All duplicate attributes found are ignored */
+ if (kset_find_obj(temp_kset, str_value)) {
+ pr_debug("Duplicate attribute name found - %s\n",
+ str_value);
+ goto pack_attr_exit;
+ }
+
+ /* build attribute */
+ attr_name_kobj = kzalloc(sizeof(*attr_name_kobj), GFP_KERNEL);
+ if (!attr_name_kobj) {
+ retval = -ENOMEM;
+ goto pack_attr_exit;
+ }
+
+ attr_name_kobj->kset = temp_kset;
+
+ retval = kobject_init_and_add(attr_name_kobj, &attr_name_ktype,
+ NULL, "%s", str_value);
+
+ if (retval) {
+ kobject_put(attr_name_kobj);
+ goto pack_attr_exit;
+ }
+
+ /* enumerate all of these attributes */
+ switch (attr_type) {
+ case HPWMI_STRING_TYPE:
+ retval = populate_string_package_data(elements,
+ instance_id,
+ attr_name_kobj);
+ break;
+ case HPWMI_INTEGER_TYPE:
+ retval = populate_integer_package_data(elements,
+ instance_id,
+ attr_name_kobj);
+ break;
+ case HPWMI_ENUMERATION_TYPE:
+ retval = populate_enumeration_package_data(elements,
+ instance_id,
+ attr_name_kobj);
+ break;
+ case HPWMI_ORDERED_LIST_TYPE:
+ retval = populate_ordered_list_package_data(elements,
+ instance_id,
+ attr_name_kobj);
+ break;
+ case HPWMI_PASSWORD_TYPE:
+ retval = populate_password_package_data(elements,
+ instance_id,
+ attr_name_kobj);
+ break;
+ default:
+ pr_debug("Unknown attribute type found: 0x%x\n", attr_type);
+ break;
+ }
+
+pack_attr_exit:
+ kfree(str_value);
+ return retval;
+}
+
+static int hp_init_bios_buffer_attribute(enum hp_wmi_data_type attr_type,
+ union acpi_object *obj,
+ const char *guid, int min_elements,
+ int instance_id)
+{
+ struct kobject *attr_name_kobj;
+ struct kset *temp_kset;
+ char str[MAX_BUFF];
+
+ char *temp_str = NULL;
+ char *str_value = NULL;
+ u8 *buffer_ptr = NULL;
+ int buffer_size;
+ int retval = 0;
+
+ buffer_size = obj->buffer.length;
+ buffer_ptr = obj->buffer.pointer;
+
+ retval = get_string_from_buffer(&buffer_ptr,
+ &buffer_size, str, MAX_BUFF);
+
+ if (retval < 0)
+ goto buff_attr_exit;
+
+ if (attr_type == HPWMI_PASSWORD_TYPE ||
+ attr_type == HPWMI_SECURE_PLATFORM_TYPE)
+ temp_kset = bioscfg_drv.authentication_dir_kset;
+ else
+ temp_kset = bioscfg_drv.main_dir_kset;
+
+ /* All duplicate attributes found are ignored */
+ if (kset_find_obj(temp_kset, str)) {
+ pr_debug("Duplicate attribute name found - %s\n", str);
+ goto buff_attr_exit;
+ }
+
+ /* build attribute */
+ attr_name_kobj = kzalloc(sizeof(*attr_name_kobj), GFP_KERNEL);
+ if (!attr_name_kobj) {
+ retval = -ENOMEM;
+ goto buff_attr_exit;
+ }
+
+ attr_name_kobj->kset = temp_kset;
+
+ temp_str = str;
+ if (attr_type == HPWMI_SECURE_PLATFORM_TYPE)
+ temp_str = "SPM";
+
+ retval = kobject_init_and_add(attr_name_kobj,
+ &attr_name_ktype, NULL, "%s",
+ temp_str);
+ if (retval) {
+ kobject_put(attr_name_kobj);
+ goto buff_attr_exit;
+ }
+
+ /* enumerate all of these attributes */
+ switch (attr_type) {
+ case HPWMI_STRING_TYPE:
+ retval = populate_string_buffer_data(buffer_ptr,
+ &buffer_size,
+ instance_id,
+ attr_name_kobj);
+ break;
+ case HPWMI_INTEGER_TYPE:
+ retval = populate_integer_buffer_data(buffer_ptr,
+ &buffer_size,
+ instance_id,
+ attr_name_kobj);
+ break;
+ case HPWMI_ENUMERATION_TYPE:
+ retval = populate_enumeration_buffer_data(buffer_ptr,
+ &buffer_size,
+ instance_id,
+ attr_name_kobj);
+ break;
+ case HPWMI_ORDERED_LIST_TYPE:
+ retval = populate_ordered_list_buffer_data(buffer_ptr,
+ &buffer_size,
+ instance_id,
+ attr_name_kobj);
+ break;
+ case HPWMI_PASSWORD_TYPE:
+ retval = populate_password_buffer_data(buffer_ptr,
+ &buffer_size,
+ instance_id,
+ attr_name_kobj);
+ break;
+ default:
+ pr_debug("Unknown attribute type found: 0x%x\n", attr_type);
+ break;
+ }
+
+buff_attr_exit:
+ kfree(str_value);
+ return retval;
+}
+
+/*
+ * hp_init_bios_attributes - Initialize all attributes for a type
+ * @attr_type: The attribute type to initialize
+ * @guid: The WMI GUID associated with this type to initialize
+ *
+ * Initialiaze all 5 types of attributes: enumeration, integer,
+ * string, password, ordered list object. Populates each attrbute types
+ * respective properties under sysfs files
+ */
+static int hp_init_bios_attributes(enum hp_wmi_data_type attr_type, const char *guid)
+{
+ union acpi_object *obj = NULL;
+ int min_elements;
+
+ /* instance_id needs to be reset for each type GUID
+ * also, instance IDs are unique within GUID but not across
+ */
+ int instance_id = 0;
+ int retval = 0;
+
+ retval = alloc_attributes_data(attr_type);
+ if (retval)
+ return retval;
+
+ switch (attr_type) {
+ case HPWMI_STRING_TYPE:
+ min_elements = STR_ELEM_CNT;
+ break;
+ case HPWMI_INTEGER_TYPE:
+ min_elements = INT_ELEM_CNT;
+ break;
+ case HPWMI_ENUMERATION_TYPE:
+ min_elements = ENUM_ELEM_CNT;
+ break;
+ case HPWMI_ORDERED_LIST_TYPE:
+ min_elements = ORD_ELEM_CNT;
+ break;
+ case HPWMI_PASSWORD_TYPE:
+ min_elements = PSWD_ELEM_CNT;
+ break;
+ default:
+ pr_err("Error: Unknown attr_type: %d\n", attr_type);
+ return -EINVAL;
+ }
+
+ /* need to use specific instance_id and guid combination to get right data */
+ obj = get_wmiobj_pointer(instance_id, guid);
+ if (!obj)
+ return -ENODEV;
+
+ mutex_lock(&bioscfg_drv.mutex);
+ while (obj) {
+ /* Take action appropriate to each ACPI TYPE */
+ if (obj->type == ACPI_TYPE_PACKAGE) {
+ retval = hp_init_bios_package_attribute(attr_type, obj,
+ guid, min_elements,
+ instance_id);
+ if (retval)
+ goto err_attr_init;
+ } else if (obj->type == ACPI_TYPE_BUFFER) {
+ retval = hp_init_bios_buffer_attribute(attr_type, obj,
+ guid, min_elements,
+ instance_id);
+ if (retval)
+ goto err_attr_init;
+ } else {
+ pr_err("Expected ACPI-package or buffer type, got: %d\n",
+ obj->type);
+ retval = -EIO;
+ goto err_attr_init;
+ }
+
+ kfree(obj);
+ instance_id++;
+ obj = get_wmiobj_pointer(instance_id, guid);
+ }
+
+err_attr_init:
+ mutex_unlock(&bioscfg_drv.mutex);
+ kfree(obj);
+ return retval;
+}
+
+static int __init hp_init(void)
+{
+ int ret;
+ int hp_bios_capable = wmi_has_guid(HP_WMI_BIOS_GUID);
+ int set_bios_settings = wmi_has_guid(HP_WMI_SET_BIOS_SETTING_GUID);
+
+ if (!hp_bios_capable) {
+ pr_err("Unable to run on non-HP system\n");
+ return -ENODEV;
+ }
+
+ if (!set_bios_settings) {
+ pr_err("Unable to set BIOS settings on HP systems\n");
+ return -ENODEV;
+ }
+
+ ret = init_hp_attr_set_interface();
+ if (ret)
+ return ret;
+
+ ret = fw_attributes_class_get(&fw_attr_class);
+ if (ret)
+ goto err_unregister_class;
+
+ bioscfg_drv.class_dev = device_create(fw_attr_class, NULL, MKDEV(0, 0),
+ NULL, "%s", DRIVER_NAME);
+ if (IS_ERR(bioscfg_drv.class_dev)) {
+ ret = PTR_ERR(bioscfg_drv.class_dev);
+ goto err_unregister_class;
+ }
+
+ bioscfg_drv.main_dir_kset = kset_create_and_add("attributes", NULL,
+ &bioscfg_drv.class_dev->kobj);
+ if (!bioscfg_drv.main_dir_kset) {
+ ret = -ENOMEM;
+ pr_debug("Failed to create and add attributes\n");
+ goto err_destroy_classdev;
+ }
+
+ bioscfg_drv.authentication_dir_kset = kset_create_and_add("authentication", NULL,
+ &bioscfg_drv.class_dev->kobj);
+ if (!bioscfg_drv.authentication_dir_kset) {
+ ret = -ENOMEM;
+ pr_debug("Failed to create and add authentication\n");
+ goto err_release_attributes_data;
+ }
+
+ /*
+ * sysfs level attributes.
+ * - pending_reboot
+ */
+ ret = create_attributes_level_sysfs_files();
+ if (ret)
+ pr_debug("Failed to create sysfs level attributes\n");
+
+ ret = hp_init_bios_attributes(HPWMI_STRING_TYPE, HP_WMI_BIOS_STRING_GUID);
+ if (ret)
+ pr_debug("Failed to populate string type attributes\n");
+
+ ret = hp_init_bios_attributes(HPWMI_INTEGER_TYPE, HP_WMI_BIOS_INTEGER_GUID);
+ if (ret)
+ pr_debug("Failed to populate integer type attributes\n");
+
+ ret = hp_init_bios_attributes(HPWMI_ENUMERATION_TYPE, HP_WMI_BIOS_ENUMERATION_GUID);
+ if (ret)
+ pr_debug("Failed to populate enumeration type attributes\n");
+
+ ret = hp_init_bios_attributes(HPWMI_ORDERED_LIST_TYPE, HP_WMI_BIOS_ORDERED_LIST_GUID);
+ if (ret)
+ pr_debug("Failed to populate ordered list object type attributes\n");
+
+ ret = hp_init_bios_attributes(HPWMI_PASSWORD_TYPE, HP_WMI_BIOS_PASSWORD_GUID);
+ if (ret)
+ pr_debug("Failed to populate password object type attributes\n");
+
+ bioscfg_drv.spm_data.attr_name_kobj = NULL;
+ ret = hp_add_other_attributes(HPWMI_SECURE_PLATFORM_TYPE);
+ if (ret)
+ pr_debug("Failed to populate secure platform object type attribute\n");
+
+ bioscfg_drv.sure_start_attr_kobj = NULL;
+ ret = hp_add_other_attributes(HPWMI_SURE_START_TYPE);
+ if (ret)
+ pr_debug("Failed to populate sure start object type attribute\n");
+
+ return 0;
+
+err_release_attributes_data:
+ release_attributes_data();
+
+err_destroy_classdev:
+ device_destroy(fw_attr_class, MKDEV(0, 0));
+
+err_unregister_class:
+ fw_attributes_class_put();
+ exit_hp_attr_set_interface();
+
+ return ret;
+}
+
+static void __exit hp_exit(void)
+{
+ release_attributes_data();
+ device_destroy(fw_attr_class, MKDEV(0, 0));
+
+ fw_attributes_class_put();
+ exit_hp_attr_set_interface();
+}
+
+module_init(hp_init);
+module_exit(hp_exit);
--
2.34.1

2023-05-05 22:35:29

by Jorge Lopez

[permalink] [raw]
Subject: [PATCH v12 02/13] HP BIOSCFG driver - biosattr-interface

HP BIOS Configuration driver purpose is to provide a driver supporting
the latest sysfs class firmware attributes framework allowing the user
to change BIOS settings and security solutions on HP Inc.’s commercial
notebooks.

Many features of HP Commercial notebooks can be managed using Windows
Management Instrumentation (WMI). WMI is an implementation of Web-Based
Enterprise Management (WBEM) that provides a standards-based interface
for changing and monitoring system settings. HP BIOSCFG driver provides
a native Linux solution and the exposed features facilitates the
migration to Linux environments.

The Linux security features to be provided in hp-bioscfg driver enables
managing the BIOS settings and security solutions via sysfs, a virtual
filesystem that can be used by user-mode applications. The new
documentation cover HP-specific firmware sysfs attributes such Secure
Platform Management and Sure Start. Each section provides security
feature description and identifies sysfs directories and files exposed
by the driver.

Many HP Commercial notebooks include a feature called Secure Platform
Management (SPM), which replaces older password-based BIOS settings
management with public key cryptography. PC secure product management
begins when a target system is provisioned with cryptographic keys
that are used to ensure the integrity of communications between system
management utilities and the BIOS.

HP Commercial notebooks have several BIOS settings that control its
behaviour and capabilities, many of which are related to security.
To prevent unauthorized changes to these settings, the system can
be configured to use a cryptographic signature-based authorization
string that the BIOS will use to verify authorization to modify the
setting.

Linux Security components are under development and not published yet.
The only linux component is the driver (hp bioscfg) at this time.
Other published security components are under Windows.

Signed-off-by: Jorge Lopez <[email protected]>

---
Based on the latest platform-drivers-x86.git/for-next
---
.../x86/hp/hp-bioscfg/biosattr-interface.c | 319 ++++++++++++++++++
1 file changed, 319 insertions(+)
create mode 100644 drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c

diff --git a/drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c b/drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c
new file mode 100644
index 000000000000..8f7039a4416a
--- /dev/null
+++ b/drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c
@@ -0,0 +1,319 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Functions corresponding to methods under BIOS interface GUID
+ * for use with hp-bioscfg driver.
+ *
+ * Copyright (c) 2022 Hewlett-Packard Inc.
+ */
+
+#include <linux/wmi.h>
+#include "bioscfg.h"
+
+/*
+ * struct bios_args buffer is dynamically allocated. New WMI command types
+ * were introduced that exceeds 128-byte data size. Changes to handle
+ * the data size allocation scheme were kept in hp_wmi_perform_query function.
+ */
+struct bios_args {
+ u32 signature;
+ u32 command;
+ u32 commandtype;
+ u32 datasize;
+ u8 data[];
+};
+
+/**
+ * hp_set_attribute
+ *
+ * @a_name: The attribute name
+ * @a_value: The attribute value
+ *
+ * Sets an attribute to new value
+ *
+ * Returns zero on success
+ * -ENODEV if device is not found
+ * -EINVAL if the instance of 'Setup Admin' password is not found.
+ * -ENOMEM unable to allocate memory
+ */
+int hp_set_attribute(const char *a_name, const char *a_value)
+{
+ size_t security_area_size;
+ size_t a_name_size, a_value_size;
+ u16 *buffer = NULL;
+ u16 *start;
+ int buffer_size, instance, ret;
+ char *auth_token_choice;
+ u16 *retbuffer;
+
+ mutex_lock(&bioscfg_drv.mutex);
+ if (!bioscfg_drv.bios_attr_wdev) {
+ ret = -ENODEV;
+ goto out_set_attribute;
+ }
+
+ instance = get_password_instance_for_type(SETUP_PASSWD);
+ if (instance < 0) {
+ ret = -EINVAL;
+ goto out_set_attribute;
+ }
+
+ /* Select which auth token to use; password or [auth token] */
+
+ if (bioscfg_drv.spm_data.auth_token)
+ auth_token_choice = bioscfg_drv.spm_data.auth_token;
+ else
+ auth_token_choice = bioscfg_drv.password_data[instance].current_password;
+
+ a_name_size = hp_calculate_string_buffer(a_name);
+ a_value_size = hp_calculate_string_buffer(a_value);
+ security_area_size = calculate_security_buffer(auth_token_choice);
+ buffer_size = a_name_size + a_value_size + security_area_size;
+
+ buffer = kmalloc(buffer_size + 1, GFP_KERNEL);
+ if (!buffer) {
+ ret = -ENOMEM;
+ goto out_set_attribute;
+ }
+
+ /* build variables to set */
+ start = buffer;
+ retbuffer = hp_ascii_to_utf16_unicode(start, a_name);
+ if (!retbuffer) {
+ ret = -EINVAL;
+ goto out_set_attribute;
+ }
+ start = retbuffer;
+
+ retbuffer = hp_ascii_to_utf16_unicode(start, a_value);
+ if (!retbuffer) {
+ ret = -EINVAL;
+ goto out_set_attribute;
+ }
+ start = retbuffer;
+
+ ret = populate_security_buffer(start, auth_token_choice);
+ if (ret < 0)
+ goto out_set_attribute;
+
+ ret = hp_wmi_set_bios_setting(buffer, buffer_size);
+
+out_set_attribute:
+ kfree(buffer);
+ mutex_unlock(&bioscfg_drv.mutex);
+ return ret;
+}
+
+/**
+ * hp_wmi_perform_query
+ *
+ * @query: The commandtype (enum hp_wmi_commandtype)
+ * @command: The command (enum hp_wmi_command)
+ * @buffer: Buffer used as input and/or output
+ * @insize: Size of input buffer
+ * @outsize: Size of output buffer
+ *
+ * returns zero on success
+ * an HP WMI query specific error code (which is positive)
+ * -EINVAL if the query was not successful at all
+ * -EINVAL if the output buffer size exceeds buffersize
+ *
+ * Note: The buffersize must at least be the maximum of the input and output
+ * size. E.g. Battery info query is defined to have 1 byte input
+ * and 128 byte output. The caller would do:
+ * buffer = kzalloc(128, GFP_KERNEL);
+ * ret = hp_wmi_perform_query(HPWMI_BATTERY_QUERY, HPWMI_READ,
+ * buffer, 1, 128)
+ */
+int hp_wmi_perform_query(int query, enum hp_wmi_command command, void *buffer,
+ u32 insize, u32 outsize)
+{
+ struct acpi_buffer input, output = { ACPI_ALLOCATE_BUFFER, NULL };
+ struct bios_return *bios_return;
+ union acpi_object *obj = NULL;
+ struct bios_args *args = NULL;
+ u32 mid, actual_outsize, ret;
+ size_t bios_args_size;
+
+ mid = encode_outsize_for_pvsz(outsize);
+ if (WARN_ON(mid < 0))
+ return mid;
+
+ bios_args_size = struct_size(args, data, insize);
+ args = kmalloc(bios_args_size, GFP_KERNEL);
+ if (!args)
+ return -ENOMEM;
+
+ input.length = bios_args_size;
+ input.pointer = args;
+
+ /* BIOS expects 'SECU' in hex as the signature value*/
+ args->signature = 0x55434553;
+ args->command = command;
+ args->commandtype = query;
+ args->datasize = insize;
+ memcpy(args->data, buffer, flex_array_size(args, data, insize));
+
+ ret = wmi_evaluate_method(HP_WMI_BIOS_GUID, 0, mid, &input, &output);
+ hp_wmi_error_and_message(ret);
+
+ if (ret)
+ goto out_free;
+
+ obj = output.pointer;
+ if (!obj) {
+ ret = -EINVAL;
+ goto out_free;
+ }
+
+ if (obj->type != ACPI_TYPE_BUFFER ||
+ obj->buffer.length < sizeof(*bios_return)) {
+ pr_warn("query 0x%x returned wrong type or too small buffer\n", query);
+ ret = -EINVAL;
+ goto out_free;
+ }
+
+ bios_return = (struct bios_return *)obj->buffer.pointer;
+ ret = bios_return->return_code;
+ hp_wmi_error_and_message(ret);
+
+ if (ret) {
+ if (ret != INVALID_CMD_VALUE &&
+ ret != INVALID_CMD_TYPE)
+ pr_warn("query 0x%x returned error 0x%x\n", query, ret);
+ goto out_free;
+ }
+
+ /* Ignore output data of zero size */
+ if (!outsize)
+ goto out_free;
+
+ actual_outsize = min(outsize, (u32)(obj->buffer.length - sizeof(*bios_return)));
+ memcpy_and_pad(buffer, outsize, obj->buffer.pointer + sizeof(*bios_return),
+ actual_outsize, 0);
+
+out_free:
+ kfree(obj);
+ kfree(args);
+ return ret;
+}
+
+static void *utf16_empty_string(u16 *p)
+{
+ *p++ = 2;
+ *p++ = (u8)0x00;
+ return p;
+}
+
+/**
+ * hp_ascii_to_utf16_unicode - Convert ascii string to UTF-16 unicode
+ *
+ * BIOS supports UTF-16 characters that are 2 bytes long. No variable
+ * multi-byte language supported.
+ *
+ * @p: Unicode buffer address
+ * @str: string to convert to unicode
+ *
+ * Returns a void pointer to the buffer string
+ */
+void *hp_ascii_to_utf16_unicode(u16 *p, const u8 *str)
+{
+ int len = strlen(str);
+ int ret;
+
+ /*
+ * Add null character when reading an empty string
+ * "02 00 00 00"
+ */
+ if (len == 0)
+ return utf16_empty_string(p);
+
+ /* Move pointer len * 2 number of bytes */
+ *p++ = len * 2;
+ ret = utf8s_to_utf16s(str, strlen(str), UTF16_HOST_ENDIAN, p, len);
+ if (ret < 0) {
+ dev_err(bioscfg_drv.class_dev, "UTF16 conversion failed\n");
+ return NULL;
+ }
+
+ if ((ret * sizeof(u16)) > U16_MAX) {
+ dev_err(bioscfg_drv.class_dev, "Error string too long\n");
+ return NULL;
+ }
+
+ p += len;
+ return p;
+}
+
+/**
+ * hp_wmi_set_bios_setting - Set setting's value in BIOS
+ *
+ * @input_buffer: Input buffer address
+ * @input_size: Input buffer size
+ *
+ * Returns: Count of unicode characters written to BIOS if successful, otherwise
+ * -ENOMEM unable to allocate memory
+ * -EINVAL buffer not allocated or too small
+ */
+int hp_wmi_set_bios_setting(u16 *input_buffer, u32 input_size)
+{
+ union acpi_object *obj;
+ struct acpi_buffer input = {input_size, input_buffer};
+ struct acpi_buffer output = {ACPI_ALLOCATE_BUFFER, NULL};
+ int ret;
+
+ ret = wmi_evaluate_method(HP_WMI_SET_BIOS_SETTING_GUID, 0, 1, &input, &output);
+
+ obj = output.pointer;
+ if (!obj)
+ return -EINVAL;
+
+ if (obj->type != ACPI_TYPE_INTEGER)
+ ret = -EINVAL;
+
+ ret = obj->integer.value;
+ hp_wmi_error_and_message(ret);
+
+ kfree(obj);
+ return ret;
+}
+
+static int hp_attr_set_interface_probe(struct wmi_device *wdev, const void *context)
+{
+ mutex_lock(&bioscfg_drv.mutex);
+ bioscfg_drv.bios_attr_wdev = wdev;
+ mutex_unlock(&bioscfg_drv.mutex);
+ return 0;
+}
+
+static void hp_attr_set_interface_remove(struct wmi_device *wdev)
+{
+ mutex_lock(&bioscfg_drv.mutex);
+ bioscfg_drv.bios_attr_wdev = NULL;
+ mutex_unlock(&bioscfg_drv.mutex);
+}
+
+static const struct wmi_device_id hp_attr_set_interface_id_table[] = {
+ { .guid_string = HP_WMI_BIOS_GUID},
+ { }
+};
+
+static struct wmi_driver hp_attr_set_interface_driver = {
+ .driver = {
+ .name = DRIVER_NAME,
+ },
+ .probe = hp_attr_set_interface_probe,
+ .remove = hp_attr_set_interface_remove,
+ .id_table = hp_attr_set_interface_id_table,
+};
+
+int init_hp_attr_set_interface(void)
+{
+ return wmi_driver_register(&hp_attr_set_interface_driver);
+}
+
+void exit_hp_attr_set_interface(void)
+{
+ wmi_driver_unregister(&hp_attr_set_interface_driver);
+}
+
+MODULE_DEVICE_TABLE(wmi, hp_attr_set_interface_id_table);
--
2.34.1

2023-05-06 07:00:55

by Thomas Weißschuh

[permalink] [raw]
Subject: Re: [PATCH v12 00/13] HP BIOSCFG driver

On 2023-05-05 17:00:30-0500, Jorge Lopez wrote:
<snip>

> Jorge Lopez (13):
> HP BIOSCFG driver - Documentation
> HP BIOSCFG driver - biosattr-interface
> HP BIOSCFG driver - bioscfg
> HP BIOSCFG driver - int-attributes
> HP BIOSCFG driver - ordered-attributes
> HP BIOSCFG driver - passwdobj-attributes
> HP BIOSCFG driver - string-attributes
> HP BIOSCFG driver - bioscfg-h
> HP BIOSCFG driver - enum-attributes
> HP BIOSCFG driver - spmobj-attributes
> HP BIOSCFG driver - surestart-attributes
> HP BIOSCFG driver - Makefile
> HP BIOSCFG driver - MAINTAINERS

These could be reordered a bit to be easier to read.

* Documentation
* bioscfg-h
* bioscfg
* biosattr-interface
* *-attributes
* Makefile
* MAINTAINERS

Also currently the subject spacing is currently inconsistent.
Something like "hp-bioscfg: foo" would be more in line with the rest of
the kernel.

>
> .../testing/sysfs-class-firmware-attributes | 117 ++-
> MAINTAINERS | 6 +
> drivers/platform/x86/hp/Kconfig | 16 +
> drivers/platform/x86/hp/Makefile | 1 +
> drivers/platform/x86/hp/hp-bioscfg/Makefile | 12 +
> .../x86/hp/hp-bioscfg/biosattr-interface.c | 319 ++++++
> drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 982 ++++++++++++++++++
> drivers/platform/x86/hp/hp-bioscfg/bioscfg.h | 523 ++++++++++
> .../x86/hp/hp-bioscfg/enum-attributes.c | 482 +++++++++
> .../x86/hp/hp-bioscfg/int-attributes.c | 448 ++++++++
> .../x86/hp/hp-bioscfg/ordered-attributes.c | 443 ++++++++
> .../x86/hp/hp-bioscfg/passwdobj-attributes.c | 584 +++++++++++
> .../x86/hp/hp-bioscfg/spmobj-attributes.c | 381 +++++++
> .../x86/hp/hp-bioscfg/string-attributes.c | 415 ++++++++
> .../x86/hp/hp-bioscfg/surestart-attributes.c | 133 +++
> 15 files changed, 4860 insertions(+), 2 deletions(-)
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/Makefile
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.c
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
>
> --
> 2.34.1
>

2023-05-06 07:32:27

by Thomas Weißschuh

[permalink] [raw]
Subject: Re: [PATCH v12 08/13] HP BIOSCFG driver - bioscfg-h

On 2023-05-05 17:00:38-0500, Jorge Lopez wrote:
<snip>

> ---
> Based on the latest platform-drivers-x86.git/for-next
> ---
> drivers/platform/x86/hp/hp-bioscfg/bioscfg.h | 523 +++++++++++++++++++
> 1 file changed, 523 insertions(+)
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
>
> diff --git a/drivers/platform/x86/hp/hp-bioscfg/bioscfg.h b/drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
> new file mode 100644
> index 000000000000..f27667d7ba9f
> --- /dev/null
> +++ b/drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
> @@ -0,0 +1,523 @@
> +/* SPDX-License-Identifier: GPL-2.0
> + *
> + * Definitions for kernel modules using hp_bioscfg driver
> + *
> + * Copyright (c) 2022 HP Development Company, L.P.
> + */
> +
> +#ifndef _HP_BIOSCFG_H_
> +#define _HP_BIOSCFG_H_
> +
> +#include <linux/wmi.h>
> +#include <linux/types.h>
> +#include <linux/device.h>
> +#include <linux/module.h>
> +#include <linux/kernel.h>
> +#include <linux/capability.h>
> +#include <linux/nls.h>
> +
> +#define DRIVER_NAME "hp-bioscfg"
> +
> +#define MAX_BUFF 512
> +#define MAX_KEY_MOD 256

Seems to need _SIZE suffix.

> +#define MAX_PASSWD_SIZE 64
> +#define MAX_MESSAGE_SIZE 256

Never used.

> +#define MAX_PREREQUISITES_SIZE 20
> +#define MAX_REQ_ELEM_SIZE 128
> +#define MAX_VALUES_SIZE 16
> +#define MAX_ENCODINGS_SIZE 16
> +#define MAX_ELEMENTS_SIZE 16
> +
> +#define SPM_STR_DESC "Secure Platform Management"
> +#define SPM_STR "SPM"
> +#define SURE_START_DESC "Sure Start"
> +#define SURE_START_STR "Sure_Start"
> +#define SETUP_PASSWD "Setup Password"
> +#define POWER_ON_PASSWD "Power-On Password"
> +
> +#define LANG_CODE_STR "en_US.UTF-8"
> +#define SCHEDULE_POWER_ON "Scheduled Power-On"
> +
> +#define COMMA_SEP ","
> +#define SEMICOLON_SEP ";"
> +
> +/* Sure Admin Functions */
> +
> +#define UTF_PREFIX "<utf-16/>"
> +#define BEAM_PREFIX "<BEAM/>"
> +
> +/* mechanism - Authentication attribute */
> +
> +#define MAX_MECHANISM_TYPES 3

Never used.

> +
> +enum mechanism_values {
> + PASSWORD = 0x00,
> + NOT_PROVISION = 0x00,

Never used.

> + SIGNING_KEY = 0x01,
> + ENDORSEMENT_KEY = 0x02,
> +};
> +
> +#define BIOS_ADMIN "bios-admin"
> +#define POWER_ON "power-on"
> +#define BIOS_SPM "enhanced-bios-auth"
> +
> +#define PASSWD_MECHANISM_TYPES "password"
> +
> +#define HP_WMI_BIOS_GUID "5FB7F034-2C63-45e9-BE91-3D44E2C707E4"
> +
> +#define HP_WMI_BIOS_STRING_GUID "988D08E3-68F4-4c35-AF3E-6A1B8106F83C"
> +#define HP_WMI_BIOS_INTEGER_GUID "8232DE3D-663D-4327-A8F4-E293ADB9BF05"
> +#define HP_WMI_BIOS_ENUMERATION_GUID "2D114B49-2DFB-4130-B8FE-4A3C09E75133"
> +#define HP_WMI_BIOS_ORDERED_LIST_GUID "14EA9746-CE1F-4098-A0E0-7045CB4DA745"
> +#define HP_WMI_BIOS_PASSWORD_GUID "322F2028-0F84-4901-988E-015176049E2D"
> +#define HP_WMI_SET_BIOS_SETTING_GUID "1F4C91EB-DC5C-460b-951D-C7CB9B4B8D5E"
> +
> +enum hp_wmi_spm_commandtype {
> + HPWMI_SECUREPLATFORM_GET_STATE = 0x10,
> + HPWMI_SECUREPLATFORM_SET_KEK = 0x11,
> + HPWMI_SECUREPLATFORM_SET_SK = 0x12,
> +};
> +
> +enum hp_wmi_surestart_commandtype {
> + HPWMI_SURESTART_GET_LOG_COUNT = 0x01,
> + HPWMI_SURESTART_GET_LOG = 0x02,
> +};
> +
> +enum hp_wmi_command {
> + HPWMI_READ = 0x01,
> + HPWMI_WRITE = 0x02,
> + HPWMI_ODM = 0x03,
> + HPWMI_SURESTART = 0x20006,
> + HPWMI_GM = 0x20008,
> + HPWMI_SECUREPLATFORM = 0x20010,
> +};
> +
> +struct bios_return {
> + u32 sigpass;
> + u32 return_code;
> +};
> +
> +enum wmi_error_values {
> + SUCCESS = 0x00,
> + CMD_FAILED = 0x01,
> + INVALID_SIGN = 0x02,
> + INVALID_CMD_VALUE = 0x03,
> + INVALID_CMD_TYPE = 0x04,
> + INVALID_DATA_SIZE = 0x05,
> + INVALID_CMD_PARAM = 0x06,
> + ENCRYP_CMD_REQUIRED = 0x07,
> + NO_SECURE_SESSION = 0x08,
> + SECURE_SESSION_FOUND = 0x09,
> + SECURE_SESSION_FAILED = 0x0A,
> + AUTH_FAILED = 0x0B,
> + INVALID_BIOS_AUTH = 0x0E,
> + NONCE_DID_NOT_MATCH = 0x18,
> + GENERIC_ERROR = 0x1C,
> + BIOS_ADMIN_POLICY_NOT_MET = 0x28,
> + BIOS_ADMIN_NOT_SET = 0x38,
> + P21_NO_PROVISIONED = 0x1000,
> + P21_PROVISION_IN_PROGRESS = 0x1001,
> + P21_IN_USE = 0x1002,
> + HEP_NOT_ACTIVE = 0x1004,
> + HEP_ALREADY_SET = 0x1006,
> + HEP_CHECK_STATE = 0x1007,
> +};
> +
> +enum spm_features {
> + HEP_ENABLED = 0x01,
> + PLATFORM_RECOVERY = 0x02,
> + ENHANCED_BIOS_AUTH_MODE = 0x04,
> +};
> +
> +enum spm_states_values {
> + NOT_PROVISIONED = 0x00,
> + PROVISIONED = 0x01,
> + PROVISIONING_IN_PROGRESS = 0x02,
> +};

Are these enums used?

> +
> +struct common_data {
> + u8 display_name[MAX_BUFF];
> + u8 path[MAX_BUFF];
> + u32 is_readonly;
> + u32 display_in_ui;
> + u32 requires_physical_presence;
> + u32 sequence;
> + u32 prerequisites_size;
> + u8 prerequisites[MAX_PREREQUISITES_SIZE][MAX_BUFF];
> + u32 security_level;
> + u8 display_name_language_code[MAX_BUFF];
> +};
> +
> +struct string_data {
> + struct common_data common;
> + struct kobject *attr_name_kobj;
> + u8 current_value[MAX_BUFF];
> + u8 new_value[MAX_BUFF];
> + u32 min_length;
> + u32 max_length;
> +};
> +
> +struct integer_data {
> + struct common_data common;
> + struct kobject *attr_name_kobj;
> + u32 current_value;
> + u32 new_value;
> + u32 lower_bound;
> + u32 upper_bound;
> + u32 scalar_increment;
> +};
> +
> +struct enumeration_data {
> + struct common_data common;
> + struct kobject *attr_name_kobj;
> + u8 current_value[MAX_BUFF];
> + u8 new_value[MAX_BUFF];
> + u32 possible_values_size;
> + u8 possible_values[MAX_VALUES_SIZE][MAX_BUFF];
> +};
> +
> +struct ordered_list_data {
> + struct common_data common;
> + struct kobject *attr_name_kobj;
> + u8 current_value[MAX_BUFF];
> + u8 new_value[MAX_BUFF];
> + u32 elements_size;
> + u8 elements[MAX_ELEMENTS_SIZE][MAX_BUFF];
> +};
> +
> +struct password_data {
> + struct common_data common;
> + struct kobject *attr_name_kobj;
> + u8 current_password[MAX_PASSWD_SIZE];
> + u8 new_password[MAX_PASSWD_SIZE];
> + u32 min_password_length;
> + u32 max_password_length;
> + u32 encodings_size;
> + u8 encodings[MAX_ENCODINGS_SIZE][MAX_BUFF];
> + u32 is_enabled;

If it is only being used as a boolean, bool is nicer.

> +
> + // 'bios-admin' 'power-on'
> + u32 role;

Are the comments about the possible values or the context in which this
field will be used?
This should be clear.

> +
> + //'password'
> + u32 mechanism;
> +};
> +
> +struct secure_platform_data {
> + struct kobject *attr_name_kobj;
> + u8 attribute_name[MAX_BUFF];
> + u8 *endorsement_key;
> + u8 *signing_key;
> + u8 *auth_token;
> + u32 is_enabled;

Also bool.

> + u32 mechanism;
> +};
> +
> +struct bioscfg_priv {
> + struct wmi_device *bios_attr_wdev;
> + struct kset *authentication_dir_kset;
> + struct kset *main_dir_kset;
> + struct device *class_dev;
> + struct string_data *string_data;
> + u32 string_instances_count;
> + struct integer_data *integer_data;
> + u32 integer_instances_count;
> + struct enumeration_data *enumeration_data;
> + u32 enumeration_instances_count;
> + struct ordered_list_data *ordered_list_data;
> + u32 ordered_list_instances_count;
> + struct password_data *password_data;
> + u32 password_instances_count;
> +
> + struct kobject *sure_start_attr_kobj;
> + struct secure_platform_data spm_data;
> +
> + bool pending_reboot;
> + struct mutex mutex;
> +};
> +
> +/* global structure used by multiple WMI interfaces */
> +extern struct bioscfg_priv bioscfg_drv;
> +
> +enum hp_wmi_data_type {
> + HPWMI_STRING_TYPE = 0x00,
> + HPWMI_INTEGER_TYPE = 0x01,
> + HPWMI_ENUMERATION_TYPE = 0x02,
> + HPWMI_ORDERED_LIST_TYPE = 0x03,
> + HPWMI_PASSWORD_TYPE = 0x04,
> + HPWMI_SECURE_PLATFORM_TYPE = 0x05,
> + HPWMI_SURE_START_TYPE = 0x06,
> +};

There is no need to explicitly specify enum values when they don't
matter.
This makes it clear if an enum represents values for an external ABI or
if it is just for internal use.

> +
> +enum hp_wmi_data_elements {
> + /* Common elements */
> + NAME = 0,
> + VALUE = 1,
> + PATH = 2,
> + IS_READONLY = 3,
> + DISPLAY_IN_UI = 4,
> + REQUIRES_PHYSICAL_PRESENCE = 5,
> + SEQUENCE = 6,
> + PREREQUISITES_SIZE = 7,
> + PREREQUISITES = 8,
> + SECURITY_LEVEL = 9,
> +
> + /* String elements */
> + STR_MIN_LENGTH = 10,
> + STR_MAX_LENGTH = 11,
> + STR_ELEM_CNT = 12,
> +
> + /* Integer elements */
> + INT_LOWER_BOUND = 10,
> + INT_UPPER_BOUND = 11,
> + INT_SCALAR_INCREMENT = 12,
> + INT_ELEM_CNT = 13,
> +
> + /* Enumeration elements */
> + ENUM_CURRENT_VALUE = 10,
> + ENUM_SIZE = 11,
> + ENUM_POSSIBLE_VALUES = 12,
> + ENUM_ELEM_CNT = 13,
> +
> + /* Ordered list elements */
> + ORD_LIST_SIZE = 10,
> + ORD_LIST_ELEMENTS = 11,
> + ORD_ELEM_CNT = 12,
> +
> + /* Password elements */
> + PSWD_MIN_LENGTH = 10,
> + PSWD_MAX_LENGTH = 11,
> + PSWD_SIZE = 12,
> + PSWD_ENCODINGS = 13,
> + PSWD_IS_SET = 14,
> + PSWD_ELEM_CNT = 15,
> +};
> +
> +#define GET_INSTANCE_ID(type) \
> + static int get_##type##_instance_id(struct kobject *kobj) \
> + { \
> + int i; \
> + \
> + for (i = 0; i <= bioscfg_drv.type##_instances_count; i++) { \
> + if (!strcmp(kobj->name, bioscfg_drv.type##_data[i].attr_name_kobj->name)) \
> + return i; \
> + } \
> + return -EIO; \
> + }
> +
> +#define ATTRIBUTE_S_PROPERTY_SHOW(name, type) \
> + static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, \
> + char *buf) \
> + { \
> + int i = get_##type##_instance_id(kobj); \
> + if (i >= 0) \
> + return sysfs_emit(buf, "%s\n", bioscfg_drv.type##_data[i].name); \
> + return -EIO; \
> + }
> +
> +#define ATTRIBUTE_N_PROPERTY_SHOW(name, type) \
> + static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, \
> + char *buf) \
> + { \
> + int i = get_##type##_instance_id(kobj); \
> + if (i >= 0) \
> + return sysfs_emit(buf, "%d\n", bioscfg_drv.type##_data[i].name); \
> + return -EIO; \
> + }
> +
> +#define ATTRIBUTE_PROPERTY_STORE(curr_val, type) \
> + static ssize_t curr_val##_store(struct kobject *kobj, \
> + struct kobj_attribute *attr, \
> + const char *buf, size_t count) \
> + { \
> + char *attr_value = NULL; \
> + int i; \
> + int ret = -EIO; \
> + \
> + attr_value = kstrdup(buf, GFP_KERNEL); \
> + if (!attr_value) \
> + return -ENOMEM; \
> + \
> + ret = enforce_single_line_input(attr_value, count); \
> + if (!ret) { \
> + i = get_##type##_instance_id(kobj); \
> + if (i >= 0) \
> + ret = validate_##type##_input(i, attr_value); \
> + } \
> + if (!ret) \
> + ret = hp_set_attribute(kobj->name, attr_value); \
> + if (!ret) \
> + update_##type##_value(i, attr_value); \
> + \
> + clear_all_credentials(); \
> + kfree(attr_value); \
> + \
> + return ret ? ret : count; \
> + }
> +
> +#define ATTRIBUTE_SPM_N_PROPERTY_SHOW(name, type) \
> + static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) \
> + { \
> + return sysfs_emit(buf, "%d\n", bioscfg_drv.type##_data.name); \
> + }
> +
> +#define ATTRIBUTE_SPM_S_PROPERTY_SHOW(name, type) \
> + static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) \
> + { \
> + return sysfs_emit(buf, "%s\n", bioscfg_drv.type##_data.name); \
> + }
> +
> +#define ATTRIBUTE_VALUES_PROPERTY_SHOW(name, type, sep) \
> + static ssize_t name##_show(struct kobject *kobj, \
> + struct kobj_attribute *attr, char *buf) \
> + { \
> + int i; \
> + int len = 0; \
> + int instance_id = get_##type##_instance_id(kobj); \
> + \
> + if (instance_id < 0) \
> + return 0; \
> + \
> + for (i = 0; i < bioscfg_drv.type##_data[instance_id].name##_size; i++) { \
> + if (i) \
> + len += sysfs_emit_at(buf, len, "%s", sep); \
> + \
> + len += sysfs_emit_at(buf, len, "%s", \
> + bioscfg_drv.type##_data[instance_id].name[i]); \
> + } \
> + len += sysfs_emit_at(buf, len, "\n"); \
> + return len; \
> + }
> +
> +#define ATTRIBUTE_S_COMMON_PROPERTY_SHOW(name, type) \
> + static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, \
> + char *buf) \
> + { \
> + int i = get_##type##_instance_id(kobj); \
> + if (i >= 0) \
> + return sysfs_emit(buf, "%s\n", bioscfg_drv.type##_data[i].common.name); \
> + return -EIO; \
> + }
> +
> +/*
> + * Prototypes
> + */
> +union acpi_object *get_wmiobj_pointer(int instance_id, const char *guid_string);

Weren't all non-static functions supposed to gain a common prefix?

> +int get_instance_count(const char *guid_string);
> +void update_attribute_permissions(u32 isreadonly, struct kobj_attribute *current_val);

"bool readonly" should be enough.

> +void friendly_user_name_update(char *path, const char *attr_name,
> + char *attr_display, int attr_size);
> +int hp_wmi_error_and_message(int error_code);
> +
> +/* String attributes */
> +int populate_string_buffer_data(u8 *buffer_ptr, u32 *buffer_size,
> + int instance_id,
> + struct kobject *attr_name_kobj);
> +
> +int populate_string_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
> + int instance_id);
> +int alloc_string_data(void);
> +void exit_string_attributes(void);
> +int populate_string_package_data(union acpi_object *str_obj,
> + int instance_id,
> + struct kobject *attr_name_kobj);
> +int populate_string_elements_from_package(union acpi_object *str_obj,
> + int str_obj_count,
> + int instance_id);
> +
> +/* Integer attributes */
> +int populate_integer_buffer_data(u8 *buffer_ptr, u32 *buffer_size,
> + int instance_id,
> + struct kobject *attr_name_kobj);
> +int populate_integer_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
> + int instance_id);
> +int alloc_integer_data(void);
> +void exit_integer_attributes(void);
> +int populate_integer_package_data(union acpi_object *integer_obj,
> + int instance_id,
> + struct kobject *attr_name_kobj);
> +int populate_integer_elements_from_package(union acpi_object *integer_obj,
> + int integer_obj_count,
> + int instance_id);
> +
> +/* Enumeration attributes */
> +int populate_enumeration_buffer_data(u8 *buffer_ptr, u32 *buffer_size,
> + int instance_id,
> + struct kobject *attr_name_kobj);
> +int populate_enumeration_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
> + int instance_id);
> +int alloc_enumeration_data(void);
> +void exit_enumeration_attributes(void);
> +int populate_enumeration_package_data(union acpi_object *enum_obj,
> + int instance_id,
> + struct kobject *attr_name_kobj);
> +int populate_enumeration_elements_from_package(union acpi_object *enum_obj,
> + int enum_obj_count,
> + int instance_id);
> +
> +/* Ordered list */
> +int populate_ordered_list_buffer_data(u8 *buffer_ptr,
> + u32 *buffer_size,
> + int instance_id,
> + struct kobject *attr_name_kobj);
> +int populate_ordered_list_elements_from_buffer(u8 *buffer_ptr,
> + u32 *buffer_size,
> + int instance_id);
> +int alloc_ordered_list_data(void);
> +void exit_ordered_list_attributes(void);
> +int populate_ordered_list_package_data(union acpi_object *order_obj,
> + int instance_id,
> + struct kobject *attr_name_kobj);
> +int populate_ordered_list_elements_from_package(union acpi_object *order_obj,
> + int order_obj_count,
> + int instance_id);
> +
> +/* Password authentication attributes */
> +int populate_password_buffer_data(u8 *buffer_ptr, u32 *buffer_size,
> + int instance_id,
> + struct kobject *attr_name_kobj);
> +int populate_password_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
> + int instance_id);
> +int populate_password_package_data(union acpi_object *password_obj,
> + int instance_id,
> + struct kobject *attr_name_kobj);
> +int populate_password_elements_from_package(union acpi_object *password_obj,
> + int password_obj_count,
> + int instance_id);
> +int alloc_password_data(void);
> +int alloc_secure_platform_data(void);
> +void exit_password_attributes(void);
> +void exit_secure_platform_attributes(void);
> +int populate_secure_platform_data(struct kobject *attr_name_kobj);
> +int check_spm_is_enabled(void);
> +int hp_wmi_set_bios_setting(u16 *input_buffer, u32 input_size);
> +int hp_wmi_perform_query(int query, enum hp_wmi_command command,
> + void *buffer, u32 insize, u32 outsize);
> +int validate_password_input(int instance_id, const char *buf);
> +
> +/* Sure Start attributes */
> +void exit_sure_start_attributes(void);
> +int populate_sure_start_data(struct kobject *attr_name_kobj);
> +
> +int set_bios_defaults(u8 deftype);

This seems not to actually exist.

> +int get_password_instance_for_type(const char *name);
> +int clear_all_credentials(void);
> +int clear_passwords(const int instance);
> +void exit_hp_attr_set_interface(void);
> +int init_hp_attr_set_interface(void);
> +size_t hp_calculate_string_buffer(const char *str);
> +size_t calculate_security_buffer(const char *authentication);
> +int populate_security_buffer(u16 *buffer, const char *authentication);
> +int set_new_password(const char *password_type, const char *new_password);
> +int init_hp_attr_pass_interface(void);
> +void exit_hp_attr_pass_interface(void);
> +void *hp_ascii_to_utf16_unicode(u16 *p, const u8 *str);
> +int get_integer_from_buffer(u8 **buffer, u32 *buffer_size, u32 *integer);
> +int get_string_from_buffer(u8 **buffer, u32 *buffer_size, char *dst, u32 dst_size);
> +int convert_hexstr_to_str(const char *input, u32 input_len, char **str, int *len);
> +int encode_outsize_for_pvsz(int outsize);
> +int hp_set_attribute(const char *a_name, const char *a_value);
> +int enforce_single_line_input(char *buf, size_t count);
> +void set_reboot_and_signal_event(void);
> +
> +#endif
> --
> 2.34.1
>

2023-05-08 14:23:50

by Jorge Lopez

[permalink] [raw]
Subject: Re: [PATCH v12 00/13] HP BIOSCFG driver

On Sat, May 6, 2023 at 1:57 AM Thomas Weißschuh <[email protected]> wrote:
>
> On 2023-05-05 17:00:30-0500, Jorge Lopez wrote:
> <snip>
>
> > Jorge Lopez (13):
> > HP BIOSCFG driver - Documentation
> > HP BIOSCFG driver - biosattr-interface
> > HP BIOSCFG driver - bioscfg
> > HP BIOSCFG driver - int-attributes
> > HP BIOSCFG driver - ordered-attributes
> > HP BIOSCFG driver - passwdobj-attributes
> > HP BIOSCFG driver - string-attributes
> > HP BIOSCFG driver - bioscfg-h
> > HP BIOSCFG driver - enum-attributes
> > HP BIOSCFG driver - spmobj-attributes
> > HP BIOSCFG driver - surestart-attributes
> > HP BIOSCFG driver - Makefile
> > HP BIOSCFG driver - MAINTAINERS
>
> These could be reordered a bit to be easier to read.
>
> * Documentation
> * bioscfg-h
> * bioscfg
> * biosattr-interface
> * *-attributes
> * Makefile
> * MAINTAINERS
>

the order is determined when a particular commit took place and as
reported by git.
I will reorder the list in the cover-letter in future submissions.

> Also currently the subject spacing is currently inconsistent.
> Something like "hp-bioscfg: foo" would be more in line with the rest of
> the kernel.
>

Noted. I will update the subject spacing as indicated. "hp-bioscfg: foo"

> >
> > .../testing/sysfs-class-firmware-attributes | 117 ++-
> > MAINTAINERS | 6 +
> > drivers/platform/x86/hp/Kconfig | 16 +
> > drivers/platform/x86/hp/Makefile | 1 +
> > drivers/platform/x86/hp/hp-bioscfg/Makefile | 12 +
> > .../x86/hp/hp-bioscfg/biosattr-interface.c | 319 ++++++
> > drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 982 ++++++++++++++++++
> > drivers/platform/x86/hp/hp-bioscfg/bioscfg.h | 523 ++++++++++
> > .../x86/hp/hp-bioscfg/enum-attributes.c | 482 +++++++++
> > .../x86/hp/hp-bioscfg/int-attributes.c | 448 ++++++++
> > .../x86/hp/hp-bioscfg/ordered-attributes.c | 443 ++++++++
> > .../x86/hp/hp-bioscfg/passwdobj-attributes.c | 584 +++++++++++
> > .../x86/hp/hp-bioscfg/spmobj-attributes.c | 381 +++++++
> > .../x86/hp/hp-bioscfg/string-attributes.c | 415 ++++++++
> > .../x86/hp/hp-bioscfg/surestart-attributes.c | 133 +++
> > 15 files changed, 4860 insertions(+), 2 deletions(-)
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/Makefile
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.c
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
> >
> > --
> > 2.34.1
> >

2023-05-08 14:58:24

by Ilpo Järvinen

[permalink] [raw]
Subject: Re: [PATCH v12 04/13] HP BIOSCFG driver - int-attributes

On Fri, 5 May 2023, Jorge Lopez wrote:

> HP BIOS Configuration driver purpose is to provide a driver supporting
> the latest sysfs class firmware attributes framework allowing the user
> to change BIOS settings and security solutions on HP Inc.?s commercial
> notebooks.
>
> Many features of HP Commercial notebooks can be managed using Windows
> Management Instrumentation (WMI). WMI is an implementation of Web-Based
> Enterprise Management (WBEM) that provides a standards-based interface
> for changing and monitoring system settings. HP BIOSCFG driver provides
> a native Linux solution and the exposed features facilitates the
> migration to Linux environments.
>
> The Linux security features to be provided in hp-bioscfg driver enables
> managing the BIOS settings and security solutions via sysfs, a virtual
> filesystem that can be used by user-mode applications. The new
> documentation cover HP-specific firmware sysfs attributes such Secure
> Platform Management and Sure Start. Each section provides security
> feature description and identifies sysfs directories and files exposed
> by the driver.
>
> Many HP Commercial notebooks include a feature called Secure Platform
> Management (SPM), which replaces older password-based BIOS settings
> management with public key cryptography. PC secure product management
> begins when a target system is provisioned with cryptographic keys
> that are used to ensure the integrity of communications between system
> management utilities and the BIOS.
>
> HP Commercial notebooks have several BIOS settings that control its
> behaviour and capabilities, many of which are related to security.
> To prevent unauthorized changes to these settings, the system can
> be configured to use a cryptographic signature-based authorization
> string that the BIOS will use to verify authorization to modify the
> setting.
>
> Linux Security components are under development and not published yet.
> The only linux component is the driver (hp bioscfg) at this time.
> Other published security components are under Windows.
>
> Signed-off-by: Jorge Lopez <[email protected]>
>
> ---
> Based on the latest platform-drivers-x86.git/for-next
> ---
> .../x86/hp/hp-bioscfg/int-attributes.c | 448 ++++++++++++++++++
> 1 file changed, 448 insertions(+)
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
>
> diff --git a/drivers/platform/x86/hp/hp-bioscfg/int-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
> new file mode 100644
> index 000000000000..1395043d5c9f
> --- /dev/null
> +++ b/drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
> @@ -0,0 +1,448 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Functions corresponding to integer type attributes under
> + * BIOS Enumeration GUID for use with hp-bioscfg driver.
> + *
> + * Copyright (c) 2022 Hewlett-Packard Inc.
> + */
> +
> +#include "bioscfg.h"
> +
> +GET_INSTANCE_ID(integer);
> +
> +static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
> +{
> + int instance_id = get_integer_instance_id(kobj);
> +
> + if (instance_id < 0)
> + return -EIO;
> +
> + return sysfs_emit(buf, "%d\n",
> + bioscfg_drv.integer_data[instance_id].current_value);
> +}
> +
> +/*
> + * validate_integer_input() -
> + * Validate input of current_value against lower and upper bound
> + *
> + * @instance_id: The instance on which input is validated
> + * @buf: Input value
> + */
> +static int validate_integer_input(int instance_id, char *buf)
> +{
> + int in_val;
> + int ret;
> + struct integer_data *integer_data = &bioscfg_drv.integer_data[instance_id];
> +
> + /* BIOS treats it as a read only attribute */
> + if (integer_data->common.is_readonly)
> + return -EIO;
> +
> + ret = kstrtoint(buf, 10, &in_val);
> + if (ret < 0)
> + return ret;
> +
> + if (in_val < integer_data->lower_bound ||
> + in_val > integer_data->upper_bound)
> + return -ERANGE;
> +
> + /*
> + * set pending reboot flag depending on
> + * "RequiresPhysicalPresence" value
> + */
> + if (integer_data->common.requires_physical_presence)
> + set_reboot_and_signal_event();
> + return 0;
> +}
> +
> +static void update_integer_value(int instance_id, char *attr_value)
> +{
> + int in_val;
> + int ret;
> + struct integer_data *integer_data = &bioscfg_drv.integer_data[instance_id];
> +
> + ret = kstrtoint(attr_value, 10, &in_val);
> + if (ret == 0)
> + integer_data->current_value = in_val;
> + else
> + pr_warn("Invalid integer value found: %s\n", attr_value);
> +}
> +
> +ATTRIBUTE_S_COMMON_PROPERTY_SHOW(display_name_language_code, integer);
> +static struct kobj_attribute integer_display_langcode =
> + __ATTR_RO(display_name_language_code);
> +
> +ATTRIBUTE_S_COMMON_PROPERTY_SHOW(display_name, integer);
> +static struct kobj_attribute integer_display_name =
> + __ATTR_RO(display_name);
> +
> +ATTRIBUTE_PROPERTY_STORE(current_value, integer);
> +static struct kobj_attribute integer_current_val =
> + __ATTR_RW_MODE(current_value, 0644);
> +
> +ATTRIBUTE_N_PROPERTY_SHOW(lower_bound, integer);
> +static struct kobj_attribute integer_lower_bound =
> + __ATTR_RO(lower_bound);
> +
> +ATTRIBUTE_N_PROPERTY_SHOW(upper_bound, integer);
> +static struct kobj_attribute integer_upper_bound =
> + __ATTR_RO(upper_bound);
> +
> +ATTRIBUTE_N_PROPERTY_SHOW(scalar_increment, integer);
> +static struct kobj_attribute integer_scalar_increment =
> + __ATTR_RO(scalar_increment);
> +
> +static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
> + char *buf)
> +{
> + return sysfs_emit(buf, "integer\n");
> +}
> +
> +static struct kobj_attribute integer_type =
> + __ATTR_RO(type);
> +
> +static struct attribute *integer_attrs[] = {
> + &integer_display_langcode.attr,
> + &integer_display_name.attr,
> + &integer_current_val.attr,
> + &integer_lower_bound.attr,
> + &integer_upper_bound.attr,
> + &integer_scalar_increment.attr,
> + &integer_type.attr,
> + NULL,
> +};
> +
> +static const struct attribute_group integer_attr_group = {
> + .attrs = integer_attrs,
> +};
> +
> +int alloc_integer_data(void)
> +{
> + bioscfg_drv.integer_instances_count = get_instance_count(HP_WMI_BIOS_INTEGER_GUID);
> + bioscfg_drv.integer_data = kcalloc(bioscfg_drv.integer_instances_count,
> + sizeof(struct integer_data), GFP_KERNEL);

It would be better to use sizeof(*...) format.

> +
> + if (!bioscfg_drv.integer_data) {
> + bioscfg_drv.integer_instances_count = 0;
> + return -ENOMEM;
> + }
> + return 0;
> +}
> +
> +/* Expected Values types associated with each element */
> +static const acpi_object_type expected_integer_types[] = {
> + [NAME] = ACPI_TYPE_STRING,
> + [VALUE] = ACPI_TYPE_STRING,
> + [PATH] = ACPI_TYPE_STRING,
> + [IS_READONLY] = ACPI_TYPE_INTEGER,
> + [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER,
> + [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER,
> + [SEQUENCE] = ACPI_TYPE_INTEGER,
> + [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER,
> + [PREREQUISITES] = ACPI_TYPE_STRING,
> + [SECURITY_LEVEL] = ACPI_TYPE_INTEGER,
> + [INT_LOWER_BOUND] = ACPI_TYPE_INTEGER,
> + [INT_UPPER_BOUND] = ACPI_TYPE_INTEGER,
> + [INT_SCALAR_INCREMENT] = ACPI_TYPE_INTEGER,
> +};
> +
> +/*
> + * populate_int_data() -
> + * Populate all properties of an instance under integer attribute
> + *
> + * @integer_obj: ACPI object with integer data
> + * @instance_id: The instance to enumerate
> + * @attr_name_kobj: The parent kernel object
> + */
> +int populate_integer_package_data(union acpi_object *integer_obj,
> + int instance_id,
> + struct kobject *attr_name_kobj)
> +{
> + struct integer_data *integer_data = &bioscfg_drv.integer_data[instance_id];
> +
> + integer_data->attr_name_kobj = attr_name_kobj;
> + populate_integer_elements_from_package(integer_obj,
> + integer_obj->package.count,
> + instance_id);
> + update_attribute_permissions(integer_data->common.is_readonly,
> + &integer_current_val);
> + friendly_user_name_update(integer_data->common.path,
> + attr_name_kobj->name,
> + integer_data->common.display_name,
> + sizeof(integer_data->common.display_name));
> + return sysfs_create_group(attr_name_kobj, &integer_attr_group);
> +}
> +
> +int populate_integer_elements_from_package(union acpi_object *integer_obj,
> + int integer_obj_count,
> + int instance_id)
> +{
> + char *str_value = NULL;
> + int value_len;
> + int ret;
> + u32 int_value;
> + int elem;
> + int reqs;
> + int eloc;
> + struct integer_data *integer_data = &bioscfg_drv.integer_data[instance_id];
> +
> + if (!integer_obj)
> + return -EINVAL;
> +
> + strscpy(integer_data->common.display_name_language_code,
> + LANG_CODE_STR,
> + sizeof(integer_data->common.display_name_language_code));
> +
> + for (elem = 1, eloc = 1; elem < integer_obj_count; elem++, eloc++) {
> + /* ONLY look at the first INTEGER_ELEM_CNT elements */
> + if (eloc == INT_ELEM_CNT)
> + goto exit_integer_package;
> +
> + switch (integer_obj[elem].type) {
> + case ACPI_TYPE_STRING:
> +

Extra newline.

> + if (elem != PREREQUISITES) {
> + ret = convert_hexstr_to_str(integer_obj[elem].string.pointer,
> + integer_obj[elem].string.length,
> + &str_value, &value_len);
> + if (ret)
> + continue;
> + }
> + break;
> + case ACPI_TYPE_INTEGER:
> + int_value = (u32)integer_obj[elem].integer.value;
> + break;
> + default:
> + pr_warn("Unsupported object type [%d]\n", integer_obj[elem].type);
> + continue;
> + }
> + /* Check that both expected and read object type match */
> + if (expected_integer_types[eloc] != integer_obj[elem].type) {
> + pr_err("Error expected type %d for elem %d, but got type %d instead\n",
> + expected_integer_types[eloc], elem, integer_obj[elem].type);
> + return -EIO;
> + }
> + /* Assign appropriate element value to corresponding field*/
> + switch (eloc) {
> + case VALUE:
> + ret = kstrtoint(str_value, 10, &int_value);
> + if (ret)
> + continue;
> +
> + integer_data->current_value = int_value;
> + break;
> + case PATH:
> + strscpy(integer_data->common.path, str_value,
> + sizeof(integer_data->common.path));
> + break;
> + case IS_READONLY:
> + integer_data->common.is_readonly = int_value;
> + break;
> + case DISPLAY_IN_UI:
> + integer_data->common.display_in_ui = int_value;
> + break;
> + case REQUIRES_PHYSICAL_PRESENCE:
> + integer_data->common.requires_physical_presence = int_value;
> + break;
> + case SEQUENCE:
> + integer_data->common.sequence = int_value;
> + break;
> + case PREREQUISITES_SIZE:
> + if (integer_data->common.prerequisites_size > MAX_PREREQUISITES_SIZE)
> + pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
> + /*
> + * This HACK is needed to keep the expected
> + * element list pointing to the right obj[elem].type
> + * when the size is zero. PREREQUISITES
> + * object is omitted by BIOS when the size is
> + * zero.
> + */
> + if (integer_data->common.prerequisites_size == 0)
> + eloc++;
> + break;
> + case PREREQUISITES:
> + for (reqs = 0;
> + reqs < integer_data->common.prerequisites_size &&
> + reqs < MAX_PREREQUISITES_SIZE;
> + reqs++) {
> + if (elem >= integer_obj_count) {
> + pr_err("Error elem-objects package is too small\n");
> + return -EINVAL;
> + }
> +
> + ret = convert_hexstr_to_str(integer_obj[elem + reqs].string.pointer,
> + integer_obj[elem + reqs].string.length,
> + &str_value, &value_len);
> +
> + if (ret)
> + continue;
> +
> + strscpy(integer_data->common.prerequisites[reqs],
> + str_value,
> + sizeof(integer_data->common.prerequisites[reqs]));
> + kfree(str_value);
> + }
> + break;
> +
> + case SECURITY_LEVEL:
> + integer_data->common.security_level = int_value;
> + break;
> + case INT_LOWER_BOUND:
> + integer_data->lower_bound = int_value;
> + break;
> + case INT_UPPER_BOUND:
> + integer_data->upper_bound = int_value;
> + break;
> + case INT_SCALAR_INCREMENT:
> + integer_data->scalar_increment = int_value;
> + break;
> + default:
> + pr_warn("Invalid element: %d found in Integer attribute or data may be malformed\n", elem);
> + break;
> + }
> + }
> +exit_integer_package:
> + kfree(str_value);
> + return 0;
> +}
> +
> +/*
> + * populate_integer_buffer_data() -
> + * Populate all properties of an instance under integer attribute
> + *
> + * @buffer_ptr: Buffer pointer
> + * @buffer_size: Buffer size
> + * @instance_id: The instance to enumerate
> + * @attr_name_kobj: The parent kernel object
> + */
> +int populate_integer_buffer_data(u8 *buffer_ptr, u32 *buffer_size, int instance_id,
> + struct kobject *attr_name_kobj)
> +{
> + struct integer_data *integer_data = &bioscfg_drv.integer_data[instance_id];
> +
> + integer_data->attr_name_kobj = attr_name_kobj;
> +
> + /* Populate integer elements */
> + populate_integer_elements_from_buffer(buffer_ptr, buffer_size,
> + instance_id);
> + update_attribute_permissions(integer_data->common.is_readonly,
> + &integer_current_val);
> + friendly_user_name_update(integer_data->common.path,
> + attr_name_kobj->name,
> + integer_data->common.display_name,
> + sizeof(integer_data->common.display_name));
> +
> + return sysfs_create_group(attr_name_kobj, &integer_attr_group);
> +}
> +
> +int populate_integer_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
> + int instance_id)
> +{
> + char *dst = NULL;
> + int reqs;
> + int ret;
> + int dst_size = *buffer_size / sizeof(u16);
> + struct integer_data *integer_data = &bioscfg_drv.integer_data[instance_id];
> +
> + dst = kcalloc(dst_size, sizeof(char), GFP_KERNEL);
> + if (!dst)
> + return -ENOMEM;
> +
> + strscpy(integer_data->common.display_name_language_code,
> + LANG_CODE_STR,
> + sizeof(integer_data->common.display_name_language_code));
> + /*
> + * Only data relevant to this driver and its functionality is
> + * read. BIOS defines the order in which each * element is
> + * read. Element 0 data is not relevant to this
> + * driver hence it is ignored. For clarity, all element names
> + * (DISPLAY_IN_UI) which defines the order in which is read
> + * and the name matches the variable where the data is stored.
> + */
> +
> + // VALUE:
> + get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
> + ret = kstrtoint(dst, 10, &integer_data->current_value);
> + if (ret)
> + pr_warn("Unable to convert string to integer: %s\n", dst);
> +
> + // PATH:
> + get_string_from_buffer(&buffer_ptr, buffer_size, integer_data->common.path,
> + sizeof(integer_data->common.path));
> +
> + // IS_READONLY:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &integer_data->common.is_readonly);
> +
> + //DISPLAY_IN_UI:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &integer_data->common.display_in_ui);
> +
> + // REQUIRES_PHYSICAL_PRESENCE:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &integer_data->common.requires_physical_presence);
> +
> + // SEQUENCE:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &integer_data->common.sequence);
> +
> + // PREREQUISITES_SIZE:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &integer_data->common.prerequisites_size);
> +
> + if (integer_data->common.prerequisites_size > MAX_PREREQUISITES_SIZE) {
> + /* Report a message and limit prerequisite size to maximum value */
> + pr_warn("Integer Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
> + integer_data->common.prerequisites_size = MAX_PREREQUISITES_SIZE;
> + }
> +
> + // PREREQUISITES:
> + for (reqs = 0;
> + reqs < integer_data->common.prerequisites_size && reqs < MAX_PREREQUISITES_SIZE;

Why is the second check necessary, didn't you just above force it
prerequisites_size to never be larger than that???

After removing it, put the whole for () for a single line.

> + reqs++)
> + get_string_from_buffer(&buffer_ptr, buffer_size,
> + integer_data->common.prerequisites[reqs],
> + sizeof(integer_data->common.prerequisites[reqs]));
> +
> + // SECURITY_LEVEL:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &integer_data->common.security_level);
> +
> + // INT_LOWER_BOUND:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &integer_data->lower_bound);
> +
> + // INT_UPPER_BOUND:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &integer_data->upper_bound);
> +
> + // INT_SCALAR_INCREMENT:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &integer_data->scalar_increment);
> +
> + kfree(dst);
> + return 0;
> +}
> +
> +/*
> + * exit_integer_attributes() - Clear all attribute data
> + *
> + * Clears all data allocated for this group of attributes
> + */
> +void exit_integer_attributes(void)
> +{
> + int instance_id;
> +
> + for (instance_id = 0; instance_id < bioscfg_drv.integer_instances_count;
> + instance_id++) {
> + struct kobject *attr_name_kobj =
> + bioscfg_drv.integer_data[instance_id].attr_name_kobj;

You could consider shorter variable name for instance_id. IMHO, it add
very little value in the long form over i or id.

> +
> + if (attr_name_kobj)
> + sysfs_remove_group(attr_name_kobj, &integer_attr_group);
> + }
> + bioscfg_drv.integer_instances_count = 0;
> +
> + kfree(bioscfg_drv.integer_data);
> + bioscfg_drv.integer_data = NULL;
> +}
>

--
i.

2023-05-08 15:03:05

by Ilpo Järvinen

[permalink] [raw]
Subject: Re: [PATCH v12 02/13] HP BIOSCFG driver - biosattr-interface

On Fri, 5 May 2023, Jorge Lopez wrote:

> HP BIOS Configuration driver purpose is to provide a driver supporting
> the latest sysfs class firmware attributes framework allowing the user
> to change BIOS settings and security solutions on HP Inc.?s commercial
> notebooks.
>
> Many features of HP Commercial notebooks can be managed using Windows
> Management Instrumentation (WMI). WMI is an implementation of Web-Based
> Enterprise Management (WBEM) that provides a standards-based interface
> for changing and monitoring system settings. HP BIOSCFG driver provides
> a native Linux solution and the exposed features facilitates the
> migration to Linux environments.
>
> The Linux security features to be provided in hp-bioscfg driver enables
> managing the BIOS settings and security solutions via sysfs, a virtual
> filesystem that can be used by user-mode applications. The new
> documentation cover HP-specific firmware sysfs attributes such Secure
> Platform Management and Sure Start. Each section provides security
> feature description and identifies sysfs directories and files exposed
> by the driver.
>
> Many HP Commercial notebooks include a feature called Secure Platform
> Management (SPM), which replaces older password-based BIOS settings
> management with public key cryptography. PC secure product management
> begins when a target system is provisioned with cryptographic keys
> that are used to ensure the integrity of communications between system
> management utilities and the BIOS.
>
> HP Commercial notebooks have several BIOS settings that control its
> behaviour and capabilities, many of which are related to security.
> To prevent unauthorized changes to these settings, the system can
> be configured to use a cryptographic signature-based authorization
> string that the BIOS will use to verify authorization to modify the
> setting.
>
> Linux Security components are under development and not published yet.
> The only linux component is the driver (hp bioscfg) at this time.
> Other published security components are under Windows.
>
> Signed-off-by: Jorge Lopez <[email protected]>
>
> ---
> Based on the latest platform-drivers-x86.git/for-next
> ---
> .../x86/hp/hp-bioscfg/biosattr-interface.c | 319 ++++++++++++++++++
> 1 file changed, 319 insertions(+)
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c
>
> diff --git a/drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c b/drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c
> new file mode 100644
> index 000000000000..8f7039a4416a
> --- /dev/null
> +++ b/drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c
> @@ -0,0 +1,319 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Functions corresponding to methods under BIOS interface GUID
> + * for use with hp-bioscfg driver.
> + *
> + * Copyright (c) 2022 Hewlett-Packard Inc.
> + */
> +
> +#include <linux/wmi.h>
> +#include "bioscfg.h"
> +
> +/*
> + * struct bios_args buffer is dynamically allocated. New WMI command types
> + * were introduced that exceeds 128-byte data size. Changes to handle
> + * the data size allocation scheme were kept in hp_wmi_perform_query function.
> + */
> +struct bios_args {
> + u32 signature;
> + u32 command;
> + u32 commandtype;
> + u32 datasize;
> + u8 data[];
> +};
> +
> +/**
> + * hp_set_attribute
> + *
> + * @a_name: The attribute name
> + * @a_value: The attribute value
> + *
> + * Sets an attribute to new value
> + *
> + * Returns zero on success
> + * -ENODEV if device is not found
> + * -EINVAL if the instance of 'Setup Admin' password is not found.
> + * -ENOMEM unable to allocate memory

Inconsistent indent.

> + */
> +int hp_set_attribute(const char *a_name, const char *a_value)
> +{
> + size_t security_area_size;
> + size_t a_name_size, a_value_size;
> + u16 *buffer = NULL;
> + u16 *start;
> + int buffer_size, instance, ret;
> + char *auth_token_choice;
> + u16 *retbuffer;
> +
> + mutex_lock(&bioscfg_drv.mutex);
> + if (!bioscfg_drv.bios_attr_wdev) {
> + ret = -ENODEV;
> + goto out_set_attribute;
> + }
> +
> + instance = get_password_instance_for_type(SETUP_PASSWD);
> + if (instance < 0) {
> + ret = -EINVAL;
> + goto out_set_attribute;
> + }
> +
> + /* Select which auth token to use; password or [auth token] */
> +

Remove newline

> + if (bioscfg_drv.spm_data.auth_token)
> + auth_token_choice = bioscfg_drv.spm_data.auth_token;
> + else
> + auth_token_choice = bioscfg_drv.password_data[instance].current_password;
> +
> + a_name_size = hp_calculate_string_buffer(a_name);
> + a_value_size = hp_calculate_string_buffer(a_value);
> + security_area_size = calculate_security_buffer(auth_token_choice);
> + buffer_size = a_name_size + a_value_size + security_area_size;
> +
> + buffer = kmalloc(buffer_size + 1, GFP_KERNEL);
> + if (!buffer) {
> + ret = -ENOMEM;
> + goto out_set_attribute;
> + }
> +
> + /* build variables to set */
> + start = buffer;
> + retbuffer = hp_ascii_to_utf16_unicode(start, a_name);
> + if (!retbuffer) {
> + ret = -EINVAL;
> + goto out_set_attribute;
> + }
> + start = retbuffer;
> +
> + retbuffer = hp_ascii_to_utf16_unicode(start, a_value);
> + if (!retbuffer) {
> + ret = -EINVAL;
> + goto out_set_attribute;
> + }
> + start = retbuffer;
> +
> + ret = populate_security_buffer(start, auth_token_choice);
> + if (ret < 0)
> + goto out_set_attribute;
> +
> + ret = hp_wmi_set_bios_setting(buffer, buffer_size);
> +
> +out_set_attribute:
> + kfree(buffer);
> + mutex_unlock(&bioscfg_drv.mutex);
> + return ret;
> +}
> +
> +/**
> + * hp_wmi_perform_query
> + *
> + * @query: The commandtype (enum hp_wmi_commandtype)
> + * @command: The command (enum hp_wmi_command)
> + * @buffer: Buffer used as input and/or output
> + * @insize: Size of input buffer
> + * @outsize: Size of output buffer
> + *
> + * returns zero on success
> + * an HP WMI query specific error code (which is positive)
> + * -EINVAL if the query was not successful at all
> + * -EINVAL if the output buffer size exceeds buffersize
> + *
> + * Note: The buffersize must at least be the maximum of the input and output
> + * size. E.g. Battery info query is defined to have 1 byte input
> + * and 128 byte output. The caller would do:
> + * buffer = kzalloc(128, GFP_KERNEL);
> + * ret = hp_wmi_perform_query(HPWMI_BATTERY_QUERY, HPWMI_READ,
> + * buffer, 1, 128)
> + */
> +int hp_wmi_perform_query(int query, enum hp_wmi_command command, void *buffer,
> + u32 insize, u32 outsize)
> +{
> + struct acpi_buffer input, output = { ACPI_ALLOCATE_BUFFER, NULL };
> + struct bios_return *bios_return;
> + union acpi_object *obj = NULL;
> + struct bios_args *args = NULL;
> + u32 mid, actual_outsize, ret;
> + size_t bios_args_size;
> +
> + mid = encode_outsize_for_pvsz(outsize);
> + if (WARN_ON(mid < 0))
> + return mid;
> +
> + bios_args_size = struct_size(args, data, insize);
> + args = kmalloc(bios_args_size, GFP_KERNEL);
> + if (!args)
> + return -ENOMEM;
> +
> + input.length = bios_args_size;
> + input.pointer = args;
> +
> + /* BIOS expects 'SECU' in hex as the signature value*/
> + args->signature = 0x55434553;
> + args->command = command;
> + args->commandtype = query;
> + args->datasize = insize;
> + memcpy(args->data, buffer, flex_array_size(args, data, insize));
> +
> + ret = wmi_evaluate_method(HP_WMI_BIOS_GUID, 0, mid, &input, &output);
> + hp_wmi_error_and_message(ret);
> +
> + if (ret)
> + goto out_free;
> +
> + obj = output.pointer;
> + if (!obj) {
> + ret = -EINVAL;
> + goto out_free;
> + }
> +
> + if (obj->type != ACPI_TYPE_BUFFER ||
> + obj->buffer.length < sizeof(*bios_return)) {
> + pr_warn("query 0x%x returned wrong type or too small buffer\n", query);
> + ret = -EINVAL;
> + goto out_free;
> + }
> +
> + bios_return = (struct bios_return *)obj->buffer.pointer;
> + ret = bios_return->return_code;
> + hp_wmi_error_and_message(ret);
> +
> + if (ret) {
> + if (ret != INVALID_CMD_VALUE &&
> + ret != INVALID_CMD_TYPE)

To the same line.

> + pr_warn("query 0x%x returned error 0x%x\n", query, ret);
> + goto out_free;
> + }
> +
> + /* Ignore output data of zero size */
> + if (!outsize)
> + goto out_free;
> +
> + actual_outsize = min(outsize, (u32)(obj->buffer.length - sizeof(*bios_return)));

Use min_t() instead of casting.

> + memcpy_and_pad(buffer, outsize, obj->buffer.pointer + sizeof(*bios_return),
> + actual_outsize, 0);
> +
> +out_free:
> + kfree(obj);
> + kfree(args);
> + return ret;
> +}
> +
> +static void *utf16_empty_string(u16 *p)
> +{
> + *p++ = 2;
> + *p++ = (u8)0x00;

Useless and non-sensical cast.

> + return p;
> +}
> +
> +/**
> + * hp_ascii_to_utf16_unicode - Convert ascii string to UTF-16 unicode
> + *
> + * BIOS supports UTF-16 characters that are 2 bytes long. No variable
> + * multi-byte language supported.
> + *
> + * @p: Unicode buffer address
> + * @str: string to convert to unicode
> + *
> + * Returns a void pointer to the buffer string
> + */
> +void *hp_ascii_to_utf16_unicode(u16 *p, const u8 *str)
> +{
> + int len = strlen(str);
> + int ret;
> +
> + /*
> + * Add null character when reading an empty string
> + * "02 00 00 00"
> + */
> + if (len == 0)
> + return utf16_empty_string(p);
> +
> + /* Move pointer len * 2 number of bytes */
> + *p++ = len * 2;

The comment sounds odd given the code context here.

> + ret = utf8s_to_utf16s(str, strlen(str), UTF16_HOST_ENDIAN, p, len);

Why is strlen(str) recalculated here?

> + if (ret < 0) {
> + dev_err(bioscfg_drv.class_dev, "UTF16 conversion failed\n");
> + return NULL;
> + }
> +
> + if ((ret * sizeof(u16)) > U16_MAX) {

Unnecessary parenthesis.

> + dev_err(bioscfg_drv.class_dev, "Error string too long\n");
> + return NULL;
> + }
> +
> + p += len;

Is this correct ?

> + return p;
> +}
> +
> +/**
> + * hp_wmi_set_bios_setting - Set setting's value in BIOS
> + *
> + * @input_buffer: Input buffer address
> + * @input_size: Input buffer size
> + *
> + * Returns: Count of unicode characters written to BIOS if successful, otherwise
> + * -ENOMEM unable to allocate memory
> + * -EINVAL buffer not allocated or too small
> + */
> +int hp_wmi_set_bios_setting(u16 *input_buffer, u32 input_size)
> +{
> + union acpi_object *obj;
> + struct acpi_buffer input = {input_size, input_buffer};
> + struct acpi_buffer output = {ACPI_ALLOCATE_BUFFER, NULL};
> + int ret;
> +
> + ret = wmi_evaluate_method(HP_WMI_SET_BIOS_SETTING_GUID, 0, 1, &input, &output);
> +
> + obj = output.pointer;
> + if (!obj)
> + return -EINVAL;
> +
> + if (obj->type != ACPI_TYPE_INTEGER)
> + ret = -EINVAL;

Missing goto?

> +
> + ret = obj->integer.value;
> + hp_wmi_error_and_message(ret);
> +
> + kfree(obj);
> + return ret;
> +}


--
i.


> +
> +static int hp_attr_set_interface_probe(struct wmi_device *wdev, const void *context)
> +{
> + mutex_lock(&bioscfg_drv.mutex);
> + bioscfg_drv.bios_attr_wdev = wdev;
> + mutex_unlock(&bioscfg_drv.mutex);
> + return 0;
> +}
> +
> +static void hp_attr_set_interface_remove(struct wmi_device *wdev)
> +{
> + mutex_lock(&bioscfg_drv.mutex);
> + bioscfg_drv.bios_attr_wdev = NULL;
> + mutex_unlock(&bioscfg_drv.mutex);
> +}
> +
> +static const struct wmi_device_id hp_attr_set_interface_id_table[] = {
> + { .guid_string = HP_WMI_BIOS_GUID},
> + { }
> +};
> +
> +static struct wmi_driver hp_attr_set_interface_driver = {
> + .driver = {
> + .name = DRIVER_NAME,
> + },
> + .probe = hp_attr_set_interface_probe,
> + .remove = hp_attr_set_interface_remove,
> + .id_table = hp_attr_set_interface_id_table,
> +};
> +
> +int init_hp_attr_set_interface(void)
> +{
> + return wmi_driver_register(&hp_attr_set_interface_driver);
> +}
> +
> +void exit_hp_attr_set_interface(void)
> +{
> + wmi_driver_unregister(&hp_attr_set_interface_driver);
> +}
> +
> +MODULE_DEVICE_TABLE(wmi, hp_attr_set_interface_id_table);
>

2023-05-08 15:38:08

by Ilpo Järvinen

[permalink] [raw]
Subject: Re: [PATCH v12 03/13] HP BIOSCFG driver - bioscfg

On Fri, 5 May 2023, Jorge Lopez wrote:

> HP BIOS Configuration driver purpose is to provide a driver supporting
> the latest sysfs class firmware attributes framework allowing the user
> to change BIOS settings and security solutions on HP Inc.?s commercial
> notebooks.
>
> Many features of HP Commercial notebooks can be managed using Windows
> Management Instrumentation (WMI). WMI is an implementation of Web-Based
> Enterprise Management (WBEM) that provides a standards-based interface
> for changing and monitoring system settings. HP BIOSCFG driver provides
> a native Linux solution and the exposed features facilitates the
> migration to Linux environments.
>
> The Linux security features to be provided in hp-bioscfg driver enables
> managing the BIOS settings and security solutions via sysfs, a virtual
> filesystem that can be used by user-mode applications. The new
> documentation cover HP-specific firmware sysfs attributes such Secure
> Platform Management and Sure Start. Each section provides security
> feature description and identifies sysfs directories and files exposed
> by the driver.
>
> Many HP Commercial notebooks include a feature called Secure Platform
> Management (SPM), which replaces older password-based BIOS settings
> management with public key cryptography. PC secure product management
> begins when a target system is provisioned with cryptographic keys
> that are used to ensure the integrity of communications between system
> management utilities and the BIOS.
>
> HP Commercial notebooks have several BIOS settings that control its
> behaviour and capabilities, many of which are related to security.
> To prevent unauthorized changes to these settings, the system can
> be configured to use a cryptographic signature-based authorization
> string that the BIOS will use to verify authorization to modify the
> setting.
>
> Linux Security components are under development and not published yet.
> The only linux component is the driver (hp bioscfg) at this time.
> Other published security components are under Windows.
>
> Signed-off-by: Jorge Lopez <[email protected]>
>
> ---
> Based on the latest platform-drivers-x86.git/for-next
> ---
> drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 982 +++++++++++++++++++
> 1 file changed, 982 insertions(+)
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.c
>
> diff --git a/drivers/platform/x86/hp/hp-bioscfg/bioscfg.c b/drivers/platform/x86/hp/hp-bioscfg/bioscfg.c
> new file mode 100644
> index 000000000000..0079aedaded5
> --- /dev/null
> +++ b/drivers/platform/x86/hp/hp-bioscfg/bioscfg.c
> @@ -0,0 +1,982 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Common methods for use with hp-bioscfg driver
> + *
> + * Copyright (c) 2022 HP Development Company, L.P.
> + */
> +
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> +#include <linux/fs.h>
> +#include <linux/module.h>
> +#include <linux/kernel.h>
> +#include <linux/wmi.h>
> +#include "bioscfg.h"
> +#include "../../firmware_attributes_class.h"
> +#include <linux/nls.h>
> +#include <linux/errno.h>
> +
> +MODULE_AUTHOR("Jorge Lopez <[email protected]>");
> +MODULE_DESCRIPTION("HP BIOS Configuration Driver");
> +MODULE_LICENSE("GPL");
> +
> +struct bioscfg_priv bioscfg_drv = {
> + .mutex = __MUTEX_INITIALIZER(bioscfg_drv.mutex),
> +};
> +
> +static struct class *fw_attr_class;
> +
> +int get_integer_from_buffer(u8 **buffer, u32 *buffer_size, u32 *integer)
> +{
> + int *ptr = PTR_ALIGN((int *)*buffer, 4);
> +
> + /* Ensure there is enough space remaining to read the integer */
> + if (*buffer_size < sizeof(int))
> + return -EINVAL;
> +
> + *integer = *(ptr++);
> + *buffer = (u8 *)ptr;
> + *buffer_size -= sizeof(int);
> +
> + return 0;
> +}
> +
> +int get_string_from_buffer(u8 **buffer, u32 *buffer_size, char *dst, u32 dst_size)
> +{
> + u16 *src = (u16 *)*buffer;
> + u16 src_size;
> +
> + u16 size;
> + int i;
> + int conv_dst_size;
> +
> + if (*buffer_size < sizeof(u16))
> + return -EINVAL;
> +
> + src_size = *(src++);
> + /* size value in u16 chars */
> + size = src_size / sizeof(u16);
> +
> + /* Ensure there is enough space remaining to read and convert
> + * the string
> + */
> + if (*buffer_size < src_size)
> + return -EINVAL;
> +
> + for (i = 0; i < size; i++)
> + if (src[i] == '\\' ||
> + src[i] == '\r' ||
> + src[i] == '\n' ||
> + src[i] == '\t')
> + size++;
> +
> + /*
> + * Conversion is limited to destination string max number of
> + * bytes.
> + */
> + conv_dst_size = size;
> + if (size > dst_size)
> + conv_dst_size = dst_size - 1;
> +
> + /*
> + * convert from UTF-16 unicode to ASCII
> + */
> + utf16s_to_utf8s(src, src_size, UTF16_HOST_ENDIAN, dst, conv_dst_size);
> + dst[conv_dst_size] = 0;
> +
> + for (i = 0; i < size && i < conv_dst_size; i++) {
> + if (*src == '\\' ||
> + *src == '\r' ||
> + *src == '\n' ||
> + *src == '\t')
> + dst[i++] = '\\';
> +
> + if (*src == '\r')
> + dst[i] = 'r';
> + else if (*src == '\n')
> + dst[i] = 'n';
> + else if (*src == '\t')
> + dst[i] = 't';
> + else if (*src == '"')
> + dst[i] = '\'';
> + else
> + dst[i] = *src;
> + src++;
> + }

Please check e.g., string_escape_mem(). This looks pretty similar to it
(but I guess types make it hard to reuse). At minimum, escape_space()
might be useful if exported?

> + *buffer = (u8 *)src;
> + *buffer_size -= size * sizeof(u16);
> +
> + return size;
> +}
> +
> +int enforce_single_line_input(char *buf, size_t count)
> +{
> + char *p;
> +
> + p = memchr(buf, '\n', count);
> +
> + if (p == buf + count - 1)
> + *p = '\0'; /* strip trailing newline */
> + else if (p)
> + return -EINVAL; /* enforce single line input */
> +
> + return 0;
> +}
> +
> +/* Set pending reboot value and generate KOBJ_NAME event */
> +void set_reboot_and_signal_event(void)
> +{
> + bioscfg_drv.pending_reboot = true;
> + kobject_uevent(&bioscfg_drv.class_dev->kobj, KOBJ_CHANGE);
> +}
> +
> +/*
> + * calculate_string_buffer() - determines size of string buffer for
> + * use with BIOS communication
> + *
> + * @str: the string to calculate based upon
> + */
> +size_t hp_calculate_string_buffer(const char *str)
> +{
> + int length = strlen(str);
> +
> + /* BIOS expects 4 bytes when an empty string is found */
> + if (length == 0)
> + return 4;
> +
> + /* u16 length field + one UTF16 char for each input char */
> + return sizeof(u16) + strlen(str) * sizeof(u16);
> +}
> +
> +int hp_wmi_error_and_message(int error_code)
> +{
> + char *error_msg = NULL;
> + int ret;
> +
> + switch (error_code) {
> + case SUCCESS:
> + error_msg = "Success";
> + ret = 0;
> + break;
> + case CMD_FAILED:
> + error_msg = "Command failed";
> + ret = -EINVAL;
> + break;
> + case INVALID_SIGN:
> + error_msg = "Invalid signature";
> + ret = -EINVAL;
> + break;
> + case INVALID_CMD_VALUE:
> + error_msg = "Invalid command value/Feature not supported";
> + ret = -EOPNOTSUPP;
> + break;
> + case INVALID_CMD_TYPE:
> + error_msg = "Invalid command type";
> + ret = -EINVAL;
> + break;
> + case INVALID_DATA_SIZE:
> + error_msg = "Invalid data size";
> + ret = -EINVAL;
> + break;
> + case INVALID_CMD_PARAM:
> + error_msg = "Invalid command parameter";
> + ret = -EINVAL;
> + break;
> + case ENCRYP_CMD_REQUIRED:
> + error_msg = "Secure/encrypted command required";
> + ret = -EACCES;
> + break;
> + case NO_SECURE_SESSION:
> + error_msg = "No secure session established";
> + ret = -EACCES;
> + break;
> + case SECURE_SESSION_FOUND:
> + error_msg = "Secure session already established";
> + ret = -EACCES;
> + break;
> + case SECURE_SESSION_FAILED:
> + error_msg = "Secure session failed";
> + ret = -EIO;
> + break;
> + case AUTH_FAILED:
> + error_msg = "Other permission/Authentication failed";
> + ret = -EACCES;
> + break;
> + case INVALID_BIOS_AUTH:
> + error_msg = "Invalid BIOS administrator password";
> + ret = -EINVAL;
> + break;
> + case NONCE_DID_NOT_MATCH:
> + error_msg = "Nonce did not match";
> + ret = -EINVAL;
> + break;
> + case GENERIC_ERROR:
> + error_msg = "Generic/Other error";
> + ret = -EIO;
> + break;
> + case BIOS_ADMIN_POLICY_NOT_MET:
> + error_msg = "BIOS Admin password does not meet password policy requirements";
> + ret = -EINVAL;
> + break;
> + case BIOS_ADMIN_NOT_SET:
> + error_msg = "BIOS Setup password is not set.";

Why this has . and other do not?

> + ret = -EPERM;
> + break;
> + case P21_NO_PROVISIONED:
> + error_msg = "P21 is not provisioned";
> + ret = -EPERM;
> + break;
> + case P21_PROVISION_IN_PROGRESS:
> + error_msg = "P21 is already provisioned or provisioning is in progress and a signing key has already been sent.";

Dot also here at end?

> + ret = -EINPROGRESS;
> + break;
> + case P21_IN_USE:
> + error_msg = "P21 in use (cannot deprovision)";
> + ret = -EPERM;
> + break;
> + case HEP_NOT_ACTIVE:
> + error_msg = "HEP not activated";
> + ret = -EPERM;
> + break;
> + case HEP_ALREADY_SET:
> + error_msg = "HEP Transport already set";

Is it okay to capitalize Transport (could be, I don't know)?

> + ret = -EINVAL;
> + break;
> + case HEP_CHECK_STATE:
> + error_msg = "Check the current HEP state";
> + ret = -EINVAL;
> + break;
> + default:
> + error_msg = "Generic/Other error";
> + ret = -EIO;
> + break;
> + }
> +
> + if (error_code)
> + pr_warn_ratelimited("Returned error 0x%x, \"%s\"\n", error_code, error_msg);
> +
> + return ret;
> +}
> +
> +static ssize_t pending_reboot_show(struct kobject *kobj,
> + struct kobj_attribute *attr,
> + char *buf)
> +{
> + return sysfs_emit(buf, "%d\n", bioscfg_drv.pending_reboot);
> +}
> +
> +static struct kobj_attribute pending_reboot = __ATTR_RO(pending_reboot);
> +
> +/*
> + * create_attributes_level_sysfs_files() - Creates pending_reboot attributes
> + */
> +static int create_attributes_level_sysfs_files(void)
> +{
> + return sysfs_create_file(&bioscfg_drv.main_dir_kset->kobj,
> + &pending_reboot.attr);
> +}
> +
> +static void attr_name_release(struct kobject *kobj)
> +{
> + kfree(kobj);
> +}
> +
> +static const struct kobj_type attr_name_ktype = {
> + .release = attr_name_release,
> + .sysfs_ops = &kobj_sysfs_ops,
> +};
> +
> +/*
> + * get_wmiobj_pointer() - Get Content of WMI block for particular instance
> + *
> + * @instance_id: WMI instance ID
> + * @guid_string: WMI GUID (in str form)
> + *
> + * Fetches the content for WMI block (instance_id) under GUID (guid_string)
> + * Caller must kfree the return
> + */
> +union acpi_object *get_wmiobj_pointer(int instance_id, const char *guid_string)
> +{
> + struct acpi_buffer out = { ACPI_ALLOCATE_BUFFER, NULL };
> + acpi_status status;
> +
> + status = wmi_query_block(guid_string, instance_id, &out);
> + return ACPI_SUCCESS(status) ? (union acpi_object *)out.pointer : NULL;
> +}
> +
> +/*
> + * get_instance_count() - Compute total number of instances under guid_string
> + *
> + * @guid_string: WMI GUID (in string form)
> + */
> +int get_instance_count(const char *guid_string)
> +{
> + union acpi_object *wmi_obj = NULL;
> + int i = 0;
> +
> + do {
> + kfree(wmi_obj);
> + wmi_obj = get_wmiobj_pointer(i, guid_string);
> + i++;
> + } while (wmi_obj);
> +
> + return i - 1;

To me this would look easier to understand:

while (1) {
wmi_obj = get_wmiobj_pointer(i, guid_string);
if (!wmi_obj)
return i;
i++;
kfree(wmi_obj);
}

> +}
> +
> +/*
> + * alloc_attributes_data() - Allocate attributes data for a particular type
> + *
> + * @attr_type: Attribute type to allocate
> + */
> +static int alloc_attributes_data(int attr_type)
> +{
> + switch (attr_type) {
> + case HPWMI_STRING_TYPE:
> + return alloc_string_data();
> +
> + case HPWMI_INTEGER_TYPE:
> + return alloc_integer_data();
> +
> + case HPWMI_ENUMERATION_TYPE:
> + return alloc_enumeration_data();
> +
> + case HPWMI_ORDERED_LIST_TYPE:
> + return alloc_ordered_list_data();
> +
> + case HPWMI_PASSWORD_TYPE:
> + return alloc_password_data();
> +
> + default:
> + return 0;
> + }
> +}
> +
> +int convert_hexstr_to_str(const char *input, u32 input_len, char **str, int *len)
> +{
> + int ret = 0;
> + int new_len = 0;
> + char tmp[] = "0x00";
> + char *new_str = NULL;
> + long ch;
> + int i;
> +
> + if (input_len <= 0 || !input || !str || !len)
> + return -EINVAL;
> +
> + *len = 0;
> + *str = NULL;
> +
> + new_str = kmalloc(input_len, GFP_KERNEL);
> + if (!new_str)
> + return -ENOMEM;
> +
> + for (i = 0; i < input_len; i += 5) {
> + strncpy(tmp, input + i, strlen(tmp));
> + if (kstrtol(tmp, 16, &ch) == 0) {
> + // escape char
> + if (ch == '\\' ||
> + ch == '\r' ||
> + ch == '\n' || ch == '\t') {
> + if (ch == '\r')
> + ch = 'r';
> + else if (ch == '\n')
> + ch = 'n';
> + else if (ch == '\t')
> + ch = 't';
> + new_str[new_len++] = '\\';
> + }

Looks the same as in the other place. escape_space() or perhaps a common
helper in this file if escape_space() handles too many chars.

> + new_str[new_len++] = ch;
> + if (ch == '\0')
> + break;
> + }
> + }
> +
> + if (new_len) {
> + new_str[new_len] = '\0';
> + *str = krealloc(new_str, (new_len + 1) * sizeof(char),
> + GFP_KERNEL);
> + if (*str)
> + *len = new_len;
> + else
> + ret = -ENOMEM;
> + } else {
> + ret = -EFAULT;
> + }
> +
> + if (ret)
> + kfree(new_str);
> + return ret;
> +}
> +
> +/* map output size to the corresponding WMI method id */
> +int encode_outsize_for_pvsz(int outsize)
> +{
> + if (outsize > 4096)
> + return -EINVAL;
> + if (outsize > 1024)
> + return 5;
> + if (outsize > 128)
> + return 4;
> + if (outsize > 4)
> + return 3;
> + if (outsize > 0)
> + return 2;

There would be SZ_xx in include/linux/sizes.h

> + return 1;
> +}
> +
> +/*
> + * Update friendly display name for several attributes associated to
> + * 'Schedule Power-On'
> + */
> +void friendly_user_name_update(char *path, const char *attr_name,
> + char *attr_display, int attr_size)
> +{
> + if (strstr(path, SCHEDULE_POWER_ON))
> + snprintf(attr_display,
> + attr_size,
> + "%s - %s",
> + SCHEDULE_POWER_ON,
> + attr_name);

Use less lines.

> + else
> + strscpy(attr_display, attr_name, attr_size);
> +}
> +
> +/*
> + * update_attribute_permissions() - Update attributes permissions when
> + * isReadOnly value is 1
> + *
> + * @isReadOnly: ReadOnly value
> + * @current_val: kobj_attribute corresponding to attribute.
> + *
> + */
> +void update_attribute_permissions(u32 is_readonly, struct kobj_attribute *current_val)
> +{
> + if (is_readonly)
> + current_val->attr.mode = 0444;
> + else
> + current_val->attr.mode = 0644;

I'd use ? : operator here.

> +}
> +
> +/**
> + * destroy_attribute_objs() - Free a kset of kobjects
> + * @kset: The kset to destroy
> + *
> + * Fress kobjects created for each attribute_name under attribute type kset
> + */
> +static void destroy_attribute_objs(struct kset *kset)
> +{
> + struct kobject *pos, *next;
> +
> + list_for_each_entry_safe(pos, next, &kset->list, entry)
> + kobject_put(pos);
> +}
> +
> +/**
> + * release_attributes_data() - Clean-up all sysfs directories and files created
> + */
> +static void release_attributes_data(void)
> +{
> + mutex_lock(&bioscfg_drv.mutex);
> +
> + exit_string_attributes();
> + exit_integer_attributes();
> + exit_enumeration_attributes();
> + exit_ordered_list_attributes();
> + exit_password_attributes();
> + exit_sure_start_attributes();
> + exit_secure_platform_attributes();
> +
> + if (bioscfg_drv.authentication_dir_kset) {
> + destroy_attribute_objs(bioscfg_drv.authentication_dir_kset);
> + kset_unregister(bioscfg_drv.authentication_dir_kset);
> + bioscfg_drv.authentication_dir_kset = NULL;
> + }
> + if (bioscfg_drv.main_dir_kset) {
> + sysfs_remove_file(&bioscfg_drv.main_dir_kset->kobj, &pending_reboot.attr);
> + destroy_attribute_objs(bioscfg_drv.main_dir_kset);
> + kset_unregister(bioscfg_drv.main_dir_kset);
> + bioscfg_drv.main_dir_kset = NULL;
> + }
> + mutex_unlock(&bioscfg_drv.mutex);
> +}
> +
> +/*
> + * hp_add_other_attributes - Initialize HP custom attributes not reported by
> + * BIOS and required to support Secure Platform, Sure Start, and Sure
> + * Admin.

Make summary shorter and put the rest into description.

> + * @attr_type: Custom HP attribute not reported by BIOS
> + *
> + * Initialize all 2 types of attributes: Platform and Sure Start
> + * object. Populates each attribute types respective properties

Don't use double space in kernel comments.

> + * under sysfs files.
> + *
> + * Returns zero(0) if successful. Otherwise, a negative value.

Why zero(0) ?
Otherwise, errno is returned.

> + */
> +static int hp_add_other_attributes(int attr_type)
> +{
> + struct kobject *attr_name_kobj;
> + union acpi_object *obj = NULL;
> + int retval;
> + char *attr_name;
> +
> + mutex_lock(&bioscfg_drv.mutex);
> +
> + attr_name_kobj = kzalloc(sizeof(*attr_name_kobj), GFP_KERNEL);
> + if (!attr_name_kobj) {
> + retval = -ENOMEM;
> + goto err_other_attr_init;
> + }
> +
> + /* Check if attribute type is supported */
> + switch (attr_type) {
> + case HPWMI_SECURE_PLATFORM_TYPE:
> + attr_name_kobj->kset = bioscfg_drv.authentication_dir_kset;
> + attr_name = SPM_STR;
> + break;
> +
> + case HPWMI_SURE_START_TYPE:
> + attr_name_kobj->kset = bioscfg_drv.main_dir_kset;
> + attr_name = SURE_START_STR;
> + break;
> +
> + default:
> + pr_err("Error: Unknown attr_type: %d\n", attr_type);
> + retval = -EINVAL;
> + goto err_other_attr_init;
> + }
> +
> + retval = kobject_init_and_add(attr_name_kobj, &attr_name_ktype,
> + NULL, "%s", attr_name);
> + if (retval) {
> + pr_err("Error encountered [%d]\n", retval);
> + kobject_put(attr_name_kobj);
> + goto err_other_attr_init;
> + }
> +
> + /* Populate attribute data */
> + switch (attr_type) {
> + case HPWMI_SECURE_PLATFORM_TYPE:
> + retval = populate_secure_platform_data(attr_name_kobj);
> + break;
> +
> + case HPWMI_SURE_START_TYPE:
> + retval = populate_sure_start_data(attr_name_kobj);
> + break;
> +
> + default:
> + goto err_other_attr_init;

Does this miss kobject_put() ? If that's the case it should be moved to
error rollbacks.

It shuold also pick retval since it gotos to error path rather than
leaving it to 0.

> + }
> +
> + mutex_unlock(&bioscfg_drv.mutex);
> + return 0;
> +
> +err_other_attr_init:
> + mutex_unlock(&bioscfg_drv.mutex);
> + kfree(obj);
> + return retval;
> +}
> +
> +static int hp_init_bios_package_attribute(enum hp_wmi_data_type attr_type,
> + union acpi_object *obj,
> + const char *guid, int min_elements,
> + int instance_id)
> +{
> + struct kobject *attr_name_kobj;
> + union acpi_object *elements;
> + struct kset *temp_kset;
> +

Remove extra newline.

> + char *str_value = NULL;
> + int str_len;
> + int retval = 0;
> +
> + /* Take action appropriate to each ACPI TYPE */
> + if (obj->package.count < min_elements) {
> + pr_err("ACPI-package does not have enough elements: %d < %d\n",
> + obj->package.count, min_elements);
> + goto pack_attr_exit;
> + }
> +
> + elements = obj->package.elements;
> +
> + /* sanity checking */
> + if (elements[NAME].type != ACPI_TYPE_STRING) {
> + pr_debug("incorrect element type\n");
> + goto pack_attr_exit;
> + }
> + if (strlen(elements[NAME].string.pointer) == 0) {
> + pr_debug("empty attribute found\n");
> + goto pack_attr_exit;
> + }
> +
> + if (attr_type == HPWMI_PASSWORD_TYPE)
> + temp_kset = bioscfg_drv.authentication_dir_kset;
> + else
> + temp_kset = bioscfg_drv.main_dir_kset;
> +
> + /* convert attribute name to string */
> + retval = convert_hexstr_to_str(elements[NAME].string.pointer,
> + elements[NAME].string.length,
> + &str_value, &str_len);
> +
> + if (retval) {
> + pr_debug("Failed to populate integer package data. Error [0%0x]\n",
> + retval);
> + kfree(str_value);
> + return retval;

Use goto instead.

> + }
> +
> + /* All duplicate attributes found are ignored */
> + if (kset_find_obj(temp_kset, str_value)) {
> + pr_debug("Duplicate attribute name found - %s\n",
> + str_value);
> + goto pack_attr_exit;
> + }
> +
> + /* build attribute */
> + attr_name_kobj = kzalloc(sizeof(*attr_name_kobj), GFP_KERNEL);
> + if (!attr_name_kobj) {
> + retval = -ENOMEM;
> + goto pack_attr_exit;
> + }
> +
> + attr_name_kobj->kset = temp_kset;
> +
> + retval = kobject_init_and_add(attr_name_kobj, &attr_name_ktype,
> + NULL, "%s", str_value);
> +
> + if (retval) {
> + kobject_put(attr_name_kobj);
> + goto pack_attr_exit;
> + }
> +
> + /* enumerate all of these attributes */
> + switch (attr_type) {
> + case HPWMI_STRING_TYPE:
> + retval = populate_string_package_data(elements,
> + instance_id,
> + attr_name_kobj);
> + break;
> + case HPWMI_INTEGER_TYPE:
> + retval = populate_integer_package_data(elements,
> + instance_id,
> + attr_name_kobj);
> + break;
> + case HPWMI_ENUMERATION_TYPE:
> + retval = populate_enumeration_package_data(elements,
> + instance_id,
> + attr_name_kobj);
> + break;
> + case HPWMI_ORDERED_LIST_TYPE:
> + retval = populate_ordered_list_package_data(elements,
> + instance_id,
> + attr_name_kobj);
> + break;
> + case HPWMI_PASSWORD_TYPE:
> + retval = populate_password_package_data(elements,
> + instance_id,
> + attr_name_kobj);
> + break;
> + default:
> + pr_debug("Unknown attribute type found: 0x%x\n", attr_type);

Should this set retval?
Should it do kobject_put()?

> + break;
> + }
> +
> +pack_attr_exit:
> + kfree(str_value);
> + return retval;
> +}
> +
> +static int hp_init_bios_buffer_attribute(enum hp_wmi_data_type attr_type,
> + union acpi_object *obj,
> + const char *guid, int min_elements,
> + int instance_id)
> +{
> + struct kobject *attr_name_kobj;
> + struct kset *temp_kset;
> + char str[MAX_BUFF];
> +
> + char *temp_str = NULL;
> + char *str_value = NULL;
> + u8 *buffer_ptr = NULL;
> + int buffer_size;
> + int retval = 0;
> +
> + buffer_size = obj->buffer.length;
> + buffer_ptr = obj->buffer.pointer;
> +
> + retval = get_string_from_buffer(&buffer_ptr,
> + &buffer_size, str, MAX_BUFF);

One line.

> +

Remove extra newline.

> + if (retval < 0)
> + goto buff_attr_exit;
> +
> + if (attr_type == HPWMI_PASSWORD_TYPE ||
> + attr_type == HPWMI_SECURE_PLATFORM_TYPE)
> + temp_kset = bioscfg_drv.authentication_dir_kset;
> + else
> + temp_kset = bioscfg_drv.main_dir_kset;
> +
> + /* All duplicate attributes found are ignored */
> + if (kset_find_obj(temp_kset, str)) {
> + pr_debug("Duplicate attribute name found - %s\n", str);
> + goto buff_attr_exit;
> + }
> +
> + /* build attribute */
> + attr_name_kobj = kzalloc(sizeof(*attr_name_kobj), GFP_KERNEL);
> + if (!attr_name_kobj) {
> + retval = -ENOMEM;
> + goto buff_attr_exit;
> + }
> +
> + attr_name_kobj->kset = temp_kset;
> +
> + temp_str = str;
> + if (attr_type == HPWMI_SECURE_PLATFORM_TYPE)
> + temp_str = "SPM";
> +
> + retval = kobject_init_and_add(attr_name_kobj,
> + &attr_name_ktype, NULL, "%s",
> + temp_str);
> + if (retval) {
> + kobject_put(attr_name_kobj);
> + goto buff_attr_exit;
> + }
> +
> + /* enumerate all of these attributes */
> + switch (attr_type) {
> + case HPWMI_STRING_TYPE:
> + retval = populate_string_buffer_data(buffer_ptr,
> + &buffer_size,
> + instance_id,
> + attr_name_kobj);
> + break;
> + case HPWMI_INTEGER_TYPE:
> + retval = populate_integer_buffer_data(buffer_ptr,
> + &buffer_size,
> + instance_id,
> + attr_name_kobj);
> + break;
> + case HPWMI_ENUMERATION_TYPE:
> + retval = populate_enumeration_buffer_data(buffer_ptr,
> + &buffer_size,
> + instance_id,
> + attr_name_kobj);
> + break;
> + case HPWMI_ORDERED_LIST_TYPE:
> + retval = populate_ordered_list_buffer_data(buffer_ptr,
> + &buffer_size,
> + instance_id,
> + attr_name_kobj);
> + break;
> + case HPWMI_PASSWORD_TYPE:
> + retval = populate_password_buffer_data(buffer_ptr,
> + &buffer_size,
> + instance_id,
> + attr_name_kobj);
> + break;
> + default:
> + pr_debug("Unknown attribute type found: 0x%x\n", attr_type);

retval?
kobject_put()?

> + break;
> + }
> +
> +buff_attr_exit:
> + kfree(str_value);
> + return retval;
> +}
> +
> +/*
> + * hp_init_bios_attributes - Initialize all attributes for a type
> + * @attr_type: The attribute type to initialize
> + * @guid: The WMI GUID associated with this type to initialize
> + *
> + * Initialiaze all 5 types of attributes: enumeration, integer,
> + * string, password, ordered list object. Populates each attrbute types
> + * respective properties under sysfs files
> + */
> +static int hp_init_bios_attributes(enum hp_wmi_data_type attr_type, const char *guid)
> +{
> + union acpi_object *obj = NULL;
> + int min_elements;
> +
> + /* instance_id needs to be reset for each type GUID
> + * also, instance IDs are unique within GUID but not across
> + */

This comment breaks declarations and seems out-of-place anyway.

> + int instance_id = 0;
> + int retval = 0;
> +
> + retval = alloc_attributes_data(attr_type);
> + if (retval)
> + return retval;
> +
> + switch (attr_type) {
> + case HPWMI_STRING_TYPE:
> + min_elements = STR_ELEM_CNT;
> + break;
> + case HPWMI_INTEGER_TYPE:
> + min_elements = INT_ELEM_CNT;
> + break;
> + case HPWMI_ENUMERATION_TYPE:
> + min_elements = ENUM_ELEM_CNT;
> + break;
> + case HPWMI_ORDERED_LIST_TYPE:
> + min_elements = ORD_ELEM_CNT;
> + break;
> + case HPWMI_PASSWORD_TYPE:
> + min_elements = PSWD_ELEM_CNT;
> + break;
> + default:
> + pr_err("Error: Unknown attr_type: %d\n", attr_type);
> + return -EINVAL;
> + }
> +
> + /* need to use specific instance_id and guid combination to get right data */
> + obj = get_wmiobj_pointer(instance_id, guid);
> + if (!obj)
> + return -ENODEV;
> +
> + mutex_lock(&bioscfg_drv.mutex);
> + while (obj) {
> + /* Take action appropriate to each ACPI TYPE */
> + if (obj->type == ACPI_TYPE_PACKAGE) {
> + retval = hp_init_bios_package_attribute(attr_type, obj,
> + guid, min_elements,
> + instance_id);
> + if (retval)
> + goto err_attr_init;
> + } else if (obj->type == ACPI_TYPE_BUFFER) {
> + retval = hp_init_bios_buffer_attribute(attr_type, obj,
> + guid, min_elements,
> + instance_id);
> + if (retval)
> + goto err_attr_init;
> + } else {
> + pr_err("Expected ACPI-package or buffer type, got: %d\n",
> + obj->type);
> + retval = -EIO;
> + goto err_attr_init;
> + }
> +
> + kfree(obj);
> + instance_id++;
> + obj = get_wmiobj_pointer(instance_id, guid);
> + }
> +
> +err_attr_init:
> + mutex_unlock(&bioscfg_drv.mutex);
> + kfree(obj);
> + return retval;
> +}
> +
> +static int __init hp_init(void)
> +{
> + int ret;
> + int hp_bios_capable = wmi_has_guid(HP_WMI_BIOS_GUID);
> + int set_bios_settings = wmi_has_guid(HP_WMI_SET_BIOS_SETTING_GUID);
> +
> + if (!hp_bios_capable) {
> + pr_err("Unable to run on non-HP system\n");
> + return -ENODEV;
> + }
> +
> + if (!set_bios_settings) {
> + pr_err("Unable to set BIOS settings on HP systems\n");
> + return -ENODEV;
> + }
> +
> + ret = init_hp_attr_set_interface();
> + if (ret)
> + return ret;
> +
> + ret = fw_attributes_class_get(&fw_attr_class);
> + if (ret)
> + goto err_unregister_class;
> +
> + bioscfg_drv.class_dev = device_create(fw_attr_class, NULL, MKDEV(0, 0),
> + NULL, "%s", DRIVER_NAME);
> + if (IS_ERR(bioscfg_drv.class_dev)) {
> + ret = PTR_ERR(bioscfg_drv.class_dev);
> + goto err_unregister_class;
> + }
> +
> + bioscfg_drv.main_dir_kset = kset_create_and_add("attributes", NULL,
> + &bioscfg_drv.class_dev->kobj);
> + if (!bioscfg_drv.main_dir_kset) {
> + ret = -ENOMEM;
> + pr_debug("Failed to create and add attributes\n");
> + goto err_destroy_classdev;
> + }
> +
> + bioscfg_drv.authentication_dir_kset = kset_create_and_add("authentication", NULL,
> + &bioscfg_drv.class_dev->kobj);
> + if (!bioscfg_drv.authentication_dir_kset) {
> + ret = -ENOMEM;
> + pr_debug("Failed to create and add authentication\n");
> + goto err_release_attributes_data;
> + }
> +
> + /*
> + * sysfs level attributes.
> + * - pending_reboot
> + */

Is this comment useful?

> + ret = create_attributes_level_sysfs_files();
> + if (ret)
> + pr_debug("Failed to create sysfs level attributes\n");

Should this do error rollback and return error instead?

> + ret = hp_init_bios_attributes(HPWMI_STRING_TYPE, HP_WMI_BIOS_STRING_GUID);
> + if (ret)
> + pr_debug("Failed to populate string type attributes\n");
> +
> + ret = hp_init_bios_attributes(HPWMI_INTEGER_TYPE, HP_WMI_BIOS_INTEGER_GUID);
> + if (ret)
> + pr_debug("Failed to populate integer type attributes\n");
> +
> + ret = hp_init_bios_attributes(HPWMI_ENUMERATION_TYPE, HP_WMI_BIOS_ENUMERATION_GUID);
> + if (ret)
> + pr_debug("Failed to populate enumeration type attributes\n");
> +
> + ret = hp_init_bios_attributes(HPWMI_ORDERED_LIST_TYPE, HP_WMI_BIOS_ORDERED_LIST_GUID);
> + if (ret)
> + pr_debug("Failed to populate ordered list object type attributes\n");
> +
> + ret = hp_init_bios_attributes(HPWMI_PASSWORD_TYPE, HP_WMI_BIOS_PASSWORD_GUID);
> + if (ret)
> + pr_debug("Failed to populate password object type attributes\n");
> +
> + bioscfg_drv.spm_data.attr_name_kobj = NULL;
> + ret = hp_add_other_attributes(HPWMI_SECURE_PLATFORM_TYPE);
> + if (ret)
> + pr_debug("Failed to populate secure platform object type attribute\n");
> +
> + bioscfg_drv.sure_start_attr_kobj = NULL;
> + ret = hp_add_other_attributes(HPWMI_SURE_START_TYPE);
> + if (ret)
> + pr_debug("Failed to populate sure start object type attribute\n");
> +
> + return 0;
> +
> +err_release_attributes_data:
> + release_attributes_data();
> +
> +err_destroy_classdev:
> + device_destroy(fw_attr_class, MKDEV(0, 0));
> +
> +err_unregister_class:
> + fw_attributes_class_put();
> + exit_hp_attr_set_interface();
> +
> + return ret;
> +}
> +
> +static void __exit hp_exit(void)
> +{
> + release_attributes_data();
> + device_destroy(fw_attr_class, MKDEV(0, 0));
> +
> + fw_attributes_class_put();
> + exit_hp_attr_set_interface();
> +}
> +
> +module_init(hp_init);
> +module_exit(hp_exit);
>

--
i.

2023-05-08 15:45:01

by Jorge Lopez

[permalink] [raw]
Subject: Re: [PATCH v12 08/13] HP BIOSCFG driver - bioscfg-h

On Sat, May 6, 2023 at 2:15 AM Thomas Weißschuh <[email protected]> wrote:
>
> On 2023-05-05 17:00:38-0500, Jorge Lopez wrote:
> <snip>
>
> > ---
> > Based on the latest platform-drivers-x86.git/for-next
> > ---
> > drivers/platform/x86/hp/hp-bioscfg/bioscfg.h | 523 +++++++++++++++++++
> > 1 file changed, 523 insertions(+)
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
> >
> > diff --git a/drivers/platform/x86/hp/hp-bioscfg/bioscfg.h b/drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
> > new file mode 100644
> > index 000000000000..f27667d7ba9f
> > --- /dev/null
> > +++ b/drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
> > @@ -0,0 +1,523 @@
> > +/* SPDX-License-Identifier: GPL-2.0
> > + *
> > + * Definitions for kernel modules using hp_bioscfg driver
> > + *
> > + * Copyright (c) 2022 HP Development Company, L.P.
> > + */
> > +
> > +#ifndef _HP_BIOSCFG_H_
> > +#define _HP_BIOSCFG_H_
> > +
> > +#include <linux/wmi.h>
> > +#include <linux/types.h>
> > +#include <linux/device.h>
> > +#include <linux/module.h>
> > +#include <linux/kernel.h>
> > +#include <linux/capability.h>
> > +#include <linux/nls.h>
> > +
> > +#define DRIVER_NAME "hp-bioscfg"
> > +
> > +#define MAX_BUFF 512
> > +#define MAX_KEY_MOD 256
>
> Seems to need _SIZE suffix.

Done!. I will update references in all files

>
> > +#define MAX_PASSWD_SIZE 64
> > +#define MAX_MESSAGE_SIZE 256
>
> Never used.

Done! MAX_MESSAGE_SIZE will be delete

>
> > +#define MAX_PREREQUISITES_SIZE 20
> > +#define MAX_REQ_ELEM_SIZE 128
> > +#define MAX_VALUES_SIZE 16
> > +#define MAX_ENCODINGS_SIZE 16
> > +#define MAX_ELEMENTS_SIZE 16
> > +
> > +#define SPM_STR_DESC "Secure Platform Management"
> > +#define SPM_STR "SPM"
> > +#define SURE_START_DESC "Sure Start"
> > +#define SURE_START_STR "Sure_Start"
> > +#define SETUP_PASSWD "Setup Password"
> > +#define POWER_ON_PASSWD "Power-On Password"
> > +
> > +#define LANG_CODE_STR "en_US.UTF-8"
> > +#define SCHEDULE_POWER_ON "Scheduled Power-On"
> > +
> > +#define COMMA_SEP ","
> > +#define SEMICOLON_SEP ";"
> > +
> > +/* Sure Admin Functions */
> > +
> > +#define UTF_PREFIX "<utf-16/>"
> > +#define BEAM_PREFIX "<BEAM/>"
> > +
> > +/* mechanism - Authentication attribute */
> > +
> > +#define MAX_MECHANISM_TYPES 3
>
> Never used.

Done!

>
> > +
> > +enum mechanism_values {
> > + PASSWORD = 0x00,
> > + NOT_PROVISION = 0x00,
>
> Never used.

Done!
>
> > + SIGNING_KEY = 0x01,
> > + ENDORSEMENT_KEY = 0x02,
> > +};
> > +

<snip>

> > +
> > +enum spm_features {
> > + HEP_ENABLED = 0x01,
> > + PLATFORM_RECOVERY = 0x02,
> > + ENHANCED_BIOS_AUTH_MODE = 0x04,
> > +};
> > +
> > +enum spm_states_values {
> > + NOT_PROVISIONED = 0x00,
> > + PROVISIONED = 0x01,
> > + PROVISIONING_IN_PROGRESS = 0x02,
> > +};
>
> Are these enums used?

Done!

>
> > +
> > +struct common_data {
> > + u8 display_name[MAX_BUFF];
> > + u8 path[MAX_BUFF];
> > + u32 is_readonly;
> > + u32 display_in_ui;
> > + u32 requires_physical_presence;
> > + u32 sequence;
> > + u32 prerequisites_size;
> > + u8 prerequisites[MAX_PREREQUISITES_SIZE][MAX_BUFF];
> > + u32 security_level;
> > + u8 display_name_language_code[MAX_BUFF];
> > +};
> > +
> > +struct string_data {
> > + struct common_data common;
> > + struct kobject *attr_name_kobj;
> > + u8 current_value[MAX_BUFF];
> > + u8 new_value[MAX_BUFF];
> > + u32 min_length;
> > + u32 max_length;
> > +};
> > +
> > +struct integer_data {
> > + struct common_data common;
> > + struct kobject *attr_name_kobj;
> > + u32 current_value;
> > + u32 new_value;
> > + u32 lower_bound;
> > + u32 upper_bound;
> > + u32 scalar_increment;
> > +};
> > +
> > +struct enumeration_data {
> > + struct common_data common;
> > + struct kobject *attr_name_kobj;
> > + u8 current_value[MAX_BUFF];
> > + u8 new_value[MAX_BUFF];
> > + u32 possible_values_size;
> > + u8 possible_values[MAX_VALUES_SIZE][MAX_BUFF];
> > +};
> > +
> > +struct ordered_list_data {
> > + struct common_data common;
> > + struct kobject *attr_name_kobj;
> > + u8 current_value[MAX_BUFF];
> > + u8 new_value[MAX_BUFF];
> > + u32 elements_size;
> > + u8 elements[MAX_ELEMENTS_SIZE][MAX_BUFF];
> > +};
> > +
> > +struct password_data {
> > + struct common_data common;
> > + struct kobject *attr_name_kobj;
> > + u8 current_password[MAX_PASSWD_SIZE];
> > + u8 new_password[MAX_PASSWD_SIZE];
> > + u32 min_password_length;
> > + u32 max_password_length;
> > + u32 encodings_size;
> > + u8 encodings[MAX_ENCODINGS_SIZE][MAX_BUFF];
> > + u32 is_enabled;
>
> If it is only being used as a boolean, bool is nicer.

Done!

>
> > +
> > + // 'bios-admin' 'power-on'
> > + u32 role;
>
> Are the comments about the possible values or the context in which this
> field will be used?
> This should be clear.

'role' is described in the documentation

role:
The type of authentication used.
This attribute is mandatory.

Known types:
bios-admin:
Representing BIOS administrator password
power-on:
Representing a password required to use
the system

I will add similar comments to the code.

> > +
> > + //'password'
> > + u32 mechanism;
> > +};
> > +
> > +struct secure_platform_data {
> > + struct kobject *attr_name_kobj;
> > + u8 attribute_name[MAX_BUFF];
> > + u8 *endorsement_key;
> > + u8 *signing_key;
> > + u8 *auth_token;
> > + u32 is_enabled;
>
> Also bool.

Done!
>
> > + u32 mechanism;
> > +};
> > +
> > +struct bioscfg_priv {
> > + struct wmi_device *bios_attr_wdev;
> > + struct kset *authentication_dir_kset;
> > + struct kset *main_dir_kset;
> > + struct device *class_dev;
> > + struct string_data *string_data;
> > + u32 string_instances_count;
> > + struct integer_data *integer_data;
> > + u32 integer_instances_count;
> > + struct enumeration_data *enumeration_data;
> > + u32 enumeration_instances_count;
> > + struct ordered_list_data *ordered_list_data;
> > + u32 ordered_list_instances_count;
> > + struct password_data *password_data;
> > + u32 password_instances_count;
> > +
> > + struct kobject *sure_start_attr_kobj;
> > + struct secure_platform_data spm_data;
> > +
> > + bool pending_reboot;
> > + struct mutex mutex;
> > +};
> > +
> > +/* global structure used by multiple WMI interfaces */
> > +extern struct bioscfg_priv bioscfg_drv;
> > +
> > +enum hp_wmi_data_type {
> > + HPWMI_STRING_TYPE = 0x00,
> > + HPWMI_INTEGER_TYPE = 0x01,
> > + HPWMI_ENUMERATION_TYPE = 0x02,
> > + HPWMI_ORDERED_LIST_TYPE = 0x03,
> > + HPWMI_PASSWORD_TYPE = 0x04,
> > + HPWMI_SECURE_PLATFORM_TYPE = 0x05,
> > + HPWMI_SURE_START_TYPE = 0x06,
> > +};
>
> There is no need to explicitly specify enum values when they don't
> matter.
> This makes it clear if an enum represents values for an external ABI or
> if it is just for internal use.
>

I added them for my clarification, in the event enums added at a later
time do not have a sequential value.
This is not the case here so I will remove the value.
Done!


<snip>
> > +#define ATTRIBUTE_S_COMMON_PROPERTY_SHOW(name, type) \
> > + static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, \
> > + char *buf) \
> > + { \
> > + int i = get_##type##_instance_id(kobj); \
> > + if (i >= 0) \
> > + return sysfs_emit(buf, "%s\n", bioscfg_drv.type##_data[i].common.name); \
> > + return -EIO; \
> > + }
> > +
> > +/*
> > + * Prototypes
> > + */
> > +union acpi_object *get_wmiobj_pointer(int instance_id, const char *guid_string);
>
> Weren't all non-static functions supposed to gain a common prefix?

I misunderstood an earlier comment and made only all functions with
current prefixes to have a common one.
I will add a prefix to all common functions.



>
> > +int get_instance_count(const char *guid_string);
> > +void update_attribute_permissions(u32 isreadonly, struct kobj_attribute *current_val);
>
> "bool readonly" should be enough.

Done!


>
> > +void friendly_user_name_update(char *path, const char *attr_name,
> > + char *attr_display, int attr_size);
> > +int hp_wmi_error_and_message(int error_code);
> > +
> > +/* String attributes */
> > +int populate_string_buffer_data(u8 *buffer_ptr, u32 *buffer_size,
> > + int instance_id,
> > + struct kobject *attr_name_kobj);
> > +
> > +int populate_string_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
> > + int instance_id);
> > +int alloc_string_data(void);
> > +void exit_string_attributes(void);
> > +int populate_string_package_data(union acpi_object *str_obj,
> > + int instance_id,
> > + struct kobject *attr_name_kobj);
> > +int populate_string_elements_from_package(union acpi_object *str_obj,
> > + int str_obj_count,
> > + int instance_id);
> > +
> > +/* Integer attributes */
> > +int populate_integer_buffer_data(u8 *buffer_ptr, u32 *buffer_size,
> > + int instance_id,
> > + struct kobject *attr_name_kobj);
> > +int populate_integer_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
> > + int instance_id);
> > +int alloc_integer_data(void);
> > +void exit_integer_attributes(void);
> > +int populate_integer_package_data(union acpi_object *integer_obj,
> > + int instance_id,
> > + struct kobject *attr_name_kobj);
> > +int populate_integer_elements_from_package(union acpi_object *integer_obj,
> > + int integer_obj_count,
> > + int instance_id);
> > +
> > +/* Enumeration attributes */
> > +int populate_enumeration_buffer_data(u8 *buffer_ptr, u32 *buffer_size,
> > + int instance_id,
> > + struct kobject *attr_name_kobj);
> > +int populate_enumeration_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
> > + int instance_id);
> > +int alloc_enumeration_data(void);
> > +void exit_enumeration_attributes(void);
> > +int populate_enumeration_package_data(union acpi_object *enum_obj,
> > + int instance_id,
> > + struct kobject *attr_name_kobj);
> > +int populate_enumeration_elements_from_package(union acpi_object *enum_obj,
> > + int enum_obj_count,
> > + int instance_id);
> > +
> > +/* Ordered list */
> > +int populate_ordered_list_buffer_data(u8 *buffer_ptr,
> > + u32 *buffer_size,
> > + int instance_id,
> > + struct kobject *attr_name_kobj);
> > +int populate_ordered_list_elements_from_buffer(u8 *buffer_ptr,
> > + u32 *buffer_size,
> > + int instance_id);
> > +int alloc_ordered_list_data(void);
> > +void exit_ordered_list_attributes(void);
> > +int populate_ordered_list_package_data(union acpi_object *order_obj,
> > + int instance_id,
> > + struct kobject *attr_name_kobj);
> > +int populate_ordered_list_elements_from_package(union acpi_object *order_obj,
> > + int order_obj_count,
> > + int instance_id);
> > +
> > +/* Password authentication attributes */
> > +int populate_password_buffer_data(u8 *buffer_ptr, u32 *buffer_size,
> > + int instance_id,
> > + struct kobject *attr_name_kobj);
> > +int populate_password_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
> > + int instance_id);
> > +int populate_password_package_data(union acpi_object *password_obj,
> > + int instance_id,
> > + struct kobject *attr_name_kobj);
> > +int populate_password_elements_from_package(union acpi_object *password_obj,
> > + int password_obj_count,
> > + int instance_id);
> > +int alloc_password_data(void);
> > +int alloc_secure_platform_data(void);
> > +void exit_password_attributes(void);
> > +void exit_secure_platform_attributes(void);
> > +int populate_secure_platform_data(struct kobject *attr_name_kobj);
> > +int check_spm_is_enabled(void);
> > +int hp_wmi_set_bios_setting(u16 *input_buffer, u32 input_size);
> > +int hp_wmi_perform_query(int query, enum hp_wmi_command command,
> > + void *buffer, u32 insize, u32 outsize);
> > +int validate_password_input(int instance_id, const char *buf);
> > +
> > +/* Sure Start attributes */
> > +void exit_sure_start_attributes(void);
> > +int populate_sure_start_data(struct kobject *attr_name_kobj);
> > +
> > +int set_bios_defaults(u8 deftype);
>
> This seems not to actually exist.
>
> > +int get_password_instance_for_type(const char *name);
> > +int clear_all_credentials(void);
> > +int clear_passwords(const int instance);
> > +void exit_hp_attr_set_interface(void);
> > +int init_hp_attr_set_interface(void);
> > +size_t hp_calculate_string_buffer(const char *str);
> > +size_t calculate_security_buffer(const char *authentication);
> > +int populate_security_buffer(u16 *buffer, const char *authentication);
> > +int set_new_password(const char *password_type, const char *new_password);
> > +int init_hp_attr_pass_interface(void);
> > +void exit_hp_attr_pass_interface(void);
> > +void *hp_ascii_to_utf16_unicode(u16 *p, const u8 *str);
> > +int get_integer_from_buffer(u8 **buffer, u32 *buffer_size, u32 *integer);
> > +int get_string_from_buffer(u8 **buffer, u32 *buffer_size, char *dst, u32 dst_size);
> > +int convert_hexstr_to_str(const char *input, u32 input_len, char **str, int *len);
> > +int encode_outsize_for_pvsz(int outsize);
> > +int hp_set_attribute(const char *a_name, const char *a_value);
> > +int enforce_single_line_input(char *buf, size_t count);
> > +void set_reboot_and_signal_event(void);
> > +
> > +#endif
> > --
> > 2.34.1
> >

2023-05-08 20:53:52

by Jorge Lopez

[permalink] [raw]
Subject: Re: [PATCH v12 00/13] HP BIOSCFG driver

On Mon, May 8, 2023 at 3:42 PM Thomas Weißschuh <[email protected]> wrote:
>
> On 2023-05-08 09:05:22-0500, Jorge Lopez wrote:
> > On Sat, May 6, 2023 at 1:57 AM Thomas Weißschuh <[email protected]> wrote:
> > >
> > > On 2023-05-05 17:00:30-0500, Jorge Lopez wrote:
> > > <snip>
> > >
> > > > Jorge Lopez (13):
> > > > HP BIOSCFG driver - Documentation
> > > > HP BIOSCFG driver - biosattr-interface
> > > > HP BIOSCFG driver - bioscfg
> > > > HP BIOSCFG driver - int-attributes
> > > > HP BIOSCFG driver - ordered-attributes
> > > > HP BIOSCFG driver - passwdobj-attributes
> > > > HP BIOSCFG driver - string-attributes
> > > > HP BIOSCFG driver - bioscfg-h
> > > > HP BIOSCFG driver - enum-attributes
> > > > HP BIOSCFG driver - spmobj-attributes
> > > > HP BIOSCFG driver - surestart-attributes
> > > > HP BIOSCFG driver - Makefile
> > > > HP BIOSCFG driver - MAINTAINERS
> > >
> > > These could be reordered a bit to be easier to read.
> > >
> > > * Documentation
> > > * bioscfg-h
> > > * bioscfg
> > > * biosattr-interface
> > > * *-attributes
> > > * Makefile
> > > * MAINTAINERS
> > >
> >
> > the order is determined when a particular commit took place and as
> > reported by git.
> > I will reorder the list in the cover-letter in future submissions.
>
> The commits should be ordered in a way that make the most sense.
> This should indeed match the order of commits/patches, you could reorder
> the commits to match the proposed order.
>

Thank you. Will do.

> > > Also currently the subject spacing is currently inconsistent.
> > > Something like "hp-bioscfg: foo" would be more in line with the rest of
> > > the kernel.
> > >
> >
> > Noted. I will update the subject spacing as indicated. "hp-bioscfg: foo"
> >
> > > >
> > > > .../testing/sysfs-class-firmware-attributes | 117 ++-
> > > > MAINTAINERS | 6 +
> > > > drivers/platform/x86/hp/Kconfig | 16 +
> > > > drivers/platform/x86/hp/Makefile | 1 +
> > > > drivers/platform/x86/hp/hp-bioscfg/Makefile | 12 +
> > > > .../x86/hp/hp-bioscfg/biosattr-interface.c | 319 ++++++
> > > > drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 982 ++++++++++++++++++
> > > > drivers/platform/x86/hp/hp-bioscfg/bioscfg.h | 523 ++++++++++
> > > > .../x86/hp/hp-bioscfg/enum-attributes.c | 482 +++++++++
> > > > .../x86/hp/hp-bioscfg/int-attributes.c | 448 ++++++++
> > > > .../x86/hp/hp-bioscfg/ordered-attributes.c | 443 ++++++++
> > > > .../x86/hp/hp-bioscfg/passwdobj-attributes.c | 584 +++++++++++
> > > > .../x86/hp/hp-bioscfg/spmobj-attributes.c | 381 +++++++
> > > > .../x86/hp/hp-bioscfg/string-attributes.c | 415 ++++++++
> > > > .../x86/hp/hp-bioscfg/surestart-attributes.c | 133 +++
> > > > 15 files changed, 4860 insertions(+), 2 deletions(-)
> > > > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/Makefile
> > > > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c
> > > > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.c
> > > > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
> > > > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c
> > > > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
> > > > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c
> > > > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c
> > > > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
> > > > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
> > > > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
> > > >
> > > > --
> > > > 2.34.1
> > > >

2023-05-08 20:53:54

by Thomas Weißschuh

[permalink] [raw]
Subject: Re: [PATCH v12 00/13] HP BIOSCFG driver

On 2023-05-08 09:05:22-0500, Jorge Lopez wrote:
> On Sat, May 6, 2023 at 1:57 AM Thomas Weißschuh <[email protected]> wrote:
> >
> > On 2023-05-05 17:00:30-0500, Jorge Lopez wrote:
> > <snip>
> >
> > > Jorge Lopez (13):
> > > HP BIOSCFG driver - Documentation
> > > HP BIOSCFG driver - biosattr-interface
> > > HP BIOSCFG driver - bioscfg
> > > HP BIOSCFG driver - int-attributes
> > > HP BIOSCFG driver - ordered-attributes
> > > HP BIOSCFG driver - passwdobj-attributes
> > > HP BIOSCFG driver - string-attributes
> > > HP BIOSCFG driver - bioscfg-h
> > > HP BIOSCFG driver - enum-attributes
> > > HP BIOSCFG driver - spmobj-attributes
> > > HP BIOSCFG driver - surestart-attributes
> > > HP BIOSCFG driver - Makefile
> > > HP BIOSCFG driver - MAINTAINERS
> >
> > These could be reordered a bit to be easier to read.
> >
> > * Documentation
> > * bioscfg-h
> > * bioscfg
> > * biosattr-interface
> > * *-attributes
> > * Makefile
> > * MAINTAINERS
> >
>
> the order is determined when a particular commit took place and as
> reported by git.
> I will reorder the list in the cover-letter in future submissions.

The commits should be ordered in a way that make the most sense.
This should indeed match the order of commits/patches, you could reorder
the commits to match the proposed order.

> > Also currently the subject spacing is currently inconsistent.
> > Something like "hp-bioscfg: foo" would be more in line with the rest of
> > the kernel.
> >
>
> Noted. I will update the subject spacing as indicated. "hp-bioscfg: foo"
>
> > >
> > > .../testing/sysfs-class-firmware-attributes | 117 ++-
> > > MAINTAINERS | 6 +
> > > drivers/platform/x86/hp/Kconfig | 16 +
> > > drivers/platform/x86/hp/Makefile | 1 +
> > > drivers/platform/x86/hp/hp-bioscfg/Makefile | 12 +
> > > .../x86/hp/hp-bioscfg/biosattr-interface.c | 319 ++++++
> > > drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 982 ++++++++++++++++++
> > > drivers/platform/x86/hp/hp-bioscfg/bioscfg.h | 523 ++++++++++
> > > .../x86/hp/hp-bioscfg/enum-attributes.c | 482 +++++++++
> > > .../x86/hp/hp-bioscfg/int-attributes.c | 448 ++++++++
> > > .../x86/hp/hp-bioscfg/ordered-attributes.c | 443 ++++++++
> > > .../x86/hp/hp-bioscfg/passwdobj-attributes.c | 584 +++++++++++
> > > .../x86/hp/hp-bioscfg/spmobj-attributes.c | 381 +++++++
> > > .../x86/hp/hp-bioscfg/string-attributes.c | 415 ++++++++
> > > .../x86/hp/hp-bioscfg/surestart-attributes.c | 133 +++
> > > 15 files changed, 4860 insertions(+), 2 deletions(-)
> > > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/Makefile
> > > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c
> > > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.c
> > > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
> > > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c
> > > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
> > > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c
> > > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c
> > > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
> > > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
> > > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
> > >
> > > --
> > > 2.34.1
> > >

2023-05-08 21:17:33

by Thomas Weißschuh

[permalink] [raw]
Subject: Re: [PATCH v12 00/13] HP BIOSCFG driver

Hi Jorge,

On 2023-05-05 17:00:30-0500, Jorge Lopez wrote:

<snip>

> .../testing/sysfs-class-firmware-attributes | 117 ++-
> MAINTAINERS | 6 +
> drivers/platform/x86/hp/Kconfig | 16 +
> drivers/platform/x86/hp/Makefile | 1 +
> drivers/platform/x86/hp/hp-bioscfg/Makefile | 12 +
> .../x86/hp/hp-bioscfg/biosattr-interface.c | 319 ++++++
> drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 982 ++++++++++++++++++
> drivers/platform/x86/hp/hp-bioscfg/bioscfg.h | 523 ++++++++++
> .../x86/hp/hp-bioscfg/enum-attributes.c | 482 +++++++++
> .../x86/hp/hp-bioscfg/int-attributes.c | 448 ++++++++
> .../x86/hp/hp-bioscfg/ordered-attributes.c | 443 ++++++++
> .../x86/hp/hp-bioscfg/passwdobj-attributes.c | 584 +++++++++++
> .../x86/hp/hp-bioscfg/spmobj-attributes.c | 381 +++++++
> .../x86/hp/hp-bioscfg/string-attributes.c | 415 ++++++++
> .../x86/hp/hp-bioscfg/surestart-attributes.c | 133 +++
> 15 files changed, 4860 insertions(+), 2 deletions(-)
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/Makefile
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.c
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c

Unfortunately I'm not sure I'll find enough time this week for a full
review of this revision.

I'll review bit by bit as time permits.

Thomas

2023-05-08 21:25:36

by Thomas Weißschuh

[permalink] [raw]
Subject: Re: [PATCH v12 04/13] HP BIOSCFG driver - int-attributes

On 2023-05-05 17:00:34-0500, Jorge Lopez wrote:

<snip>

> ---
> Based on the latest platform-drivers-x86.git/for-next
> ---
> .../x86/hp/hp-bioscfg/int-attributes.c | 448 ++++++++++++++++++
> 1 file changed, 448 insertions(+)
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
>
> diff --git a/drivers/platform/x86/hp/hp-bioscfg/int-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
> new file mode 100644
> index 000000000000..1395043d5c9f
> --- /dev/null
> +++ b/drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
> @@ -0,0 +1,448 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Functions corresponding to integer type attributes under
> + * BIOS Enumeration GUID for use with hp-bioscfg driver.
> + *
> + * Copyright (c) 2022 Hewlett-Packard Inc.
> + */
> +
> +#include "bioscfg.h"
> +
> +GET_INSTANCE_ID(integer);
> +
> +static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
> +{
> + int instance_id = get_integer_instance_id(kobj);
> +
> + if (instance_id < 0)
> + return -EIO;
> +
> + return sysfs_emit(buf, "%d\n",
> + bioscfg_drv.integer_data[instance_id].current_value);
> +}
> +
> +/*
> + * validate_integer_input() -
> + * Validate input of current_value against lower and upper bound
> + *
> + * @instance_id: The instance on which input is validated
> + * @buf: Input value
> + */
> +static int validate_integer_input(int instance_id, char *buf)
> +{
> + int in_val;
> + int ret;
> + struct integer_data *integer_data = &bioscfg_drv.integer_data[instance_id];
> +
> + /* BIOS treats it as a read only attribute */
> + if (integer_data->common.is_readonly)
> + return -EIO;
> +
> + ret = kstrtoint(buf, 10, &in_val);
> + if (ret < 0)
> + return ret;
> +
> + if (in_val < integer_data->lower_bound ||
> + in_val > integer_data->upper_bound)
> + return -ERANGE;
> +
> + /*
> + * set pending reboot flag depending on
> + * "RequiresPhysicalPresence" value
> + */
> + if (integer_data->common.requires_physical_presence)
> + set_reboot_and_signal_event();
> + return 0;
> +}
> +
> +static void update_integer_value(int instance_id, char *attr_value)
> +{
> + int in_val;
> + int ret;
> + struct integer_data *integer_data = &bioscfg_drv.integer_data[instance_id];
> +
> + ret = kstrtoint(attr_value, 10, &in_val);
> + if (ret == 0)
> + integer_data->current_value = in_val;
> + else
> + pr_warn("Invalid integer value found: %s\n", attr_value);
> +}
> +
> +ATTRIBUTE_S_COMMON_PROPERTY_SHOW(display_name_language_code, integer);
> +static struct kobj_attribute integer_display_langcode =
> + __ATTR_RO(display_name_language_code);
> +
> +ATTRIBUTE_S_COMMON_PROPERTY_SHOW(display_name, integer);
> +static struct kobj_attribute integer_display_name =
> + __ATTR_RO(display_name);
> +
> +ATTRIBUTE_PROPERTY_STORE(current_value, integer);
> +static struct kobj_attribute integer_current_val =
> + __ATTR_RW_MODE(current_value, 0644);
> +
> +ATTRIBUTE_N_PROPERTY_SHOW(lower_bound, integer);
> +static struct kobj_attribute integer_lower_bound =
> + __ATTR_RO(lower_bound);
> +
> +ATTRIBUTE_N_PROPERTY_SHOW(upper_bound, integer);
> +static struct kobj_attribute integer_upper_bound =
> + __ATTR_RO(upper_bound);
> +
> +ATTRIBUTE_N_PROPERTY_SHOW(scalar_increment, integer);
> +static struct kobj_attribute integer_scalar_increment =
> + __ATTR_RO(scalar_increment);
> +
> +static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
> + char *buf)
> +{
> + return sysfs_emit(buf, "integer\n");
> +}
> +
> +static struct kobj_attribute integer_type =
> + __ATTR_RO(type);
> +
> +static struct attribute *integer_attrs[] = {
> + &integer_display_langcode.attr,
> + &integer_display_name.attr,
> + &integer_current_val.attr,
> + &integer_lower_bound.attr,
> + &integer_upper_bound.attr,
> + &integer_scalar_increment.attr,
> + &integer_type.attr,
> + NULL,
> +};
> +
> +static const struct attribute_group integer_attr_group = {
> + .attrs = integer_attrs,
> +};
> +
> +int alloc_integer_data(void)
> +{
> + bioscfg_drv.integer_instances_count = get_instance_count(HP_WMI_BIOS_INTEGER_GUID);
> + bioscfg_drv.integer_data = kcalloc(bioscfg_drv.integer_instances_count,
> + sizeof(struct integer_data), GFP_KERNEL);
> +
> + if (!bioscfg_drv.integer_data) {
> + bioscfg_drv.integer_instances_count = 0;
> + return -ENOMEM;
> + }
> + return 0;
> +}
> +
> +/* Expected Values types associated with each element */
> +static const acpi_object_type expected_integer_types[] = {
> + [NAME] = ACPI_TYPE_STRING,
> + [VALUE] = ACPI_TYPE_STRING,
> + [PATH] = ACPI_TYPE_STRING,
> + [IS_READONLY] = ACPI_TYPE_INTEGER,
> + [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER,
> + [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER,
> + [SEQUENCE] = ACPI_TYPE_INTEGER,
> + [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER,
> + [PREREQUISITES] = ACPI_TYPE_STRING,
> + [SECURITY_LEVEL] = ACPI_TYPE_INTEGER,
> + [INT_LOWER_BOUND] = ACPI_TYPE_INTEGER,
> + [INT_UPPER_BOUND] = ACPI_TYPE_INTEGER,
> + [INT_SCALAR_INCREMENT] = ACPI_TYPE_INTEGER,
> +};
> +
> +/*
> + * populate_int_data() -
> + * Populate all properties of an instance under integer attribute
> + *
> + * @integer_obj: ACPI object with integer data
> + * @instance_id: The instance to enumerate
> + * @attr_name_kobj: The parent kernel object
> + */
> +int populate_integer_package_data(union acpi_object *integer_obj,
> + int instance_id,
> + struct kobject *attr_name_kobj)
> +{
> + struct integer_data *integer_data = &bioscfg_drv.integer_data[instance_id];
> +
> + integer_data->attr_name_kobj = attr_name_kobj;
> + populate_integer_elements_from_package(integer_obj,
> + integer_obj->package.count,
> + instance_id);
> + update_attribute_permissions(integer_data->common.is_readonly,
> + &integer_current_val);
> + friendly_user_name_update(integer_data->common.path,
> + attr_name_kobj->name,
> + integer_data->common.display_name,
> + sizeof(integer_data->common.display_name));
> + return sysfs_create_group(attr_name_kobj, &integer_attr_group);
> +}
> +
> +int populate_integer_elements_from_package(union acpi_object *integer_obj,
> + int integer_obj_count,
> + int instance_id)
> +{
> + char *str_value = NULL;
> + int value_len;
> + int ret;
> + u32 int_value;
> + int elem;
> + int reqs;
> + int eloc;
> + struct integer_data *integer_data = &bioscfg_drv.integer_data[instance_id];
> +
> + if (!integer_obj)
> + return -EINVAL;
> +
> + strscpy(integer_data->common.display_name_language_code,
> + LANG_CODE_STR,
> + sizeof(integer_data->common.display_name_language_code));
> +
> + for (elem = 1, eloc = 1; elem < integer_obj_count; elem++, eloc++) {
> + /* ONLY look at the first INTEGER_ELEM_CNT elements */
> + if (eloc == INT_ELEM_CNT)
> + goto exit_integer_package;
> +
> + switch (integer_obj[elem].type) {
> + case ACPI_TYPE_STRING:
> +
> + if (elem != PREREQUISITES) {
> + ret = convert_hexstr_to_str(integer_obj[elem].string.pointer,
> + integer_obj[elem].string.length,
> + &str_value, &value_len);
> + if (ret)
> + continue;
> + }
> + break;

Instead of the loop pattern can this not use the same pattern as
populate_integer_elements_from_buffer()?

(Same for all attribute types)

> + case ACPI_TYPE_INTEGER:
> + int_value = (u32)integer_obj[elem].integer.value;
> + break;
> + default:
> + pr_warn("Unsupported object type [%d]\n", integer_obj[elem].type);
> + continue;
> + }
> + /* Check that both expected and read object type match */
> + if (expected_integer_types[eloc] != integer_obj[elem].type) {
> + pr_err("Error expected type %d for elem %d, but got type %d instead\n",
> + expected_integer_types[eloc], elem, integer_obj[elem].type);
> + return -EIO;
> + }
> + /* Assign appropriate element value to corresponding field*/
> + switch (eloc) {
> + case VALUE:
> + ret = kstrtoint(str_value, 10, &int_value);
> + if (ret)
> + continue;
> +
> + integer_data->current_value = int_value;
> + break;
> + case PATH:
> + strscpy(integer_data->common.path, str_value,
> + sizeof(integer_data->common.path));
> + break;
> + case IS_READONLY:
> + integer_data->common.is_readonly = int_value;
> + break;
> + case DISPLAY_IN_UI:
> + integer_data->common.display_in_ui = int_value;
> + break;
> + case REQUIRES_PHYSICAL_PRESENCE:
> + integer_data->common.requires_physical_presence = int_value;
> + break;
> + case SEQUENCE:
> + integer_data->common.sequence = int_value;
> + break;
> + case PREREQUISITES_SIZE:
> + if (integer_data->common.prerequisites_size > MAX_PREREQUISITES_SIZE)
> + pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
> + /*
> + * This HACK is needed to keep the expected
> + * element list pointing to the right obj[elem].type
> + * when the size is zero. PREREQUISITES
> + * object is omitted by BIOS when the size is
> + * zero.
> + */
> + if (integer_data->common.prerequisites_size == 0)
> + eloc++;
> + break;
> + case PREREQUISITES:
> + for (reqs = 0;
> + reqs < integer_data->common.prerequisites_size &&
> + reqs < MAX_PREREQUISITES_SIZE;
> + reqs++) {
> + if (elem >= integer_obj_count) {
> + pr_err("Error elem-objects package is too small\n");
> + return -EINVAL;
> + }
> +
> + ret = convert_hexstr_to_str(integer_obj[elem + reqs].string.pointer,
> + integer_obj[elem + reqs].string.length,
> + &str_value, &value_len);
> +
> + if (ret)
> + continue;
> +
> + strscpy(integer_data->common.prerequisites[reqs],
> + str_value,
> + sizeof(integer_data->common.prerequisites[reqs]));
> + kfree(str_value);
> + }
> + break;
> +
> + case SECURITY_LEVEL:
> + integer_data->common.security_level = int_value;
> + break;
> + case INT_LOWER_BOUND:
> + integer_data->lower_bound = int_value;
> + break;
> + case INT_UPPER_BOUND:
> + integer_data->upper_bound = int_value;
> + break;
> + case INT_SCALAR_INCREMENT:
> + integer_data->scalar_increment = int_value;
> + break;
> + default:
> + pr_warn("Invalid element: %d found in Integer attribute or data may be malformed\n", elem);
> + break;
> + }
> + }
> +exit_integer_package:
> + kfree(str_value);
> + return 0;
> +}
> +
> +/*
> + * populate_integer_buffer_data() -
> + * Populate all properties of an instance under integer attribute
> + *
> + * @buffer_ptr: Buffer pointer
> + * @buffer_size: Buffer size
> + * @instance_id: The instance to enumerate
> + * @attr_name_kobj: The parent kernel object
> + */

Needs /** to be proper kdoc.

> +int populate_integer_buffer_data(u8 *buffer_ptr, u32 *buffer_size, int instance_id,
> + struct kobject *attr_name_kobj)
> +{
> + struct integer_data *integer_data = &bioscfg_drv.integer_data[instance_id];
> +
> + integer_data->attr_name_kobj = attr_name_kobj;
> +
> + /* Populate integer elements */
> + populate_integer_elements_from_buffer(buffer_ptr, buffer_size,
> + instance_id);
> + update_attribute_permissions(integer_data->common.is_readonly,
> + &integer_current_val);
> + friendly_user_name_update(integer_data->common.path,
> + attr_name_kobj->name,
> + integer_data->common.display_name,
> + sizeof(integer_data->common.display_name));
> +
> + return sysfs_create_group(attr_name_kobj, &integer_attr_group);
> +}
> +
> +int populate_integer_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
> + int instance_id)
> +{
> + char *dst = NULL;
> + int reqs;
> + int ret;
> + int dst_size = *buffer_size / sizeof(u16);
> + struct integer_data *integer_data = &bioscfg_drv.integer_data[instance_id];
> +
> + dst = kcalloc(dst_size, sizeof(char), GFP_KERNEL);
> + if (!dst)
> + return -ENOMEM;
> +
> + strscpy(integer_data->common.display_name_language_code,
> + LANG_CODE_STR,
> + sizeof(integer_data->common.display_name_language_code));
> + /*
> + * Only data relevant to this driver and its functionality is
> + * read. BIOS defines the order in which each * element is
> + * read. Element 0 data is not relevant to this
> + * driver hence it is ignored. For clarity, all element names
> + * (DISPLAY_IN_UI) which defines the order in which is read
> + * and the name matches the variable where the data is stored.
> + */
> +
> + // VALUE:
> + get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
> + ret = kstrtoint(dst, 10, &integer_data->current_value);
> + if (ret)
> + pr_warn("Unable to convert string to integer: %s\n", dst);

Maybe set current_value to a well-defined value when this error happens.

> +
> + // PATH:
> + get_string_from_buffer(&buffer_ptr, buffer_size, integer_data->common.path,
> + sizeof(integer_data->common.path));

get_string_from_buffer() returns an int but the return value is never
used.
Also it's not clear where the validation that the buffer is not read out
of bounds happens. Making this more explicit would be nice.

> +
> + // IS_READONLY:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &integer_data->common.is_readonly);
> +
> + //DISPLAY_IN_UI:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &integer_data->common.display_in_ui);
> +
> + // REQUIRES_PHYSICAL_PRESENCE:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &integer_data->common.requires_physical_presence);
> +
> + // SEQUENCE:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &integer_data->common.sequence);
> +
> + // PREREQUISITES_SIZE:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &integer_data->common.prerequisites_size);

If the common values are always in the same order you could refactor it
into a function.

> +
> + if (integer_data->common.prerequisites_size > MAX_PREREQUISITES_SIZE) {
> + /* Report a message and limit prerequisite size to maximum value */
> + pr_warn("Integer Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
> + integer_data->common.prerequisites_size = MAX_PREREQUISITES_SIZE;
> + }
> +
> + // PREREQUISITES:
> + for (reqs = 0;
> + reqs < integer_data->common.prerequisites_size && reqs < MAX_PREREQUISITES_SIZE;
> + reqs++)
> + get_string_from_buffer(&buffer_ptr, buffer_size,
> + integer_data->common.prerequisites[reqs],
> + sizeof(integer_data->common.prerequisites[reqs]));

How is this supposed to work?

Presumably if the firmware returns too many prerequisites the ignored
prerequisites can't just be interpreted as security_level, lower_bound,
upper_bound.

In general it may be useful to be able mark an attribute as invalid and
probihibit interaction from userspace.
Then if the firmware returns bogus data we can just enable that invalid
state and don't have to worry about things like that.

> +
> + // SECURITY_LEVEL:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &integer_data->common.security_level);
> +
> + // INT_LOWER_BOUND:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &integer_data->lower_bound);
> +
> + // INT_UPPER_BOUND:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &integer_data->upper_bound);
> +
> + // INT_SCALAR_INCREMENT:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &integer_data->scalar_increment);
> +
> + kfree(dst);

dst can be freed much earlier.

> + return 0;
> +}

The new logic looks much nicer!
Now let's see if it can be used for reading from a package.

> +
> +/*
> + * exit_integer_attributes() - Clear all attribute data
> + *
> + * Clears all data allocated for this group of attributes
> + */
> +void exit_integer_attributes(void)
> +{
> + int instance_id;
> +
> + for (instance_id = 0; instance_id < bioscfg_drv.integer_instances_count;
> + instance_id++) {
> + struct kobject *attr_name_kobj =
> + bioscfg_drv.integer_data[instance_id].attr_name_kobj;
> +
> + if (attr_name_kobj)
> + sysfs_remove_group(attr_name_kobj, &integer_attr_group);
> + }
> + bioscfg_drv.integer_instances_count = 0;
> +
> + kfree(bioscfg_drv.integer_data);
> + bioscfg_drv.integer_data = NULL;
> +}
> --
> 2.34.1
>

2023-05-08 21:26:35

by Jorge Lopez

[permalink] [raw]
Subject: Re: [PATCH v12 00/13] HP BIOSCFG driver

Hi Thomas,

No problem at all. Any time you can provide me is greatly appreciated.
Thank you for letting me know.

Regards,

Jorge

On Mon, May 8, 2023 at 3:57 PM Thomas Weißschuh <[email protected]> wrote:
>
> Hi Jorge,
>
> On 2023-05-05 17:00:30-0500, Jorge Lopez wrote:
>
> <snip>
>
> > .../testing/sysfs-class-firmware-attributes | 117 ++-
> > MAINTAINERS | 6 +
> > drivers/platform/x86/hp/Kconfig | 16 +
> > drivers/platform/x86/hp/Makefile | 1 +
> > drivers/platform/x86/hp/hp-bioscfg/Makefile | 12 +
> > .../x86/hp/hp-bioscfg/biosattr-interface.c | 319 ++++++
> > drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 982 ++++++++++++++++++
> > drivers/platform/x86/hp/hp-bioscfg/bioscfg.h | 523 ++++++++++
> > .../x86/hp/hp-bioscfg/enum-attributes.c | 482 +++++++++
> > .../x86/hp/hp-bioscfg/int-attributes.c | 448 ++++++++
> > .../x86/hp/hp-bioscfg/ordered-attributes.c | 443 ++++++++
> > .../x86/hp/hp-bioscfg/passwdobj-attributes.c | 584 +++++++++++
> > .../x86/hp/hp-bioscfg/spmobj-attributes.c | 381 +++++++
> > .../x86/hp/hp-bioscfg/string-attributes.c | 415 ++++++++
> > .../x86/hp/hp-bioscfg/surestart-attributes.c | 133 +++
> > 15 files changed, 4860 insertions(+), 2 deletions(-)
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/Makefile
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.c
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
>
> Unfortunately I'm not sure I'll find enough time this week for a full
> review of this revision.
>
> I'll review bit by bit as time permits.
>
> Thomas

2023-05-08 21:31:42

by Jorge Lopez

[permalink] [raw]
Subject: Re: [PATCH v12 02/13] HP BIOSCFG driver - biosattr-interface

On Mon, May 8, 2023 at 9:31 AM Ilpo Järvinen
<[email protected]> wrote:
>
> On Fri, 5 May 2023, Jorge Lopez wrote:
>
> > HP BIOS Configuration driver purpose is to provide a driver supporting
> > the latest sysfs class firmware attributes framework allowing the user
> > to change BIOS settings and security solutions on HP Inc.’s commercial
> > notebooks.
> >
> > Many features of HP Commercial notebooks can be managed using Windows
> > Management Instrumentation (WMI). WMI is an implementation of Web-Based
> > Enterprise Management (WBEM) that provides a standards-based interface
> > for changing and monitoring system settings. HP BIOSCFG driver provides
> > a native Linux solution and the exposed features facilitates the
> > migration to Linux environments.
> >
> > The Linux security features to be provided in hp-bioscfg driver enables
> > managing the BIOS settings and security solutions via sysfs, a virtual
> > filesystem that can be used by user-mode applications. The new
> > documentation cover HP-specific firmware sysfs attributes such Secure
> > Platform Management and Sure Start. Each section provides security
> > feature description and identifies sysfs directories and files exposed
> > by the driver.
> >
> > Many HP Commercial notebooks include a feature called Secure Platform
> > Management (SPM), which replaces older password-based BIOS settings
> > management with public key cryptography. PC secure product management
> > begins when a target system is provisioned with cryptographic keys
> > that are used to ensure the integrity of communications between system
> > management utilities and the BIOS.
> >
> > HP Commercial notebooks have several BIOS settings that control its
> > behaviour and capabilities, many of which are related to security.
> > To prevent unauthorized changes to these settings, the system can
> > be configured to use a cryptographic signature-based authorization
> > string that the BIOS will use to verify authorization to modify the
> > setting.
> >
> > Linux Security components are under development and not published yet.
> > The only linux component is the driver (hp bioscfg) at this time.
> > Other published security components are under Windows.
> >
> > Signed-off-by: Jorge Lopez <[email protected]>
> >
> > ---
> > Based on the latest platform-drivers-x86.git/for-next
> > ---
> > .../x86/hp/hp-bioscfg/biosattr-interface.c | 319 ++++++++++++++++++
> > 1 file changed, 319 insertions(+)
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c
> >
> > diff --git a/drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c b/drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c
> > new file mode 100644
> > index 000000000000..8f7039a4416a
> > --- /dev/null
> > +++ b/drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c
> > @@ -0,0 +1,319 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/*
> > + * Functions corresponding to methods under BIOS interface GUID
> > + * for use with hp-bioscfg driver.
> > + *
> > + * Copyright (c) 2022 Hewlett-Packard Inc.
> > + */
> > +
> > +#include <linux/wmi.h>
> > +#include "bioscfg.h"
> > +
> > +/*
> > + * struct bios_args buffer is dynamically allocated. New WMI command types
> > + * were introduced that exceeds 128-byte data size. Changes to handle
> > + * the data size allocation scheme were kept in hp_wmi_perform_query function.
> > + */
> > +struct bios_args {
> > + u32 signature;
> > + u32 command;
> > + u32 commandtype;
> > + u32 datasize;
> > + u8 data[];
> > +};
> > +
> > +/**
> > + * hp_set_attribute
> > + *
> > + * @a_name: The attribute name
> > + * @a_value: The attribute value
> > + *
> > + * Sets an attribute to new value
> > + *
> > + * Returns zero on success
> > + * -ENODEV if device is not found
> > + * -EINVAL if the instance of 'Setup Admin' password is not found.
> > + * -ENOMEM unable to allocate memory
>
> Inconsistent indent.

Done!
>
> > + */
> > +int hp_set_attribute(const char *a_name, const char *a_value)
> > +{
> > + size_t security_area_size;
> > + size_t a_name_size, a_value_size;
> > + u16 *buffer = NULL;
> > + u16 *start;
> > + int buffer_size, instance, ret;
> > + char *auth_token_choice;
> > + u16 *retbuffer;
> > +
> > + mutex_lock(&bioscfg_drv.mutex);
> > + if (!bioscfg_drv.bios_attr_wdev) {
> > + ret = -ENODEV;
> > + goto out_set_attribute;
> > + }
> > +
> > + instance = get_password_instance_for_type(SETUP_PASSWD);
> > + if (instance < 0) {
> > + ret = -EINVAL;
> > + goto out_set_attribute;
> > + }
> > +
> > + /* Select which auth token to use; password or [auth token] */
> > +
>
> Remove newline

Done!
>
> > + if (bioscfg_drv.spm_data.auth_token)
> > + auth_token_choice = bioscfg_drv.spm_data.auth_token;
> > + else
> > + auth_token_choice = bioscfg_drv.password_data[instance].current_password;
> > +

<snip>

> > + hp_wmi_error_and_message(ret);
> > +
> > + if (ret) {
> > + if (ret != INVALID_CMD_VALUE &&
> > + ret != INVALID_CMD_TYPE)
>
> To the same line.

Done!
>
> > + pr_warn("query 0x%x returned error 0x%x\n", query, ret);
> > + goto out_free;
> > + }
> > +
> > + /* Ignore output data of zero size */
> > + if (!outsize)
> > + goto out_free;
> > +
> > + actual_outsize = min(outsize, (u32)(obj->buffer.length - sizeof(*bios_return)));
>
> Use min_t() instead of casting.

Done!
>
> > + memcpy_and_pad(buffer, outsize, obj->buffer.pointer + sizeof(*bios_return),
> > + actual_outsize, 0);
> > +
> > +out_free:
> > + kfree(obj);
> > + kfree(args);
> > + return ret;
> > +}
> > +
> > +static void *utf16_empty_string(u16 *p)
> > +{
> > + *p++ = 2;
> > + *p++ = (u8)0x00;
>
> Useless and non-sensical cast.

Casting was removed.

>
> > + return p;
> > +}
> > +
> > +/**
> > + * hp_ascii_to_utf16_unicode - Convert ascii string to UTF-16 unicode
> > + *
> > + * BIOS supports UTF-16 characters that are 2 bytes long. No variable
> > + * multi-byte language supported.
> > + *
> > + * @p: Unicode buffer address
> > + * @str: string to convert to unicode
> > + *
> > + * Returns a void pointer to the buffer string
> > + */
> > +void *hp_ascii_to_utf16_unicode(u16 *p, const u8 *str)
> > +{
> > + int len = strlen(str);
> > + int ret;
> > +
> > + /*
> > + * Add null character when reading an empty string
> > + * "02 00 00 00"
> > + */
> > + if (len == 0)
> > + return utf16_empty_string(p);
> > +
> > + /* Move pointer len * 2 number of bytes */
> > + *p++ = len * 2;
>
> The comment sounds odd given the code context here.

The initial two bytes in the translated string identifies the number
of bytes that follows.
What we are trying to say is that we are setting two bytes to store
the string size in bytes.
>
> > + ret = utf8s_to_utf16s(str, strlen(str), UTF16_HOST_ENDIAN, p, len);
>
> Why is strlen(str) recalculated here?

It is unnecessary for this review. It will be removed.


>
> > + if (ret < 0) {
> > + dev_err(bioscfg_drv.class_dev, "UTF16 conversion failed\n");
> > + return NULL;
> > + }
> > +
> > + if ((ret * sizeof(u16)) > U16_MAX) {
>
> Unnecessary parenthesis.
Done!!
>
> > + dev_err(bioscfg_drv.class_dev, "Error string too long\n");
> > + return NULL;
> > + }
> > +
> > + p += len;
>
> Is this correct ?
Yes. buffer p location is moved len number of u16 characters
>
> > + return p;
> > +}
> > +
> > +/**
> > + * hp_wmi_set_bios_setting - Set setting's value in BIOS
> > + *
> > + * @input_buffer: Input buffer address
> > + * @input_size: Input buffer size
> > + *
> > + * Returns: Count of unicode characters written to BIOS if successful, otherwise
> > + * -ENOMEM unable to allocate memory
> > + * -EINVAL buffer not allocated or too small
> > + */
> > +int hp_wmi_set_bios_setting(u16 *input_buffer, u32 input_size)
> > +{
> > + union acpi_object *obj;
> > + struct acpi_buffer input = {input_size, input_buffer};
> > + struct acpi_buffer output = {ACPI_ALLOCATE_BUFFER, NULL};
> > + int ret;
> > +
> > + ret = wmi_evaluate_method(HP_WMI_SET_BIOS_SETTING_GUID, 0, 1, &input, &output);
> > +
> > + obj = output.pointer;
> > + if (!obj)
> > + return -EINVAL;
> > +
> > + if (obj->type != ACPI_TYPE_INTEGER)
> > + ret = -EINVAL;
>
> Missing goto?

it was removed by accident. It will be reinstated.

>
> > +
> > + ret = obj->integer.value;
> > + hp_wmi_error_and_message(ret);
> > +
> > + kfree(obj);
> > + return ret;
> > +}
>
>
> --
> i.
>
>
> > +
> > +static int hp_attr_set_interface_probe(struct wmi_device *wdev, const void *context)
> > +{
> > + mutex_lock(&bioscfg_drv.mutex);
> > + bioscfg_drv.bios_attr_wdev = wdev;
> > + mutex_unlock(&bioscfg_drv.mutex);
> > + return 0;
> > +}
> > +
> > +static void hp_attr_set_interface_remove(struct wmi_device *wdev)
> > +{
> > + mutex_lock(&bioscfg_drv.mutex);
> > + bioscfg_drv.bios_attr_wdev = NULL;
> > + mutex_unlock(&bioscfg_drv.mutex);
> > +}
> > +
> > +static const struct wmi_device_id hp_attr_set_interface_id_table[] = {
> > + { .guid_string = HP_WMI_BIOS_GUID},
> > + { }
> > +};
> > +
> > +static struct wmi_driver hp_attr_set_interface_driver = {
> > + .driver = {
> > + .name = DRIVER_NAME,
> > + },
> > + .probe = hp_attr_set_interface_probe,
> > + .remove = hp_attr_set_interface_remove,
> > + .id_table = hp_attr_set_interface_id_table,
> > +};
> > +
> > +int init_hp_attr_set_interface(void)
> > +{
> > + return wmi_driver_register(&hp_attr_set_interface_driver);
> > +}
> > +
> > +void exit_hp_attr_set_interface(void)
> > +{
> > + wmi_driver_unregister(&hp_attr_set_interface_driver);
> > +}
> > +
> > +MODULE_DEVICE_TABLE(wmi, hp_attr_set_interface_id_table);
> >

2023-05-08 21:55:52

by Jorge Lopez

[permalink] [raw]
Subject: Re: [PATCH v12 04/13] HP BIOSCFG driver - int-attributes

On Mon, May 8, 2023 at 9:45 AM Ilpo Järvinen
<[email protected]> wrote:
>
> On Fri, 5 May 2023, Jorge Lopez wrote:
>
> > HP BIOS Configuration driver purpose is to provide a driver supporting
> > the latest sysfs class firmware attributes framework allowing the user
> > to change BIOS settings and security solutions on HP Inc.’s commercial
> > notebooks.
> >
> > Many features of HP Commercial notebooks can be managed using Windows
> > Management Instrumentation (WMI). WMI is an implementation of Web-Based
> > Enterprise Management (WBEM) that provides a standards-based interface
> > for changing and monitoring system settings. HP BIOSCFG driver provides
> > a native Linux solution and the exposed features facilitates the
> > migration to Linux environments.
> >
> > The Linux security features to be provided in hp-bioscfg driver enables
> > managing the BIOS settings and security solutions via sysfs, a virtual
> > filesystem that can be used by user-mode applications. The new
> > documentation cover HP-specific firmware sysfs attributes such Secure
> > Platform Management and Sure Start. Each section provides security
> > feature description and identifies sysfs directories and files exposed
> > by the driver.
> >
> > Many HP Commercial notebooks include a feature called Secure Platform
> > Management (SPM), which replaces older password-based BIOS settings
> > management with public key cryptography. PC secure product management
> > begins when a target system is provisioned with cryptographic keys
> > that are used to ensure the integrity of communications between system
> > management utilities and the BIOS.
> >
> > HP Commercial notebooks have several BIOS settings that control its
> > behaviour and capabilities, many of which are related to security.
> > To prevent unauthorized changes to these settings, the system can
> > be configured to use a cryptographic signature-based authorization
> > string that the BIOS will use to verify authorization to modify the
> > setting.
> >
> > Linux Security components are under development and not published yet.
> > The only linux component is the driver (hp bioscfg) at this time.
> > Other published security components are under Windows.
> >
> > Signed-off-by: Jorge Lopez <[email protected]>
> >
> > ---
> > Based on the latest platform-drivers-x86.git/for-next
> > ---
> > .../x86/hp/hp-bioscfg/int-attributes.c | 448 ++++++++++++++++++
> > 1 file changed, 448 insertions(+)
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
> >
> > diff --git a/drivers/platform/x86/hp/hp-bioscfg/int-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
> > new file mode 100644
> > index 000000000000..1395043d5c9f
> > --- /dev/null
> > +++ b/drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
> > @@ -0,0 +1,448 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/*
> > + * Functions corresponding to integer type attributes under
> > + * BIOS Enumeration GUID for use with hp-bioscfg driver.
> > + *
> > + * Copyright (c) 2022 Hewlett-Packard Inc.
> > + */
> > +
> > +#include "bioscfg.h"
> > +
> > +GET_INSTANCE_ID(integer);
> > +
> > +static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
> > +{
> > +<snip>


> > +int alloc_integer_data(void)
> > +{
> > + bioscfg_drv.integer_instances_count = get_instance_count(HP_WMI_BIOS_INTEGER_GUID);
> > + bioscfg_drv.integer_data = kcalloc(bioscfg_drv.integer_instances_count,
> > + sizeof(struct integer_data), GFP_KERNEL);
>
> It would be better to use sizeof(*...) format.

I cannot use sizeof(*...) at this time, because it is allocating
bioscfg_drv.integer_instances_count number of integer_data
structures.
>
> > +
> > + if (!bioscfg_drv.integer_data) {
> > + bioscfg_drv.integer_instances_count = 0;
> > + return -ENOMEM;
> > + }
> > + return 0;
> > +}

<snip>

> > +int populate_integer_elements_from_package(union acpi_object *integer_obj,
> > + int integer_obj_count,
> > + int instance_id)
> > +{
> > + char *str_value = NULL;
> > + int value_len;
> > + int ret;
> > + u32 int_value;
> > + int elem;
> > + int reqs;
> > + int eloc;
> > + struct integer_data *integer_data = &bioscfg_drv.integer_data[instance_id];
> > +
> > + if (!integer_obj)
> > + return -EINVAL;
> > +
> > + strscpy(integer_data->common.display_name_language_code,
> > + LANG_CODE_STR,
> > + sizeof(integer_data->common.display_name_language_code));
> > +
> > + for (elem = 1, eloc = 1; elem < integer_obj_count; elem++, eloc++) {
> > + /* ONLY look at the first INTEGER_ELEM_CNT elements */
> > + if (eloc == INT_ELEM_CNT)
> > + goto exit_integer_package;
> > +
> > + switch (integer_obj[elem].type) {
> > + case ACPI_TYPE_STRING:
> > +
>
> Extra newline.

Done!
>
> > + if (elem != PREREQUISITES) {
> > + ret = convert_hexstr_to_str(integer_obj[elem].string.pointer,
> > + integer_obj[elem].string.length,
> > + &str_value, &value_len);
> > + if (ret)
> > + continue;
> > + }
> > + break;
> > + case ACPI_TYPE_INTEGER:
> > + int_value = (u32)integer_obj[elem].integer.value;
> > + break;
> > + default:
> > + pr_warn("Unsupported object type [%d]\n", integer_obj[elem].type);
> > + continue;
> > + }
> > + /* Check that both expected and read object type match */

<snip>

> > + if (integer_data->common.prerequisites_size > MAX_PREREQUISITES_SIZE) {
> > + /* Report a message and limit prerequisite size to maximum value */
> > + pr_warn("Integer Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
> > + integer_data->common.prerequisites_size = MAX_PREREQUISITES_SIZE;
> > + }
> > +
> > + // PREREQUISITES:
> > + for (reqs = 0;
> > + reqs < integer_data->common.prerequisites_size && reqs < MAX_PREREQUISITES_SIZE;
>
> Why is the second check necessary, didn't you just above force it
> prerequisites_size to never be larger than that???
>
> After removing it, put the whole for () for a single line.

I will remove the second check and put the whole () in a single line.
I will apply the same changes to all affected files.

>
> > + reqs++)
> > + get_string_from_buffer(&buffer_ptr, buffer_size,
> > + integer_data->common.prerequisites[reqs],
> > + sizeof(integer_data->common.prerequisites[reqs]));
> > +
> > + // SECURITY_LEVEL:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &integer_data->common.security_level);
> > +
> > + // INT_LOWER_BOUND:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &integer_data->lower_bound);
> > +
> > + // INT_UPPER_BOUND:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &integer_data->upper_bound);
> > +
> > + // INT_SCALAR_INCREMENT:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &integer_data->scalar_increment);
> > +
> > + kfree(dst);
> > + return 0;
> > +}
> > +
> > +/*
> > + * exit_integer_attributes() - Clear all attribute data
> > + *
> > + * Clears all data allocated for this group of attributes
> > + */
> > +void exit_integer_attributes(void)
> > +{
> > + int instance_id;
> > +
> > + for (instance_id = 0; instance_id < bioscfg_drv.integer_instances_count;
> > + instance_id++) {
> > + struct kobject *attr_name_kobj =
> > + bioscfg_drv.integer_data[instance_id].attr_name_kobj;
>
> You could consider shorter variable name for instance_id. IMHO, it add
> very little value in the long form over i or id.
>
> > +
> > + if (attr_name_kobj)
> > + sysfs_remove_group(attr_name_kobj, &integer_attr_group);
> > + }
> > + bioscfg_drv.integer_instances_count = 0;
> > +
> > + kfree(bioscfg_drv.integer_data);
> > + bioscfg_drv.integer_data = NULL;
> > +}
> >
>
> --
> i.
<snip>

2023-05-08 21:59:58

by Thomas Weißschuh

[permalink] [raw]
Subject: Re: [PATCH v12 05/13] HP BIOSCFG driver - ordered-attributes

On 2023-05-05 17:00:35-0500, Jorge Lopez wrote:

<snip>

> ---
> Based on the latest platform-drivers-x86.git/for-next
> ---
> .../x86/hp/hp-bioscfg/ordered-attributes.c | 443 ++++++++++++++++++
> 1 file changed, 443 insertions(+)
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c

Should be named order-list-attributes.

>
> diff --git a/drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c
> new file mode 100644
> index 000000000000..1d06fbefceca
> --- /dev/null
> +++ b/drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c
> @@ -0,0 +1,443 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Functions corresponding to ordered list type attributes under
> + * BIOS ORDERED LIST GUID for use with hp-bioscfg driver.
> + *
> + * Copyright (c) 2022 HP Development Company, L.P.
> + */
> +
> +#include "bioscfg.h"
> +
> +GET_INSTANCE_ID(ordered_list);
> +
> +static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
> +{
> + int instance_id = get_ordered_list_instance_id(kobj);
> +
> + if (instance_id < 0)
> + return -EIO;
> +
> + return sysfs_emit(buf, "%s\n",
> + bioscfg_drv.ordered_list_data[instance_id].current_value);
> +}
> +
> +/**
> + * validate_ordered_list_input() -
> + * Validate input of current_value against possible values
> + *
> + * @instance_id: The instance on which input is validated
> + * @buf: Input value
> + */
> +static int validate_ordered_list_input(int instance_id, const char *buf)
> +{
> + struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
> +
> + if (ordered_list_data->common.requires_physical_presence)
> + set_reboot_and_signal_event();

I think the block above can actually be pulled up into
ATTRIBUTE_PROPERTY_STORE() and removed from all the attributes.

> +
> + return 0;
> +}
> +
> +static void update_ordered_list_value(int instance_id, char *attr_value)
> +{
> + struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
> +
> + strscpy(ordered_list_data->current_value,
> + attr_value,
> + sizeof(ordered_list_data->current_value));
> +}
> +
> +ATTRIBUTE_S_COMMON_PROPERTY_SHOW(display_name_language_code, ordered_list);
> +static struct kobj_attribute ordered_list_display_langcode =
> + __ATTR_RO(display_name_language_code);
> +
> +ATTRIBUTE_S_COMMON_PROPERTY_SHOW(display_name, ordered_list);
> +static struct kobj_attribute ordered_list_display_name =
> + __ATTR_RO(display_name);
> +
> +ATTRIBUTE_PROPERTY_STORE(current_value, ordered_list);
> +static struct kobj_attribute ordered_list_current_val =
> + __ATTR_RW_MODE(current_value, 0644);
> +
> +ATTRIBUTE_VALUES_PROPERTY_SHOW(elements, ordered_list, COMMA_SEP);
> +static struct kobj_attribute ordered_list_elements_val =
> + __ATTR_RO(elements);
> +
> +static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
> + char *buf)
> +{
> + return sysfs_emit(buf, "ordered-list\n");
> +}
> +
> +static struct kobj_attribute ordered_list_type =
> + __ATTR_RO(type);
> +
> +static struct attribute *ordered_list_attrs[] = {
> + &ordered_list_display_langcode.attr,
> + &ordered_list_display_name.attr,
> + &ordered_list_current_val.attr,
> + &ordered_list_elements_val.attr,
> + &ordered_list_type.attr,
> + NULL,

No comma.

> +};
> +
> +static const struct attribute_group ordered_list_attr_group = {
> + .attrs = ordered_list_attrs,
> +};
> +
> +int alloc_ordered_list_data(void)
> +{
> + bioscfg_drv.ordered_list_instances_count =
> + get_instance_count(HP_WMI_BIOS_ORDERED_LIST_GUID);
> + bioscfg_drv.ordered_list_data = kcalloc(bioscfg_drv.ordered_list_instances_count,
> + sizeof(struct ordered_list_data), GFP_KERNEL);
> + if (!bioscfg_drv.ordered_list_data) {
> + bioscfg_drv.ordered_list_instances_count = 0;
> + return -ENOMEM;
> + }
> + return 0;
> +}
> +
> +/**
> + * populate_ordered_list_package_data() -
> + * Populate all properties of an instance under ordered_list attribute
> + *
> + * @order_obj: ACPI object with ordered_list data
> + * @instance_id: The instance to enumerate
> + * @attr_name_kobj: The parent kernel object
> + */
> +int populate_ordered_list_package_data(union acpi_object *order_obj, int instance_id,
> + struct kobject *attr_name_kobj)
> +{
> + struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
> +
> + ordered_list_data->attr_name_kobj = attr_name_kobj;
> +
> + populate_ordered_list_elements_from_package(order_obj,
> + order_obj->package.count,
> + instance_id);
> + update_attribute_permissions(ordered_list_data->common.is_readonly,
> + &ordered_list_current_val);
> + friendly_user_name_update(ordered_list_data->common.path,
> + attr_name_kobj->name,
> + ordered_list_data->common.display_name,
> + sizeof(ordered_list_data->common.display_name));
> + return sysfs_create_group(attr_name_kobj, &ordered_list_attr_group);
> +}
> +
> +/* Expected Values types associated with each element */
> +static const acpi_object_type expected_order_types[] = {
> + [NAME] = ACPI_TYPE_STRING,
> + [VALUE] = ACPI_TYPE_STRING,
> + [PATH] = ACPI_TYPE_STRING,
> + [IS_READONLY] = ACPI_TYPE_INTEGER,
> + [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER,
> + [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER,
> + [SEQUENCE] = ACPI_TYPE_INTEGER,
> + [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER,
> + [PREREQUISITES] = ACPI_TYPE_STRING,
> + [SECURITY_LEVEL] = ACPI_TYPE_INTEGER,
> + [ORD_LIST_SIZE] = ACPI_TYPE_INTEGER,
> + [ORD_LIST_ELEMENTS] = ACPI_TYPE_STRING,
> +};
> +
> +int populate_ordered_list_elements_from_package(union acpi_object *order_obj,
> + int order_obj_count,
> + int instance_id)

Can be static. Same for the other attributes.

> +{
> + char *str_value = NULL;
> + int value_len;
> + int ret;
> + u32 size;
> + u32 int_value;
> + int elem;
> + int reqs;
> + int eloc;
> + char *tmpstr = NULL;
> + char *part_tmp = NULL;
> + int tmp_len = 0;
> + char *part = NULL;
> + struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
> +
> + if (!order_obj)
> + return -EINVAL;
> +
> + strscpy(ordered_list_data->common.display_name_language_code,
> + LANG_CODE_STR,
> + sizeof(ordered_list_data->common.display_name_language_code));
> +
> + for (elem = 1, eloc = 1; elem < order_obj_count; elem++, eloc++) {
> + /* ONLY look at the first ORDERED_ELEM_CNT elements */
> + if (eloc == ORD_ELEM_CNT)
> + goto exit_list_package;
> +
> + switch (order_obj[elem].type) {
> + case ACPI_TYPE_STRING:
> +
> + if (elem != PREREQUISITES && elem != ORD_LIST_ELEMENTS) {
> + ret = convert_hexstr_to_str(order_obj[elem].string.pointer,
> + order_obj[elem].string.length,
> + &str_value, &value_len);
> + if (ret)
> + continue;
> + }
> + break;
> + case ACPI_TYPE_INTEGER:
> + int_value = (u32)order_obj[elem].integer.value;
> + break;
> + default:
> + pr_warn("Unsupported object type [%d]\n", order_obj[elem].type);
> + continue;
> + }
> +
> + /* Check that both expected and read object type match */
> + if (expected_order_types[eloc] != order_obj[elem].type) {
> + pr_err("Error expected type %d for elem %d, but got type %d instead\n",
> + expected_order_types[eloc], elem, order_obj[elem].type);
> + return -EIO;
> + }
> +
> + /* Assign appropriate element value to corresponding field*/
> + switch (eloc) {
> + case VALUE:
> + strscpy(ordered_list_data->current_value,
> + str_value, sizeof(ordered_list_data->current_value));
> + break;
> + case PATH:
> + strscpy(ordered_list_data->common.path, str_value,
> + sizeof(ordered_list_data->common.path));
> + break;
> + case IS_READONLY:
> + ordered_list_data->common.is_readonly = int_value;
> + break;
> + case DISPLAY_IN_UI:
> + ordered_list_data->common.display_in_ui = int_value;
> + break;
> + case REQUIRES_PHYSICAL_PRESENCE:
> + ordered_list_data->common.requires_physical_presence = int_value;
> + break;
> + case SEQUENCE:
> + ordered_list_data->common.sequence = int_value;
> + break;
> + case PREREQUISITES_SIZE:
> + ordered_list_data->common.prerequisites_size = int_value;
> + if (int_value > MAX_PREREQUISITES_SIZE)
> + pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
> +
> + /*
> + * This HACK is needed to keep the expected
> + * element list pointing to the right obj[elem].type
> + * when the size is zero. PREREQUISITES
> + * object is omitted by BIOS when the size is
> + * zero.
> + */
> + if (int_value == 0)
> + eloc++;
> + break;
> + case PREREQUISITES:
> + size = ordered_list_data->common.prerequisites_size;
> +
> + for (reqs = 0; reqs < size && reqs < MAX_PREREQUISITES_SIZE; reqs++) {
> + ret = convert_hexstr_to_str(order_obj[elem + reqs].string.pointer,
> + order_obj[elem + reqs].string.length,
> + &str_value, &value_len);
> +
> + if (ret)
> + continue;
> +
> + strscpy(ordered_list_data->common.prerequisites[reqs],
> + str_value,
> + sizeof(ordered_list_data->common.prerequisites[reqs]));
> +
> + kfree(str_value);
> + }
> + break;
> +
> + case SECURITY_LEVEL:
> + ordered_list_data->common.security_level = int_value;
> + break;
> +
> + case ORD_LIST_SIZE:
> + ordered_list_data->elements_size = int_value;
> + if (int_value > MAX_ELEMENTS_SIZE)
> + pr_warn("Ordered List size value exceeded the maximum number of elements supported or data may be malformed\n");
> + /*
> + * This HACK is needed to keep the expected
> + * element list pointing to the right obj[elem].type
> + * when the size is zero. ORD_LIST_ELEMENTS
> + * object is omitted by BIOS when the size is
> + * zero.
> + */
> + if (int_value == 0)
> + eloc++;
> + break;
> + case ORD_LIST_ELEMENTS:
> + size = ordered_list_data->elements_size;
> +
> + /*
> + * Ordered list data is stored in hex and comma separated format
> + * Convert the data and split it to show each element
> + */
> + ret = convert_hexstr_to_str(str_value, value_len, &tmpstr, &tmp_len);
> + if (ret)
> + goto exit_list_package;
> +
> + part_tmp = tmpstr;
> + part = strsep(&part_tmp, ",");
> + if (!part)
> + strscpy(ordered_list_data->elements[0],
> + tmpstr,
> + sizeof(ordered_list_data->elements[0]));
> +
> + for (elem = 1; elem < MAX_ELEMENTS_SIZE && part; elem++) {
> + strscpy(ordered_list_data->elements[elem],
> + part,
> + sizeof(ordered_list_data->elements[elem]));
> + part = strsep(&part_tmp, ",");
> + }
> +
> + kfree(tmpstr);

This will be freed below anyways.

> + break;
> + default:
> + pr_warn("Invalid element: %d found in Ordered_List attribute or data may be malformed\n", elem);
> + break;
> + }
> + kfree(tmpstr);
> + kfree(str_value);
> + }
> +
> +exit_list_package:

No need for function name in jump label.

> + kfree(tmpstr);
> + kfree(str_value);
> + return 0;
> +}
> +
> +/**
> + * populate_ordered_list_buffer_data() - Populate all properties of an
> + * instance under ordered list attribute
> + *
> + * @buffer_ptr: Buffer pointer
> + * @buffer_size: Buffer size
> + * @instance_id: The instance to enumerate
> + * @attr_name_kobj: The parent kernel object
> + */
> +int populate_ordered_list_buffer_data(u8 *buffer_ptr, u32 *buffer_size, int instance_id,
> + struct kobject *attr_name_kobj)
> +{
> + struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
> +
> + ordered_list_data->attr_name_kobj = attr_name_kobj;
> +
> + /* Populate ordered list elements */
> + populate_ordered_list_elements_from_buffer(buffer_ptr, buffer_size,
> + instance_id);
> + update_attribute_permissions(ordered_list_data->common.is_readonly,
> + &ordered_list_current_val);
> + friendly_user_name_update(ordered_list_data->common.path,
> + attr_name_kobj->name,
> + ordered_list_data->common.display_name,
> + sizeof(ordered_list_data->common.display_name));
> +
> + return sysfs_create_group(attr_name_kobj, &ordered_list_attr_group);
> +}
> +
> +int populate_ordered_list_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
> + int instance_id)

Can be static. Same for the other attributes.

> +{
> + int reqs;
> + int values;
> + struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
> +
> + strscpy(ordered_list_data->common.display_name_language_code,
> + LANG_CODE_STR,
> + sizeof(ordered_list_data->common.display_name_language_code));
> +
> + // VALUE:
> + get_string_from_buffer(&buffer_ptr, buffer_size, ordered_list_data->current_value,
> + sizeof(ordered_list_data->current_value));
> +
> + // PATH:
> + get_string_from_buffer(&buffer_ptr, buffer_size, ordered_list_data->common.path,
> + sizeof(ordered_list_data->common.path));
> +
> + // IS_READONLY:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &ordered_list_data->common.is_readonly);
> +
> + //DISPLAY_IN_UI:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &ordered_list_data->common.display_in_ui);
> +
> + // REQUIRES_PHYSICAL_PRESENCE:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &ordered_list_data->common.requires_physical_presence);
> +
> + // SEQUENCE:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &ordered_list_data->common.sequence);
> +
> + // PREREQUISITES_SIZE:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &ordered_list_data->common.prerequisites_size);
> +
> + if (ordered_list_data->common.prerequisites_size > MAX_PREREQUISITES_SIZE) {
> + /* Report a message and limit prerequisite size to maximum value */
> + pr_warn("String Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
> + ordered_list_data->common.prerequisites_size = MAX_PREREQUISITES_SIZE;
> + }
> +
> + // PREREQUISITES:
> + for (reqs = 0;
> + reqs < ordered_list_data->common.prerequisites_size && reqs < MAX_PREREQUISITES_SIZE;
> + reqs++)
> + get_string_from_buffer(&buffer_ptr, buffer_size,
> + ordered_list_data->common.prerequisites[reqs],
> + sizeof(ordered_list_data->common.prerequisites[reqs]));
> +
> + // SECURITY_LEVEL:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &ordered_list_data->common.security_level);
> +
> + // ORD_LIST_SIZE:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &ordered_list_data->elements_size);
> +
> + if (ordered_list_data->elements_size > MAX_ELEMENTS_SIZE) {
> + /* Report a message and limit elements size to maximum value */
> + pr_warn("Ordered List size value exceeded the maximum number of elements supported or data may be malformed\n");
> + ordered_list_data->elements_size = MAX_ELEMENTS_SIZE;
> + }
> +
> + // ORD_LIST_ELEMENTS:
> + for (values = 0; values < ordered_list_data->elements_size && values < MAX_ELEMENTS_SIZE;

values < min(ordered_list_data->elements_size, MAX_ELEMENTS_SIZE)

Also elements_size can actually never be > MAX_ELEMENTS_SIZE here.
Same for PREREQUISITES.
But as discussed before this limiting to a max amount of elements is
invalid, as following data will be misinterpreted.

> + values++)
> + get_string_from_buffer(&buffer_ptr, buffer_size,
> + ordered_list_data->elements[values],
> + sizeof(ordered_list_data->elements[values]));
> +
> + return 0;
> +}
> +
> +/**
> + * exit_ordered_list_attributes() - Clear all attribute data
> + *
> + * Clears all data allocated for this group of attributes
> + */
> +void exit_ordered_list_attributes(void)
> +{
> + int instance_id;
> +
> + for (instance_id = 0; instance_id < bioscfg_drv.ordered_list_instances_count;
> + instance_id++) {
> + struct kobject *attr_name_kobj =
> + bioscfg_drv.ordered_list_data[instance_id].attr_name_kobj;
> +
> + if (attr_name_kobj)
> + sysfs_remove_group(attr_name_kobj,
> + &ordered_list_attr_group);
> + }
> + bioscfg_drv.ordered_list_instances_count = 0;
> +
> + kfree(bioscfg_drv.ordered_list_data);
> + bioscfg_drv.ordered_list_data = NULL;
> +}
> --
> 2.34.1
>

2023-05-09 11:01:03

by Ilpo Järvinen

[permalink] [raw]
Subject: Re: [PATCH v12 04/13] HP BIOSCFG driver - int-attributes

On Mon, 8 May 2023, Jorge Lopez wrote:

> On Mon, May 8, 2023 at 9:45 AM Ilpo Järvinen
> <[email protected]> wrote:
> >
> > On Fri, 5 May 2023, Jorge Lopez wrote:
> >
> > > HP BIOS Configuration driver purpose is to provide a driver supporting
> > > the latest sysfs class firmware attributes framework allowing the user
> > > to change BIOS settings and security solutions on HP Inc.’s commercial
> > > notebooks.
> > >
> > > Many features of HP Commercial notebooks can be managed using Windows
> > > Management Instrumentation (WMI). WMI is an implementation of Web-Based
> > > Enterprise Management (WBEM) that provides a standards-based interface
> > > for changing and monitoring system settings. HP BIOSCFG driver provides
> > > a native Linux solution and the exposed features facilitates the
> > > migration to Linux environments.
> > >
> > > The Linux security features to be provided in hp-bioscfg driver enables
> > > managing the BIOS settings and security solutions via sysfs, a virtual
> > > filesystem that can be used by user-mode applications. The new
> > > documentation cover HP-specific firmware sysfs attributes such Secure
> > > Platform Management and Sure Start. Each section provides security
> > > feature description and identifies sysfs directories and files exposed
> > > by the driver.
> > >
> > > Many HP Commercial notebooks include a feature called Secure Platform
> > > Management (SPM), which replaces older password-based BIOS settings
> > > management with public key cryptography. PC secure product management
> > > begins when a target system is provisioned with cryptographic keys
> > > that are used to ensure the integrity of communications between system
> > > management utilities and the BIOS.
> > >
> > > HP Commercial notebooks have several BIOS settings that control its
> > > behaviour and capabilities, many of which are related to security.
> > > To prevent unauthorized changes to these settings, the system can
> > > be configured to use a cryptographic signature-based authorization
> > > string that the BIOS will use to verify authorization to modify the
> > > setting.
> > >
> > > Linux Security components are under development and not published yet.
> > > The only linux component is the driver (hp bioscfg) at this time.
> > > Other published security components are under Windows.
> > >
> > > Signed-off-by: Jorge Lopez <[email protected]>
> > >
> > > ---
> > > Based on the latest platform-drivers-x86.git/for-next
> > > ---

> > > +int alloc_integer_data(void)
> > > +{
> > > + bioscfg_drv.integer_instances_count = get_instance_count(HP_WMI_BIOS_INTEGER_GUID);
> > > + bioscfg_drv.integer_data = kcalloc(bioscfg_drv.integer_instances_count,
> > > + sizeof(struct integer_data), GFP_KERNEL);
> >
> > It would be better to use sizeof(*...) format.
>
> I cannot use sizeof(*...) at this time, because it is allocating
> bioscfg_drv.integer_instances_count number of integer_data
> structures.

Isn't bioscfg_drv.integer_data is a pointer to a single struct
integer_data? Why cannot you do sizeof(*bioscfg_drv.integer_data)?? It is
perfectly legal C construct for getting the size of the struct the
pointer points to.


--
i.

2023-05-09 12:39:40

by Ilpo Järvinen

[permalink] [raw]
Subject: Re: [PATCH v12 06/13] HP BIOSCFG driver - passwdobj-attributes

On Fri, 5 May 2023, Jorge Lopez wrote:

> HP BIOS Configuration driver purpose is to provide a driver supporting
> the latest sysfs class firmware attributes framework allowing the user
> to change BIOS settings and security solutions on HP Inc.?s commercial
> notebooks.
>
> Many features of HP Commercial notebooks can be managed using Windows
> Management Instrumentation (WMI). WMI is an implementation of Web-Based
> Enterprise Management (WBEM) that provides a standards-based interface
> for changing and monitoring system settings. HP BIOSCFG driver provides
> a native Linux solution and the exposed features facilitates the
> migration to Linux environments.
>
> The Linux security features to be provided in hp-bioscfg driver enables
> managing the BIOS settings and security solutions via sysfs, a virtual
> filesystem that can be used by user-mode applications. The new
> documentation cover HP-specific firmware sysfs attributes such Secure
> Platform Management and Sure Start. Each section provides security
> feature description and identifies sysfs directories and files exposed
> by the driver.
>
> Many HP Commercial notebooks include a feature called Secure Platform
> Management (SPM), which replaces older password-based BIOS settings
> management with public key cryptography. PC secure product management
> begins when a target system is provisioned with cryptographic keys
> that are used to ensure the integrity of communications between system
> management utilities and the BIOS.
>
> HP Commercial notebooks have several BIOS settings that control its
> behaviour and capabilities, many of which are related to security.
> To prevent unauthorized changes to these settings, the system can
> be configured to use a cryptographic signature-based authorization
> string that the BIOS will use to verify authorization to modify the
> setting.
>
> Linux Security components are under development and not published yet.
> The only linux component is the driver (hp bioscfg) at this time.
> Other published security components are under Windows.
>
> Signed-off-by: Jorge Lopez <[email protected]>
>
> ---
> Based on the latest platform-drivers-x86.git/for-next

FYI, for me you don't need to reply into the comments where you'll be
following the review suggestion. It saves us both time if we focus on
points where there's more to discuss.

> ---
> .../x86/hp/hp-bioscfg/passwdobj-attributes.c | 584 ++++++++++++++++++
> 1 file changed, 584 insertions(+)
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c
>
> diff --git a/drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c
> new file mode 100644
> index 000000000000..7f3bd58ab3fd
> --- /dev/null
> +++ b/drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c
> @@ -0,0 +1,584 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Functions corresponding to password object type attributes under
> + * BIOS PASSWORD for use with hp-bioscfg driver.
> + *
> + * Copyright (c) 2022 HP Development Company, L.P.
> + */
> +
> +#include "bioscfg.h"
> +#include <asm-generic/posix_types.h>
> +
> +GET_INSTANCE_ID(password);
> +/*
> + * Clear all passwords copied to memory for a particular
> + * authentication instance
> + */
> +int clear_passwords(const int instance)
> +{
> + struct password_data *password_data = &bioscfg_drv.password_data[instance];
> +
> + if (!password_data->is_enabled)
> + return 0;
> +
> + memset(password_data->current_password,
> + 0, sizeof(password_data->current_password));
> + memset(password_data->new_password,
> + 0, sizeof(password_data->new_password));
> +
> + return 0;
> +}
> +
> +/*
> + * Clear all credentials copied to memory for both Power-ON and Setup
> + * BIOS instances
> + */
> +int clear_all_credentials(void)
> +{
> + int instance;
> +
> + /* clear all passwords */
> + for (instance = 0; instance < bioscfg_drv.password_instances_count; instance++)
> + clear_passwords(instance);
> +
> + /* clear auth_token */
> + kfree(bioscfg_drv.spm_data.auth_token);
> + bioscfg_drv.spm_data.auth_token = NULL;
> +
> + return 0;
> +}
> +
> +int get_password_instance_for_type(const char *name)
> +{
> + int count = bioscfg_drv.password_instances_count;
> + int instance;
> +
> + for (instance = 0; instance < count; instance++) {

Perhaps the loops could have the same form, either this or the one in the
prev function.

> + if (strcmp(bioscfg_drv.password_data[instance].common.display_name, name) == 0)

!strcmp(...)

> + return instance;
> + }
> + return -EINVAL;
> +}
> +
> +int validate_password_input(int instance_id, const char *buf)
> +{
> + int length;
> + struct password_data *password_data = &bioscfg_drv.password_data[instance_id];
> +
> + length = strlen(buf);
> + if (buf[length - 1] == '\n')
> + length--;
> +
> + if (length > MAX_PASSWD_SIZE)
> + return INVALID_BIOS_AUTH;
> +
> + if (password_data->min_password_length > length ||
> + password_data->max_password_length < length)
> + return INVALID_BIOS_AUTH;
> + return SUCCESS;
> +}
> +
> +ATTRIBUTE_N_PROPERTY_SHOW(is_enabled, password);
> +static struct kobj_attribute password_is_password_set = __ATTR_RO(is_enabled);
> +
> +static ssize_t current_password_store(struct kobject *kobj,
> + struct kobj_attribute *attr,
> + const char *buf, size_t count)
> +{
> + char *buf_cp;
> + int id, ret = 0;
> +
> + buf_cp = kstrdup(buf, GFP_KERNEL);
> + if (!buf_cp) {
> + ret = -ENOMEM;
> + goto exit_password;

return -ENOMEM; directly.

> + }
> +
> + ret = enforce_single_line_input(buf_cp, count);
> + if (!ret) {
> + id = get_password_instance_id(kobj);
> + if (id >= 0)
> + ret = validate_password_input(id, buf_cp);
> + }
> +
> + if (!ret) {

Convert the error handling above to < 0 + goto pairs instead.

Should this function really return 0 when get_password_instance_id()
returns error?

It can also write to -EIO index here when get_poassword_instance_id()
fails:

> + strscpy(bioscfg_drv.password_data[id].current_password,
> + buf_cp,
> + sizeof(bioscfg_drv.password_data[id].current_password));
> + /*
> + * set pending reboot flag depending on
> + * "RequiresPhysicalPresence" value
> + */
> + if (bioscfg_drv.password_data[id].common.requires_physical_presence)
> + set_reboot_and_signal_event();
> + }

> +
> +exit_password:
> + kfree(buf_cp);
> + return ret ? ret : count;
> +}
> +
> +static struct kobj_attribute password_current_password = __ATTR_WO(current_password);
> +
> +static ssize_t new_password_store(struct kobject *kobj,
> + struct kobj_attribute *attr,
> + const char *buf, size_t count)
> +{
> + char *buf_cp = NULL;
> + int id = 0;
> + int ret = -EIO;
> +
> + buf_cp = kstrdup(buf, GFP_KERNEL);
> + if (!buf_cp) {
> + ret = -ENOMEM;
> + goto exit_password;

return -ENOMEM;


> + }
> +
> + ret = enforce_single_line_input(buf_cp, count);
> + if (!ret) {
> + id = get_password_instance_id(kobj);
> +
> + if (id >= 0)
> + ret = validate_password_input(id, buf_cp);
> + }
> +
> + if (!ret)
> + strscpy(bioscfg_drv.password_data[id].new_password,
> + buf_cp,
> + sizeof(bioscfg_drv.password_data[id].new_password));
> +

Duplicated code with the previous function? If so, add a helper.

> + if (!ret)
> + ret = hp_set_attribute(kobj->name, buf_cp);
> +
> +exit_password:
> + /*
> + * Regardless of the results both new and current passwords
> + * will be set to zero and avoid security issues
> + */
> + clear_passwords(id);
> +
> + kfree(buf_cp);
> + return ret ? ret : count;
> +}
> +
> +static struct kobj_attribute password_new_password = __ATTR_WO(new_password);
> +
> +ATTRIBUTE_N_PROPERTY_SHOW(min_password_length, password);
> +static struct kobj_attribute password_min_password_length = __ATTR_RO(min_password_length);
> +
> +ATTRIBUTE_N_PROPERTY_SHOW(max_password_length, password);
> +static struct kobj_attribute password_max_password_length = __ATTR_RO(max_password_length);
> +
> +static ssize_t role_show(struct kobject *kobj, struct kobj_attribute *attr,
> + char *buf)
> +{
> + if (strcmp(kobj->name, SETUP_PASSWD) == 0)

Use !strcmp() instead, please check the rest yourself, I won't mark them
all.

> + return sysfs_emit(buf, "%s\n", BIOS_ADMIN);
> +
> + if (strcmp(kobj->name, POWER_ON_PASSWD) == 0)
> + return sysfs_emit(buf, "%s\n", POWER_ON);
> +
> + return -EIO;
> +}
> +
> +static struct kobj_attribute password_role = __ATTR_RO(role);
> +
> +static ssize_t mechanism_show(struct kobject *kobj, struct kobj_attribute *attr,
> + char *buf)
> +{
> + int i = get_password_instance_id(kobj);
> +
> + if (i < 0)
> + return i;
> +
> + if (bioscfg_drv.password_data[i].mechanism != PASSWORD)
> + return -EINVAL;
> +
> + return sysfs_emit(buf, "%s\n", PASSWD_MECHANISM_TYPES);
> +}
> +
> +static struct kobj_attribute password_mechanism = __ATTR_RO(mechanism);
> +
> +ATTRIBUTE_VALUES_PROPERTY_SHOW(encodings, password, SEMICOLON_SEP);
> +static struct kobj_attribute password_encodings_val =
> + __ATTR_RO(encodings);
> +
> +static struct attribute *password_attrs[] = {
> + &password_is_password_set.attr,
> + &password_min_password_length.attr,
> + &password_max_password_length.attr,
> + &password_current_password.attr,
> + &password_new_password.attr,
> + &password_role.attr,
> + &password_mechanism.attr,
> + &password_encodings_val.attr,
> + NULL,
> +};
> +
> +static const struct attribute_group password_attr_group = {
> + .attrs = password_attrs
> +};
> +
> +int alloc_password_data(void)
> +{
> + int ret = 0;
> +
> + bioscfg_drv.password_instances_count = get_instance_count(HP_WMI_BIOS_PASSWORD_GUID);
> + bioscfg_drv.password_data = kcalloc(bioscfg_drv.password_instances_count,
> + sizeof(struct password_data), GFP_KERNEL);
> + if (!bioscfg_drv.password_data) {
> + bioscfg_drv.password_instances_count = 0;
> + ret = -ENOMEM;
> + }
> +
> + return ret;
> +}
> +
> +/*
> + * populate_password_package_data -
> + * Populate all properties for an instance under password attribute
> + *
> + * @password_obj: ACPI object with password data
> + * @instance_id: The instance to enumerate
> + * @attr_name_kobj: The parent kernel object

Is kerneldoc happy with the extra line between func and its parameters,
IIRC it might not like that?

> + */
> +int populate_password_package_data(union acpi_object *password_obj, int instance_id,
> + struct kobject *attr_name_kobj)
> +{
> + struct password_data *password_data = &bioscfg_drv.password_data[instance_id];
> +
> + password_data->attr_name_kobj = attr_name_kobj;
> +
> + populate_password_elements_from_package(password_obj,
> + password_obj->package.count,
> + instance_id);
> +
> + if (strcmp(attr_name_kobj->name, SETUP_PASSWD) == 0) {
> + /* Save system authentication instance for easy access */

Extra space.

> + return sysfs_create_group(attr_name_kobj, &password_attr_group);
> + }
> +
> + return sysfs_create_group(attr_name_kobj, &password_attr_group);
> +}
> +
> +/* Expected Values types associated with each element */
> +static const acpi_object_type expected_password_types[] = {
> + [NAME] = ACPI_TYPE_STRING,
> + [VALUE] = ACPI_TYPE_STRING,
> + [PATH] = ACPI_TYPE_STRING,
> + [IS_READONLY] = ACPI_TYPE_INTEGER,
> + [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER,
> + [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER,
> + [SEQUENCE] = ACPI_TYPE_INTEGER,
> + [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER,
> + [PREREQUISITES] = ACPI_TYPE_STRING,
> + [SECURITY_LEVEL] = ACPI_TYPE_INTEGER,
> + [PSWD_MIN_LENGTH] = ACPI_TYPE_INTEGER,
> + [PSWD_MAX_LENGTH] = ACPI_TYPE_INTEGER,
> + [PSWD_SIZE] = ACPI_TYPE_INTEGER,
> + [PSWD_ENCODINGS] = ACPI_TYPE_STRING,
> + [PSWD_IS_SET] = ACPI_TYPE_INTEGER,
> +};
> +
> +int populate_password_elements_from_package(union acpi_object *password_obj,
> + int password_obj_count,
> + int instance_id)
> +{
> + char *str_value = NULL;
> + int value_len;
> + int ret;
> + u32 size;
> + u32 int_value;
> + int elem;
> + int reqs;
> + int eloc;
> + int pos_values;
> + struct password_data *password_data = &bioscfg_drv.password_data[instance_id];
> +
> + if (!password_obj)
> + return -EINVAL;
> +
> + for (elem = 1, eloc = 1; elem < password_obj_count; elem++, eloc++) {
> + /* ONLY look at the first PASSWORD_ELEM_CNT elements */
> + if (eloc == PSWD_ELEM_CNT)
> + goto exit_package;
> +
> + switch (password_obj[elem].type) {
> + case ACPI_TYPE_STRING:
> +

Extra newline.

> + if (PREREQUISITES != elem && PSWD_ENCODINGS != elem) {
> + ret = convert_hexstr_to_str(password_obj[elem].string.pointer,
> + password_obj[elem].string.length,
> + &str_value, &value_len);
> + if (ret)
> + continue;
> + }
> + break;
> + case ACPI_TYPE_INTEGER:
> + int_value = (u32)password_obj[elem].integer.value;
> + break;
> + default:
> + pr_warn("Unsupported object type [%d]\n", password_obj[elem].type);
> + continue;
> + }
> +
> + /* Check that both expected and read object type match */
> + if (expected_password_types[eloc] != password_obj[elem].type) {
> + pr_err("Error expected type %d for elem %d, but got type %d instead\n",
> + expected_password_types[eloc], elem, password_obj[elem].type);
> + return -EIO;
> + }
> +
> + /* Assign appropriate element value to corresponding field*/
> + switch (eloc) {
> + case VALUE:
> + break;
> + case PATH:
> + strscpy(password_data->common.path, str_value,
> + sizeof(password_data->common.path));
> + break;
> + case IS_READONLY:
> + password_data->common.is_readonly = int_value;
> + break;
> + case DISPLAY_IN_UI:
> + password_data->common.display_in_ui = int_value;
> + break;
> + case REQUIRES_PHYSICAL_PRESENCE:
> + password_data->common.requires_physical_presence = int_value;
> + break;
> + case SEQUENCE:
> + password_data->common.sequence = int_value;
> + break;
> + case PREREQUISITES_SIZE:
> + password_data->common.prerequisites_size = int_value;
> + if (int_value > MAX_PREREQUISITES_SIZE)
> + pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
> + /*
> + * This HACK is needed to keep the expected
> + * element list pointing to the right obj[elem].type
> + * when the size is zero. PREREQUISITES

Please remove all these double space from your patches (should be easy
to find them with grep). Please check if your editor adds them e.g., when
reflowing text.

> + * object is omitted by BIOS when the size is
> + * zero.
> + */
> + if (int_value == 0)
> + eloc++;
> + break;
> + case PREREQUISITES:
> + size = password_data->common.prerequisites_size;
> +
> + for (reqs = 0; reqs < size; reqs++) {
> + ret = convert_hexstr_to_str(password_obj[elem + reqs].string.pointer,
> + password_obj[elem + reqs].string.length,
> + &str_value, &value_len);
> +

Extra newline

> + if (ret)
> + break;
> +
> + strscpy(password_data->common.prerequisites[reqs],
> + str_value,
> + sizeof(password_data->common.prerequisites[reqs]));
> +
> + kfree(str_value);
> + }
> + break;
> +
> + case SECURITY_LEVEL:
> + password_data->common.security_level = int_value;
> + break;
> +
> + case PSWD_MIN_LENGTH:
> + password_data->min_password_length = int_value;
> + break;
> + case PSWD_MAX_LENGTH:
> + password_data->max_password_length = int_value;
> + break;
> + case PSWD_SIZE:
> + password_data->encodings_size = int_value;
> + if (int_value > MAX_ENCODINGS_SIZE)
> + pr_warn("Password Encoding size value exceeded the maximum number of elements supported or data may be malformed\n");
> +
> + /*
> + * This HACK is needed to keep the expected
> + * element list pointing to the right obj[elem].type
> + * when the size is zero. PSWD_ENCODINGS
> + * object is omitted by BIOS when the size is
> + * zero.
> + */
> + if (int_value == 0)
> + eloc++;
> + break;
> +
> + case PSWD_ENCODINGS:
> + size = password_data->encodings_size;
> +
> + for (pos_values = 0; pos_values < size && pos_values < MAX_ENCODINGS_SIZE;

Do
size = min(password_data->encodings_size, MAX_ENCODINGS_SIZE);
instead of &&. Then put the for () into single line.

> + pos_values++) {
> + ret = convert_hexstr_to_str(password_obj[elem + pos_values].string.pointer,
> + password_obj[elem + pos_values].string.length,
> + &str_value, &value_len);
> + if (ret)
> + break;
> +
> + strscpy(password_data->encodings[pos_values],
> + str_value,
> + sizeof(password_data->encodings[pos_values]));
> + kfree(str_value);
> + }
> + break;
> + case PSWD_IS_SET:
> + password_data->is_enabled = int_value;
> + break;
> +
> + default:
> + pr_warn("Invalid element: %d found in Password attribute or data may be malformed\n", elem);
> + break;
> + }
> + kfree(str_value);
> + }
> +
> +exit_package:
> + kfree(str_value);

I suspect there are double frees paths in this function.

> + return 0;
> +}
> +
> +/**
> + * populate_password_buffer_data -
> + * Populate all properties for an instance under password object attribute
> + *
> + * @buffer_ptr: Buffer pointer
> + * @buffer_size: Buffer size
> + * @instance_id: The instance to enumerate
> + * @attr_name_kobj: The parent kernel object
> + */
> +int populate_password_buffer_data(u8 *buffer_ptr, u32 *buffer_size, int instance_id,
> + struct kobject *attr_name_kobj)
> +{
> + struct password_data *password_data = &bioscfg_drv.password_data[instance_id];
> +
> + password_data->attr_name_kobj = attr_name_kobj;
> +
> + /* Populate Password attributes */
> + populate_password_elements_from_buffer(buffer_ptr, buffer_size,
> + instance_id);
> + friendly_user_name_update(password_data->common.path,
> + attr_name_kobj->name,
> + password_data->common.display_name,
> + sizeof(password_data->common.display_name));
> + if (strcmp(attr_name_kobj->name, "Setup Password") == 0)
> + return sysfs_create_group(attr_name_kobj, &password_attr_group);
> +
> + return sysfs_create_group(attr_name_kobj, &password_attr_group);
> +}
> +
> +int populate_password_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
> + int instance_id)
> +{
> + int reqs;
> + int values;
> + struct password_data *password_data = &bioscfg_drv.password_data[instance_id];
> +
> + // VALUE:
> + get_string_from_buffer(&buffer_ptr, buffer_size, password_data->current_password,
> + sizeof(password_data->current_password));
> +
> + // PATH:
> + get_string_from_buffer(&buffer_ptr, buffer_size, password_data->common.path,
> + sizeof(password_data->common.path));
> +
> + // IS_READONLY:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &password_data->common.is_readonly);
> +
> + //DISPLAY_IN_UI:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &password_data->common.display_in_ui);
> +
> + // REQUIRES_PHYSICAL_PRESENCE:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &password_data->common.requires_physical_presence);
> +
> + // SEQUENCE:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &password_data->common.sequence);
> +
> + // PREREQUISITES_SIZE:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &password_data->common.prerequisites_size);
> +
> + if (password_data->common.prerequisites_size > MAX_PREREQUISITES_SIZE) {
> + /* Report a message and limit prerequisite size to maximum value */
> + pr_warn("Password Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
> + password_data->common.prerequisites_size = MAX_PREREQUISITES_SIZE;
> + }
> +
> + // PREREQUISITES:
> + for (reqs = 0;
> + reqs < password_data->common.prerequisites_size && reqs < MAX_PREREQUISITES_SIZE;

MAX_... enforced above.

> + reqs++)
> + get_string_from_buffer(&buffer_ptr, buffer_size,
> + password_data->common.prerequisites[reqs],
> + sizeof(password_data->common.prerequisites[reqs]));
> +
> + // SECURITY_LEVEL:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &password_data->common.security_level);
> +
> + // PSWD_MIN_LENGTH:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &password_data->min_password_length);
> +
> + // PSWD_MAX_LENGTH:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &password_data->max_password_length);
> +
> + // PSWD_SIZE:
> + if (password_data->encodings_size > MAX_ENCODINGS_SIZE) {
> + /* Report a message and limit possible values size to maximum value */
> + pr_warn("Password Encoding size value exceeded the maximum number of elements supported or data may be malformed\n");
> + password_data->encodings_size = MAX_ENCODINGS_SIZE;
> + }
> +
> + // PSWD_ENCODINGS:
> +

Extra newline.

> + for (values = 0;
> + values < password_data->encodings_size && values < MAX_VALUES_SIZE;

Hmm... Is the variation here from MAX_ENCODINGS_SIZE (above) ->
MAX_VALUES_SIZE intentional? They're both 16 anyway.

> + values++)
> + get_string_from_buffer(&buffer_ptr, buffer_size,
> + password_data->encodings[values],
> + sizeof(password_data->encodings[values]));
> +
> + // PSWD_IS_SET:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &password_data->is_enabled);
> +
> + return 0;
> +}
> +
> +/*
> + * exit_password_attributes() - Clear all attribute data
> + *
> + * Clears all data allocated for this group of attributes
> + */
> +void exit_password_attributes(void)
> +{
> + int instance_id;
> +
> + for (instance_id = 0; instance_id < bioscfg_drv.password_instances_count;
> + instance_id++) {
> + struct kobject *attr_name_kobj =
> + bioscfg_drv.password_data[instance_id].attr_name_kobj;
> +
> + if (attr_name_kobj) {
> + if (strcmp(attr_name_kobj->name, SETUP_PASSWD) == 0)
> + sysfs_remove_group(attr_name_kobj,
> + &password_attr_group);
> + else
> + sysfs_remove_group(attr_name_kobj,
> + &password_attr_group);

Eh, same content in both if and else blocks???? :-)

> + }
> + }
> + bioscfg_drv.password_instances_count = 0;
> + kfree(bioscfg_drv.password_data);
> + bioscfg_drv.password_data = NULL;
> +}
>

--
i.

2023-05-09 13:22:30

by Ilpo Järvinen

[permalink] [raw]
Subject: Re: [PATCH v12 05/13] HP BIOSCFG driver - ordered-attributes

On Fri, 5 May 2023, Jorge Lopez wrote:

> HP BIOS Configuration driver purpose is to provide a driver supporting
> the latest sysfs class firmware attributes framework allowing the user
> to change BIOS settings and security solutions on HP Inc.?s commercial
> notebooks.
>
> Many features of HP Commercial notebooks can be managed using Windows
> Management Instrumentation (WMI). WMI is an implementation of Web-Based
> Enterprise Management (WBEM) that provides a standards-based interface
> for changing and monitoring system settings. HP BIOSCFG driver provides
> a native Linux solution and the exposed features facilitates the
> migration to Linux environments.
>
> The Linux security features to be provided in hp-bioscfg driver enables
> managing the BIOS settings and security solutions via sysfs, a virtual
> filesystem that can be used by user-mode applications. The new
> documentation cover HP-specific firmware sysfs attributes such Secure
> Platform Management and Sure Start. Each section provides security
> feature description and identifies sysfs directories and files exposed
> by the driver.
>
> Many HP Commercial notebooks include a feature called Secure Platform
> Management (SPM), which replaces older password-based BIOS settings
> management with public key cryptography. PC secure product management
> begins when a target system is provisioned with cryptographic keys
> that are used to ensure the integrity of communications between system
> management utilities and the BIOS.
>
> HP Commercial notebooks have several BIOS settings that control its
> behaviour and capabilities, many of which are related to security.
> To prevent unauthorized changes to these settings, the system can
> be configured to use a cryptographic signature-based authorization
> string that the BIOS will use to verify authorization to modify the
> setting.
>
> Linux Security components are under development and not published yet.
> The only linux component is the driver (hp bioscfg) at this time.
> Other published security components are under Windows.
>
> Signed-off-by: Jorge Lopez <[email protected]>
>
> ---
> Based on the latest platform-drivers-x86.git/for-next
> ---
> .../x86/hp/hp-bioscfg/ordered-attributes.c | 443 ++++++++++++++++++
> 1 file changed, 443 insertions(+)
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c
>
> diff --git a/drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c
> new file mode 100644
> index 000000000000..1d06fbefceca
> --- /dev/null
> +++ b/drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c
> @@ -0,0 +1,443 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Functions corresponding to ordered list type attributes under
> + * BIOS ORDERED LIST GUID for use with hp-bioscfg driver.
> + *
> + * Copyright (c) 2022 HP Development Company, L.P.
> + */
> +
> +#include "bioscfg.h"
> +
> +GET_INSTANCE_ID(ordered_list);
> +
> +static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
> +{
> + int instance_id = get_ordered_list_instance_id(kobj);
> +
> + if (instance_id < 0)
> + return -EIO;
> +
> + return sysfs_emit(buf, "%s\n",
> + bioscfg_drv.ordered_list_data[instance_id].current_value);
> +}
> +
> +/**
> + * validate_ordered_list_input() -
> + * Validate input of current_value against possible values
> + *
> + * @instance_id: The instance on which input is validated
> + * @buf: Input value
> + */
> +static int validate_ordered_list_input(int instance_id, const char *buf)
> +{
> + struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
> +
> + if (ordered_list_data->common.requires_physical_presence)
> + set_reboot_and_signal_event();
> +
> + return 0;
> +}
> +
> +static void update_ordered_list_value(int instance_id, char *attr_value)
> +{
> + struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
> +
> + strscpy(ordered_list_data->current_value,
> + attr_value,
> + sizeof(ordered_list_data->current_value));
> +}
> +
> +ATTRIBUTE_S_COMMON_PROPERTY_SHOW(display_name_language_code, ordered_list);
> +static struct kobj_attribute ordered_list_display_langcode =
> + __ATTR_RO(display_name_language_code);
> +
> +ATTRIBUTE_S_COMMON_PROPERTY_SHOW(display_name, ordered_list);
> +static struct kobj_attribute ordered_list_display_name =
> + __ATTR_RO(display_name);
> +
> +ATTRIBUTE_PROPERTY_STORE(current_value, ordered_list);
> +static struct kobj_attribute ordered_list_current_val =
> + __ATTR_RW_MODE(current_value, 0644);
> +
> +ATTRIBUTE_VALUES_PROPERTY_SHOW(elements, ordered_list, COMMA_SEP);
> +static struct kobj_attribute ordered_list_elements_val =
> + __ATTR_RO(elements);
> +
> +static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
> + char *buf)
> +{
> + return sysfs_emit(buf, "ordered-list\n");
> +}
> +
> +static struct kobj_attribute ordered_list_type =
> + __ATTR_RO(type);
> +
> +static struct attribute *ordered_list_attrs[] = {
> + &ordered_list_display_langcode.attr,
> + &ordered_list_display_name.attr,
> + &ordered_list_current_val.attr,
> + &ordered_list_elements_val.attr,
> + &ordered_list_type.attr,
> + NULL,
> +};
> +
> +static const struct attribute_group ordered_list_attr_group = {
> + .attrs = ordered_list_attrs,
> +};
> +
> +int alloc_ordered_list_data(void)
> +{
> + bioscfg_drv.ordered_list_instances_count =
> + get_instance_count(HP_WMI_BIOS_ORDERED_LIST_GUID);
> + bioscfg_drv.ordered_list_data = kcalloc(bioscfg_drv.ordered_list_instances_count,
> + sizeof(struct ordered_list_data), GFP_KERNEL);
> + if (!bioscfg_drv.ordered_list_data) {
> + bioscfg_drv.ordered_list_instances_count = 0;
> + return -ENOMEM;
> + }
> + return 0;
> +}
> +
> +/**
> + * populate_ordered_list_package_data() -
> + * Populate all properties of an instance under ordered_list attribute
> + *
> + * @order_obj: ACPI object with ordered_list data
> + * @instance_id: The instance to enumerate
> + * @attr_name_kobj: The parent kernel object
> + */
> +int populate_ordered_list_package_data(union acpi_object *order_obj, int instance_id,
> + struct kobject *attr_name_kobj)
> +{
> + struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
> +
> + ordered_list_data->attr_name_kobj = attr_name_kobj;
> +
> + populate_ordered_list_elements_from_package(order_obj,
> + order_obj->package.count,
> + instance_id);
> + update_attribute_permissions(ordered_list_data->common.is_readonly,
> + &ordered_list_current_val);
> + friendly_user_name_update(ordered_list_data->common.path,
> + attr_name_kobj->name,
> + ordered_list_data->common.display_name,
> + sizeof(ordered_list_data->common.display_name));
> + return sysfs_create_group(attr_name_kobj, &ordered_list_attr_group);
> +}
> +
> +/* Expected Values types associated with each element */
> +static const acpi_object_type expected_order_types[] = {
> + [NAME] = ACPI_TYPE_STRING,
> + [VALUE] = ACPI_TYPE_STRING,
> + [PATH] = ACPI_TYPE_STRING,
> + [IS_READONLY] = ACPI_TYPE_INTEGER,
> + [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER,
> + [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER,
> + [SEQUENCE] = ACPI_TYPE_INTEGER,
> + [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER,
> + [PREREQUISITES] = ACPI_TYPE_STRING,
> + [SECURITY_LEVEL] = ACPI_TYPE_INTEGER,
> + [ORD_LIST_SIZE] = ACPI_TYPE_INTEGER,
> + [ORD_LIST_ELEMENTS] = ACPI_TYPE_STRING,
> +};
> +
> +int populate_ordered_list_elements_from_package(union acpi_object *order_obj,
> + int order_obj_count,
> + int instance_id)
> +{
> + char *str_value = NULL;
> + int value_len;
> + int ret;
> + u32 size;
> + u32 int_value;
> + int elem;
> + int reqs;
> + int eloc;
> + char *tmpstr = NULL;
> + char *part_tmp = NULL;
> + int tmp_len = 0;
> + char *part = NULL;
> + struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
> +
> + if (!order_obj)
> + return -EINVAL;
> +
> + strscpy(ordered_list_data->common.display_name_language_code,
> + LANG_CODE_STR,
> + sizeof(ordered_list_data->common.display_name_language_code));
> +
> + for (elem = 1, eloc = 1; elem < order_obj_count; elem++, eloc++) {
> + /* ONLY look at the first ORDERED_ELEM_CNT elements */
> + if (eloc == ORD_ELEM_CNT)
> + goto exit_list_package;
> +
> + switch (order_obj[elem].type) {
> + case ACPI_TYPE_STRING:
> +

Extra newline.

> + if (elem != PREREQUISITES && elem != ORD_LIST_ELEMENTS) {
> + ret = convert_hexstr_to_str(order_obj[elem].string.pointer,
> + order_obj[elem].string.length,
> + &str_value, &value_len);
> + if (ret)
> + continue;
> + }
> + break;
> + case ACPI_TYPE_INTEGER:
> + int_value = (u32)order_obj[elem].integer.value;
> + break;
> + default:
> + pr_warn("Unsupported object type [%d]\n", order_obj[elem].type);
> + continue;
> + }
> +
> + /* Check that both expected and read object type match */
> + if (expected_order_types[eloc] != order_obj[elem].type) {
> + pr_err("Error expected type %d for elem %d, but got type %d instead\n",

Extra space before %d.

> + expected_order_types[eloc], elem, order_obj[elem].type);
> + return -EIO;
> + }
> +
> + /* Assign appropriate element value to corresponding field*/
> + switch (eloc) {
> + case VALUE:
> + strscpy(ordered_list_data->current_value,
> + str_value, sizeof(ordered_list_data->current_value));
> + break;
> + case PATH:
> + strscpy(ordered_list_data->common.path, str_value,
> + sizeof(ordered_list_data->common.path));
> + break;
> + case IS_READONLY:
> + ordered_list_data->common.is_readonly = int_value;
> + break;
> + case DISPLAY_IN_UI:
> + ordered_list_data->common.display_in_ui = int_value;
> + break;
> + case REQUIRES_PHYSICAL_PRESENCE:
> + ordered_list_data->common.requires_physical_presence = int_value;
> + break;
> + case SEQUENCE:
> + ordered_list_data->common.sequence = int_value;
> + break;
> + case PREREQUISITES_SIZE:
> + ordered_list_data->common.prerequisites_size = int_value;
> + if (int_value > MAX_PREREQUISITES_SIZE)
> + pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
> +
> + /*
> + * This HACK is needed to keep the expected
> + * element list pointing to the right obj[elem].type
> + * when the size is zero. PREREQUISITES
> + * object is omitted by BIOS when the size is
> + * zero.
> + */
> + if (int_value == 0)
> + eloc++;
> + break;
> + case PREREQUISITES:
> + size = ordered_list_data->common.prerequisites_size;
> +
> + for (reqs = 0; reqs < size && reqs < MAX_PREREQUISITES_SIZE; reqs++) {
> + ret = convert_hexstr_to_str(order_obj[elem + reqs].string.pointer,
> + order_obj[elem + reqs].string.length,
> + &str_value, &value_len);
> +
> + if (ret)
> + continue;
> +
> + strscpy(ordered_list_data->common.prerequisites[reqs],
> + str_value,
> + sizeof(ordered_list_data->common.prerequisites[reqs]));
> +
> + kfree(str_value);
> + }
> + break;
> +
> + case SECURITY_LEVEL:
> + ordered_list_data->common.security_level = int_value;
> + break;
> +
> + case ORD_LIST_SIZE:
> + ordered_list_data->elements_size = int_value;
> + if (int_value > MAX_ELEMENTS_SIZE)
> + pr_warn("Ordered List size value exceeded the maximum number of elements supported or data may be malformed\n");
> + /*
> + * This HACK is needed to keep the expected
> + * element list pointing to the right obj[elem].type
> + * when the size is zero. ORD_LIST_ELEMENTS
> + * object is omitted by BIOS when the size is
> + * zero.
> + */
> + if (int_value == 0)
> + eloc++;
> + break;
> + case ORD_LIST_ELEMENTS:
> + size = ordered_list_data->elements_size;
> +
> + /*
> + * Ordered list data is stored in hex and comma separated format
> + * Convert the data and split it to show each element
> + */
> + ret = convert_hexstr_to_str(str_value, value_len, &tmpstr, &tmp_len);
> + if (ret)
> + goto exit_list_package;
> +
> + part_tmp = tmpstr;
> + part = strsep(&part_tmp, ",");
> + if (!part)
> + strscpy(ordered_list_data->elements[0],
> + tmpstr,
> + sizeof(ordered_list_data->elements[0]));
> +
> + for (elem = 1; elem < MAX_ELEMENTS_SIZE && part; elem++) {
> + strscpy(ordered_list_data->elements[elem],
> + part,
> + sizeof(ordered_list_data->elements[elem]));
> + part = strsep(&part_tmp, ",");
> + }
> +
> + kfree(tmpstr);
> + break;
> + default:
> + pr_warn("Invalid element: %d found in Ordered_List attribute or data may be malformed\n", elem);
> + break;
> + }
> + kfree(tmpstr);
> + kfree(str_value);
> + }
> +
> +exit_list_package:
> + kfree(tmpstr);
> + kfree(str_value);
> + return 0;
> +}

Looks double and triple frees in this function.

After reading the about same things once again, I started to wonder if
some of that switch content could be moved into a common helper (which
takes e.g. the xx->common pointer as parameter and perhaps some other
carefully selected pointers). There's a lots of duplication.

> +/**
> + * populate_ordered_list_buffer_data() - Populate all properties of an
> + * instance under ordered list attribute
> + *
> + * @buffer_ptr: Buffer pointer
> + * @buffer_size: Buffer size
> + * @instance_id: The instance to enumerate
> + * @attr_name_kobj: The parent kernel object
> + */
> +int populate_ordered_list_buffer_data(u8 *buffer_ptr, u32 *buffer_size, int instance_id,
> + struct kobject *attr_name_kobj)
> +{
> + struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
> +
> + ordered_list_data->attr_name_kobj = attr_name_kobj;
> +
> + /* Populate ordered list elements */
> + populate_ordered_list_elements_from_buffer(buffer_ptr, buffer_size,
> + instance_id);
> + update_attribute_permissions(ordered_list_data->common.is_readonly,
> + &ordered_list_current_val);
> + friendly_user_name_update(ordered_list_data->common.path,
> + attr_name_kobj->name,
> + ordered_list_data->common.display_name,
> + sizeof(ordered_list_data->common.display_name));
> +
> + return sysfs_create_group(attr_name_kobj, &ordered_list_attr_group);
> +}
> +
> +int populate_ordered_list_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
> + int instance_id)
> +{
> + int reqs;
> + int values;
> + struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
> +
> + strscpy(ordered_list_data->common.display_name_language_code,
> + LANG_CODE_STR,
> + sizeof(ordered_list_data->common.display_name_language_code));
> +
> + // VALUE:
> + get_string_from_buffer(&buffer_ptr, buffer_size, ordered_list_data->current_value,
> + sizeof(ordered_list_data->current_value));
> +
> + // PATH:
> + get_string_from_buffer(&buffer_ptr, buffer_size, ordered_list_data->common.path,
> + sizeof(ordered_list_data->common.path));
> +
> + // IS_READONLY:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &ordered_list_data->common.is_readonly);
> +
> + //DISPLAY_IN_UI:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &ordered_list_data->common.display_in_ui);
> +
> + // REQUIRES_PHYSICAL_PRESENCE:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &ordered_list_data->common.requires_physical_presence);
> +
> + // SEQUENCE:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &ordered_list_data->common.sequence);
> +
> + // PREREQUISITES_SIZE:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &ordered_list_data->common.prerequisites_size);
> +
> + if (ordered_list_data->common.prerequisites_size > MAX_PREREQUISITES_SIZE) {
> + /* Report a message and limit prerequisite size to maximum value */
> + pr_warn("String Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
> + ordered_list_data->common.prerequisites_size = MAX_PREREQUISITES_SIZE;
> + }
> +
> + // PREREQUISITES:
> + for (reqs = 0;
> + reqs < ordered_list_data->common.prerequisites_size && reqs < MAX_PREREQUISITES_SIZE;
> + reqs++)
> + get_string_from_buffer(&buffer_ptr, buffer_size,
> + ordered_list_data->common.prerequisites[reqs],
> + sizeof(ordered_list_data->common.prerequisites[reqs]));
> +
> + // SECURITY_LEVEL:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &ordered_list_data->common.security_level);
> +
> + // ORD_LIST_SIZE:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &ordered_list_data->elements_size);
> +
> + if (ordered_list_data->elements_size > MAX_ELEMENTS_SIZE) {
> + /* Report a message and limit elements size to maximum value */
> + pr_warn("Ordered List size value exceeded the maximum number of elements supported or data may be malformed\n");
> + ordered_list_data->elements_size = MAX_ELEMENTS_SIZE;
> + }
> +
> + // ORD_LIST_ELEMENTS:
> + for (values = 0; values < ordered_list_data->elements_size && values < MAX_ELEMENTS_SIZE;
> + values++)
> + get_string_from_buffer(&buffer_ptr, buffer_size,
> + ordered_list_data->elements[values],
> + sizeof(ordered_list_data->elements[values]));
> +
> + return 0;
> +}

Same here. Pass buffer, buffer_size and common into a helper? Maybe some
other parameters too to cover many/all of the cases?

> +
> +/**
> + * exit_ordered_list_attributes() - Clear all attribute data
> + *
> + * Clears all data allocated for this group of attributes
> + */
> +void exit_ordered_list_attributes(void)
> +{
> + int instance_id;
> +
> + for (instance_id = 0; instance_id < bioscfg_drv.ordered_list_instances_count;
> + instance_id++) {
> + struct kobject *attr_name_kobj =
> + bioscfg_drv.ordered_list_data[instance_id].attr_name_kobj;
> +
> + if (attr_name_kobj)
> + sysfs_remove_group(attr_name_kobj,
> + &ordered_list_attr_group);
> + }
> + bioscfg_drv.ordered_list_instances_count = 0;
> +
> + kfree(bioscfg_drv.ordered_list_data);
> + bioscfg_drv.ordered_list_data = NULL;
> +}
>

--
i.

2023-05-09 13:26:16

by Ilpo Järvinen

[permalink] [raw]
Subject: Re: [PATCH v12 07/13] HP BIOSCFG driver - string-attributes

On Fri, 5 May 2023, Jorge Lopez wrote:

> HP BIOS Configuration driver purpose is to provide a driver supporting
> the latest sysfs class firmware attributes framework allowing the user
> to change BIOS settings and security solutions on HP Inc.’s commercial
> notebooks.
>
> Many features of HP Commercial notebooks can be managed using Windows
> Management Instrumentation (WMI). WMI is an implementation of Web-Based
> Enterprise Management (WBEM) that provides a standards-based interface
> for changing and monitoring system settings. HP BIOSCFG driver provides
> a native Linux solution and the exposed features facilitates the
> migration to Linux environments.
>
> The Linux security features to be provided in hp-bioscfg driver enables
> managing the BIOS settings and security solutions via sysfs, a virtual
> filesystem that can be used by user-mode applications. The new
> documentation cover HP-specific firmware sysfs attributes such Secure
> Platform Management and Sure Start. Each section provides security
> feature description and identifies sysfs directories and files exposed
> by the driver.
>
> Many HP Commercial notebooks include a feature called Secure Platform
> Management (SPM), which replaces older password-based BIOS settings
> management with public key cryptography. PC secure product management
> begins when a target system is provisioned with cryptographic keys
> that are used to ensure the integrity of communications between system
> management utilities and the BIOS.
>
> HP Commercial notebooks have several BIOS settings that control its
> behaviour and capabilities, many of which are related to security.
> To prevent unauthorized changes to these settings, the system can
> be configured to use a cryptographic signature-based authorization
> string that the BIOS will use to verify authorization to modify the
> setting.
>
> Linux Security components are under development and not published yet.
> The only linux component is the driver (hp bioscfg) at this time.
> Other published security components are under Windows.
>
> Signed-off-by: Jorge Lopez <[email protected]>
>
> ---
> Based on the latest platform-drivers-x86.git/for-next
> ---
> .../x86/hp/hp-bioscfg/string-attributes.c | 415 ++++++++++++++++++
> 1 file changed, 415 insertions(+)
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
>
> diff --git a/drivers/platform/x86/hp/hp-bioscfg/string-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
> new file mode 100644
> index 000000000000..d74ecc973703
> --- /dev/null
> +++ b/drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
> @@ -0,0 +1,415 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Functions corresponding to string type attributes under
> + * HP_WMI_BIOS_STRING_GUID for use with hp-bioscfg driver.
> + *
> + * Copyright (c) 2022 HP Development Company, L.P.
> + */
> +
> +#include "bioscfg.h"
> +
> +#define WMI_STRING_TYPE "HPBIOS_BIOSString"
> +
> +GET_INSTANCE_ID(string);
> +
> +static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
> +{
> + int instance_id = get_string_instance_id(kobj);
> +
> + if (instance_id < 0)
> + return -EIO;
> +
> + return sysfs_emit(buf, "%s\n",
> + bioscfg_drv.string_data[instance_id].current_value);
> +}
> +
> +/*
> + * validate_string_input() -
> + * Validate input of current_value against min and max lengths
> + *
> + * @instance_id: The instance on which input is validated
> + * @buf: Input value
> + */
> +static int validate_string_input(int instance_id, const char *buf)
> +{
> + int in_len = strlen(buf);
> + struct string_data *string_data = &bioscfg_drv.string_data[instance_id];
> +
> + /* BIOS treats it as a read only attribute */
> + if (string_data->common.is_readonly)
> + return -EIO;
> +
> + if (in_len < string_data->min_length ||
> + in_len > string_data->max_length)
> + return -ERANGE;
> +
> + /*
> + * set pending reboot flag depending on
> + * "RequiresPhysicalPresence" value
> + */
> + if (string_data->common.requires_physical_presence)
> + set_reboot_and_signal_event();
> + return 0;
> +}
> +
> +static void update_string_value(int instance_id, char *attr_value)
> +{
> + struct string_data *string_data = &bioscfg_drv.string_data[instance_id];
> +
> + /* Write settings to BIOS */
> + strscpy(string_data->current_value,
> + attr_value,
> + sizeof(string_data->current_value));

Use less lines.

> +}
> +
> +ATTRIBUTE_S_COMMON_PROPERTY_SHOW(display_name_language_code, string);
> +static struct kobj_attribute string_display_langcode =
> + __ATTR_RO(display_name_language_code);
> +
> +ATTRIBUTE_S_COMMON_PROPERTY_SHOW(display_name, string);
> +static struct kobj_attribute string_display_name =
> + __ATTR_RO(display_name);
> +
> +ATTRIBUTE_PROPERTY_STORE(current_value, string);
> +static struct kobj_attribute string_current_val =
> + __ATTR_RW_MODE(current_value, 0644);
> +
> +ATTRIBUTE_N_PROPERTY_SHOW(min_length, string);
> +static struct kobj_attribute string_min_length =
> + __ATTR_RO(min_length);
> +
> +ATTRIBUTE_N_PROPERTY_SHOW(max_length, string);
> +static struct kobj_attribute string_max_length =
> + __ATTR_RO(max_length);
> +
> +static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
> + char *buf)
> +{
> + return sysfs_emit(buf, "string\n");
> +}
> +
> +static struct kobj_attribute string_type =
> + __ATTR_RO(type);
> +
> +static struct attribute *string_attrs[] = {
> + &string_display_langcode.attr,
> + &string_display_name.attr,
> + &string_current_val.attr,
> + &string_min_length.attr,
> + &string_max_length.attr,
> + &string_type.attr,
> + NULL,
> +};
> +
> +static const struct attribute_group string_attr_group = {
> + .attrs = string_attrs,
> +};
> +
> +int alloc_string_data(void)
> +{
> + bioscfg_drv.string_instances_count = get_instance_count(HP_WMI_BIOS_STRING_GUID);
> + bioscfg_drv.string_data = kcalloc(bioscfg_drv.string_instances_count,
> + sizeof(struct string_data), GFP_KERNEL);

sizeof(*bioscfg_drv.string_data) ?

> + if (!bioscfg_drv.string_data) {
> + bioscfg_drv.string_instances_count = 0;
> + return -ENOMEM;
> + }
> + return 0;
> +}
> +
> +/* Expected Values types associated with each element */
> +static const acpi_object_type expected_string_types[] = {
> + [NAME] = ACPI_TYPE_STRING,
> + [VALUE] = ACPI_TYPE_STRING,
> + [PATH] = ACPI_TYPE_STRING,
> + [IS_READONLY] = ACPI_TYPE_INTEGER,
> + [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER,
> + [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER,
> + [SEQUENCE] = ACPI_TYPE_INTEGER,
> + [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER,
> + [PREREQUISITES] = ACPI_TYPE_STRING,
> + [SECURITY_LEVEL] = ACPI_TYPE_INTEGER,
> + [STR_MIN_LENGTH] = ACPI_TYPE_INTEGER,
> + [STR_MAX_LENGTH] = ACPI_TYPE_INTEGER,
> +};
> +
> +/*
> + * populate_string_package_data() -
> + * Populate all properties of an instance under string attribute
> + *
> + * @string_obj: ACPI object with string data
> + * @instance_id: The instance to enumerate
> + * @attr_name_kobj: The parent kernel object
> + */
> +int populate_string_package_data(union acpi_object *string_obj,
> + int instance_id,
> + struct kobject *attr_name_kobj)
> +{
> + struct string_data *string_data = &bioscfg_drv.string_data[instance_id];
> +
> + string_data->attr_name_kobj = attr_name_kobj;
> +
> + populate_string_elements_from_package(string_obj,
> + string_obj->package.count,
> + instance_id);
> +
> + update_attribute_permissions(string_data->common.is_readonly,
> + &string_current_val);
> + friendly_user_name_update(string_data->common.path,
> + attr_name_kobj->name,
> + string_data->common.display_name,
> + sizeof(string_data->common.display_name));
> + return sysfs_create_group(attr_name_kobj, &string_attr_group);
> +}
> +
> +int populate_string_elements_from_package(union acpi_object *string_obj,
> + int string_obj_count,
> + int instance_id)
> +{
> + char *str_value = NULL;
> + int value_len;
> + int ret = 0;
> + u32 int_value;
> + int elem;
> + int reqs;
> + int eloc;
> + struct string_data *string_data = &bioscfg_drv.string_data[instance_id];
> +
> + if (!string_obj)
> + return -EINVAL;
> +
> + strscpy(string_data->common.display_name_language_code,
> + LANG_CODE_STR,
> + sizeof(string_data->common.display_name_language_code));
> +
> + for (elem = 1, eloc = 1; elem < string_obj_count; elem++, eloc++) {
> + /* ONLY look at the first STRING_ELEM_CNT elements */
> + if (eloc == STR_ELEM_CNT)
> + goto exit_string_package;
> +
> + switch (string_obj[elem].type) {
> + case ACPI_TYPE_STRING:
> +
> + if (elem != PREREQUISITES) {
> + ret = convert_hexstr_to_str(string_obj[elem].string.pointer,
> + string_obj[elem].string.length,
> + &str_value, &value_len);
> +
> + if (ret)
> + continue;
> + }
> + break;
> + case ACPI_TYPE_INTEGER:
> + int_value = (u32)string_obj[elem].integer.value;
> + break;
> + default:
> + pr_warn("Unsupported object type [%d]\n", string_obj[elem].type);
> + continue;
> + }
> +
> + /* Check that both expected and read object type match */
> + if (expected_string_types[eloc] != string_obj[elem].type) {
> + pr_err("Error expected type %d for elem %d, but got type %d instead\n",
> + expected_string_types[eloc], elem, string_obj[elem].type);
> + return -EIO;
> + }
> +
> + /* Assign appropriate element value to corresponding field*/
> + switch (eloc) {
> + case VALUE:
> + strscpy(string_data->current_value,
> + str_value, sizeof(string_data->current_value));
> + break;
> + case PATH:
> + strscpy(string_data->common.path, str_value,
> + sizeof(string_data->common.path));
> + break;
> + case IS_READONLY:
> + string_data->common.is_readonly = int_value;
> + break;
> + case DISPLAY_IN_UI:
> + string_data->common.display_in_ui = int_value;
> + break;
> + case REQUIRES_PHYSICAL_PRESENCE:
> + string_data->common.requires_physical_presence = int_value;
> + break;
> + case SEQUENCE:
> + string_data->common.sequence = int_value;
> + break;
> + case PREREQUISITES_SIZE:
> + if (string_data->common.prerequisites_size > MAX_PREREQUISITES_SIZE)
> + pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
> + /*
> + * This HACK is needed to keep the expected
> + * element list pointing to the right obj[elem].type
> + * when the size is zero. PREREQUISITES
> + * object is omitted by BIOS when the size is
> + * zero.
> + */
> + if (string_data->common.prerequisites_size == 0)
> + eloc++;
> + break;
> + case PREREQUISITES:
> + for (reqs = 0;
> + reqs < string_data->common.prerequisites_size && reqs < MAX_PREREQUISITES_SIZE;
> + reqs++) {
> + if (elem >= string_obj_count) {
> + pr_err("Error elem-objects package is too small\n");
> + return -EINVAL;
> + }
> +
> + ret = convert_hexstr_to_str(string_obj[elem + reqs].string.pointer,
> + string_obj[elem + reqs].string.length,
> + &str_value, &value_len);
> +
> + if (ret)
> + continue;
> +
> + strscpy(string_data->common.prerequisites[reqs],
> + str_value,
> + sizeof(string_data->common.prerequisites[reqs]));
> + kfree(str_value);
> + }
> + break;
> +
> + case SECURITY_LEVEL:
> + string_data->common.security_level = int_value;
> + break;
> + case STR_MIN_LENGTH:
> + string_data->min_length = int_value;
> + break;
> + case STR_MAX_LENGTH:
> + string_data->max_length = int_value;
> + break;
> + default:
> + pr_warn("Invalid element: %d found in String attribute or data may be malformed\n", elem);
> + break;
> + }
> +
> + kfree(str_value);
> + }
> +
> +exit_string_package:
> + kfree(str_value);
> + return 0;
> +}
> +
> +/*
> + * populate_string_data() -
> + * Populate all properties of an instance under string attribute
> + *
> + * @buffer_ptr: Buffer pointer
> + * @buffer_size: Buffer size
> + * @instance_id: The instance to enumerate
> + * @attr_name_kobj: The parent kernel object
> + */
> +int populate_string_buffer_data(u8 *buffer_ptr, u32 *buffer_size,
> + int instance_id,
> + struct kobject *attr_name_kobj)
> +{
> + struct string_data *string_data = &bioscfg_drv.string_data[instance_id];
> +
> + string_data->attr_name_kobj = attr_name_kobj;
> +
> + populate_string_elements_from_buffer(buffer_ptr, buffer_size,
> + instance_id);
> +
> + update_attribute_permissions(string_data->common.is_readonly,
> + &string_current_val);
> + friendly_user_name_update(string_data->common.path,
> + attr_name_kobj->name,
> + string_data->common.display_name,
> + sizeof(string_data->common.display_name));
> +
> + return sysfs_create_group(attr_name_kobj, &string_attr_group);
> +}
> +
> +int populate_string_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
> + int instance_id)
> +{
> + int reqs;
> + struct string_data *string_data = &bioscfg_drv.string_data[instance_id];
> +
> + strscpy(string_data->common.display_name_language_code,
> + LANG_CODE_STR,
> + sizeof(string_data->common.display_name_language_code));
> +
> + // VALUE:
> + get_string_from_buffer(&buffer_ptr, buffer_size, string_data->current_value,
> + sizeof(string_data->current_value));
> +
> + // PATH:
> + get_string_from_buffer(&buffer_ptr, buffer_size, string_data->common.path,
> + sizeof(string_data->common.path));
> +
> + // IS_READONLY:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &string_data->common.is_readonly);
> +
> + //DISPLAY_IN_UI:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &string_data->common.display_in_ui);
> +
> + // REQUIRES_PHYSICAL_PRESENCE:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &string_data->common.requires_physical_presence);
> +
> + // SEQUENCE:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &string_data->common.sequence);
> +
> + // PREREQUISITES_SIZE:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &string_data->common.prerequisites_size);
> +
> + if (string_data->common.prerequisites_size > MAX_PREREQUISITES_SIZE) {
> + /* Report a message and limit prerequisite size to maximum value */
> + pr_warn("String Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
> + string_data->common.prerequisites_size = MAX_PREREQUISITES_SIZE;
> + }
> +
> + // PREREQUISITES:
> + for (reqs = 0;
> + reqs < string_data->common.prerequisites_size && reqs < MAX_PREREQUISITES_SIZE;
> + reqs++)
> + get_string_from_buffer(&buffer_ptr, buffer_size,
> + string_data->common.prerequisites[reqs],
> + sizeof(string_data->common.prerequisites[reqs]));
> +
> + // SECURITY_LEVEL:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &string_data->common.security_level);
> +
> + // STR_MIN_LENGTH:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &string_data->min_length);
> +
> + // STR_MAX_LENGTH:
> + get_integer_from_buffer(&buffer_ptr, buffer_size,
> + &string_data->max_length);
> +
> + return 0;
> +}
> +
> +/*
> + * exit_string_attributes() - Clear all attribute data
> + *
> + * Clears all data allocated for this group of attributes
> + */
> +void exit_string_attributes(void)
> +{
> + int instance_id;
> +
> + for (instance_id = 0; instance_id < bioscfg_drv.string_instances_count;
> + instance_id++) {
> + struct kobject *attr_name_kobj =
> + bioscfg_drv.string_data[instance_id].attr_name_kobj;
> +
> + if (attr_name_kobj)
> + sysfs_remove_group(attr_name_kobj, &string_attr_group);
> + }
> + bioscfg_drv.string_instances_count = 0;
> +
> + kfree(bioscfg_drv.string_data);
> + bioscfg_drv.string_data = NULL;
> +}
>

+ all copy-pasted issues.

--
i.

2023-05-09 13:58:11

by Ilpo Järvinen

[permalink] [raw]
Subject: Re: [PATCH v12 10/13] HP BIOSCFG driver - spmobj-attributes

On Fri, 5 May 2023, Jorge Lopez wrote:

> HP BIOS Configuration driver purpose is to provide a driver supporting
> the latest sysfs class firmware attributes framework allowing the user
> to change BIOS settings and security solutions on HP Inc.’s commercial
> notebooks.
>
> Many features of HP Commercial notebooks can be managed using Windows
> Management Instrumentation (WMI). WMI is an implementation of Web-Based
> Enterprise Management (WBEM) that provides a standards-based interface
> for changing and monitoring system settings. HP BIOSCFG driver provides
> a native Linux solution and the exposed features facilitates the
> migration to Linux environments.
>
> The Linux security features to be provided in hp-bioscfg driver enables
> managing the BIOS settings and security solutions via sysfs, a virtual
> filesystem that can be used by user-mode applications. The new
> documentation cover HP-specific firmware sysfs attributes such Secure
> Platform Management and Sure Start. Each section provides security
> feature description and identifies sysfs directories and files exposed
> by the driver.
>
> Many HP Commercial notebooks include a feature called Secure Platform
> Management (SPM), which replaces older password-based BIOS settings
> management with public key cryptography. PC secure product management
> begins when a target system is provisioned with cryptographic keys
> that are used to ensure the integrity of communications between system
> management utilities and the BIOS.
>
> HP Commercial notebooks have several BIOS settings that control its
> behaviour and capabilities, many of which are related to security.
> To prevent unauthorized changes to these settings, the system can
> be configured to use a cryptographic signature-based authorization
> string that the BIOS will use to verify authorization to modify the
> setting.
>
> Linux Security components are under development and not published yet.
> The only linux component is the driver (hp bioscfg) at this time.
> Other published security components are under Windows.
>
> Signed-off-by: Jorge Lopez <[email protected]>
>
> ---
> Based on the latest platform-drivers-x86.git/for-next
> ---
> .../x86/hp/hp-bioscfg/spmobj-attributes.c | 381 ++++++++++++++++++
> 1 file changed, 381 insertions(+)
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
>
> diff --git a/drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
> new file mode 100644
> index 000000000000..f08f7aae9423
> --- /dev/null
> +++ b/drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
> @@ -0,0 +1,381 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Functions corresponding to secure platform management object type
> + * attributes under BIOS PASSWORD for use with hp-bioscfg driver
> + *
> + * Copyright (c) 2022 HP Development Company, L.P.
> + */
> +
> +#include "bioscfg.h"
> +
> +static const char * const spm_state_types[] = {
> + "not provisioned",
> + "provisioned",
> + "provisioning in progress",
> +};
> +
> +static const char * const spm_mechanism_types[] = {
> + "not provisioned",
> + "signing-key",
> + "endorsement-key",
> +};
> +
> +struct secureplatform_provisioning_data {
> + u8 state;
> + u8 version[2];
> + u8 reserved1;
> + u32 features;
> + u32 nonce;
> + u8 reserved2[28];
> + u8 sk_mod[MAX_KEY_MOD];
> + u8 kek_mod[MAX_KEY_MOD];
> +};
> +
> +int check_spm_is_enabled(void)
> +{
> + /* do we need to check the admin password is also configured */
> + return bioscfg_drv.spm_data.is_enabled;
> +}
> +
> +/**
> + * calculate_security_buffer() - determines size of security buffer
> + * for authentication scheme
> + *
> + * @authentication: the authentication content
> + *
> + * Currently only supported type is Admin password
> + */
> +size_t calculate_security_buffer(const char *authentication)
> +{
> + int size;

Why not size_t?

> +
> + if (authentication && strlen(authentication) > 0) {
> + size = sizeof(u16) + (strlen(authentication) * sizeof(u16));

Extra parenthesis.

> + if (!strstarts(authentication, BEAM_PREFIX))
> + size += strlen(UTF_PREFIX) * sizeof(u16);
> +
> + return size;
> + }
> +
> + size = sizeof(u16) * 2;

Extra space

> + return size;

I'd do it this way though:

size_t size, authlen;

if (!authentication)
return sizeof(u16) * 2;

authlen = strlen(authentication);
if (!authlen)
return sizeof(u16) * 2;

size = sizeof(u16) + authlen * sizeof(u16);
...


> +}
> +
> +/**
> + * populate_security_buffer() - builds a security buffer for
> + * authentication scheme
> + *
> + * @buffer: the buffer to populate
> + * @authentication: the authentication content
> + *
> + * Currently only supported type is PLAIN TEXT
> + */
> +int populate_security_buffer(u16 *buffer, const char *authentication)
> +{
> + u16 *auth = buffer;
> + u16 *retbuffer;
> + char *strprefix = NULL;
> + int ret = 0;
> +
> + if (strstarts(authentication, BEAM_PREFIX)) {
> + /*
> + * BEAM_PREFIX is append to buffer when a signature
> + * is provided and Sure Admin is enabled in BIOS
> + */
> + // BEAM_PREFIX found, convert part to unicode
> + retbuffer = hp_ascii_to_utf16_unicode(auth, authentication);
> + if (!retbuffer) {
> + ret = -EINVAL;
> + goto out_buffer;

return -EINVAL directly.

> + }
> + auth = retbuffer;
> +
> + } else {
> + /*
> + * UTF-16 prefix is append to the * buffer when a BIOS

What is "the * buffer" ?

> + * admin password is configured in BIOS
> + */
> +
> + // append UTF_PREFIX to part and then convert it to unicode

Use /* */ comments consistently.

> + strprefix = kasprintf(GFP_KERNEL, "%s%s", UTF_PREFIX,
> + authentication);
> + if (!strprefix)
> + goto out_buffer;

Shouldn't you return an error code here? Also, strprefix is NULL so you
can do return -ENOMEM directly.

> +
> + retbuffer = hp_ascii_to_utf16_unicode(auth, strprefix);

If you move kfree(strprefix) here, the flow is more obvious.

> + if (!retbuffer) {
> + ret = -EINVAL;
> + goto out_buffer;
> + }
> + auth = retbuffer;
> + }
> +
> +out_buffer:
> + kfree(strprefix);
> + return ret;
> +}
> +
> +static ssize_t update_spm_state(void)
> +{
> + int ret;
> + struct secureplatform_provisioning_data data;
> +
> + ret = hp_wmi_perform_query(HPWMI_SECUREPLATFORM_GET_STATE,
> + HPWMI_SECUREPLATFORM, &data, 0,
> + sizeof(data));
> + if (ret < 0)
> + goto state_exit;

return ret; directly.

> +
> + bioscfg_drv.spm_data.mechanism = data.state;
> + if (bioscfg_drv.spm_data.mechanism)
> + bioscfg_drv.spm_data.is_enabled = 1;
> +
> +state_exit:
> + return ret;

return 0;

> +}
> +
> +static ssize_t statusbin(struct kobject *kobj,
> + struct kobj_attribute *attr,
> + struct secureplatform_provisioning_data *buf)
> +{
> + int ret = hp_wmi_perform_query(HPWMI_SECUREPLATFORM_GET_STATE,
> + HPWMI_SECUREPLATFORM, buf, 0,
> + sizeof(struct secureplatform_provisioning_data));
> +
> + return ret < 0 ? ret : sizeof(struct secureplatform_provisioning_data);

Split to:

int ret;

ret = hp_...();
if (ret < 0)
return ret;

return sizeof(...);

> +}
> +
> +/*
> + * status_show - Reads SPM status
> + */
> +static ssize_t status_show(struct kobject *kobj, struct kobj_attribute
> + *attr, char *buf)
> +{
> + int ret, i;
> + struct secureplatform_provisioning_data data;
> +
> + ret = statusbin(kobj, attr, &data);
> + if (ret < 0)
> + goto status_exit;

Can you calculate strnlen() from buf at this point, or is the result
garbage? Should you return ret instead here?

> +
> + sysfs_emit(buf, "%s{\n", buf);
> + sysfs_emit(buf, "%s\t\"State\": \"%s\",\n", buf,
> + spm_state_types[data.state]);
> + sysfs_emit(buf, "%s\t\"Version\": \"%d.%d\",\n", buf, data.version[0],
> + data.version[1]);
> +
> + /*
> + * state == 0 means secure platform management
> + * feature is not configured in BIOS.
> + */
> + if (data.state == 0)
> + goto status_exit;
> +
> + sysfs_emit(buf, "%s\t\"Nonce\": %d,\n", buf, data.nonce);
> + sysfs_emit(buf, "%s\t\"FeaturesInUse\": %d,\n", buf, data.features);
> + sysfs_emit(buf, "%s\t\"EndorsementKeyMod\": \"", buf);
> +
> + for (i = 255; i >= 0; i--)
> + sysfs_emit(buf, "%s %u", buf, data.kek_mod[i]);
> +
> + sysfs_emit(buf, "%s \",\n", buf);
> + sysfs_emit(buf, "%s\t\"SigningKeyMod\": \"", buf);
> +
> + for (i = 255; i >= 0; i--)
> + sysfs_emit(buf, "%s %u", buf, data.sk_mod[i]);
> +
> + /* Return buf contents */
> +
> + sysfs_emit(buf, "%s \"\n", buf);
> + sysfs_emit(buf, "%s}\n", buf);
> +
> +status_exit:
> + return strnlen(buf, PAGE_SIZE);
> +}

Emit buf into buf? There's sysfs_emit_at(), however,

while I'm far from sysfs formatting expert, this feels something that
tries to expose more than one thing over same sysfs file. Shouldn't they
be each in their own files?

> +static struct kobj_attribute password_spm_status = __ATTR_RO(status);
> +
> +ATTRIBUTE_SPM_N_PROPERTY_SHOW(is_enabled, spm);
> +static struct kobj_attribute password_spm_is_key_enabled = __ATTR_RO(is_enabled);
> +
> +static ssize_t key_mechanism_show(struct kobject *kobj, struct kobj_attribute *attr,
> + char *buf)
> +{
> + return sysfs_emit(buf, "%s\n",
> + spm_mechanism_types[bioscfg_drv.spm_data.mechanism]);
> +}
> +
> +static struct kobj_attribute password_spm_key_mechanism = __ATTR_RO(key_mechanism);
> +
> +static ssize_t sk_store(struct kobject *kobj,
> + struct kobj_attribute *attr,
> + const char *buf, size_t count)
> +{
> + int ret;
> + int length;
> +
> + length = count;
> + if (buf[length - 1] == '\n')
> + length--;
> +
> + /* allocate space and copy current signing key */
> + bioscfg_drv.spm_data.signing_key = kmalloc(length, GFP_KERNEL);
> + if (!bioscfg_drv.spm_data.signing_key) {
> + ret = -ENOMEM;
> + goto exit_sk;
> + }
> +
> + strscpy(bioscfg_drv.spm_data.signing_key, buf, length);
> + bioscfg_drv.spm_data.signing_key[length] = '\0';
> +
> + /* submit signing key payload */
> + ret = hp_wmi_perform_query(HPWMI_SECUREPLATFORM_SET_SK,
> + HPWMI_SECUREPLATFORM,
> + (void *)bioscfg_drv.spm_data.signing_key,
> + length, 0);
> +
> + if (!ret) {
> + bioscfg_drv.spm_data.mechanism = SIGNING_KEY;
> + set_reboot_and_signal_event();
> + }
> +
> +exit_sk:
> + kfree(bioscfg_drv.spm_data.signing_key);
> + bioscfg_drv.spm_data.signing_key = NULL;
> +
> + return ret ? ret : count;
> +}
> +
> +static struct kobj_attribute password_spm_signing_key = __ATTR_WO(sk);
> +
> +static ssize_t kek_store(struct kobject *kobj,
> + struct kobj_attribute *attr,
> + const char *buf, size_t count)
> +{
> + int ret;
> + int length;
> +
> + length = count;
> + if (buf[length - 1] == '\n')
> + length--;
> +
> + /* allocate space and copy current signing key */
> + bioscfg_drv.spm_data.endorsement_key = kmalloc(length, GFP_KERNEL);
> + if (!bioscfg_drv.spm_data.endorsement_key) {
> + ret = -ENOMEM;
> + goto exit_kek;

Return directly.

> + }
> +
> + memcpy(bioscfg_drv.spm_data.endorsement_key, buf, length);
> + bioscfg_drv.spm_data.endorsement_key[length] = '\0';
> +
> + ret = hp_wmi_perform_query(HPWMI_SECUREPLATFORM_SET_KEK,
> + HPWMI_SECUREPLATFORM,
> + (void *)bioscfg_drv.spm_data.endorsement_key,

In general, casting to void * (and back) is not required.

> + count, 0);
> +
> + if (!ret) {
> + bioscfg_drv.spm_data.mechanism = ENDORSEMENT_KEY;
> + set_reboot_and_signal_event();
> + }
> +
> +exit_kek:
> + kfree(bioscfg_drv.spm_data.endorsement_key);
> + bioscfg_drv.spm_data.endorsement_key = NULL;
> +
> + return ret ? ret : count;
> +}
> +
> +static struct kobj_attribute password_spm_endorsement_key = __ATTR_WO(kek);
> +
> +static ssize_t role_show(struct kobject *kobj, struct kobj_attribute *attr,
> + char *buf)
> +{
> + return sysfs_emit(buf, "%s\n", BIOS_SPM);
> +}
> +
> +static struct kobj_attribute password_spm_role = __ATTR_RO(role);
> +
> +static ssize_t auth_token_store(struct kobject *kobj,
> + struct kobj_attribute *attr,
> + const char *buf, size_t count)
> +{
> + int ret = 0;
> + int length;
> +
> + length = count;
> + if (buf[length - 1] == '\n')
> + length--;
> +
> + /* allocate space and copy current auth token */
> + bioscfg_drv.spm_data.auth_token = kmalloc(count, GFP_KERNEL);
> + if (!bioscfg_drv.spm_data.auth_token) {
> + ret = -ENOMEM;
> + goto exit_token;

Return directly.

> + }
> +
> + memcpy(bioscfg_drv.spm_data.auth_token, buf, count);
> + bioscfg_drv.spm_data.auth_token[length] = '\0';
> + return count;
> +
> +exit_token:
> + kfree(bioscfg_drv.spm_data.auth_token);
> + bioscfg_drv.spm_data.auth_token = NULL;
> +
> + return ret;
> +}
> +
> +static struct kobj_attribute password_spm_auth_token = __ATTR_WO(auth_token);
> +
> +static struct attribute *secure_platform_attrs[] = {
> + &password_spm_is_key_enabled.attr,
> + &password_spm_signing_key.attr,
> + &password_spm_endorsement_key.attr,
> + &password_spm_key_mechanism.attr,
> + &password_spm_status.attr,
> + &password_spm_role.attr,
> + &password_spm_auth_token.attr,
> + NULL,
> +};
> +
> +static const struct attribute_group secure_platform_attr_group = {
> + .attrs = secure_platform_attrs,
> +};
> +
> +void exit_secure_platform_attributes(void)
> +{
> + /* remove secure platform sysfs entry and free key data*/
> +
> + kfree(bioscfg_drv.spm_data.endorsement_key);
> + bioscfg_drv.spm_data.endorsement_key = NULL;
> +
> + kfree(bioscfg_drv.spm_data.signing_key);
> + bioscfg_drv.spm_data.signing_key = NULL;
> +
> + kfree(bioscfg_drv.spm_data.auth_token);
> + bioscfg_drv.spm_data.auth_token = NULL;
> +
> + if (bioscfg_drv.spm_data.attr_name_kobj)
> + sysfs_remove_group(bioscfg_drv.spm_data.attr_name_kobj,
> + &secure_platform_attr_group);
> +}
> +
> +int populate_secure_platform_data(struct kobject *attr_name_kobj)
> +{
> + /* Populate data for Secure Platform Management */
> + bioscfg_drv.spm_data.attr_name_kobj = attr_name_kobj;
> +
> + strscpy(bioscfg_drv.spm_data.attribute_name, SPM_STR,
> + sizeof(bioscfg_drv.spm_data.attribute_name));
> +
> + bioscfg_drv.spm_data.is_enabled = 0;
> + bioscfg_drv.spm_data.mechanism = 0;
> + bioscfg_drv.pending_reboot = false;
> + update_spm_state();
> +
> + bioscfg_drv.spm_data.endorsement_key = NULL;
> + bioscfg_drv.spm_data.signing_key = NULL;
> + bioscfg_drv.spm_data.auth_token = NULL;
> +
> + return sysfs_create_group(attr_name_kobj, &secure_platform_attr_group);
> +}
>

--
i.

2023-05-09 14:20:28

by Ilpo Järvinen

[permalink] [raw]
Subject: Re: [PATCH v12 11/13] HP BIOSCFG driver - surestart-attributes

On Fri, 5 May 2023, Jorge Lopez wrote:

> HP BIOS Configuration driver purpose is to provide a driver supporting
> the latest sysfs class firmware attributes framework allowing the user
> to change BIOS settings and security solutions on HP Inc.’s commercial
> notebooks.
>
> Many features of HP Commercial notebooks can be managed using Windows
> Management Instrumentation (WMI). WMI is an implementation of Web-Based
> Enterprise Management (WBEM) that provides a standards-based interface
> for changing and monitoring system settings. HP BIOSCFG driver provides
> a native Linux solution and the exposed features facilitates the
> migration to Linux environments.
>
> The Linux security features to be provided in hp-bioscfg driver enables
> managing the BIOS settings and security solutions via sysfs, a virtual
> filesystem that can be used by user-mode applications. The new
> documentation cover HP-specific firmware sysfs attributes such Secure
> Platform Management and Sure Start. Each section provides security
> feature description and identifies sysfs directories and files exposed
> by the driver.
>
> Many HP Commercial notebooks include a feature called Secure Platform
> Management (SPM), which replaces older password-based BIOS settings
> management with public key cryptography. PC secure product management
> begins when a target system is provisioned with cryptographic keys
> that are used to ensure the integrity of communications between system
> management utilities and the BIOS.
>
> HP Commercial notebooks have several BIOS settings that control its
> behaviour and capabilities, many of which are related to security.
> To prevent unauthorized changes to these settings, the system can
> be configured to use a cryptographic signature-based authorization
> string that the BIOS will use to verify authorization to modify the
> setting.
>
> Linux Security components are under development and not published yet.
> The only linux component is the driver (hp bioscfg) at this time.
> Other published security components are under Windows.
>
> Signed-off-by: Jorge Lopez <[email protected]>
>
> ---
> Based on the latest platform-drivers-x86.git/for-next
> ---
> .../x86/hp/hp-bioscfg/surestart-attributes.c | 133 ++++++++++++++++++
> 1 file changed, 133 insertions(+)
> create mode 100644 drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
>
> diff --git a/drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
> new file mode 100644
> index 000000000000..b627c324f6a6
> --- /dev/null
> +++ b/drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
> @@ -0,0 +1,133 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Functions corresponding to sure start object type attributes under
> + * BIOS for use with hp-bioscfg driver
> + *
> + * Copyright (c) 2022 HP Development Company, L.P.
> + */
> +
> +#include "bioscfg.h"
> +#include <linux/types.h>
> +
> +/* Maximum number of log entries supported when log entry size is 16
> + * bytes. This value is calculated by dividing 4096 (page size) by
> + * log entry size.
> + */
> +#define LOG_MAX_ENTRIES 254
> +
> +/*
> + * Current Log entry size. This value size will change in the
> + * future. The driver reads a total of 128 bytes for each log entry
> + * provided by BIOS but only the first 16 bytes are used/read.
> + */
> +#define LOG_ENTRY_SIZE 16
> +
> +/*
> + * audit_log_entry_count_show - Reports the number of
> + * existing audit log entries available
> + * to be read
> + */
> +static ssize_t audit_log_entry_count_show(struct kobject *kobj,
> + struct kobj_attribute *attr, char *buf)
> +{
> + int ret;
> + u32 count = 0;
> +
> + ret = hp_wmi_perform_query(HPWMI_SURESTART_GET_LOG_COUNT,
> + HPWMI_SURESTART,
> + &count, 1, sizeof(count));
> +

Extra newline.

> + if (ret < 0)
> + return ret;
> +
> + return sysfs_emit(buf, "%d,%d,%d\n", count, LOG_ENTRY_SIZE,
> + LOG_MAX_ENTRIES);

Why 3 values instead of 1?

> +}
> +
> +/*
> + * audit_log_entries_show() - Return all entries found in log file
> + */
> +static ssize_t audit_log_entries_show(struct kobject *kobj,
> + struct kobj_attribute *attr, char *buf)
> +{
> + int ret;
> + int i;
> + u32 count = 0;
> + u8 audit_log_buffer[128];
> +
> + // Get the number of event logs
> + ret = hp_wmi_perform_query(HPWMI_SURESTART_GET_LOG_COUNT,
> + HPWMI_SURESTART,
> + &count, 1, sizeof(count));
> +

Extra newline.

> + if (ret < 0)
> + return ret;
> +
> + /*
> + * The show() api will not work if the audit logs ever go
> + * beyond 4KB

Extra space.

> + */
> + if (count * LOG_ENTRY_SIZE > PAGE_SIZE)
> + return -EIO;
> +
> + /*
> + * We are guaranteed the buffer is 4KB so today all the event
> + * logs will fit
> + */
> + for (i = 0; i < count; i++) {
> + audit_log_buffer[0] = (i + 1);

Extra parenthesis.

> +
> + /*
> + * read audit log entry at a time. 'buf' input value
> + * provides the audit log entry to be read. On

Extra spaces.

> + * input, Byte 0 = Audit Log entry number from
> + * beginning (1..254)
> + * Entry number 1 is the newest entry whereas the
> + * highest entry number (number of entries) is the
> + * oldest entry.
> + */
> + ret = hp_wmi_perform_query(HPWMI_SURESTART_GET_LOG,
> + HPWMI_SURESTART,
> + audit_log_buffer, 1, 128);
> +
> + if (ret >= 0 && (LOG_ENTRY_SIZE * i) < PAGE_SIZE) {

Can the second condition ever fail?

> + memcpy(buf, audit_log_buffer, LOG_ENTRY_SIZE);
> + buf += LOG_ENTRY_SIZE;
> + } else {
> + /*
> + * Encountered a failure while reading
> + * individual logs. Only a partial list of
> + * audit log will be returned.
> + */
> + count = i + 1;
> + break;
> + }

Reverse order, do error handling with break first.

Why not return i * LOG_ENTRY_SIZE directly (or at the end), no need to
tweak count?

> + }
> +
> + return count * LOG_ENTRY_SIZE;
> +}
> +
> +static struct kobj_attribute sure_start_audit_log_entry_count = __ATTR_RO(audit_log_entry_count);
> +static struct kobj_attribute sure_start_audit_log_entries = __ATTR_RO(audit_log_entries);
> +
> +static struct attribute *sure_start_attrs[] = {
> + &sure_start_audit_log_entry_count.attr,
> + &sure_start_audit_log_entries.attr,
> + NULL,
> +};
> +
> +static const struct attribute_group sure_start_attr_group = {
> + .attrs = sure_start_attrs,
> +};
> +
> +void exit_sure_start_attributes(void)
> +{
> + sysfs_remove_group(bioscfg_drv.sure_start_attr_kobj,
> + &sure_start_attr_group);
> +}
> +
> +int populate_sure_start_data(struct kobject *attr_name_kobj)
> +{
> + bioscfg_drv.sure_start_attr_kobj = attr_name_kobj;
> + return sysfs_create_group(attr_name_kobj, &sure_start_attr_group);
> +}
>

--
i.

2023-05-09 21:43:04

by Jorge Lopez

[permalink] [raw]
Subject: Re: [PATCH v12 04/13] HP BIOSCFG driver - int-attributes

On Mon, May 8, 2023 at 4:16 PM Thomas Weißschuh <[email protected]> wrote:
>
> On 2023-05-05 17:00:34-0500, Jorge Lopez wrote:
>
> <snip>
>
> > ---
> > Based on the latest platform-drivers-x86.git/for-next
> > ---
> > .../x86/hp/hp-bioscfg/int-attributes.c | 448 ++++++++++++++++++
> > 1 file changed, 448 insertions(+)
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
> >
> > diff --git a/drivers/platform/x86/hp/hp-bioscfg/int-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
> > new file mode 100644
> > index 000000000000..1395043d5c9f
> > --- /dev/null
> > +++ b/drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
> > @@ -0,0 +1,448 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/*
> > + * Functions corresponding to integer type attributes under
> > + * BIOS Enumeration GUID for use with hp-bioscfg driver.
> > + *
> > + * Copyright (c) 2022 Hewlett-Packard Inc.
> > + */
> > +
> > +#include "bioscfg.h"
> > +
> > +GET_INSTANCE_ID(integer);
> > +
<snp>

> > +
> > + for (elem = 1, eloc = 1; elem < integer_obj_count; elem++, eloc++) {
> > + /* ONLY look at the first INTEGER_ELEM_CNT elements */
> > + if (eloc == INT_ELEM_CNT)
> > + goto exit_integer_package;
> > +
> > + switch (integer_obj[elem].type) {
> > + case ACPI_TYPE_STRING:
> > +
> > + if (elem != PREREQUISITES) {
> > + ret = convert_hexstr_to_str(integer_obj[elem].string.pointer,
> > + integer_obj[elem].string.length,
> > + &str_value, &value_len);
> > + if (ret)
> > + continue;
> > + }
> > + break;
>
> Instead of the loop pattern can this not use the same pattern as
> populate_integer_elements_from_buffer()?
>
> (Same for all attribute types)

package data requires keeping track of what is the current package
element and the location between the element.
For these reasons, looping is a better option since the elem counter
needs to be increased.
Another reason is keeping track of the maximum number of elements in
each WMI package so looping provides a cleaner solution.
Let me see how I can clean up the code and make it more readable.
Overall refactoring this portion of the driver can be done at a later
time.

>
> > + case ACPI_TYPE_INTEGER:
> > + int_value = (u32)integer_obj[elem].integer.value;
> > + break;
> > + default:
> > + pr_warn("Unsupported object type [%d]\n", integer_obj[elem].type);
> > + continue;
<snip>

> +
> > +/*
> > + * populate_integer_buffer_data() -
> > + * Populate all properties of an instance under integer attribute
> > + *
> > + * @buffer_ptr: Buffer pointer
> > + * @buffer_size: Buffer size
> > + * @instance_id: The instance to enumerate
> > + * @attr_name_kobj: The parent kernel object
> > + */
>
> Needs /** to be proper kdoc.

Done!
>
> > +int populate_integer_buffer_data(u8 *buffer_ptr, u32 *buffer_size, int instance_id,
> > + struct kobject *attr_name_kobj)
> > +{
> > + struct integer_data *integer_data = &bioscfg_drv.integer_data[instance_id];
> > +
> > + integer_data->attr_name_kobj = attr_name_kobj;
> > +
> > + /* Populate integer elements */
> > + populate_integer_elements_from_buffer(buffer_ptr, buffer_size,
> > + instance_id);
> > + update_attribute_permissions(integer_data->common.is_readonly,
> > + &integer_current_val);
> > + friendly_user_name_update(integer_data->common.path,
> > + attr_name_kobj->name,
> > + integer_data->common.display_name,
> > + sizeof(integer_data->common.display_name));
> > +
> > + return sysfs_create_group(attr_name_kobj, &integer_attr_group);
> > +}
> > +
> > +int populate_integer_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
> > + int instance_id)
> > +{
> > + char *dst = NULL;
> > + int reqs;
> > + int ret;
> > + int dst_size = *buffer_size / sizeof(u16);
> > + struct integer_data *integer_data = &bioscfg_drv.integer_data[instance_id];
> > +
> > + dst = kcalloc(dst_size, sizeof(char), GFP_KERNEL);
> > + if (!dst)
> > + return -ENOMEM;
> > +
> > + strscpy(integer_data->common.display_name_language_code,
> > + LANG_CODE_STR,
> > + sizeof(integer_data->common.display_name_language_code));
> > + /*
> > + * Only data relevant to this driver and its functionality is
> > + * read. BIOS defines the order in which each * element is
> > + * read. Element 0 data is not relevant to this
> > + * driver hence it is ignored. For clarity, all element names
> > + * (DISPLAY_IN_UI) which defines the order in which is read
> > + * and the name matches the variable where the data is stored.
> > + */
> > +
> > + // VALUE:
> > + get_string_from_buffer(&buffer_ptr, buffer_size, dst, dst_size);
> > + ret = kstrtoint(dst, 10, &integer_data->current_value);
> > + if (ret)
> > + pr_warn("Unable to convert string to integer: %s\n", dst);
>
> Maybe set current_value to a well-defined value when this error happens.

We will initialize the value to zero.
>
> > +
> > + // PATH:
> > + get_string_from_buffer(&buffer_ptr, buffer_size, integer_data->common.path,
> > + sizeof(integer_data->common.path));
>
> get_string_from_buffer() returns an int but the return value is never
> used.
> Also it's not clear where the validation that the buffer is not read out
> of bounds happens. Making this more explicit would be nice.
>
In earlier implementation, errors were ignored and the process
continued to read the next element.
it is for this reason, the return value is not checked since the error
was treated as noop.
I will add a comment explaining why no return value is checked here.

> > +
> > + // IS_READONLY:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &integer_data->common.is_readonly);
> > +
> > + //DISPLAY_IN_UI:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &integer_data->common.display_in_ui);
> > +
> > + // REQUIRES_PHYSICAL_PRESENCE:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &integer_data->common.requires_physical_presence);
> > +
> > + // SEQUENCE:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &integer_data->common.sequence);
> > +
> > + // PREREQUISITES_SIZE:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &integer_data->common.prerequisites_size);
>
> If the common values are always in the same order you could refactor it
> into a function.
>
> > +
> > + if (integer_data->common.prerequisites_size > MAX_PREREQUISITES_SIZE) {
> > + /* Report a message and limit prerequisite size to maximum value */
> > + pr_warn("Integer Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
> > + integer_data->common.prerequisites_size = MAX_PREREQUISITES_SIZE;
> > + }
> > +
> > + // PREREQUISITES:
> > + for (reqs = 0;
> > + reqs < integer_data->common.prerequisites_size && reqs < MAX_PREREQUISITES_SIZE;
> > + reqs++)
> > + get_string_from_buffer(&buffer_ptr, buffer_size,
> > + integer_data->common.prerequisites[reqs],
> > + sizeof(integer_data->common.prerequisites[reqs]));
>
> How is this supposed to work?
>
> Presumably if the firmware returns too many prerequisites the ignored
> prerequisites can't just be interpreted as security_level, lower_bound,
> upper_bound.
>
prerequisites data is considered as corrupted when its prerequisite
size is greater than MAX_PREREQUISITES_SIZE.
Only when the prerequisite size is within range, the driver can assume
the data is valid.

> In general it may be useful to be able mark an attribute as invalid and
> probihibit interaction from userspace.
> Then if the firmware returns bogus data we can just enable that invalid
> state and don't have to worry about things like that.

Good idea. I will keep it in mind.
>
> > +
> > + // SECURITY_LEVEL:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &integer_data->common.security_level);
> > +
> > + // INT_LOWER_BOUND:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &integer_data->lower_bound);
> > +
> > + // INT_UPPER_BOUND:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &integer_data->upper_bound);
> > +
> > + // INT_SCALAR_INCREMENT:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &integer_data->scalar_increment);
> > +
> > + kfree(dst);
>
> dst can be freed much earlier.
Done!
>
> > + return 0;
> > +}
>
> The new logic looks much nicer!
> Now let's see if it can be used for reading from a package.

Please see earlier comment regarding refactoring package data function
and the rationale why there is no significant gain by doing it at this
time.

>
> > +
> > +/*
> > + * exit_integer_attributes() - Clear all attribute data
> > + *
> > + * Clears all data allocated for this group of attributes
> > + */
> > +void exit_integer_attributes(void)
> > +{
> > + int instance_id;
> > +
> > + for (instance_id = 0; instance_id < bioscfg_drv.integer_instances_count;
> > + instance_id++) {
> > + struct kobject *attr_name_kobj =
> > + bioscfg_drv.integer_data[instance_id].attr_name_kobj;
> > +
> > + if (attr_name_kobj)
> > + sysfs_remove_group(attr_name_kobj, &integer_attr_group);
> > + }
> > + bioscfg_drv.integer_instances_count = 0;
> > +
> > + kfree(bioscfg_drv.integer_data);
> > + bioscfg_drv.integer_data = NULL;
> > +}
> > --
> > 2.34.1
> >

2023-05-09 22:35:39

by Jorge Lopez

[permalink] [raw]
Subject: Re: [PATCH v12 05/13] HP BIOSCFG driver - ordered-attributes

On Mon, May 8, 2023 at 4:35 PM Thomas Weißschuh <[email protected]> wrote:
>
> On 2023-05-05 17:00:35-0500, Jorge Lopez wrote:
>
> <snip>
>
> > ---
> > Based on the latest platform-drivers-x86.git/for-next
> > ---
> > .../x86/hp/hp-bioscfg/ordered-attributes.c | 443 ++++++++++++++++++
> > 1 file changed, 443 insertions(+)
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c
>
> Should be named order-list-attributes.
>
> >
> > diff --git a/drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c
> > new file mode 100644
> > index 000000000000..1d06fbefceca
> > --- /dev/null
> > +++ b/drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c
> > @@ -0,0 +1,443 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/*
> > + * Functions corresponding to ordered list type attributes under
> > + * BIOS ORDERED LIST GUID for use with hp-bioscfg driver.
> > + *
> > + * Copyright (c) 2022 HP Development Company, L.P.
> > + */
> > +
> > +#include "bioscfg.h"
> > +
> > +GET_INSTANCE_ID(ordered_list);
> > +
> > +static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
> > +{
> > + int instance_id = get_ordered_list_instance_id(kobj);
> > +
> > + if (instance_id < 0)
> > + return -EIO;
> > +
> > + return sysfs_emit(buf, "%s\n",
> > + bioscfg_drv.ordered_list_data[instance_id].current_value);
> > +}
> > +
> > +/**
> > + * validate_ordered_list_input() -
> > + * Validate input of current_value against possible values
> > + *
> > + * @instance_id: The instance on which input is validated
> > + * @buf: Input value
> > + */
> > +static int validate_ordered_list_input(int instance_id, const char *buf)
> > +{
> > + struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
> > +
> > + if (ordered_list_data->common.requires_physical_presence)
> > + set_reboot_and_signal_event();
>
> I think the block above can actually be pulled up into
> ATTRIBUTE_PROPERTY_STORE() and removed from all the attributes.
>
Done!



> > +
> > + return 0;
> > +}
> > +
<snip>

> > +static struct attribute *ordered_list_attrs[] = {
> > + &ordered_list_display_langcode.attr,
> > + &ordered_list_display_name.attr,
> > + &ordered_list_current_val.attr,
> > + &ordered_list_elements_val.attr,
> > + &ordered_list_type.attr,
> > + NULL,
>
> No comma.

Done!
>
> > +};
> > +
> > +static const struct attribute_group ordered_list_attr_group = {
> > + .attrs = ordered_list_attrs,
> > +};
> > +
> > +int alloc_ordered_list_data(void)
> > +{
> > + bioscfg_drv.ordered_list_instances_count =
> > + get_instance_count(HP_WMI_BIOS_ORDERED_LIST_GUID);
> > + bioscfg_drv.ordered_list_data = kcalloc(bioscfg_drv.ordered_list_instances_count,
> > + sizeof(struct ordered_list_data), GFP_KERNEL);
> > + if (!bioscfg_drv.ordered_list_data) {
> > + bioscfg_drv.ordered_list_instances_count = 0;
> > + return -ENOMEM;
> > + }
> > + return 0;
> > +}
> > +
> > +/**
> > + * populate_ordered_list_package_data() -
> > + * Populate all properties of an instance under ordered_list attribute
> > + *
> > + * @order_obj: ACPI object with ordered_list data
> > + * @instance_id: The instance to enumerate
> > + * @attr_name_kobj: The parent kernel object
> > + */
> > +int populate_ordered_list_package_data(union acpi_object *order_obj, int instance_id,
> > + struct kobject *attr_name_kobj)
> > +{
> > + struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
> > +
> > + ordered_list_data->attr_name_kobj = attr_name_kobj;
> > +
> > + populate_ordered_list_elements_from_package(order_obj,
> > + order_obj->package.count,
> > + instance_id);
> > + update_attribute_permissions(ordered_list_data->common.is_readonly,
> > + &ordered_list_current_val);
> > + friendly_user_name_update(ordered_list_data->common.path,
> > + attr_name_kobj->name,
> > + ordered_list_data->common.display_name,
> > + sizeof(ordered_list_data->common.display_name));
> > + return sysfs_create_group(attr_name_kobj, &ordered_list_attr_group);
> > +}
> > +
> > +/* Expected Values types associated with each element */
> > +static const acpi_object_type expected_order_types[] = {
> > + [NAME] = ACPI_TYPE_STRING,
> > + [VALUE] = ACPI_TYPE_STRING,
> > + [PATH] = ACPI_TYPE_STRING,
> > + [IS_READONLY] = ACPI_TYPE_INTEGER,
> > + [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER,
> > + [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER,
> > + [SEQUENCE] = ACPI_TYPE_INTEGER,
> > + [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER,
> > + [PREREQUISITES] = ACPI_TYPE_STRING,
> > + [SECURITY_LEVEL] = ACPI_TYPE_INTEGER,
> > + [ORD_LIST_SIZE] = ACPI_TYPE_INTEGER,
> > + [ORD_LIST_ELEMENTS] = ACPI_TYPE_STRING,
> > +};
> > +
> > +int populate_ordered_list_elements_from_package(union acpi_object *order_obj,
> > + int order_obj_count,
> > + int instance_id)
>
> Can be static. Same for the other attributes.

Done!
>
> > +{

<snip>
> > + for (elem = 1; elem < MAX_ELEMENTS_SIZE && part; elem++) {
> > + strscpy(ordered_list_data->elements[elem],
> > + part,
> > + sizeof(ordered_list_data->elements[elem]));
> > + part = strsep(&part_tmp, ",");
> > + }
> > +
> > + kfree(tmpstr);
>
> This will be freed below anyways.
>
> > + break;
> > + default:
> > + pr_warn("Invalid element: %d found in Ordered_List attribute or data may be malformed\n", elem);
> > + break;
> > + }
> > + kfree(tmpstr);
> > + kfree(str_value);
> > + }
> > +
> > +exit_list_package:
>
> No need for function name in jump label.

Done!
>
> > + kfree(tmpstr);
> > + kfree(str_value);
> > + return 0;
> > +}
> > +
> > +/**
> > + * populate_ordered_list_buffer_data() - Populate all properties of an
> > + * instance under ordered list attribute
> > + *
> > + * @buffer_ptr: Buffer pointer
> > + * @buffer_size: Buffer size
> > + * @instance_id: The instance to enumerate
> > + * @attr_name_kobj: The parent kernel object
> > + */
> > +int populate_ordered_list_buffer_data(u8 *buffer_ptr, u32 *buffer_size, int instance_id,
> > + struct kobject *attr_name_kobj)
> > +{
> > + struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
> > +
> > + ordered_list_data->attr_name_kobj = attr_name_kobj;
> > +
> > + /* Populate ordered list elements */
> > + populate_ordered_list_elements_from_buffer(buffer_ptr, buffer_size,
> > + instance_id);
> > + update_attribute_permissions(ordered_list_data->common.is_readonly,
> > + &ordered_list_current_val);
> > + friendly_user_name_update(ordered_list_data->common.path,
> > + attr_name_kobj->name,
> > + ordered_list_data->common.display_name,
> > + sizeof(ordered_list_data->common.display_name));
> > +
> > + return sysfs_create_group(attr_name_kobj, &ordered_list_attr_group);
> > +}
> > +
> > +int populate_ordered_list_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
> > + int instance_id)
>
> Can be static. Same for the other attributes.

Done!
>
> > +{
> > + int reqs;
> > + int values;
> > + struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
> > +
> > + strscpy(ordered_list_data->common.display_name_language_code,
> > + LANG_CODE_STR,
> > + sizeof(ordered_list_data->common.display_name_language_code));
> > +
> > + // VALUE:
> > + get_string_from_buffer(&buffer_ptr, buffer_size, ordered_list_data->current_value,
> > + sizeof(ordered_list_data->current_value));
> > +
> > + // PATH:
> > + get_string_from_buffer(&buffer_ptr, buffer_size, ordered_list_data->common.path,
> > + sizeof(ordered_list_data->common.path));
> > +
> > + // IS_READONLY:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &ordered_list_data->common.is_readonly);
> > +
> > + //DISPLAY_IN_UI:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &ordered_list_data->common.display_in_ui);
> > +
> > + // REQUIRES_PHYSICAL_PRESENCE:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &ordered_list_data->common.requires_physical_presence);
> > +
> > + // SEQUENCE:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &ordered_list_data->common.sequence);
> > +
> > + // PREREQUISITES_SIZE:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &ordered_list_data->common.prerequisites_size);
> > +
> > + if (ordered_list_data->common.prerequisites_size > MAX_PREREQUISITES_SIZE) {
> > + /* Report a message and limit prerequisite size to maximum value */
> > + pr_warn("String Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
> > + ordered_list_data->common.prerequisites_size = MAX_PREREQUISITES_SIZE;
> > + }
> > +
> > + // PREREQUISITES:
> > + for (reqs = 0;
> > + reqs < ordered_list_data->common.prerequisites_size && reqs < MAX_PREREQUISITES_SIZE;
> > + reqs++)
> > + get_string_from_buffer(&buffer_ptr, buffer_size,
> > + ordered_list_data->common.prerequisites[reqs],
> > + sizeof(ordered_list_data->common.prerequisites[reqs]));
> > +
> > + // SECURITY_LEVEL:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &ordered_list_data->common.security_level);
> > +
> > + // ORD_LIST_SIZE:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &ordered_list_data->elements_size);
> > +
> > + if (ordered_list_data->elements_size > MAX_ELEMENTS_SIZE) {
> > + /* Report a message and limit elements size to maximum value */
> > + pr_warn("Ordered List size value exceeded the maximum number of elements supported or data may be malformed\n");
> > + ordered_list_data->elements_size = MAX_ELEMENTS_SIZE;
> > + }
> > +
> > + // ORD_LIST_ELEMENTS:
> > + for (values = 0; values < ordered_list_data->elements_size && values < MAX_ELEMENTS_SIZE;
>
> values < min(ordered_list_data->elements_size, MAX_ELEMENTS_SIZE)
>
> Also elements_size can actually never be > MAX_ELEMENTS_SIZE here.
> Same for PREREQUISITES.
> But as discussed before this limiting to a max amount of elements is
> invalid, as following data will be misinterpreted.
>

Done!

> > + values++)
> > + get_string_from_buffer(&buffer_ptr, buffer_size,
> > + ordered_list_data->elements[values],
> > + sizeof(ordered_list_data->elements[values]));
> > +
> > + return 0;
> > +}
> > +
> > +/**
> > + * exit_ordered_list_attributes() - Clear all attribute data
> > + *
> > + * Clears all data allocated for this group of attributes
> > + */
> > +void exit_ordered_list_attributes(void)
> > +{
> > + int instance_id;
> > +
> > + for (instance_id = 0; instance_id < bioscfg_drv.ordered_list_instances_count;
> > + instance_id++) {
> > + struct kobject *attr_name_kobj =
> > + bioscfg_drv.ordered_list_data[instance_id].attr_name_kobj;
> > +
> > + if (attr_name_kobj)
> > + sysfs_remove_group(attr_name_kobj,
> > + &ordered_list_attr_group);
> > + }
> > + bioscfg_drv.ordered_list_instances_count = 0;
> > +
> > + kfree(bioscfg_drv.ordered_list_data);
> > + bioscfg_drv.ordered_list_data = NULL;
> > +}
> > --
> > 2.34.1
> >

2023-05-10 19:13:11

by Jorge Lopez

[permalink] [raw]
Subject: Re: [PATCH v12 04/13] HP BIOSCFG driver - int-attributes

On Tue, May 9, 2023 at 5:24 AM Ilpo Järvinen
<[email protected]> wrote:
>
> On Mon, 8 May 2023, Jorge Lopez wrote:
>
> > On Mon, May 8, 2023 at 9:45 AM Ilpo Järvinen
> > <[email protected]> wrote:
> > >
> > > On Fri, 5 May 2023, Jorge Lopez wrote:
> > >
> > > > HP BIOS Configuration driver purpose is to provide a driver supporting
> > > > the latest sysfs class firmware attributes framework allowing the user
> > > > to change BIOS settings and security solutions on HP Inc.’s commercial
> > > > notebooks.
> > > >
> > > > Many features of HP Commercial notebooks can be managed using Windows
> > > > Management Instrumentation (WMI). WMI is an implementation of Web-Based
> > > > Enterprise Management (WBEM) that provides a standards-based interface
> > > > for changing and monitoring system settings. HP BIOSCFG driver provides
> > > > a native Linux solution and the exposed features facilitates the
> > > > migration to Linux environments.
> > > >
> > > > The Linux security features to be provided in hp-bioscfg driver enables
> > > > managing the BIOS settings and security solutions via sysfs, a virtual
> > > > filesystem that can be used by user-mode applications. The new
> > > > documentation cover HP-specific firmware sysfs attributes such Secure
> > > > Platform Management and Sure Start. Each section provides security
> > > > feature description and identifies sysfs directories and files exposed
> > > > by the driver.
> > > >
> > > > Many HP Commercial notebooks include a feature called Secure Platform
> > > > Management (SPM), which replaces older password-based BIOS settings
> > > > management with public key cryptography. PC secure product management
> > > > begins when a target system is provisioned with cryptographic keys
> > > > that are used to ensure the integrity of communications between system
> > > > management utilities and the BIOS.
> > > >
> > > > HP Commercial notebooks have several BIOS settings that control its
> > > > behaviour and capabilities, many of which are related to security.
> > > > To prevent unauthorized changes to these settings, the system can
> > > > be configured to use a cryptographic signature-based authorization
> > > > string that the BIOS will use to verify authorization to modify the
> > > > setting.
> > > >
> > > > Linux Security components are under development and not published yet.
> > > > The only linux component is the driver (hp bioscfg) at this time.
> > > > Other published security components are under Windows.
> > > >
> > > > Signed-off-by: Jorge Lopez <[email protected]>
> > > >
> > > > ---
> > > > Based on the latest platform-drivers-x86.git/for-next
> > > > ---
>
> > > > +int alloc_integer_data(void)
> > > > +{
> > > > + bioscfg_drv.integer_instances_count = get_instance_count(HP_WMI_BIOS_INTEGER_GUID);
> > > > + bioscfg_drv.integer_data = kcalloc(bioscfg_drv.integer_instances_count,
> > > > + sizeof(struct integer_data), GFP_KERNEL);
> > >
> > > It would be better to use sizeof(*...) format.
> >
> > I cannot use sizeof(*...) at this time, because it is allocating
> > bioscfg_drv.integer_instances_count number of integer_data
> > structures.
>
> Isn't bioscfg_drv.integer_data is a pointer to a single struct
> integer_data? Why cannot you do sizeof(*bioscfg_drv.integer_data)?? It is
> perfectly legal C construct for getting the size of the struct the
> pointer points to.
>
>

You are correct. I found the problem in the code during my testing.
I will update similar code across all files.

> --
> i.

2023-05-10 20:21:33

by Jorge Lopez

[permalink] [raw]
Subject: Re: [PATCH v12 06/13] HP BIOSCFG driver - passwdobj-attributes

On Tue, May 9, 2023 at 7:34 AM Ilpo Järvinen
<[email protected]> wrote:
>
> On Fri, 5 May 2023, Jorge Lopez wrote:
>
> > HP BIOS Configuration driver purpose is to provide a driver supporting
> > the latest sysfs class firmware attributes framework allowing the user
> > to change BIOS settings and security solutions on HP Inc.’s commercial
> > notebooks.
> >
> > Many features of HP Commercial notebooks can be managed using Windows
> > Management Instrumentation (WMI). WMI is an implementation of Web-Based
> > Enterprise Management (WBEM) that provides a standards-based interface
> > for changing and monitoring system settings. HP BIOSCFG driver provides
> > a native Linux solution and the exposed features facilitates the
> > migration to Linux environments.
> >
> > The Linux security features to be provided in hp-bioscfg driver enables
> > managing the BIOS settings and security solutions via sysfs, a virtual
> > filesystem that can be used by user-mode applications. The new
> > documentation cover HP-specific firmware sysfs attributes such Secure
> > Platform Management and Sure Start. Each section provides security
> > feature description and identifies sysfs directories and files exposed
> > by the driver.
> >
> > Many HP Commercial notebooks include a feature called Secure Platform
> > Management (SPM), which replaces older password-based BIOS settings
> > management with public key cryptography. PC secure product management
> > begins when a target system is provisioned with cryptographic keys
> > that are used to ensure the integrity of communications between system
> > management utilities and the BIOS.
> >
> > HP Commercial notebooks have several BIOS settings that control its
> > behaviour and capabilities, many of which are related to security.
> > To prevent unauthorized changes to these settings, the system can
> > be configured to use a cryptographic signature-based authorization
> > string that the BIOS will use to verify authorization to modify the
> > setting.
> >
> > Linux Security components are under development and not published yet.
> > The only linux component is the driver (hp bioscfg) at this time.
> > Other published security components are under Windows.
> >
> > Signed-off-by: Jorge Lopez <[email protected]>
> >
> > ---
> > Based on the latest platform-drivers-x86.git/for-next
>
> FYI, for me you don't need to reply into the comments where you'll be
> following the review suggestion. It saves us both time if we focus on
> points where there's more to discuss.
>
> > ---
> > .../x86/hp/hp-bioscfg/passwdobj-attributes.c | 584 ++++++++++++++++++
> > 1 file changed, 584 insertions(+)
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c
> >
> > diff --git a/drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c
> > new file mode 100644
> > index 000000000000..7f3bd58ab3fd

<snip>
> > +
> > +int get_password_instance_for_type(const char *name)
> > +{
> > + int count = bioscfg_drv.password_instances_count;
> > + int instance;
> > +
> > + for (instance = 0; instance < count; instance++) {
>
> Perhaps the loops could have the same form, either this or the one in the
> prev function.
>
> > + if (strcmp(bioscfg_drv.password_data[instance].common.display_name, name) == 0)
>
> !strcmp(...)
>
> > + return instance;
> > + }
> > + return -EINVAL;
> > +}

Done!

> > +
> > +int validate_password_input(int instance_id, const char *buf)
> > +{
> > + int length;
> > + struct password_data *password_data = &bioscfg_drv.password_data[instance_id];
> > +
> > + length = strlen(buf);
> > + if (buf[length - 1] == '\n')
> > + length--;
> > +
> > + if (length > MAX_PASSWD_SIZE)
> > + return INVALID_BIOS_AUTH;
> > +
> > + if (password_data->min_password_length > length ||
> > + password_data->max_password_length < length)
> > + return INVALID_BIOS_AUTH;
> > + return SUCCESS;
> > +}
> > +
> > +ATTRIBUTE_N_PROPERTY_SHOW(is_enabled, password);
> > +static struct kobj_attribute password_is_password_set = __ATTR_RO(is_enabled);
> > +
> > +static ssize_t current_password_store(struct kobject *kobj,
> > + struct kobj_attribute *attr,
> > + const char *buf, size_t count)
> > +{
> > + char *buf_cp;
> > + int id, ret = 0;
> > +
> > + buf_cp = kstrdup(buf, GFP_KERNEL);
> > + if (!buf_cp) {
> > + ret = -ENOMEM;
> > + goto exit_password;
>
> return -ENOMEM; directly.
>
Done!

> > + }
> > +
> > + ret = enforce_single_line_input(buf_cp, count);
> > + if (!ret) {
> > + id = get_password_instance_id(kobj);
> > + if (id >= 0)
> > + ret = validate_password_input(id, buf_cp);
> > + }
> > +
> > + if (!ret) {
>
> Convert the error handling above to < 0 + goto pairs instead.
>
> Should this function really return 0 when get_password_instance_id()
> returns error?
>
> It can also write to -EIO index here when get_poassword_instance_id()
> fails:
>
get_password_instance_id() now returns -EIO when the instance is not
found otherwise it returns values 0...n
I will change all checks for ret value to ret < 0 to handle the
operation correctly.

> > + strscpy(bioscfg_drv.password_data[id].current_password,
> > + buf_cp,
> > + sizeof(bioscfg_drv.password_data[id].current_password));
> > + /*
> > + * set pending reboot flag depending on
> > + * "RequiresPhysicalPresence" value
> > + */
> > + if (bioscfg_drv.password_data[id].common.requires_physical_presence)
> > + set_reboot_and_signal_event();
> > + }
>
> > +
> > +exit_password:
> > + kfree(buf_cp);
> > + return ret ? ret : count;
> > +}
> > +
> > +static struct kobj_attribute password_current_password = __ATTR_WO(current_password);
> > +
> > +static ssize_t new_password_store(struct kobject *kobj,
> > + struct kobj_attribute *attr,
> > + const char *buf, size_t count)
> > +{
> > + char *buf_cp = NULL;
> > + int id = 0;
> > + int ret = -EIO;
> > +
> > + buf_cp = kstrdup(buf, GFP_KERNEL);
> > + if (!buf_cp) {
> > + ret = -ENOMEM;
> > + goto exit_password;
>
> return -ENOMEM;
>
Done!
>
> > + }
> > +
> > + ret = enforce_single_line_input(buf_cp, count);
> > + if (!ret) {
> > + id = get_password_instance_id(kobj);
> > +
> > + if (id >= 0)
> > + ret = validate_password_input(id, buf_cp);
> > + }
> > +
> > + if (!ret)
> > + strscpy(bioscfg_drv.password_data[id].new_password,
> > + buf_cp,
> > + sizeof(bioscfg_drv.password_data[id].new_password));
> > +
>
> Duplicated code with the previous function? If so, add a helper.
Done!
>
> > + if (!ret)
> > + ret = hp_set_attribute(kobj->name, buf_cp);
> > +
> > +exit_password:
> > + /*
> > + * Regardless of the results both new and current passwords
> > + * will be set to zero and avoid security issues
> > + */
> > + clear_passwords(id);
> > +
> > + kfree(buf_cp);
> > + return ret ? ret : count;
> > +}
> > +
> > +static struct kobj_attribute password_new_password = __ATTR_WO(new_password);
> > +
> > +ATTRIBUTE_N_PROPERTY_SHOW(min_password_length, password);
> > +static struct kobj_attribute password_min_password_length = __ATTR_RO(min_password_length);
> > +
> > +ATTRIBUTE_N_PROPERTY_SHOW(max_password_length, password);
> > +static struct kobj_attribute password_max_password_length = __ATTR_RO(max_password_length);
> > +
> > +static ssize_t role_show(struct kobject *kobj, struct kobj_attribute *attr,
> > + char *buf)
> > +{
> > + if (strcmp(kobj->name, SETUP_PASSWD) == 0)
>
> Use !strcmp() instead, please check the rest yourself, I won't mark them
> all.

Will do.
>
> > + return sysfs_emit(buf, "%s\n", BIOS_ADMIN);
> > +
> > + if (strcmp(kobj->name, POWER_ON_PASSWD) == 0)
> > + return sysfs_emit(buf, "%s\n", POWER_ON);
> > +
> > + return -EIO;
> > +}
> > +
> > +static struct kobj_attribute password_role = __ATTR_RO(role);
> > +
> > +static ssize_t mechanism_show(struct kobject *kobj, struct kobj_attribute *attr,
> > + char *buf)
> > +{
> > + int i = get_password_instance_id(kobj);
> > +
> > + if (i < 0)
> > + return i;
> > +
> > + if (bioscfg_drv.password_data[i].mechanism != PASSWORD)
> > + return -EINVAL;
> > +
> > + return sysfs_emit(buf, "%s\n", PASSWD_MECHANISM_TYPES);
> > +}
> > +
> > +static struct kobj_attribute password_mechanism = __ATTR_RO(mechanism);
> > +
> > +ATTRIBUTE_VALUES_PROPERTY_SHOW(encodings, password, SEMICOLON_SEP);
> > +static struct kobj_attribute password_encodings_val =
> > + __ATTR_RO(encodings);
> > +
> > +static struct attribute *password_attrs[] = {
> > + &password_is_password_set.attr,
> > + &password_min_password_length.attr,
> > + &password_max_password_length.attr,
> > + &password_current_password.attr,
> > + &password_new_password.attr,
> > + &password_role.attr,
> > + &password_mechanism.attr,
> > + &password_encodings_val.attr,
> > + NULL,
> > +};
> > +
> > +static const struct attribute_group password_attr_group = {
> > + .attrs = password_attrs
> > +};
> > +
> > +int alloc_password_data(void)
> > +{
> > + int ret = 0;
> > +
> > + bioscfg_drv.password_instances_count = get_instance_count(HP_WMI_BIOS_PASSWORD_GUID);
> > + bioscfg_drv.password_data = kcalloc(bioscfg_drv.password_instances_count,
> > + sizeof(struct password_data), GFP_KERNEL);
> > + if (!bioscfg_drv.password_data) {
> > + bioscfg_drv.password_instances_count = 0;
> > + ret = -ENOMEM;
> > + }
> > +
> > + return ret;
> > +}
> > +
> > +/*
> > + * populate_password_package_data -
> > + * Populate all properties for an instance under password attribute
> > + *
> > + * @password_obj: ACPI object with password data
> > + * @instance_id: The instance to enumerate
> > + * @attr_name_kobj: The parent kernel object
>
> Is kerneldoc happy with the extra line between func and its parameters,
> IIRC it might not like that?

Documentation was correct to avoid flags from kerneldoc.

>
> > + */
> > +int populate_password_package_data(union acpi_object *password_obj, int instance_id,
> > + struct kobject *attr_name_kobj)
> > +{
> > + struct password_data *password_data = &bioscfg_drv.password_data[instance_id];
> > +
> > + password_data->attr_name_kobj = attr_name_kobj;
> > +
> > + populate_password_elements_from_package(password_obj,
> > + password_obj->package.count,
> > + instance_id);
> > +
> > + if (strcmp(attr_name_kobj->name, SETUP_PASSWD) == 0) {
> > + /* Save system authentication instance for easy access */
>
> Extra space.
>
> > + return sysfs_create_group(attr_name_kobj, &password_attr_group);
> > + }
> > +
> > + return sysfs_create_group(attr_name_kobj, &password_attr_group);
> > +}
> > +
> > +/* Expected Values types associated with each element */
> > +static const acpi_object_type expected_password_types[] = {
> > + [NAME] = ACPI_TYPE_STRING,
> > + [VALUE] = ACPI_TYPE_STRING,
> > + [PATH] = ACPI_TYPE_STRING,
> > + [IS_READONLY] = ACPI_TYPE_INTEGER,
> > + [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER,
> > + [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER,
> > + [SEQUENCE] = ACPI_TYPE_INTEGER,
> > + [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER,
> > + [PREREQUISITES] = ACPI_TYPE_STRING,
> > + [SECURITY_LEVEL] = ACPI_TYPE_INTEGER,
> > + [PSWD_MIN_LENGTH] = ACPI_TYPE_INTEGER,
> > + [PSWD_MAX_LENGTH] = ACPI_TYPE_INTEGER,
> > + [PSWD_SIZE] = ACPI_TYPE_INTEGER,
> > + [PSWD_ENCODINGS] = ACPI_TYPE_STRING,
> > + [PSWD_IS_SET] = ACPI_TYPE_INTEGER,
> > +};
> > +
> > +int populate_password_elements_from_package(union acpi_object *password_obj,
> > + int password_obj_count,
> > + int instance_id)
> > +{
> > + char *str_value = NULL;
> > + int value_len;
> > + int ret;
> > + u32 size;
> > + u32 int_value;
> > + int elem;
> > + int reqs;
> > + int eloc;
> > + int pos_values;
> > + struct password_data *password_data = &bioscfg_drv.password_data[instance_id];
> > +
> > + if (!password_obj)
> > + return -EINVAL;
> > +
> > + for (elem = 1, eloc = 1; elem < password_obj_count; elem++, eloc++) {
> > + /* ONLY look at the first PASSWORD_ELEM_CNT elements */
> > + if (eloc == PSWD_ELEM_CNT)
> > + goto exit_package;
> > +
> > + switch (password_obj[elem].type) {
> > + case ACPI_TYPE_STRING:
> > +
>
> Extra newline.

Done!
>
> > + if (PREREQUISITES != elem && PSWD_ENCODINGS != elem) {
> > + ret = convert_hexstr_to_str(password_obj[elem].string.pointer,
> > + password_obj[elem].string.length,
> > + &str_value, &value_len);
> > + if (ret)
> > + continue;
> > + }
> > + break;
> > + case ACPI_TYPE_INTEGER:
> > + int_value = (u32)password_obj[elem].integer.value;
> > + break;
> > + default:
> > + pr_warn("Unsupported object type [%d]\n", password_obj[elem].type);
> > + continue;
> > + }
> > +
> > + /* Check that both expected and read object type match */
> > + if (expected_password_types[eloc] != password_obj[elem].type) {
> > + pr_err("Error expected type %d for elem %d, but got type %d instead\n",
> > + expected_password_types[eloc], elem, password_obj[elem].type);
> > + return -EIO;
> > + }
> > +
> > + /* Assign appropriate element value to corresponding field*/
> > + switch (eloc) {
> > + case VALUE:
> > + break;
> > + case PATH:
> > + strscpy(password_data->common.path, str_value,
> > + sizeof(password_data->common.path));
> > + break;
> > + case IS_READONLY:
> > + password_data->common.is_readonly = int_value;
> > + break;
> > + case DISPLAY_IN_UI:
> > + password_data->common.display_in_ui = int_value;
> > + break;
> > + case REQUIRES_PHYSICAL_PRESENCE:
> > + password_data->common.requires_physical_presence = int_value;
> > + break;
> > + case SEQUENCE:
> > + password_data->common.sequence = int_value;
> > + break;
> > + case PREREQUISITES_SIZE:
> > + password_data->common.prerequisites_size = int_value;
> > + if (int_value > MAX_PREREQUISITES_SIZE)
> > + pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
> > + /*
> > + * This HACK is needed to keep the expected
> > + * element list pointing to the right obj[elem].type
> > + * when the size is zero. PREREQUISITES
>
> Please remove all these double space from your patches (should be easy
> to find them with grep). Please check if your editor adds them e.g., when
> reflowing text.

What double spaces are you referring to?
>
> > + * object is omitted by BIOS when the size is
> > + * zero.
> > + */
> > + if (int_value == 0)
> > + eloc++;
> > + break;
> > + case PREREQUISITES:
> > + size = password_data->common.prerequisites_size;
> > +
> > + for (reqs = 0; reqs < size; reqs++) {
> > + ret = convert_hexstr_to_str(password_obj[elem + reqs].string.pointer,
> > + password_obj[elem + reqs].string.length,
> > + &str_value, &value_len);
> > +
>
> Extra newline
Done!
>
> > + if (ret)
> > + break;
> > +
> > + strscpy(password_data->common.prerequisites[reqs],
> > + str_value,
> > + sizeof(password_data->common.prerequisites[reqs]));
> > +
> > + kfree(str_value);
> > + }
> > + break;
> > +
> > + case SECURITY_LEVEL:
> > + password_data->common.security_level = int_value;
> > + break;
> > +
> > + case PSWD_MIN_LENGTH:
> > + password_data->min_password_length = int_value;
> > + break;
> > + case PSWD_MAX_LENGTH:
> > + password_data->max_password_length = int_value;
> > + break;
> > + case PSWD_SIZE:
> > + password_data->encodings_size = int_value;
> > + if (int_value > MAX_ENCODINGS_SIZE)
> > + pr_warn("Password Encoding size value exceeded the maximum number of elements supported or data may be malformed\n");
> > +
> > + /*
> > + * This HACK is needed to keep the expected
> > + * element list pointing to the right obj[elem].type
> > + * when the size is zero. PSWD_ENCODINGS
> > + * object is omitted by BIOS when the size is
> > + * zero.
> > + */
> > + if (int_value == 0)
> > + eloc++;
> > + break;
> > +
> > + case PSWD_ENCODINGS:
> > + size = password_data->encodings_size;
> > +
> > + for (pos_values = 0; pos_values < size && pos_values < MAX_ENCODINGS_SIZE;
>
> Do
> size = min(password_data->encodings_size, MAX_ENCODINGS_SIZE);
> instead of &&. Then put the for () into single line.
>
> > + pos_values++) {
> > + ret = convert_hexstr_to_str(password_obj[elem + pos_values].string.pointer,
> > + password_obj[elem + pos_values].string.length,
> > + &str_value, &value_len);
> > + if (ret)
> > + break;
> > +
> > + strscpy(password_data->encodings[pos_values],
> > + str_value,
> > + sizeof(password_data->encodings[pos_values]));
> > + kfree(str_value);
> > + }
> > + break;
> > + case PSWD_IS_SET:
> > + password_data->is_enabled = int_value;
> > + break;
> > +
> > + default:
> > + pr_warn("Invalid element: %d found in Password attribute or data may be malformed\n", elem);
> > + break;
> > + }
> > + kfree(str_value);
> > + }
> > +
> > +exit_package:
> > + kfree(str_value);
>
> I suspect there are double frees paths in this function.

Done!
>
> > + return 0;
> > +}
> > +
> > +/**
> > + * populate_password_buffer_data -
> > + * Populate all properties for an instance under password object attribute
> > + *
> > + * @buffer_ptr: Buffer pointer
> > + * @buffer_size: Buffer size
> > + * @instance_id: The instance to enumerate
> > + * @attr_name_kobj: The parent kernel object
> > + */
> > +int populate_password_buffer_data(u8 *buffer_ptr, u32 *buffer_size, int instance_id,
> > + struct kobject *attr_name_kobj)
> > +{
> > + struct password_data *password_data = &bioscfg_drv.password_data[instance_id];
> > +
> > + password_data->attr_name_kobj = attr_name_kobj;
> > +
> > + /* Populate Password attributes */
> > + populate_password_elements_from_buffer(buffer_ptr, buffer_size,
> > + instance_id);
> > + friendly_user_name_update(password_data->common.path,
> > + attr_name_kobj->name,
> > + password_data->common.display_name,
> > + sizeof(password_data->common.display_name));
> > + if (strcmp(attr_name_kobj->name, "Setup Password") == 0)
> > + return sysfs_create_group(attr_name_kobj, &password_attr_group);
> > +
> > + return sysfs_create_group(attr_name_kobj, &password_attr_group);
> > +}
> > +
> > +int populate_password_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
> > + int instance_id)
> > +{
> > + int reqs;
> > + int values;
> > + struct password_data *password_data = &bioscfg_drv.password_data[instance_id];
> > +
> > + // VALUE:
> > + get_string_from_buffer(&buffer_ptr, buffer_size, password_data->current_password,
> > + sizeof(password_data->current_password));
> > +
> > + // PATH:
> > + get_string_from_buffer(&buffer_ptr, buffer_size, password_data->common.path,
> > + sizeof(password_data->common.path));
> > +
> > + // IS_READONLY:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &password_data->common.is_readonly);
> > +
> > + //DISPLAY_IN_UI:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &password_data->common.display_in_ui);
> > +
> > + // REQUIRES_PHYSICAL_PRESENCE:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &password_data->common.requires_physical_presence);
> > +
> > + // SEQUENCE:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &password_data->common.sequence);
> > +
> > + // PREREQUISITES_SIZE:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &password_data->common.prerequisites_size);
> > +
> > + if (password_data->common.prerequisites_size > MAX_PREREQUISITES_SIZE) {
> > + /* Report a message and limit prerequisite size to maximum value */
> > + pr_warn("Password Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
> > + password_data->common.prerequisites_size = MAX_PREREQUISITES_SIZE;
> > + }
> > +
> > + // PREREQUISITES:
> > + for (reqs = 0;
> > + reqs < password_data->common.prerequisites_size && reqs < MAX_PREREQUISITES_SIZE;
>
> MAX_... enforced above.

Done! I will correct it in all affected files.
>
> > + reqs++)
> > + get_string_from_buffer(&buffer_ptr, buffer_size,
> > + password_data->common.prerequisites[reqs],
> > + sizeof(password_data->common.prerequisites[reqs]));
> > +
> > + // SECURITY_LEVEL:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &password_data->common.security_level);
> > +
> > + // PSWD_MIN_LENGTH:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &password_data->min_password_length);
> > +
> > + // PSWD_MAX_LENGTH:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &password_data->max_password_length);
> > +
> > + // PSWD_SIZE:
> > + if (password_data->encodings_size > MAX_ENCODINGS_SIZE) {
> > + /* Report a message and limit possible values size to maximum value */
> > + pr_warn("Password Encoding size value exceeded the maximum number of elements supported or data may be malformed\n");
> > + password_data->encodings_size = MAX_ENCODINGS_SIZE;
> > + }
> > +
> > + // PSWD_ENCODINGS:
> > +
>
> Extra newline.
Done!
>
> > + for (values = 0;
> > + values < password_data->encodings_size && values < MAX_VALUES_SIZE;
>
> Hmm... Is the variation here from MAX_ENCODINGS_SIZE (above) ->
> MAX_VALUES_SIZE intentional? They're both 16 anyway.
>
> > + values++)
> > + get_string_from_buffer(&buffer_ptr, buffer_size,
> > + password_data->encodings[values],
> > + sizeof(password_data->encodings[values]));
> > +
> > + // PSWD_IS_SET:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &password_data->is_enabled);
> > +
> > + return 0;
> > +}
> > +
> > +/*
> > + * exit_password_attributes() - Clear all attribute data
> > + *
> > + * Clears all data allocated for this group of attributes
> > + */
> > +void exit_password_attributes(void)
> > +{
> > + int instance_id;
> > +
> > + for (instance_id = 0; instance_id < bioscfg_drv.password_instances_count;
> > + instance_id++) {
> > + struct kobject *attr_name_kobj =
> > + bioscfg_drv.password_data[instance_id].attr_name_kobj;
> > +
> > + if (attr_name_kobj) {
> > + if (strcmp(attr_name_kobj->name, SETUP_PASSWD) == 0)
> > + sysfs_remove_group(attr_name_kobj,
> > + &password_attr_group);
> > + else
> > + sysfs_remove_group(attr_name_kobj,
> > + &password_attr_group);
>
> Eh, same content in both if and else blocks???? :-)
Done!
>
> > + }
> > + }
> > + bioscfg_drv.password_instances_count = 0;
> > + kfree(bioscfg_drv.password_data);
> > + bioscfg_drv.password_data = NULL;
> > +}
> >
>
> --
> i.

2023-05-10 20:45:54

by Jorge Lopez

[permalink] [raw]
Subject: Re: [PATCH v12 05/13] HP BIOSCFG driver - ordered-attributes

On Tue, May 9, 2023 at 8:15 AM Ilpo Järvinen
<[email protected]> wrote:
>
> On Fri, 5 May 2023, Jorge Lopez wrote:
>
> > HP BIOS Configuration driver purpose is to provide a driver supporting
> > the latest sysfs class firmware attributes framework allowing the user
> > to change BIOS settings and security solutions on HP Inc.’s commercial
> > notebooks.
> >
> > Many features of HP Commercial notebooks can be managed using Windows
> > Management Instrumentation (WMI). WMI is an implementation of Web-Based
> > Enterprise Management (WBEM) that provides a standards-based interface
> > for changing and monitoring system settings. HP BIOSCFG driver provides
> > a native Linux solution and the exposed features facilitates the
> > migration to Linux environments.
> >
> > The Linux security features to be provided in hp-bioscfg driver enables
> > managing the BIOS settings and security solutions via sysfs, a virtual
> > filesystem that can be used by user-mode applications. The new
> > documentation cover HP-specific firmware sysfs attributes such Secure
> > Platform Management and Sure Start. Each section provides security
> > feature description and identifies sysfs directories and files exposed
> > by the driver.
> >
> > Many HP Commercial notebooks include a feature called Secure Platform
> > Management (SPM), which replaces older password-based BIOS settings
> > management with public key cryptography. PC secure product management
> > begins when a target system is provisioned with cryptographic keys
> > that are used to ensure the integrity of communications between system
> > management utilities and the BIOS.
> >
> > HP Commercial notebooks have several BIOS settings that control its
> > behaviour and capabilities, many of which are related to security.
> > To prevent unauthorized changes to these settings, the system can
> > be configured to use a cryptographic signature-based authorization
> > string that the BIOS will use to verify authorization to modify the
> > setting.
> >
> > Linux Security components are under development and not published yet.
> > The only linux component is the driver (hp bioscfg) at this time.
> > Other published security components are under Windows.
> >
> > Signed-off-by: Jorge Lopez <[email protected]>
> >
> > ---
> > Based on the latest platform-drivers-x86.git/for-next
> > ---
> > .../x86/hp/hp-bioscfg/ordered-attributes.c | 443 ++++++++++++++++++
> > 1 file changed, 443 insertions(+)
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c
> >
> > diff --git a/drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/ordered-attributes.c
> > new file mode 100644

<snip>

> > + strscpy(ordered_list_data->common.display_name_language_code,
> > + LANG_CODE_STR,
> > + sizeof(ordered_list_data->common.display_name_language_code));
> > +
> > + for (elem = 1, eloc = 1; elem < order_obj_count; elem++, eloc++) {
> > + /* ONLY look at the first ORDERED_ELEM_CNT elements */
> > + if (eloc == ORD_ELEM_CNT)
> > + goto exit_list_package;
> > +
> > + switch (order_obj[elem].type) {
> > + case ACPI_TYPE_STRING:
> > +
>
> Extra newline.

Done!
>
> > + if (elem != PREREQUISITES && elem != ORD_LIST_ELEMENTS) {
> > + ret = convert_hexstr_to_str(order_obj[elem].string.pointer,
> > + order_obj[elem].string.length,
> > + &str_value, &value_len);
> > + if (ret)
> > + continue;
> > + }
> > + break;
> > + case ACPI_TYPE_INTEGER:
> > + int_value = (u32)order_obj[elem].integer.value;
> > + break;
> > + default:
> > + pr_warn("Unsupported object type [%d]\n", order_obj[elem].type);
> > + continue;
> > + }
> > +
> > + /* Check that both expected and read object type match */
> > + if (expected_order_types[eloc] != order_obj[elem].type) {
> > + pr_err("Error expected type %d for elem %d, but got type %d instead\n",
>
> Extra space before %d.
Done!
>
> > + expected_order_types[eloc], elem, order_obj[elem].type);
> > + return -EIO;
> > + }
> > +
<snip>
> > + kfree(tmpstr);
> > + break;
> > + default:
> > + pr_warn("Invalid element: %d found in Ordered_List attribute or data may be malformed\n", elem);
> > + break;
> > + }
> > + kfree(tmpstr);
> > + kfree(str_value);
> > + }
> > +
> > +exit_list_package:
> > + kfree(tmpstr);
> > + kfree(str_value);
> > + return 0;
> > +}
>
> Looks double and triple frees in this function.

Done!
>
> After reading the about same things once again, I started to wonder if
> some of that switch content could be moved into a common helper (which
> takes e.g. the xx->common pointer as parameter and perhaps some other
> carefully selected pointers). There's a lots of duplication.
>

I will look into how the common data can be implemented with a helper.

> > +/**
> > + * populate_ordered_list_buffer_data() - Populate all properties of an
> > + * instance under ordered list attribute
> > + *
> > + * @buffer_ptr: Buffer pointer
> > + * @buffer_size: Buffer size
> > + * @instance_id: The instance to enumerate
> > + * @attr_name_kobj: The parent kernel object
> > + */
> > +int populate_ordered_list_buffer_data(u8 *buffer_ptr, u32 *buffer_size, int instance_id,
> > + struct kobject *attr_name_kobj)
> > +{
> > + struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
> > +
> > + ordered_list_data->attr_name_kobj = attr_name_kobj;
> > +
> > + /* Populate ordered list elements */
> > + populate_ordered_list_elements_from_buffer(buffer_ptr, buffer_size,
> > + instance_id);
> > + update_attribute_permissions(ordered_list_data->common.is_readonly,
> > + &ordered_list_current_val);
> > + friendly_user_name_update(ordered_list_data->common.path,
> > + attr_name_kobj->name,
> > + ordered_list_data->common.display_name,
> > + sizeof(ordered_list_data->common.display_name));
> > +
> > + return sysfs_create_group(attr_name_kobj, &ordered_list_attr_group);
> > +}
> > +
> > +int populate_ordered_list_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
> > + int instance_id)
> > +{
> > + int reqs;
> > + int values;
> > + struct ordered_list_data *ordered_list_data = &bioscfg_drv.ordered_list_data[instance_id];
> > +
> > + strscpy(ordered_list_data->common.display_name_language_code,
> > + LANG_CODE_STR,
> > + sizeof(ordered_list_data->common.display_name_language_code));
> > +
> > + // VALUE:
> > + get_string_from_buffer(&buffer_ptr, buffer_size, ordered_list_data->current_value,
> > + sizeof(ordered_list_data->current_value));
> > +
> > + // PATH:
> > + get_string_from_buffer(&buffer_ptr, buffer_size, ordered_list_data->common.path,
> > + sizeof(ordered_list_data->common.path));
> > +
> > + // IS_READONLY:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &ordered_list_data->common.is_readonly);
> > +
> > + //DISPLAY_IN_UI:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &ordered_list_data->common.display_in_ui);
> > +
> > + // REQUIRES_PHYSICAL_PRESENCE:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &ordered_list_data->common.requires_physical_presence);
> > +
> > + // SEQUENCE:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &ordered_list_data->common.sequence);
> > +
> > + // PREREQUISITES_SIZE:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &ordered_list_data->common.prerequisites_size);
> > +
> > + if (ordered_list_data->common.prerequisites_size > MAX_PREREQUISITES_SIZE) {
> > + /* Report a message and limit prerequisite size to maximum value */
> > + pr_warn("String Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
> > + ordered_list_data->common.prerequisites_size = MAX_PREREQUISITES_SIZE;
> > + }
> > +
> > + // PREREQUISITES:
> > + for (reqs = 0;
> > + reqs < ordered_list_data->common.prerequisites_size && reqs < MAX_PREREQUISITES_SIZE;
> > + reqs++)
> > + get_string_from_buffer(&buffer_ptr, buffer_size,
> > + ordered_list_data->common.prerequisites[reqs],
> > + sizeof(ordered_list_data->common.prerequisites[reqs]));
> > +
> > + // SECURITY_LEVEL:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &ordered_list_data->common.security_level);
> > +
> > + // ORD_LIST_SIZE:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &ordered_list_data->elements_size);
> > +
> > + if (ordered_list_data->elements_size > MAX_ELEMENTS_SIZE) {
> > + /* Report a message and limit elements size to maximum value */
> > + pr_warn("Ordered List size value exceeded the maximum number of elements supported or data may be malformed\n");
> > + ordered_list_data->elements_size = MAX_ELEMENTS_SIZE;
> > + }
> > +
> > + // ORD_LIST_ELEMENTS:
> > + for (values = 0; values < ordered_list_data->elements_size && values < MAX_ELEMENTS_SIZE;
> > + values++)
> > + get_string_from_buffer(&buffer_ptr, buffer_size,
> > + ordered_list_data->elements[values],
> > + sizeof(ordered_list_data->elements[values]));
> > +
> > + return 0;
> > +}
>
> Same here. Pass buffer, buffer_size and common into a helper? Maybe some
> other parameters too to cover many/all of the cases?

I will investigate how I can use more helpers to minimize the duplication

>
> > +
> > +/**
> > + * exit_ordered_list_attributes() - Clear all attribute data
> > + *
> > + * Clears all data allocated for this group of attributes
> > + */
> > +void exit_ordered_list_attributes(void)
> > +{
> > + int instance_id;
> > +
> > + for (instance_id = 0; instance_id < bioscfg_drv.ordered_list_instances_count;
> > + instance_id++) {
> > + struct kobject *attr_name_kobj =
> > + bioscfg_drv.ordered_list_data[instance_id].attr_name_kobj;
> > +
> > + if (attr_name_kobj)
> > + sysfs_remove_group(attr_name_kobj,
> > + &ordered_list_attr_group);
> > + }
> > + bioscfg_drv.ordered_list_instances_count = 0;
> > +
> > + kfree(bioscfg_drv.ordered_list_data);
> > + bioscfg_drv.ordered_list_data = NULL;
> > +}
> >
>
> --
> i.

2023-05-10 20:46:36

by Jorge Lopez

[permalink] [raw]
Subject: Re: [PATCH v12 07/13] HP BIOSCFG driver - string-attributes

On Tue, May 9, 2023 at 8:18 AM Ilpo Järvinen
<[email protected]> wrote:
>
> On Fri, 5 May 2023, Jorge Lopez wrote:
>
> > HP BIOS Configuration driver purpose is to provide a driver supporting
> > the latest sysfs class firmware attributes framework allowing the user
> > to change BIOS settings and security solutions on HP Inc.’s commercial
> > notebooks.
> >
> > Many features of HP Commercial notebooks can be managed using Windows
> > Management Instrumentation (WMI). WMI is an implementation of Web-Based
> > Enterprise Management (WBEM) that provides a standards-based interface
> > for changing and monitoring system settings. HP BIOSCFG driver provides
> > a native Linux solution and the exposed features facilitates the
> > migration to Linux environments.
> >
> > The Linux security features to be provided in hp-bioscfg driver enables
> > managing the BIOS settings and security solutions via sysfs, a virtual
> > filesystem that can be used by user-mode applications. The new
> > documentation cover HP-specific firmware sysfs attributes such Secure
> > Platform Management and Sure Start. Each section provides security
> > feature description and identifies sysfs directories and files exposed
> > by the driver.
> >
> > Many HP Commercial notebooks include a feature called Secure Platform
> > Management (SPM), which replaces older password-based BIOS settings
> > management with public key cryptography. PC secure product management
> > begins when a target system is provisioned with cryptographic keys
> > that are used to ensure the integrity of communications between system
> > management utilities and the BIOS.
> >
> > HP Commercial notebooks have several BIOS settings that control its
> > behaviour and capabilities, many of which are related to security.
> > To prevent unauthorized changes to these settings, the system can
> > be configured to use a cryptographic signature-based authorization
> > string that the BIOS will use to verify authorization to modify the
> > setting.
> >
> > Linux Security components are under development and not published yet.
> > The only linux component is the driver (hp bioscfg) at this time.
> > Other published security components are under Windows.
> >
> > Signed-off-by: Jorge Lopez <[email protected]>
> >
> > ---
> > Based on the latest platform-drivers-x86.git/for-next
> > ---
> > .../x86/hp/hp-bioscfg/string-attributes.c | 415 ++++++++++++++++++
> > 1 file changed, 415 insertions(+)
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
> >
> > diff --git a/drivers/platform/x86/hp/hp-bioscfg/string-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/string-attributes.c
> > new file mode 100644
> > index 000000000000..d74ecc973703
> > --- /dev/null

<snip>

> > +static void update_string_value(int instance_id, char *attr_value)
> > +{
> > + struct string_data *string_data = &bioscfg_drv.string_data[instance_id];
> > +
> > + /* Write settings to BIOS */
> > + strscpy(string_data->current_value,
> > + attr_value,
> > + sizeof(string_data->current_value));
>
> Use less lines.

Done!
>
> > +}
> > +
> > +ATTRIBUTE_S_COMMON_PROPERTY_SHOW(display_name_language_code, string);
> > +static struct kobj_attribute string_display_langcode =
> > + __ATTR_RO(display_name_language_code);
> > +
> > +ATTRIBUTE_S_COMMON_PROPERTY_SHOW(display_name, string);
> > +static struct kobj_attribute string_display_name =
> > + __ATTR_RO(display_name);
> > +
> > +ATTRIBUTE_PROPERTY_STORE(current_value, string);
> > +static struct kobj_attribute string_current_val =
> > + __ATTR_RW_MODE(current_value, 0644);
> > +
> > +ATTRIBUTE_N_PROPERTY_SHOW(min_length, string);
> > +static struct kobj_attribute string_min_length =
> > + __ATTR_RO(min_length);
> > +
> > +ATTRIBUTE_N_PROPERTY_SHOW(max_length, string);
> > +static struct kobj_attribute string_max_length =
> > + __ATTR_RO(max_length);
> > +
> > +static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
> > + char *buf)
> > +{
> > + return sysfs_emit(buf, "string\n");
> > +}
> > +
> > +static struct kobj_attribute string_type =
> > + __ATTR_RO(type);
> > +
> > +static struct attribute *string_attrs[] = {
> > + &string_display_langcode.attr,
> > + &string_display_name.attr,
> > + &string_current_val.attr,
> > + &string_min_length.attr,
> > + &string_max_length.attr,
> > + &string_type.attr,
> > + NULL,
> > +};
> > +
> > +static const struct attribute_group string_attr_group = {
> > + .attrs = string_attrs,
> > +};
> > +
> > +int alloc_string_data(void)
> > +{
> > + bioscfg_drv.string_instances_count = get_instance_count(HP_WMI_BIOS_STRING_GUID);
> > + bioscfg_drv.string_data = kcalloc(bioscfg_drv.string_instances_count,
> > + sizeof(struct string_data), GFP_KERNEL);
>
> sizeof(*bioscfg_drv.string_data) ?

Done!

>
> > + if (!bioscfg_drv.string_data) {
> > + bioscfg_drv.string_instances_count = 0;
> > + return -ENOMEM;
> > + }
> > + return 0;
> > +}

<snip>

> > +

2023-05-10 22:08:15

by Jorge Lopez

[permalink] [raw]
Subject: Re: [PATCH v12 10/13] HP BIOSCFG driver - spmobj-attributes

On Tue, May 9, 2023 at 8:48 AM Ilpo Järvinen
<[email protected]> wrote:
>
> On Fri, 5 May 2023, Jorge Lopez wrote:
>
> > HP BIOS Configuration driver purpose is to provide a driver supporting
> > the latest sysfs class firmware attributes framework allowing the user
> > to change BIOS settings and security solutions on HP Inc.’s commercial
> > notebooks.
> >
> > Many features of HP Commercial notebooks can be managed using Windows
> > Management Instrumentation (WMI). WMI is an implementation of Web-Based
> > Enterprise Management (WBEM) that provides a standards-based interface
> > for changing and monitoring system settings. HP BIOSCFG driver provides
> > a native Linux solution and the exposed features facilitates the
> > migration to Linux environments.
> >
> > The Linux security features to be provided in hp-bioscfg driver enables
> > managing the BIOS settings and security solutions via sysfs, a virtual
> > filesystem that can be used by user-mode applications. The new
> > documentation cover HP-specific firmware sysfs attributes such Secure
> > Platform Management and Sure Start. Each section provides security
> > feature description and identifies sysfs directories and files exposed
> > by the driver.
> >
> > Many HP Commercial notebooks include a feature called Secure Platform
> > Management (SPM), which replaces older password-based BIOS settings
> > management with public key cryptography. PC secure product management
> > begins when a target system is provisioned with cryptographic keys
> > that are used to ensure the integrity of communications between system
> > management utilities and the BIOS.
> >
> > HP Commercial notebooks have several BIOS settings that control its
> > behaviour and capabilities, many of which are related to security.
> > To prevent unauthorized changes to these settings, the system can
> > be configured to use a cryptographic signature-based authorization
> > string that the BIOS will use to verify authorization to modify the
> > setting.
> >
> > Linux Security components are under development and not published yet.
> > The only linux component is the driver (hp bioscfg) at this time.
> > Other published security components are under Windows.
> >
> > Signed-off-by: Jorge Lopez <[email protected]>
> >
> > ---
> > Based on the latest platform-drivers-x86.git/for-next
> > ---
> > .../x86/hp/hp-bioscfg/spmobj-attributes.c | 381 ++++++++++++++++++
> > 1 file changed, 381 insertions(+)
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
> >
> > diff --git a/drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
> > new file mode 100644
> > index 000000000000..f08f7aae9423
> > --- /dev/null
> > +++ b/drivers/platform/x86/hp/hp-bioscfg/spmobj-attributes.c
> > @@ -0,0 +1,381 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/*
> > + * Functions corresponding to secure platform management object type
> > + * attributes under BIOS PASSWORD for use with hp-bioscfg driver
> > + *
> > + * Copyright (c) 2022 HP Development Company, L.P.
> > + */
> > +
> > +#include "bioscfg.h"
> > +
> > +static const char * const spm_state_types[] = {
> > + "not provisioned",
> > + "provisioned",
> > + "provisioning in progress",
> > +};
> > +
> > +static const char * const spm_mechanism_types[] = {
> > + "not provisioned",
> > + "signing-key",
> > + "endorsement-key",
> > +};
> > +
> > +struct secureplatform_provisioning_data {
> > + u8 state;
> > + u8 version[2];
> > + u8 reserved1;
> > + u32 features;
> > + u32 nonce;
> > + u8 reserved2[28];
> > + u8 sk_mod[MAX_KEY_MOD];
> > + u8 kek_mod[MAX_KEY_MOD];
> > +};
> > +
> > +int check_spm_is_enabled(void)
> > +{
> > + /* do we need to check the admin password is also configured */
> > + return bioscfg_drv.spm_data.is_enabled;
> > +}
> > +
> > +/**
> > + * calculate_security_buffer() - determines size of security buffer
> > + * for authentication scheme
> > + *
> > + * @authentication: the authentication content
> > + *
> > + * Currently only supported type is Admin password
> > + */
> > +size_t calculate_security_buffer(const char *authentication)
> > +{
> > + int size;
>
> Why not size_t?

Done!
>
> > +
> > + if (authentication && strlen(authentication) > 0) {
> > + size = sizeof(u16) + (strlen(authentication) * sizeof(u16));
>
> Extra parenthesis.
Done!
>
> > + if (!strstarts(authentication, BEAM_PREFIX))
> > + size += strlen(UTF_PREFIX) * sizeof(u16);
> > +
> > + return size;
> > + }
> > +
> > + size = sizeof(u16) * 2;
>
> Extra space
>
> > + return size;
>
> I'd do it this way though:
>
> size_t size, authlen;
>
> if (!authentication)
> return sizeof(u16) * 2;
>
> authlen = strlen(authentication);
> if (!authlen)
> return sizeof(u16) * 2;
>
> size = sizeof(u16) + authlen * sizeof(u16);
> ...
>
>

Done!
> > +}
> > +
> > +/**
> > + * populate_security_buffer() - builds a security buffer for
> > + * authentication scheme
> > + *
> > + * @buffer: the buffer to populate
> > + * @authentication: the authentication content
> > + *
> > + * Currently only supported type is PLAIN TEXT
> > + */
> > +int populate_security_buffer(u16 *buffer, const char *authentication)
> > +{
> > + u16 *auth = buffer;
> > + u16 *retbuffer;
> > + char *strprefix = NULL;
> > + int ret = 0;
> > +
> > + if (strstarts(authentication, BEAM_PREFIX)) {
> > + /*
> > + * BEAM_PREFIX is append to buffer when a signature
> > + * is provided and Sure Admin is enabled in BIOS
> > + */
> > + // BEAM_PREFIX found, convert part to unicode
> > + retbuffer = hp_ascii_to_utf16_unicode(auth, authentication);
> > + if (!retbuffer) {
> > + ret = -EINVAL;
> > + goto out_buffer;
>
> return -EINVAL directly.

Done!
>
> > + }
> > + auth = retbuffer;
> > +
> > + } else {
> > + /*
> > + * UTF-16 prefix is append to the * buffer when a BIOS
>
> What is "the * buffer" ?

It is the data stored in 'buffer' variable which is composed of three
strings concatenated together to be submitted to BIOS via WMI call.
'Buffer' will looks something as [size attribute][attribute][size
value][value][auth size][auth payload]
size is the length in bytes, attribute/value/auth are string represented in u16
>
> > + * admin password is configured in BIOS
> > + */
> > +
> > + // append UTF_PREFIX to part and then convert it to unicode
>
> Use /* */ comments consistently.

Done!
>
> > + strprefix = kasprintf(GFP_KERNEL, "%s%s", UTF_PREFIX,
> > + authentication);
> > + if (!strprefix)
> > + goto out_buffer;
>
> Shouldn't you return an error code here? Also, strprefix is NULL so you
> can do return -ENOMEM directly.
>
> > +
> > + retbuffer = hp_ascii_to_utf16_unicode(auth, strprefix);
>
> If you move kfree(strprefix) here, the flow is more obvious.

Done!
>
> > + if (!retbuffer) {
> > + ret = -EINVAL;
> > + goto out_buffer;
> > + }
> > + auth = retbuffer;
> > + }
> > +
> > +out_buffer:
> > + kfree(strprefix);
> > + return ret;
> > +}
> > +
> > +static ssize_t update_spm_state(void)
> > +{
> > + int ret;
> > + struct secureplatform_provisioning_data data;
> > +
> > + ret = hp_wmi_perform_query(HPWMI_SECUREPLATFORM_GET_STATE,
> > + HPWMI_SECUREPLATFORM, &data, 0,
> > + sizeof(data));
> > + if (ret < 0)
> > + goto state_exit;
>
> return ret; directly.
Done!
>
> > +
> > + bioscfg_drv.spm_data.mechanism = data.state;
> > + if (bioscfg_drv.spm_data.mechanism)
> > + bioscfg_drv.spm_data.is_enabled = 1;
> > +
> > +state_exit:
> > + return ret;
>
> return 0;
Done!
>
> > +}
> > +
> > +static ssize_t statusbin(struct kobject *kobj,
> > + struct kobj_attribute *attr,
> > + struct secureplatform_provisioning_data *buf)
> > +{
> > + int ret = hp_wmi_perform_query(HPWMI_SECUREPLATFORM_GET_STATE,
> > + HPWMI_SECUREPLATFORM, buf, 0,
> > + sizeof(struct secureplatform_provisioning_data));
> > +
> > + return ret < 0 ? ret : sizeof(struct secureplatform_provisioning_data);
>
> Split to:
>
> int ret;
>
> ret = hp_...();
> if (ret < 0)
> return ret;
>
> return sizeof(...);
>

Done!

> > +}
> > +
> > +/*
> > + * status_show - Reads SPM status
> > + */
> > +static ssize_t status_show(struct kobject *kobj, struct kobj_attribute
> > + *attr, char *buf)
> > +{
> > + int ret, i;
> > + struct secureplatform_provisioning_data data;
> > +
> > + ret = statusbin(kobj, attr, &data);
> > + if (ret < 0)
> > + goto status_exit;
>
> Can you calculate strnlen() from buf at this point, or is the result
> garbage? Should you return ret instead here?

It should return the error instead.
>
> > +
> > + sysfs_emit(buf, "%s{\n", buf);
> > + sysfs_emit(buf, "%s\t\"State\": \"%s\",\n", buf,
> > + spm_state_types[data.state]);
> > + sysfs_emit(buf, "%s\t\"Version\": \"%d.%d\",\n", buf, data.version[0],
> > + data.version[1]);
> > +
> > + /*
> > + * state == 0 means secure platform management
> > + * feature is not configured in BIOS.
> > + */
> > + if (data.state == 0)
> > + goto status_exit;
> > +
> > + sysfs_emit(buf, "%s\t\"Nonce\": %d,\n", buf, data.nonce);
> > + sysfs_emit(buf, "%s\t\"FeaturesInUse\": %d,\n", buf, data.features);
> > + sysfs_emit(buf, "%s\t\"EndorsementKeyMod\": \"", buf);
> > +
> > + for (i = 255; i >= 0; i--)
> > + sysfs_emit(buf, "%s %u", buf, data.kek_mod[i]);
> > +
> > + sysfs_emit(buf, "%s \",\n", buf);
> > + sysfs_emit(buf, "%s\t\"SigningKeyMod\": \"", buf);
> > +
> > + for (i = 255; i >= 0; i--)
> > + sysfs_emit(buf, "%s %u", buf, data.sk_mod[i]);
> > +
> > + /* Return buf contents */
> > +
> > + sysfs_emit(buf, "%s \"\n", buf);
> > + sysfs_emit(buf, "%s}\n", buf);
> > +
> > +status_exit:
> > + return strnlen(buf, PAGE_SIZE);
> > +}
>
> Emit buf into buf? There's sysfs_emit_at(), however,
>
> while I'm far from sysfs formatting expert, this feels something that
> tries to expose more than one thing over same sysfs file. Shouldn't they
> be each in their own files?

This concern was brought up in earlier reviews but it was decided to
allow returning the information as a single json file.
Because the information is part of the same structure and received in
a single WMI call, separating the components into multiple files can
cause the data read in one field to be stale by the time is read.
>
> > +static struct kobj_attribute password_spm_status = __ATTR_RO(status);
> > +
> > +ATTRIBUTE_SPM_N_PROPERTY_SHOW(is_enabled, spm);
> > +static struct kobj_attribute password_spm_is_key_enabled = __ATTR_RO(is_enabled);
> > +
> > +static ssize_t key_mechanism_show(struct kobject *kobj, struct kobj_attribute *attr,
> > + char *buf)
> > +{
> > + return sysfs_emit(buf, "%s\n",
> > + spm_mechanism_types[bioscfg_drv.spm_data.mechanism]);
> > +}
> > +
> > +static struct kobj_attribute password_spm_key_mechanism = __ATTR_RO(key_mechanism);
> > +
> > +static ssize_t sk_store(struct kobject *kobj,
> > + struct kobj_attribute *attr,
> > + const char *buf, size_t count)
> > +{
> > + int ret;
> > + int length;
> > +
> > + length = count;
> > + if (buf[length - 1] == '\n')
> > + length--;
> > +
> > + /* allocate space and copy current signing key */
> > + bioscfg_drv.spm_data.signing_key = kmalloc(length, GFP_KERNEL);
> > + if (!bioscfg_drv.spm_data.signing_key) {
> > + ret = -ENOMEM;
> > + goto exit_sk;
> > + }
> > +
> > + strscpy(bioscfg_drv.spm_data.signing_key, buf, length);
> > + bioscfg_drv.spm_data.signing_key[length] = '\0';
> > +
> > + /* submit signing key payload */
> > + ret = hp_wmi_perform_query(HPWMI_SECUREPLATFORM_SET_SK,
> > + HPWMI_SECUREPLATFORM,
> > + (void *)bioscfg_drv.spm_data.signing_key,
> > + length, 0);
> > +
> > + if (!ret) {
> > + bioscfg_drv.spm_data.mechanism = SIGNING_KEY;
> > + set_reboot_and_signal_event();
> > + }
> > +
> > +exit_sk:
> > + kfree(bioscfg_drv.spm_data.signing_key);
> > + bioscfg_drv.spm_data.signing_key = NULL;
> > +
> > + return ret ? ret : count;
> > +}
> > +
> > +static struct kobj_attribute password_spm_signing_key = __ATTR_WO(sk);
> > +
> > +static ssize_t kek_store(struct kobject *kobj,
> > + struct kobj_attribute *attr,
> > + const char *buf, size_t count)
> > +{
> > + int ret;
> > + int length;
> > +
> > + length = count;
> > + if (buf[length - 1] == '\n')
> > + length--;
> > +
> > + /* allocate space and copy current signing key */
> > + bioscfg_drv.spm_data.endorsement_key = kmalloc(length, GFP_KERNEL);
> > + if (!bioscfg_drv.spm_data.endorsement_key) {
> > + ret = -ENOMEM;
> > + goto exit_kek;
>
> Return directly.
>
> > + }
> > +
> > + memcpy(bioscfg_drv.spm_data.endorsement_key, buf, length);
> > + bioscfg_drv.spm_data.endorsement_key[length] = '\0';
> > +
> > + ret = hp_wmi_perform_query(HPWMI_SECUREPLATFORM_SET_KEK,
> > + HPWMI_SECUREPLATFORM,
> > + (void *)bioscfg_drv.spm_data.endorsement_key,
>
> In general, casting to void * (and back) is not required.
Done!
>
> > + count, 0);
> > +
> > + if (!ret) {
> > + bioscfg_drv.spm_data.mechanism = ENDORSEMENT_KEY;
> > + set_reboot_and_signal_event();
> > + }
> > +
> > +exit_kek:
> > + kfree(bioscfg_drv.spm_data.endorsement_key);
> > + bioscfg_drv.spm_data.endorsement_key = NULL;
> > +
> > + return ret ? ret : count;
> > +}
> > +
> > +static struct kobj_attribute password_spm_endorsement_key = __ATTR_WO(kek);
> > +
> > +static ssize_t role_show(struct kobject *kobj, struct kobj_attribute *attr,
> > + char *buf)
> > +{
> > + return sysfs_emit(buf, "%s\n", BIOS_SPM);
> > +}
> > +
> > +static struct kobj_attribute password_spm_role = __ATTR_RO(role);
> > +
> > +static ssize_t auth_token_store(struct kobject *kobj,
> > + struct kobj_attribute *attr,
> > + const char *buf, size_t count)
> > +{
> > + int ret = 0;
> > + int length;
> > +
> > + length = count;
> > + if (buf[length - 1] == '\n')
> > + length--;
> > +
> > + /* allocate space and copy current auth token */
> > + bioscfg_drv.spm_data.auth_token = kmalloc(count, GFP_KERNEL);
> > + if (!bioscfg_drv.spm_data.auth_token) {
> > + ret = -ENOMEM;
> > + goto exit_token;
>
> Return directly.

Done!
>
> > + }
> > +

<snip>

2023-05-10 22:34:42

by Jorge Lopez

[permalink] [raw]
Subject: Re: [PATCH v12 11/13] HP BIOSCFG driver - surestart-attributes

On Tue, May 9, 2023 at 8:57 AM Ilpo Järvinen
<[email protected]> wrote:
>
> On Fri, 5 May 2023, Jorge Lopez wrote:
>
> > HP BIOS Configuration driver purpose is to provide a driver supporting
> > the latest sysfs class firmware attributes framework allowing the user
> > to change BIOS settings and security solutions on HP Inc.’s commercial
> > notebooks.
> >
> > Many features of HP Commercial notebooks can be managed using Windows
> > Management Instrumentation (WMI). WMI is an implementation of Web-Based
> > Enterprise Management (WBEM) that provides a standards-based interface
> > for changing and monitoring system settings. HP BIOSCFG driver provides
> > a native Linux solution and the exposed features facilitates the
> > migration to Linux environments.
> >
> > The Linux security features to be provided in hp-bioscfg driver enables
> > managing the BIOS settings and security solutions via sysfs, a virtual
> > filesystem that can be used by user-mode applications. The new
> > documentation cover HP-specific firmware sysfs attributes such Secure
> > Platform Management and Sure Start. Each section provides security
> > feature description and identifies sysfs directories and files exposed
> > by the driver.
> >
> > Many HP Commercial notebooks include a feature called Secure Platform
> > Management (SPM), which replaces older password-based BIOS settings
> > management with public key cryptography. PC secure product management
> > begins when a target system is provisioned with cryptographic keys
> > that are used to ensure the integrity of communications between system
> > management utilities and the BIOS.
> >
> > HP Commercial notebooks have several BIOS settings that control its
> > behaviour and capabilities, many of which are related to security.
> > To prevent unauthorized changes to these settings, the system can
> > be configured to use a cryptographic signature-based authorization
> > string that the BIOS will use to verify authorization to modify the
> > setting.
> >
> > Linux Security components are under development and not published yet.
> > The only linux component is the driver (hp bioscfg) at this time.
> > Other published security components are under Windows.
> >
> > Signed-off-by: Jorge Lopez <[email protected]>
> >
> > ---
> > Based on the latest platform-drivers-x86.git/for-next
> > ---
> > .../x86/hp/hp-bioscfg/surestart-attributes.c | 133 ++++++++++++++++++
> > 1 file changed, 133 insertions(+)
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
> >
> > diff --git a/drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
> > new file mode 100644
> > index 000000000000..b627c324f6a6
> > --- /dev/null
> > +++ b/drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
> > @@ -0,0 +1,133 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/*
> > + * Functions corresponding to sure start object type attributes under
> > + * BIOS for use with hp-bioscfg driver
> > + *
> > + * Copyright (c) 2022 HP Development Company, L.P.
> > + */
> > +
> > +#include "bioscfg.h"
> > +#include <linux/types.h>
> > +
> > +/* Maximum number of log entries supported when log entry size is 16
> > + * bytes. This value is calculated by dividing 4096 (page size) by
> > + * log entry size.
> > + */
> > +#define LOG_MAX_ENTRIES 254
> > +
> > +/*
> > + * Current Log entry size. This value size will change in the
> > + * future. The driver reads a total of 128 bytes for each log entry
> > + * provided by BIOS but only the first 16 bytes are used/read.
> > + */
> > +#define LOG_ENTRY_SIZE 16
> > +
> > +/*
> > + * audit_log_entry_count_show - Reports the number of
> > + * existing audit log entries available
> > + * to be read
> > + */
> > +static ssize_t audit_log_entry_count_show(struct kobject *kobj,
> > + struct kobj_attribute *attr, char *buf)
> > +{
> > + int ret;
> > + u32 count = 0;
> > +
> > + ret = hp_wmi_perform_query(HPWMI_SURESTART_GET_LOG_COUNT,
> > + HPWMI_SURESTART,
> > + &count, 1, sizeof(count));
> > +
>
> Extra newline.
Done!
>
> > + if (ret < 0)
> > + return ret;
> > +
> > + return sysfs_emit(buf, "%d,%d,%d\n", count, LOG_ENTRY_SIZE,
> > + LOG_MAX_ENTRIES);
>
> Why 3 values instead of 1?
This version of BIOS only returns the number of audit log events available.
The other two values are the current log entry size which today is
hardcoded. This will change in future when BIOS returns the log entry
size.
>
> > +}
> > +
> > +/*
> > + * audit_log_entries_show() - Return all entries found in log file
> > + */
> > +static ssize_t audit_log_entries_show(struct kobject *kobj,
> > + struct kobj_attribute *attr, char *buf)
> > +{
> > + int ret;
> > + int i;
> > + u32 count = 0;
> > + u8 audit_log_buffer[128];
> > +
> > + // Get the number of event logs
> > + ret = hp_wmi_perform_query(HPWMI_SURESTART_GET_LOG_COUNT,
> > + HPWMI_SURESTART,
> > + &count, 1, sizeof(count));
> > +
>
> Extra newline.
Done!
>
> > + if (ret < 0)
> > + return ret;
> > +
> > + /*
> > + * The show() api will not work if the audit logs ever go
> > + * beyond 4KB
>
> Extra space.
Done!
>
> > + */
> > + if (count * LOG_ENTRY_SIZE > PAGE_SIZE)
> > + return -EIO;
> > +
> > + /*
> > + * We are guaranteed the buffer is 4KB so today all the event
> > + * logs will fit
> > + */
> > + for (i = 0; i < count; i++) {
> > + audit_log_buffer[0] = (i + 1);
>
> Extra parenthesis.
Done!
>
> > +
> > + /*
> > + * read audit log entry at a time. 'buf' input value
> > + * provides the audit log entry to be read. On
>
> Extra spaces.
Done!
>
> > + * input, Byte 0 = Audit Log entry number from
> > + * beginning (1..254)
> > + * Entry number 1 is the newest entry whereas the
> > + * highest entry number (number of entries) is the
> > + * oldest entry.
> > + */
> > + ret = hp_wmi_perform_query(HPWMI_SURESTART_GET_LOG,
> > + HPWMI_SURESTART,
> > + audit_log_buffer, 1, 128);
> > +
> > + if (ret >= 0 && (LOG_ENTRY_SIZE * i) < PAGE_SIZE) {
>
> Can the second condition ever fail?
>
Only in the event BIOS data is corrupted.

> > + memcpy(buf, audit_log_buffer, LOG_ENTRY_SIZE);
> > + buf += LOG_ENTRY_SIZE;
> > + } else {
> > + /*
> > + * Encountered a failure while reading
> > + * individual logs. Only a partial list of
> > + * audit log will be returned.
> > + */
> > + count = i + 1;
> > + break;
> > + }
>
> Reverse order, do error handling with break first.
Done!
>
> Why not return i * LOG_ENTRY_SIZE directly (or at the end), no need to
> tweak count?

Done!
>
> > + }
> > +
> > + return count * LOG_ENTRY_SIZE;
> > +}
> > +
> > +static struct kobj_attribute sure_start_audit_log_entry_count = __ATTR_RO(audit_log_entry_count);
> > +static struct kobj_attribute sure_start_audit_log_entries = __ATTR_RO(audit_log_entries);
> > +
> > +static struct attribute *sure_start_attrs[] = {
> > + &sure_start_audit_log_entry_count.attr,
> > + &sure_start_audit_log_entries.attr,
> > + NULL,
> > +};
> > +
> > +static const struct attribute_group sure_start_attr_group = {
> > + .attrs = sure_start_attrs,
> > +};
> > +
> > +void exit_sure_start_attributes(void)
> > +{
> > + sysfs_remove_group(bioscfg_drv.sure_start_attr_kobj,
> > + &sure_start_attr_group);
> > +}
> > +
> > +int populate_sure_start_data(struct kobject *attr_name_kobj)
> > +{
> > + bioscfg_drv.sure_start_attr_kobj = attr_name_kobj;
> > + return sysfs_create_group(attr_name_kobj, &sure_start_attr_group);
> > +}
> >
>
> --
> i.

2023-05-11 09:16:17

by Ilpo Järvinen

[permalink] [raw]
Subject: Re: [PATCH v12 06/13] HP BIOSCFG driver - passwdobj-attributes

On Wed, 10 May 2023, Jorge Lopez wrote:

> On Tue, May 9, 2023 at 7:34 AM Ilpo Järvinen
> <[email protected]> wrote:
> >
> > On Fri, 5 May 2023, Jorge Lopez wrote:
> >
> > > HP BIOS Configuration driver purpose is to provide a driver supporting
> > > the latest sysfs class firmware attributes framework allowing the user
> > > to change BIOS settings and security solutions on HP Inc.’s commercial
> > > notebooks.
> > >
> > > Many features of HP Commercial notebooks can be managed using Windows
> > > Management Instrumentation (WMI). WMI is an implementation of Web-Based
> > > Enterprise Management (WBEM) that provides a standards-based interface
> > > for changing and monitoring system settings. HP BIOSCFG driver provides
> > > a native Linux solution and the exposed features facilitates the
> > > migration to Linux environments.
> > >
> > > The Linux security features to be provided in hp-bioscfg driver enables
> > > managing the BIOS settings and security solutions via sysfs, a virtual
> > > filesystem that can be used by user-mode applications. The new
> > > documentation cover HP-specific firmware sysfs attributes such Secure
> > > Platform Management and Sure Start. Each section provides security
> > > feature description and identifies sysfs directories and files exposed
> > > by the driver.
> > >
> > > Many HP Commercial notebooks include a feature called Secure Platform
> > > Management (SPM), which replaces older password-based BIOS settings
> > > management with public key cryptography. PC secure product management
> > > begins when a target system is provisioned with cryptographic keys
> > > that are used to ensure the integrity of communications between system
> > > management utilities and the BIOS.
> > >
> > > HP Commercial notebooks have several BIOS settings that control its
> > > behaviour and capabilities, many of which are related to security.
> > > To prevent unauthorized changes to these settings, the system can
> > > be configured to use a cryptographic signature-based authorization
> > > string that the BIOS will use to verify authorization to modify the
> > > setting.
> > >
> > > Linux Security components are under development and not published yet.
> > > The only linux component is the driver (hp bioscfg) at this time.
> > > Other published security components are under Windows.
> > >
> > > Signed-off-by: Jorge Lopez <[email protected]>
> > >
> > > ---
> > > Based on the latest platform-drivers-x86.git/for-next
> >
> > FYI, for me you don't need to reply into the comments where you'll be
> > following the review suggestion. It saves us both time if we focus on
> > points where there's more to discuss.


> > > + /*
> > > + * This HACK is needed to keep the expected
> > > + * element list pointing to the right obj[elem].type
> > > + * when the size is zero. PREREQUISITES
> >
> > Please remove all these double space from your patches (should be easy
> > to find them with grep). Please check if your editor adds them e.g., when
> > reflowing text.
>
> What double spaces are you referring to?

There's "zero. PREREQUISITES" so double space after the full stop. We
don't use them in the kernel comments.

It could be that your editor auto inserts the second space (by default)
when e.g. reflowing text because it's some English rule to use two spaces
there.


--
i.

2023-05-11 09:36:03

by Ilpo Järvinen

[permalink] [raw]
Subject: Re: [PATCH v12 10/13] HP BIOSCFG driver - spmobj-attributes

On Wed, 10 May 2023, Jorge Lopez wrote:

> On Tue, May 9, 2023 at 8:48 AM Ilpo Järvinen
> <[email protected]> wrote:
> >
> > On Fri, 5 May 2023, Jorge Lopez wrote:
> >
> > > HP BIOS Configuration driver purpose is to provide a driver supporting
> > > the latest sysfs class firmware attributes framework allowing the user
> > > to change BIOS settings and security solutions on HP Inc.’s commercial
> > > notebooks.
> > >
> > > Many features of HP Commercial notebooks can be managed using Windows
> > > Management Instrumentation (WMI). WMI is an implementation of Web-Based
> > > Enterprise Management (WBEM) that provides a standards-based interface
> > > for changing and monitoring system settings. HP BIOSCFG driver provides
> > > a native Linux solution and the exposed features facilitates the
> > > migration to Linux environments.
> > >
> > > The Linux security features to be provided in hp-bioscfg driver enables
> > > managing the BIOS settings and security solutions via sysfs, a virtual
> > > filesystem that can be used by user-mode applications. The new
> > > documentation cover HP-specific firmware sysfs attributes such Secure
> > > Platform Management and Sure Start. Each section provides security
> > > feature description and identifies sysfs directories and files exposed
> > > by the driver.
> > >
> > > Many HP Commercial notebooks include a feature called Secure Platform
> > > Management (SPM), which replaces older password-based BIOS settings
> > > management with public key cryptography. PC secure product management
> > > begins when a target system is provisioned with cryptographic keys
> > > that are used to ensure the integrity of communications between system
> > > management utilities and the BIOS.
> > >
> > > HP Commercial notebooks have several BIOS settings that control its
> > > behaviour and capabilities, many of which are related to security.
> > > To prevent unauthorized changes to these settings, the system can
> > > be configured to use a cryptographic signature-based authorization
> > > string that the BIOS will use to verify authorization to modify the
> > > setting.
> > >
> > > Linux Security components are under development and not published yet.
> > > The only linux component is the driver (hp bioscfg) at this time.
> > > Other published security components are under Windows.
> > >
> > > Signed-off-by: Jorge Lopez <[email protected]>
> > >
> > > ---


> > > + } else {
> > > + /*
> > > + * UTF-16 prefix is append to the * buffer when a BIOS
> >
> > What is "the * buffer" ?
>
> It is the data stored in 'buffer' variable which is composed of three
> strings concatenated together to be submitted to BIOS via WMI call.
> 'Buffer' will looks something as [size attribute][attribute][size
> value][value][auth size][auth payload]
> size is the length in bytes, attribute/value/auth are string represented in u16

Even after this explanation I don't understand why it's called "the *
buffer". Is that common terminology in this domain (in which case it's
fine, I just haven't come across such term before)?

> > > + * admin password is configured in BIOS
> > > + */
> > > +

[...snip...]

> > > +/*
> > > + * status_show - Reads SPM status
> > > + */
> > > +static ssize_t status_show(struct kobject *kobj, struct kobj_attribute
> > > + *attr, char *buf)
> > > +{
> > > + int ret, i;
> > > + struct secureplatform_provisioning_data data;
> > > +
> > > + ret = statusbin(kobj, attr, &data);
> > > + if (ret < 0)
> > > + goto status_exit;
> >
> > Can you calculate strnlen() from buf at this point, or is the result
> > garbage? Should you return ret instead here?
>
> It should return the error instead.
> >
> > > +
> > > + sysfs_emit(buf, "%s{\n", buf);
> > > + sysfs_emit(buf, "%s\t\"State\": \"%s\",\n", buf,
> > > + spm_state_types[data.state]);
> > > + sysfs_emit(buf, "%s\t\"Version\": \"%d.%d\",\n", buf, data.version[0],
> > > + data.version[1]);
> > > +
> > > + /*
> > > + * state == 0 means secure platform management
> > > + * feature is not configured in BIOS.
> > > + */
> > > + if (data.state == 0)
> > > + goto status_exit;
> > > +
> > > + sysfs_emit(buf, "%s\t\"Nonce\": %d,\n", buf, data.nonce);
> > > + sysfs_emit(buf, "%s\t\"FeaturesInUse\": %d,\n", buf, data.features);
> > > + sysfs_emit(buf, "%s\t\"EndorsementKeyMod\": \"", buf);
> > > +
> > > + for (i = 255; i >= 0; i--)
> > > + sysfs_emit(buf, "%s %u", buf, data.kek_mod[i]);
> > > +
> > > + sysfs_emit(buf, "%s \",\n", buf);
> > > + sysfs_emit(buf, "%s\t\"SigningKeyMod\": \"", buf);
> > > +
> > > + for (i = 255; i >= 0; i--)
> > > + sysfs_emit(buf, "%s %u", buf, data.sk_mod[i]);
> > > +
> > > + /* Return buf contents */
> > > +
> > > + sysfs_emit(buf, "%s \"\n", buf);
> > > + sysfs_emit(buf, "%s}\n", buf);
> > > +
> > > +status_exit:
> > > + return strnlen(buf, PAGE_SIZE);
> > > +}
> >
> > Emit buf into buf? There's sysfs_emit_at(), however,
> >
> > while I'm far from sysfs formatting expert, this feels something that
> > tries to expose more than one thing over same sysfs file. Shouldn't they
> > be each in their own files?
>
> This concern was brought up in earlier reviews but it was decided to
> allow returning the information as a single json file.
> Because the information is part of the same structure and received in
> a single WMI call, separating the components into multiple files can
> cause the data read in one field to be stale by the time is read.

Okay, makes more sense. Maybe add a comment that the return is a json
string because that's not very obvious (I only realized now when you told
me).

The other point is still valid though, you should keep length in a
variable and use sysfs_emit_at() to avoid printing buf into buf on
every line.


--
i.

2023-05-11 09:49:33

by Ilpo Järvinen

[permalink] [raw]
Subject: Re: [PATCH v12 11/13] HP BIOSCFG driver - surestart-attributes

On Wed, 10 May 2023, Jorge Lopez wrote:

> On Tue, May 9, 2023 at 8:57 AM Ilpo Järvinen
> <[email protected]> wrote:
> >
> > On Fri, 5 May 2023, Jorge Lopez wrote:
> >
> > > HP BIOS Configuration driver purpose is to provide a driver supporting
> > > the latest sysfs class firmware attributes framework allowing the user
> > > to change BIOS settings and security solutions on HP Inc.’s commercial
> > > notebooks.
> > >
> > > Many features of HP Commercial notebooks can be managed using Windows
> > > Management Instrumentation (WMI). WMI is an implementation of Web-Based
> > > Enterprise Management (WBEM) that provides a standards-based interface
> > > for changing and monitoring system settings. HP BIOSCFG driver provides
> > > a native Linux solution and the exposed features facilitates the
> > > migration to Linux environments.
> > >
> > > The Linux security features to be provided in hp-bioscfg driver enables
> > > managing the BIOS settings and security solutions via sysfs, a virtual
> > > filesystem that can be used by user-mode applications. The new
> > > documentation cover HP-specific firmware sysfs attributes such Secure
> > > Platform Management and Sure Start. Each section provides security
> > > feature description and identifies sysfs directories and files exposed
> > > by the driver.
> > >
> > > Many HP Commercial notebooks include a feature called Secure Platform
> > > Management (SPM), which replaces older password-based BIOS settings
> > > management with public key cryptography. PC secure product management
> > > begins when a target system is provisioned with cryptographic keys
> > > that are used to ensure the integrity of communications between system
> > > management utilities and the BIOS.
> > >
> > > HP Commercial notebooks have several BIOS settings that control its
> > > behaviour and capabilities, many of which are related to security.
> > > To prevent unauthorized changes to these settings, the system can
> > > be configured to use a cryptographic signature-based authorization
> > > string that the BIOS will use to verify authorization to modify the
> > > setting.
> > >
> > > Linux Security components are under development and not published yet.
> > > The only linux component is the driver (hp bioscfg) at this time.
> > > Other published security components are under Windows.
> > >
> > > Signed-off-by: Jorge Lopez <[email protected]>
> > >
> > > ---
> > > Based on the latest platform-drivers-x86.git/for-next
> > > ---

> > > diff --git a/drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
> > > new file mode 100644
> > > index 000000000000..b627c324f6a6
> > > --- /dev/null
> > > +++ b/drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
> > > @@ -0,0 +1,133 @@
> > > +// SPDX-License-Identifier: GPL-2.0
> > > +/*
> > > + * Functions corresponding to sure start object type attributes under
> > > + * BIOS for use with hp-bioscfg driver
> > > + *
> > > + * Copyright (c) 2022 HP Development Company, L.P.
> > > + */
> > > +
> > > +#include "bioscfg.h"
> > > +#include <linux/types.h>
> > > +
> > > +/* Maximum number of log entries supported when log entry size is 16
> > > + * bytes. This value is calculated by dividing 4096 (page size) by
> > > + * log entry size.
> > > + */
> > > +#define LOG_MAX_ENTRIES 254
> > > +
> > > +/*
> > > + * Current Log entry size. This value size will change in the
> > > + * future. The driver reads a total of 128 bytes for each log entry
> > > + * provided by BIOS but only the first 16 bytes are used/read.
> > > + */
> > > +#define LOG_ENTRY_SIZE 16
> > > +
> > > +/*
> > > + * audit_log_entry_count_show - Reports the number of
> > > + * existing audit log entries available
> > > + * to be read
> > > + */
> > > +static ssize_t audit_log_entry_count_show(struct kobject *kobj,
> > > + struct kobj_attribute *attr, char *buf)
> > > +{
> > > + int ret;
> > > + u32 count = 0;
> > > +
> > > + ret = hp_wmi_perform_query(HPWMI_SURESTART_GET_LOG_COUNT,
> > > + HPWMI_SURESTART,
> > > + &count, 1, sizeof(count));
> > > +
> >
> > Extra newline.
> Done!
> >
> > > + if (ret < 0)
> > > + return ret;
> > > +
> > > + return sysfs_emit(buf, "%d,%d,%d\n", count, LOG_ENTRY_SIZE,
> > > + LOG_MAX_ENTRIES);
> >
> > Why 3 values instead of 1?
> This version of BIOS only returns the number of audit log events available.
> The other two values are the current log entry size which today is
> hardcoded. This will change in future when BIOS returns the log entry
> size.

And you cannot provide the others in separate sysfs files?

> > > +}
> > > +
> > > +/*
> > > + * audit_log_entries_show() - Return all entries found in log file
> > > + */
> > > +static ssize_t audit_log_entries_show(struct kobject *kobj,
> > > + struct kobj_attribute *attr, char *buf)
> > > +{
> > > + int ret;
> > > + int i;
> > > + u32 count = 0;
> > > + u8 audit_log_buffer[128];
> > > +
> > > + // Get the number of event logs
> > > + ret = hp_wmi_perform_query(HPWMI_SURESTART_GET_LOG_COUNT,
> > > + HPWMI_SURESTART,
> > > + &count, 1, sizeof(count));
> > > +
> >
> > Extra newline.
> Done!
> >
> > > + if (ret < 0)
> > > + return ret;
> > > +
> > > + /*
> > > + * The show() api will not work if the audit logs ever go
> > > + * beyond 4KB
> >
> > Extra space.
> Done!
> >
> > > + */
> > > + if (count * LOG_ENTRY_SIZE > PAGE_SIZE)
> > > + return -EIO;
> > > +
> > > + /*
> > > + * We are guaranteed the buffer is 4KB so today all the event
> > > + * logs will fit
> > > + */
> > > + for (i = 0; i < count; i++) {
> > > + audit_log_buffer[0] = (i + 1);
> >
> > Extra parenthesis.
> Done!
> >
> > > +
> > > + /*
> > > + * read audit log entry at a time. 'buf' input value
> > > + * provides the audit log entry to be read. On
> >
> > Extra spaces.
> Done!
> >
> > > + * input, Byte 0 = Audit Log entry number from
> > > + * beginning (1..254)
> > > + * Entry number 1 is the newest entry whereas the
> > > + * highest entry number (number of entries) is the
> > > + * oldest entry.
> > > + */
> > > + ret = hp_wmi_perform_query(HPWMI_SURESTART_GET_LOG,
> > > + HPWMI_SURESTART,
> > > + audit_log_buffer, 1, 128);
> > > +
> > > + if (ret >= 0 && (LOG_ENTRY_SIZE * i) < PAGE_SIZE) {
> >
> > Can the second condition ever fail?
> >
> Only in the event BIOS data is corrupted.

i runs from 0 to count - 1 and you prevented count * LOG_ENTRY_SIZE >
PAGE_SIZE above. So what the BIOS data has to do with that?

> > > + memcpy(buf, audit_log_buffer, LOG_ENTRY_SIZE);
> > > + buf += LOG_ENTRY_SIZE;
> > > + } else {
> > > + /*
> > > + * Encountered a failure while reading
> > > + * individual logs. Only a partial list of
> > > + * audit log will be returned.
> > > + */
> > > + count = i + 1;
> > > + break;
> > > + }
> >
> > Reverse order, do error handling with break first.
> Done!
> >
> > Why not return i * LOG_ENTRY_SIZE directly (or at the end), no need to
> > tweak count?
>
> Done!
> >
> > > + }
> > > +
> > > + return count * LOG_ENTRY_SIZE;
> > > +}


--
i.

2023-05-11 14:10:13

by Jorge Lopez

[permalink] [raw]
Subject: Re: [PATCH v12 06/13] HP BIOSCFG driver - passwdobj-attributes

On Thu, May 11, 2023 at 4:09 AM Ilpo Järvinen
<[email protected]> wrote:
>
> On Wed, 10 May 2023, Jorge Lopez wrote:
>
> > On Tue, May 9, 2023 at 7:34 AM Ilpo Järvinen
> > <[email protected]> wrote:
> > >
> > > On Fri, 5 May 2023, Jorge Lopez wrote:
> > >
> > > > HP BIOS Configuration driver purpose is to provide a driver supporting
> > > > the latest sysfs class firmware attributes framework allowing the user
> > > > to change BIOS settings and security solutions on HP Inc.’s commercial
> > > > notebooks.
> > > >
> > > > Many features of HP Commercial notebooks can be managed using Windows
> > > > Management Instrumentation (WMI). WMI is an implementation of Web-Based
> > > > Enterprise Management (WBEM) that provides a standards-based interface
> > > > for changing and monitoring system settings. HP BIOSCFG driver provides
> > > > a native Linux solution and the exposed features facilitates the
> > > > migration to Linux environments.
> > > >
> > > > The Linux security features to be provided in hp-bioscfg driver enables
> > > > managing the BIOS settings and security solutions via sysfs, a virtual
> > > > filesystem that can be used by user-mode applications. The new
> > > > documentation cover HP-specific firmware sysfs attributes such Secure
> > > > Platform Management and Sure Start. Each section provides security
> > > > feature description and identifies sysfs directories and files exposed
> > > > by the driver.
> > > >
> > > > Many HP Commercial notebooks include a feature called Secure Platform
> > > > Management (SPM), which replaces older password-based BIOS settings
> > > > management with public key cryptography. PC secure product management
> > > > begins when a target system is provisioned with cryptographic keys
> > > > that are used to ensure the integrity of communications between system
> > > > management utilities and the BIOS.
> > > >
> > > > HP Commercial notebooks have several BIOS settings that control its
> > > > behaviour and capabilities, many of which are related to security.
> > > > To prevent unauthorized changes to these settings, the system can
> > > > be configured to use a cryptographic signature-based authorization
> > > > string that the BIOS will use to verify authorization to modify the
> > > > setting.
> > > >
> > > > Linux Security components are under development and not published yet.
> > > > The only linux component is the driver (hp bioscfg) at this time.
> > > > Other published security components are under Windows.
> > > >
> > > > Signed-off-by: Jorge Lopez <[email protected]>
> > > >
> > > > ---
> > > > Based on the latest platform-drivers-x86.git/for-next
> > >
> > > FYI, for me you don't need to reply into the comments where you'll be
> > > following the review suggestion. It saves us both time if we focus on
> > > points where there's more to discuss.
>
>
> > > > + /*
> > > > + * This HACK is needed to keep the expected
> > > > + * element list pointing to the right obj[elem].type
> > > > + * when the size is zero. PREREQUISITES
> > >
> > > Please remove all these double space from your patches (should be easy
> > > to find them with grep). Please check if your editor adds them e.g., when
> > > reflowing text.
> >
> > What double spaces are you referring to?
>
> There's "zero. PREREQUISITES" so double space after the full stop. We
> don't use them in the kernel comments.
>
> It could be that your editor auto inserts the second space (by default)
> when e.g. reflowing text because it's some English rule to use two spaces
> there.
>
>

Thank you for the clarification. I checked and fixed all double
spaces in all source files
> --
> i.

2023-05-12 14:05:24

by Jorge Lopez

[permalink] [raw]
Subject: Re: [PATCH v12 11/13] HP BIOSCFG driver - surestart-attributes

On Thu, May 11, 2023 at 4:32 AM Ilpo Järvinen
<[email protected]> wrote:
>
> On Wed, 10 May 2023, Jorge Lopez wrote:
>
> > On Tue, May 9, 2023 at 8:57 AM Ilpo Järvinen
> > <[email protected]> wrote:
> > >
> > > On Fri, 5 May 2023, Jorge Lopez wrote:
> > >
> > > > HP BIOS Configuration driver purpose is to provide a driver supporting
> > > > the latest sysfs class firmware attributes framework allowing the user
> > > > to change BIOS settings and security solutions on HP Inc.’s commercial
> > > > notebooks.
> > > >
> > > > Many features of HP Commercial notebooks can be managed using Windows
> > > > Management Instrumentation (WMI). WMI is an implementation of Web-Based
> > > > Enterprise Management (WBEM) that provides a standards-based interface
> > > > for changing and monitoring system settings. HP BIOSCFG driver provides
> > > > a native Linux solution and the exposed features facilitates the
> > > > migration to Linux environments.
> > > >
> > > > The Linux security features to be provided in hp-bioscfg driver enables
> > > > managing the BIOS settings and security solutions via sysfs, a virtual
> > > > filesystem that can be used by user-mode applications. The new
> > > > documentation cover HP-specific firmware sysfs attributes such Secure
> > > > Platform Management and Sure Start. Each section provides security
> > > > feature description and identifies sysfs directories and files exposed
> > > > by the driver.
> > > >
> > > > Many HP Commercial notebooks include a feature called Secure Platform
> > > > Management (SPM), which replaces older password-based BIOS settings
> > > > management with public key cryptography. PC secure product management
> > > > begins when a target system is provisioned with cryptographic keys
> > > > that are used to ensure the integrity of communications between system
> > > > management utilities and the BIOS.
> > > >
> > > > HP Commercial notebooks have several BIOS settings that control its
> > > > behaviour and capabilities, many of which are related to security.
> > > > To prevent unauthorized changes to these settings, the system can
> > > > be configured to use a cryptographic signature-based authorization
> > > > string that the BIOS will use to verify authorization to modify the
> > > > setting.
> > > >
> > > > Linux Security components are under development and not published yet.
> > > > The only linux component is the driver (hp bioscfg) at this time.
> > > > Other published security components are under Windows.
> > > >
> > > > Signed-off-by: Jorge Lopez <[email protected]>
> > > >
> > > > ---
> > > > Based on the latest platform-drivers-x86.git/for-next
> > > > ---
>
> > > > diff --git a/drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
> > > > new file mode 100644
> > > > index 000000000000..b627c324f6a6
> > > > --- /dev/null
> > > > +++ b/drivers/platform/x86/hp/hp-bioscfg/surestart-attributes.c
> > > > @@ -0,0 +1,133 @@
> > > > +// SPDX-License-Identifier: GPL-2.0
> > > > +/*
> > > > + * Functions corresponding to sure start object type attributes under
> > > > + * BIOS for use with hp-bioscfg driver
> > > > + *
> > > > + * Copyright (c) 2022 HP Development Company, L.P.
> > > > + */
> > > > +
> > > > +#include "bioscfg.h"
> > > > +#include <linux/types.h>
> > > > +
> > > > +/* Maximum number of log entries supported when log entry size is 16
> > > > + * bytes. This value is calculated by dividing 4096 (page size) by
> > > > + * log entry size.
> > > > + */
> > > > +#define LOG_MAX_ENTRIES 254
> > > > +
> > > > +/*
> > > > + * Current Log entry size. This value size will change in the
> > > > + * future. The driver reads a total of 128 bytes for each log entry
> > > > + * provided by BIOS but only the first 16 bytes are used/read.
> > > > + */
> > > > +#define LOG_ENTRY_SIZE 16
> > > > +
> > > > +/*
> > > > + * audit_log_entry_count_show - Reports the number of
> > > > + * existing audit log entries available
> > > > + * to be read
> > > > + */
> > > > +static ssize_t audit_log_entry_count_show(struct kobject *kobj,
> > > > + struct kobj_attribute *attr, char *buf)
> > > > +{
> > > > + int ret;
> > > > + u32 count = 0;
> > > > +
> > > > + ret = hp_wmi_perform_query(HPWMI_SURESTART_GET_LOG_COUNT,
> > > > + HPWMI_SURESTART,
> > > > + &count, 1, sizeof(count));
> > > > +
> > >
> > > Extra newline.
> > Done!
> > >
> > > > + if (ret < 0)
> > > > + return ret;
> > > > +
> > > > + return sysfs_emit(buf, "%d,%d,%d\n", count, LOG_ENTRY_SIZE,
> > > > + LOG_MAX_ENTRIES);
> > >
> > > Why 3 values instead of 1?
> > This version of BIOS only returns the number of audit log events available.
> > The other two values are the current log entry size which today is
> > hardcoded. This will change in future when BIOS returns the log entry
> > size.
>
> And you cannot provide the others in separate sysfs files?

Yes, the information can be provided in separate files. Because two
out of three values are currently static, it was decided to keep all
information on a single sysfs file.
The documentation reads ...

What: /sys/class/firmware-attributes/*/attributes/Sure_Start/audit_log_entry_count
Date: March 29
KernelVersion: 5.18
Contact: "Jorge Lopez" <[email protected]>
Description:
'audit_log_entry_count' is a read-only file that returns the number of existing
audit log events available to be read. Values are separated using comma (``,``)

[No of entries],[log entry size],[Max number of entries supported]

log entry size identifies audit log size for the current BIOS version.
The current size is 16 bytes but it can be up to 128 bytes long
in future BIOS versions.

>
> > > > +}
> > > > +
> > > > +/*
> > > > + * audit_log_entries_show() - Return all entries found in log file
> > > > + */
> > > > +static ssize_t audit_log_entries_show(struct kobject *kobj,
> > > > + struct kobj_attribute *attr, char *buf)
> > > > +{
> > > > + int ret;
> > > > + int i;
> > > > + u32 count = 0;
> > > > + u8 audit_log_buffer[128];
> > > > +
> > > > + // Get the number of event logs
> > > > + ret = hp_wmi_perform_query(HPWMI_SURESTART_GET_LOG_COUNT,
> > > > + HPWMI_SURESTART,
> > > > + &count, 1, sizeof(count));
> > > > +
> > >
> > > Extra newline.
> > Done!
> > >
> > > > + if (ret < 0)
> > > > + return ret;
> > > > +
> > > > + /*
> > > > + * The show() api will not work if the audit logs ever go
> > > > + * beyond 4KB
> > >
> > > Extra space.
> > Done!
> > >
> > > > + */
> > > > + if (count * LOG_ENTRY_SIZE > PAGE_SIZE)
> > > > + return -EIO;
> > > > +
> > > > + /*
> > > > + * We are guaranteed the buffer is 4KB so today all the event
> > > > + * logs will fit
> > > > + */
> > > > + for (i = 0; i < count; i++) {
> > > > + audit_log_buffer[0] = (i + 1);
> > >
> > > Extra parenthesis.
> > Done!
> > >
> > > > +
> > > > + /*
> > > > + * read audit log entry at a time. 'buf' input value
> > > > + * provides the audit log entry to be read. On
> > >
> > > Extra spaces.
> > Done!
> > >
> > > > + * input, Byte 0 = Audit Log entry number from
> > > > + * beginning (1..254)
> > > > + * Entry number 1 is the newest entry whereas the
> > > > + * highest entry number (number of entries) is the
> > > > + * oldest entry.
> > > > + */
> > > > + ret = hp_wmi_perform_query(HPWMI_SURESTART_GET_LOG,
> > > > + HPWMI_SURESTART,
> > > > + audit_log_buffer, 1, 128);
> > > > +
> > > > + if (ret >= 0 && (LOG_ENTRY_SIZE * i) < PAGE_SIZE) {
> > >
> > > Can the second condition ever fail?
> > >
> > Only in the event BIOS data is corrupted.
>
> i runs from 0 to count - 1 and you prevented count * LOG_ENTRY_SIZE >
> PAGE_SIZE above. So what does the BIOS data have to do with that?

BIOS guarantees the number of audit logs * LOG_ENTRY_SIZE will be less
than 4K (PAGE_SIZE)
Because Linux kernel trusts no one, we are checking that BIOS does not
report more events than it should.
WMI expects the input buffer to include the current audit log number
(audit_log_buffer[0] = (i + 1);) which is i+1.

>
> > > > + memcpy(buf, audit_log_buffer, LOG_ENTRY_SIZE);
> > > > + buf += LOG_ENTRY_SIZE;
> > > > + } else {
> > > > + /*
> > > > + * Encountered a failure while reading
> > > > + * individual logs. Only a partial list of
> > > > + * audit log will be returned.
> > > > + */
> > > > + count = i + 1;
> > > > + break;
> > > > + }
> > >
> > > Reverse order, do error handling with break first.
> > Done!
> > >
> > > Why not return i * LOG_ENTRY_SIZE directly (or at the end), no need to
> > > tweak count?
> >
> > Done!
> > >
> > > > + }
> > > > +
> > > > + return count * LOG_ENTRY_SIZE;
> > > > +}
>
>
> --
> i.

2023-05-12 14:16:47

by Ilpo Järvinen

[permalink] [raw]
Subject: Re: [PATCH v12 11/13] HP BIOSCFG driver - surestart-attributes

On Fri, 12 May 2023, Jorge Lopez wrote:

> On Thu, May 11, 2023 at 4:32 AM Ilpo Järvinen
> <[email protected]> wrote:
> >
> > On Wed, 10 May 2023, Jorge Lopez wrote:
> >
> > > On Tue, May 9, 2023 at 8:57 AM Ilpo Järvinen
> > > <[email protected]> wrote:
> > > >
> > > > On Fri, 5 May 2023, Jorge Lopez wrote:
> > > >
> > > > > HP BIOS Configuration driver purpose is to provide a driver supporting
> > > > > the latest sysfs class firmware attributes framework allowing the user
> > > > > to change BIOS settings and security solutions on HP Inc.’s commercial
> > > > > notebooks.
> > > > >
> > > > > Many features of HP Commercial notebooks can be managed using Windows
> > > > > Management Instrumentation (WMI). WMI is an implementation of Web-Based
> > > > > Enterprise Management (WBEM) that provides a standards-based interface
> > > > > for changing and monitoring system settings. HP BIOSCFG driver provides
> > > > > a native Linux solution and the exposed features facilitates the
> > > > > migration to Linux environments.
> > > > >
> > > > > The Linux security features to be provided in hp-bioscfg driver enables
> > > > > managing the BIOS settings and security solutions via sysfs, a virtual
> > > > > filesystem that can be used by user-mode applications. The new
> > > > > documentation cover HP-specific firmware sysfs attributes such Secure
> > > > > Platform Management and Sure Start. Each section provides security
> > > > > feature description and identifies sysfs directories and files exposed
> > > > > by the driver.
> > > > >
> > > > > Many HP Commercial notebooks include a feature called Secure Platform
> > > > > Management (SPM), which replaces older password-based BIOS settings
> > > > > management with public key cryptography. PC secure product management
> > > > > begins when a target system is provisioned with cryptographic keys
> > > > > that are used to ensure the integrity of communications between system
> > > > > management utilities and the BIOS.
> > > > >
> > > > > HP Commercial notebooks have several BIOS settings that control its
> > > > > behaviour and capabilities, many of which are related to security.
> > > > > To prevent unauthorized changes to these settings, the system can
> > > > > be configured to use a cryptographic signature-based authorization
> > > > > string that the BIOS will use to verify authorization to modify the
> > > > > setting.
> > > > >
> > > > > Linux Security components are under development and not published yet.
> > > > > The only linux component is the driver (hp bioscfg) at this time.
> > > > > Other published security components are under Windows.
> > > > >
> > > > > Signed-off-by: Jorge Lopez <[email protected]>
> > > > >
> > > > > ---
> > > > > Based on the latest platform-drivers-x86.git/for-next
> > > > > ---

> > > > > + */
> > > > > + if (count * LOG_ENTRY_SIZE > PAGE_SIZE)
> > > > > + return -EIO;
> > > > > +
> > > > > + /*
> > > > > + * We are guaranteed the buffer is 4KB so today all the event
> > > > > + * logs will fit
> > > > > + */
> > > > > + for (i = 0; i < count; i++) {
> > > > > + audit_log_buffer[0] = (i + 1);
> > > > > +
> > > > > + /*
> > > > > + * read audit log entry at a time. 'buf' input value
> > > > > + * provides the audit log entry to be read. On
> > > > > + * input, Byte 0 = Audit Log entry number from
> > > > > + * beginning (1..254)
> > > > > + * Entry number 1 is the newest entry whereas the
> > > > > + * highest entry number (number of entries) is the
> > > > > + * oldest entry.
> > > > > + */
> > > > > + ret = hp_wmi_perform_query(HPWMI_SURESTART_GET_LOG,
> > > > > + HPWMI_SURESTART,
> > > > > + audit_log_buffer, 1, 128);
> > > > > +
> > > > > + if (ret >= 0 && (LOG_ENTRY_SIZE * i) < PAGE_SIZE) {
> > > >
> > > > Can the second condition ever fail?
> > > >
> > > Only in the event BIOS data is corrupted.
> >
> > i runs from 0 to count - 1 and you prevented count * LOG_ENTRY_SIZE >
> > PAGE_SIZE above. So what does the BIOS data have to do with that?
>
> BIOS guarantees the number of audit logs * LOG_ENTRY_SIZE will be less
> than 4K (PAGE_SIZE)
> Because Linux kernel trusts no one, we are checking that BIOS does not
> report more events than it should.

I know you're checking that.

What I'm trying to say that even after that check, your own code does not
trust that when i < count holds (as per the for loop termination
condition), i * LOG_ENTRY_SIZE < count * LOG_ENTRY_SIZE.

So what I'm trying to say is that this check:
&& (LOG_ENTRY_SIZE * i) < PAGE_SIZE
...is always true (and therefore unnecessary).

> WMI expects the input buffer to include the current audit log number
> (audit_log_buffer[0] = (i + 1);) which is i+1.

I don't see how this is relevant to what I was asking.

> > > > > + memcpy(buf, audit_log_buffer, LOG_ENTRY_SIZE);
> > > > > + buf += LOG_ENTRY_SIZE;
> > > > > + } else {
> > > > > + /*
> > > > > + * Encountered a failure while reading
> > > > > + * individual logs. Only a partial list of
> > > > > + * audit log will be returned.
> > > > > + */
> > > > > + count = i + 1;
> > > > > + break;
> > > > > + }
> > > >
> > > > Reverse order, do error handling with break first.
> > > Done!
> > > >
> > > > Why not return i * LOG_ENTRY_SIZE directly (or at the end), no need to
> > > > tweak count?
> > >
> > > Done!
> > > >
> > > > > + }
> > > > > +
> > > > > + return count * LOG_ENTRY_SIZE;
> > > > > +}

--
i.

2023-05-12 15:50:56

by Jorge Lopez

[permalink] [raw]
Subject: Re: [PATCH v12 11/13] HP BIOSCFG driver - surestart-attributes

On Fri, May 12, 2023 at 9:12 AM Ilpo Järvinen
<[email protected]> wrote:
>
> On Fri, 12 May 2023, Jorge Lopez wrote:
>
> > On Thu, May 11, 2023 at 4:32 AM Ilpo Järvinen
> > <[email protected]> wrote:
> > >
> > > On Wed, 10 May 2023, Jorge Lopez wrote:
> > >
> > > > On Tue, May 9, 2023 at 8:57 AM Ilpo Järvinen
> > > > <[email protected]> wrote:
> > > > >
> > > > > On Fri, 5 May 2023, Jorge Lopez wrote:
> > > > >
> > > > > > HP BIOS Configuration driver purpose is to provide a driver supporting
> > > > > > the latest sysfs class firmware attributes framework allowing the user
> > > > > > to change BIOS settings and security solutions on HP Inc.’s commercial
> > > > > > notebooks.
> > > > > >
> > > > > > Many features of HP Commercial notebooks can be managed using Windows
> > > > > > Management Instrumentation (WMI). WMI is an implementation of Web-Based
> > > > > > Enterprise Management (WBEM) that provides a standards-based interface
> > > > > > for changing and monitoring system settings. HP BIOSCFG driver provides
> > > > > > a native Linux solution and the exposed features facilitates the
> > > > > > migration to Linux environments.
> > > > > >
> > > > > > The Linux security features to be provided in hp-bioscfg driver enables
> > > > > > managing the BIOS settings and security solutions via sysfs, a virtual
> > > > > > filesystem that can be used by user-mode applications. The new
> > > > > > documentation cover HP-specific firmware sysfs attributes such Secure
> > > > > > Platform Management and Sure Start. Each section provides security
> > > > > > feature description and identifies sysfs directories and files exposed
> > > > > > by the driver.
> > > > > >
> > > > > > Many HP Commercial notebooks include a feature called Secure Platform
> > > > > > Management (SPM), which replaces older password-based BIOS settings
> > > > > > management with public key cryptography. PC secure product management
> > > > > > begins when a target system is provisioned with cryptographic keys
> > > > > > that are used to ensure the integrity of communications between system
> > > > > > management utilities and the BIOS.
> > > > > >
> > > > > > HP Commercial notebooks have several BIOS settings that control its
> > > > > > behaviour and capabilities, many of which are related to security.
> > > > > > To prevent unauthorized changes to these settings, the system can
> > > > > > be configured to use a cryptographic signature-based authorization
> > > > > > string that the BIOS will use to verify authorization to modify the
> > > > > > setting.
> > > > > >
> > > > > > Linux Security components are under development and not published yet.
> > > > > > The only linux component is the driver (hp bioscfg) at this time.
> > > > > > Other published security components are under Windows.
> > > > > >
> > > > > > Signed-off-by: Jorge Lopez <[email protected]>
> > > > > >
> > > > > > ---
> > > > > > Based on the latest platform-drivers-x86.git/for-next
> > > > > > ---
>
> > > > > > + */
> > > > > > + if (count * LOG_ENTRY_SIZE > PAGE_SIZE)
> > > > > > + return -EIO;
> > > > > > +
> > > > > > + /*
> > > > > > + * We are guaranteed the buffer is 4KB so today all the event
> > > > > > + * logs will fit
> > > > > > + */
> > > > > > + for (i = 0; i < count; i++) {
> > > > > > + audit_log_buffer[0] = (i + 1);
> > > > > > +
> > > > > > + /*
> > > > > > + * read audit log entry at a time. 'buf' input value
> > > > > > + * provides the audit log entry to be read. On
> > > > > > + * input, Byte 0 = Audit Log entry number from
> > > > > > + * beginning (1..254)
> > > > > > + * Entry number 1 is the newest entry whereas the
> > > > > > + * highest entry number (number of entries) is the
> > > > > > + * oldest entry.
> > > > > > + */
> > > > > > + ret = hp_wmi_perform_query(HPWMI_SURESTART_GET_LOG,
> > > > > > + HPWMI_SURESTART,
> > > > > > + audit_log_buffer, 1, 128);
> > > > > > +
> > > > > > + if (ret >= 0 && (LOG_ENTRY_SIZE * i) < PAGE_SIZE) {
> > > > >
> > > > > Can the second condition ever fail?
> > > > >
> > > > Only in the event BIOS data is corrupted.
> > >
> > > i runs from 0 to count - 1 and you prevented count * LOG_ENTRY_SIZE >
> > > PAGE_SIZE above. So what does the BIOS data have to do with that?
> >
> > BIOS guarantees the number of audit logs * LOG_ENTRY_SIZE will be less
> > than 4K (PAGE_SIZE)
> > Because Linux kernel trusts no one, we are checking that BIOS does not
> > report more events than it should.
>
> I know you're checking that.
>
> What I'm trying to say that even after that check, your own code does not
> trust that when i < count holds (as per the for loop termination
> condition), i * LOG_ENTRY_SIZE < count * LOG_ENTRY_SIZE.
>
> So what I'm trying to say is that this check:
> && (LOG_ENTRY_SIZE * i) < PAGE_SIZE
> ...is always true (and therefore unnecessary).
>

I partially agree. If BIOS returns a count size of 300 for the
current audit log entry size of 16 bytes, then this condition is
false.
(299 * 16 bytes (LOG_ENTRY_SIZE) ) is greater than 4K.
I am just trying to prevent conditions when BIOS could return invalid
audit_log_entry_count values.
If you still feel the code is unnecessary then I will proceed to
remove the check.

> > WMI expects the input buffer to include the current audit log number
> > (audit_log_buffer[0] = (i + 1);) which is i+1.
>
> I don't see how this is relevant to what I was asking.
>
Just adding information how the messages were retrieved.
Please ignore.

> > > > > > + memcpy(buf, audit_log_buffer, LOG_ENTRY_SIZE);
> > > > > > + buf += LOG_ENTRY_SIZE;
> > > > > > + } else {
> > > > > > + /*
> > > > > > + * Encountered a failure while reading
> > > > > > + * individual logs. Only a partial list of
> > > > > > + * audit log will be returned.
> > > > > > + */
> > > > > > + count = i + 1;
> > > > > > + break;
> > > > > > + }
> > > > >
> > > > > Reverse order, do error handling with break first.
> > > > Done!
> > > > >
> > > > > Why not return i * LOG_ENTRY_SIZE directly (or at the end), no need to
> > > > > tweak count?
> > > >
> > > > Done!
> > > > >
> > > > > > + }
> > > > > > +
> > > > > > + return count * LOG_ENTRY_SIZE;
> > > > > > +}
>
> --
> i.

2023-05-15 14:28:56

by Jorge Lopez

[permalink] [raw]
Subject: Re: [PATCH v12 10/13] HP BIOSCFG driver - spmobj-attributes

On Thu, May 11, 2023 at 4:23 AM Ilpo Järvinen
<[email protected]> wrote:
>
> On Wed, 10 May 2023, Jorge Lopez wrote:
>
> > On Tue, May 9, 2023 at 8:48 AM Ilpo Järvinen
> > <[email protected]> wrote:
> > >
> > > On Fri, 5 May 2023, Jorge Lopez wrote:
> > >
> > > > HP BIOS Configuration driver purpose is to provide a driver supporting
> > > > the latest sysfs class firmware attributes framework allowing the user
> > > > to change BIOS settings and security solutions on HP Inc.’s commercial
> > > > notebooks.
> > > >
> > > > Many features of HP Commercial notebooks can be managed using Windows
> > > > Management Instrumentation (WMI). WMI is an implementation of Web-Based
> > > > Enterprise Management (WBEM) that provides a standards-based interface
> > > > for changing and monitoring system settings. HP BIOSCFG driver provides
> > > > a native Linux solution and the exposed features facilitates the
> > > > migration to Linux environments.
> > > >
> > > > The Linux security features to be provided in hp-bioscfg driver enables
> > > > managing the BIOS settings and security solutions via sysfs, a virtual
> > > > filesystem that can be used by user-mode applications. The new
> > > > documentation cover HP-specific firmware sysfs attributes such Secure
> > > > Platform Management and Sure Start. Each section provides security
> > > > feature description and identifies sysfs directories and files exposed
> > > > by the driver.
> > > >
> > > > Many HP Commercial notebooks include a feature called Secure Platform
> > > > Management (SPM), which replaces older password-based BIOS settings
> > > > management with public key cryptography. PC secure product management
> > > > begins when a target system is provisioned with cryptographic keys
> > > > that are used to ensure the integrity of communications between system
> > > > management utilities and the BIOS.
> > > >
> > > > HP Commercial notebooks have several BIOS settings that control its
> > > > behaviour and capabilities, many of which are related to security.
> > > > To prevent unauthorized changes to these settings, the system can
> > > > be configured to use a cryptographic signature-based authorization
> > > > string that the BIOS will use to verify authorization to modify the
> > > > setting.
> > > >
> > > > Linux Security components are under development and not published yet.
> > > > The only linux component is the driver (hp bioscfg) at this time.
> > > > Other published security components are under Windows.
> > > >
> > > > Signed-off-by: Jorge Lopez <[email protected]>
> > > >
> > > > ---
>
>
> > > > + } else {
> > > > + /*
> > > > + * UTF-16 prefix is append to the * buffer when a BIOS
> > >
> > > What is "the * buffer" ?
> >
> > It is the data stored in 'buffer' variable which is composed of three
> > strings concatenated together to be submitted to BIOS via WMI call.
> > 'Buffer' will looks something as [size attribute][attribute][size
> > value][value][auth size][auth payload]
> > size is the length in bytes, attribute/value/auth are string represented in u16
>
> Even after this explanation I don't understand why it's called "the *
> buffer". Is that common terminology in this domain (in which case it's
> fine, I just haven't come across such term before)?
>

Point taken. Replaced 'buffer' variable name to 'authbuf'

> > > > + * admin password is configured in BIOS
> > > > + */
> > > > +
>
> [...snip...]
>
> > > > +/*
> > > > + * status_show - Reads SPM status
> > > > + */
> > > > +static ssize_t status_show(struct kobject *kobj, struct kobj_attribute
> > > > + *attr, char *buf)
> > > > +{
> > > > + int ret, i;
> > > > + struct secureplatform_provisioning_data data;
> > > > +
> > > > + ret = statusbin(kobj, attr, &data);
> > > > + if (ret < 0)
> > > > + goto status_exit;
> > >
> > > Can you calculate strnlen() from buf at this point, or is the result
> > > garbage? Should you return ret instead here?
> >
> > It should return the error instead.
Done!

> > >
> > > > +
> > > > + sysfs_emit(buf, "%s{\n", buf);
> > > > + sysfs_emit(buf, "%s\t\"State\": \"%s\",\n", buf,
> > > > + spm_state_types[data.state]);
> > > > + sysfs_emit(buf, "%s\t\"Version\": \"%d.%d\",\n", buf, data.version[0],
> > > > + data.version[1]);
> > > > +
> > > > + /*
> > > > + * state == 0 means secure platform management
> > > > + * feature is not configured in BIOS.
> > > > + */
> > > > + if (data.state == 0)
> > > > + goto status_exit;
> > > > +
> > > > + sysfs_emit(buf, "%s\t\"Nonce\": %d,\n", buf, data.nonce);
> > > > + sysfs_emit(buf, "%s\t\"FeaturesInUse\": %d,\n", buf, data.features);
> > > > + sysfs_emit(buf, "%s\t\"EndorsementKeyMod\": \"", buf);
> > > > +
> > > > + for (i = 255; i >= 0; i--)
> > > > + sysfs_emit(buf, "%s %u", buf, data.kek_mod[i]);
> > > > +
> > > > + sysfs_emit(buf, "%s \",\n", buf);
> > > > + sysfs_emit(buf, "%s\t\"SigningKeyMod\": \"", buf);
> > > > +
> > > > + for (i = 255; i >= 0; i--)
> > > > + sysfs_emit(buf, "%s %u", buf, data.sk_mod[i]);
> > > > +
> > > > + /* Return buf contents */
> > > > +
> > > > + sysfs_emit(buf, "%s \"\n", buf);
> > > > + sysfs_emit(buf, "%s}\n", buf);
> > > > +
> > > > +status_exit:
> > > > + return strnlen(buf, PAGE_SIZE);
> > > > +}
> > >
> > > Emit buf into buf? There's sysfs_emit_at(), however,
> > >
> > > while I'm far from sysfs formatting expert, this feels something that
> > > tries to expose more than one thing over same sysfs file. Shouldn't they
> > > be each in their own files?
> >
> > This concern was brought up in earlier reviews but it was decided to
> > allow returning the information as a single json file.
> > Because the information is part of the same structure and received in
> > a single WMI call, separating the components into multiple files can
> > cause the data read in one field to be stale by the time is read.
>
> Okay, makes more sense. Maybe add a comment that the return is a json
> string because that's not very obvious (I only realized now when you told
> me).
>
A comment will be added.

> The other point is still valid though, you should keep length in a
> variable and use sysfs_emit_at() to avoid printing buf into buf on
> every line.
>
I will update the function as indicated.

>
> --
> i.