Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp4462789rwr; Mon, 8 May 2023 08:03:05 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6C3CpdjNE/thOIsbwTSNEYAC2O1LjH50B1vyyd9c6p+j7cq4Q5CeeHAMU441jtCVy23lub X-Received: by 2002:a17:90a:bd94:b0:24e:5a0:d2c5 with SMTP id z20-20020a17090abd9400b0024e05a0d2c5mr10744852pjr.30.1683558184700; Mon, 08 May 2023 08:03:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683558184; cv=none; d=google.com; s=arc-20160816; b=dcKSBQkRs6lenFP1BqXAb3PIT+PuLx+0yYtwfi4ErayW1wgapIWFywHK5KQJ3JqAGR hu+j+NWp0VtyCTCAOrHWFTN4nVTDUme16M91yJfci2nWbK4KUAo44X1Kfz0HHdYWjC+f c53uLzyD3M0qv2Vq2xNTf2SCIruRldzHv17s67211PkQnf4JLe2v/BVgfKnEzv8l3Tj2 Bde6qUW+fDa3sBWlVNZ1MICj1v7Y1ZfqHX6LTEy5I18xLsrdQnZszVwgJ0bnED1/UwId YJCjT3ZciVzOUwzUtJz/JgAUZrKx6KKDVoMSgEXj5aBsQ1uUxifaXTXjWZFydRs3yIpo 6d5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-id:mime-version:references:message-id :in-reply-to:subject:cc:to:from:date:dkim-signature; bh=mY3XWEKymrd8BR+/dQR3vNp711Om+q7OfaIlpRjuTPY=; b=1DIVAJK9V7Da9e0TuyY+E3zRkMxA1Xe1JZ2Yr+Gf2qfuPdCq2MbqbqLN54BUgyYAtd 56+SwjhITXIeecaSNKpT9L3ACPScQmA9buPXQ/E6z93awl07loGnOIfotLpvGMok2gBM zccNLMXRTawoioxX2XNcZCB/pLx4f7KSLKpn/mejEZGI+TFnmhIJza5JWiGfCMLsqBtE ScGh6XL7tHAAN3B92AlbGYiaNTKR25APIl2g51A6b/Td2a92fGzIbAW1yGK6YQbqOi5x 0W8nT8PpYVNz/pIp1XZNXvz3kK5ec83PSTYDh5hnl4xQNx8c4e8M68trvQ/Y1q94+ivr xcLg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=eyLWf2q2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bo10-20020a17090b090a00b0024e3b9ce927si12708611pjb.144.2023.05.08.08.02.36; Mon, 08 May 2023 08:03:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=eyLWf2q2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234437AbjEHOeI (ORCPT + 99 others); Mon, 8 May 2023 10:34:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43244 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233108AbjEHOeH (ORCPT ); Mon, 8 May 2023 10:34:07 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 618B913A; Mon, 8 May 2023 07:33:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1683556428; x=1715092428; h=date:from:to:cc:subject:in-reply-to:message-id: references:mime-version:content-id; bh=jRsaV+h1gXb+6f+CYJ4aOG8WvjJzFSgAewoTJVCxWI4=; b=eyLWf2q2LgSUrQBIzC+6XQ4d2ySPxvHq4UtND/MCtRp4KNNUUsY9s9KP b3H7J2rwYTvmtfjmRNxuxv1UzIoTDHiSpwOs1jRDdVL7K49yvENDfKBDz aPZsbEDOT0nVV/WJi8AhN9UDCDPUmZG77KbwxtHSwE60XcgYeX4F3TJV8 RpkLBDGZ5YRJdh9w/m/uwOy0fFTgpHoiA4PNAhVBsZUkP/5PoMH3bNPcl U2qPfNa1G4hnTULn1sXdL6KSGMqVfFeRpWhBVDChzbFolyEXHctWEg9Tk 97PCRbma2I8+AFV1jbeppXQV0ovowt3ruQUn+Y5H3O0Xm907I4nez62TO w==; X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="352719544" X-IronPort-AV: E=Sophos;i="5.99,259,1677571200"; d="scan'208";a="352719544" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 May 2023 07:31:23 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="676078177" X-IronPort-AV: E=Sophos;i="5.99,259,1677571200"; d="scan'208";a="676078177" Received: from cciobanu-mobl1.ger.corp.intel.com ([10.249.37.159]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 May 2023 07:31:21 -0700 Date: Mon, 8 May 2023 17:31:19 +0300 (EEST) From: =?ISO-8859-15?Q?Ilpo_J=E4rvinen?= To: Jorge Lopez cc: hdegoede@redhat.com, platform-driver-x86@vger.kernel.org, LKML , thomas@t-8ch.de Subject: Re: [PATCH v12 02/13] HP BIOSCFG driver - biosattr-interface In-Reply-To: <20230505220043.39036-3-jorge.lopez2@hp.com> Message-ID: <6c2999ed-4f0-dff0-b62d-e615d69d79c2@linux.intel.com> References: <20230505220043.39036-1-jorge.lopez2@hp.com> <20230505220043.39036-3-jorge.lopez2@hp.com> MIME-Version: 1.0 Content-Type: multipart/mixed; BOUNDARY="8323329-1180939315-1683554876=:1790" Content-ID: <54ed7059-c561-9431-8a2d-1e8e1dfe7ed3@linux.intel.com> X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --8323329-1180939315-1683554876=:1790 Content-Type: text/plain; CHARSET=ISO-8859-7 Content-Transfer-Encoding: 8BIT Content-ID: <2b65e82-261-c4c4-dccd-f750a66ee9fb@linux.intel.com> On Fri, 5 May 2023, Jorge Lopez wrote: > HP BIOS Configuration driver purpose is to provide a driver supporting > the latest sysfs class firmware attributes framework allowing the user > to change BIOS settings and security solutions on HP Inc.?s commercial > notebooks. > > Many features of HP Commercial notebooks can be managed using Windows > Management Instrumentation (WMI). WMI is an implementation of Web-Based > Enterprise Management (WBEM) that provides a standards-based interface > for changing and monitoring system settings. HP BIOSCFG driver provides > a native Linux solution and the exposed features facilitates the > migration to Linux environments. > > The Linux security features to be provided in hp-bioscfg driver enables > managing the BIOS settings and security solutions via sysfs, a virtual > filesystem that can be used by user-mode applications. The new > documentation cover HP-specific firmware sysfs attributes such Secure > Platform Management and Sure Start. Each section provides security > feature description and identifies sysfs directories and files exposed > by the driver. > > Many HP Commercial notebooks include a feature called Secure Platform > Management (SPM), which replaces older password-based BIOS settings > management with public key cryptography. PC secure product management > begins when a target system is provisioned with cryptographic keys > that are used to ensure the integrity of communications between system > management utilities and the BIOS. > > HP Commercial notebooks have several BIOS settings that control its > behaviour and capabilities, many of which are related to security. > To prevent unauthorized changes to these settings, the system can > be configured to use a cryptographic signature-based authorization > string that the BIOS will use to verify authorization to modify the > setting. > > Linux Security components are under development and not published yet. > The only linux component is the driver (hp bioscfg) at this time. > Other published security components are under Windows. > > Signed-off-by: Jorge Lopez > > --- > Based on the latest platform-drivers-x86.git/for-next > --- > .../x86/hp/hp-bioscfg/biosattr-interface.c | 319 ++++++++++++++++++ > 1 file changed, 319 insertions(+) > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c > > diff --git a/drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c b/drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c > new file mode 100644 > index 000000000000..8f7039a4416a > --- /dev/null > +++ b/drivers/platform/x86/hp/hp-bioscfg/biosattr-interface.c > @@ -0,0 +1,319 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* > + * Functions corresponding to methods under BIOS interface GUID > + * for use with hp-bioscfg driver. > + * > + * Copyright (c) 2022 Hewlett-Packard Inc. > + */ > + > +#include > +#include "bioscfg.h" > + > +/* > + * struct bios_args buffer is dynamically allocated. New WMI command types > + * were introduced that exceeds 128-byte data size. Changes to handle > + * the data size allocation scheme were kept in hp_wmi_perform_query function. > + */ > +struct bios_args { > + u32 signature; > + u32 command; > + u32 commandtype; > + u32 datasize; > + u8 data[]; > +}; > + > +/** > + * hp_set_attribute > + * > + * @a_name: The attribute name > + * @a_value: The attribute value > + * > + * Sets an attribute to new value > + * > + * Returns zero on success > + * -ENODEV if device is not found > + * -EINVAL if the instance of 'Setup Admin' password is not found. > + * -ENOMEM unable to allocate memory Inconsistent indent. > + */ > +int hp_set_attribute(const char *a_name, const char *a_value) > +{ > + size_t security_area_size; > + size_t a_name_size, a_value_size; > + u16 *buffer = NULL; > + u16 *start; > + int buffer_size, instance, ret; > + char *auth_token_choice; > + u16 *retbuffer; > + > + mutex_lock(&bioscfg_drv.mutex); > + if (!bioscfg_drv.bios_attr_wdev) { > + ret = -ENODEV; > + goto out_set_attribute; > + } > + > + instance = get_password_instance_for_type(SETUP_PASSWD); > + if (instance < 0) { > + ret = -EINVAL; > + goto out_set_attribute; > + } > + > + /* Select which auth token to use; password or [auth token] */ > + Remove newline > + if (bioscfg_drv.spm_data.auth_token) > + auth_token_choice = bioscfg_drv.spm_data.auth_token; > + else > + auth_token_choice = bioscfg_drv.password_data[instance].current_password; > + > + a_name_size = hp_calculate_string_buffer(a_name); > + a_value_size = hp_calculate_string_buffer(a_value); > + security_area_size = calculate_security_buffer(auth_token_choice); > + buffer_size = a_name_size + a_value_size + security_area_size; > + > + buffer = kmalloc(buffer_size + 1, GFP_KERNEL); > + if (!buffer) { > + ret = -ENOMEM; > + goto out_set_attribute; > + } > + > + /* build variables to set */ > + start = buffer; > + retbuffer = hp_ascii_to_utf16_unicode(start, a_name); > + if (!retbuffer) { > + ret = -EINVAL; > + goto out_set_attribute; > + } > + start = retbuffer; > + > + retbuffer = hp_ascii_to_utf16_unicode(start, a_value); > + if (!retbuffer) { > + ret = -EINVAL; > + goto out_set_attribute; > + } > + start = retbuffer; > + > + ret = populate_security_buffer(start, auth_token_choice); > + if (ret < 0) > + goto out_set_attribute; > + > + ret = hp_wmi_set_bios_setting(buffer, buffer_size); > + > +out_set_attribute: > + kfree(buffer); > + mutex_unlock(&bioscfg_drv.mutex); > + return ret; > +} > + > +/** > + * hp_wmi_perform_query > + * > + * @query: The commandtype (enum hp_wmi_commandtype) > + * @command: The command (enum hp_wmi_command) > + * @buffer: Buffer used as input and/or output > + * @insize: Size of input buffer > + * @outsize: Size of output buffer > + * > + * returns zero on success > + * an HP WMI query specific error code (which is positive) > + * -EINVAL if the query was not successful at all > + * -EINVAL if the output buffer size exceeds buffersize > + * > + * Note: The buffersize must at least be the maximum of the input and output > + * size. E.g. Battery info query is defined to have 1 byte input > + * and 128 byte output. The caller would do: > + * buffer = kzalloc(128, GFP_KERNEL); > + * ret = hp_wmi_perform_query(HPWMI_BATTERY_QUERY, HPWMI_READ, > + * buffer, 1, 128) > + */ > +int hp_wmi_perform_query(int query, enum hp_wmi_command command, void *buffer, > + u32 insize, u32 outsize) > +{ > + struct acpi_buffer input, output = { ACPI_ALLOCATE_BUFFER, NULL }; > + struct bios_return *bios_return; > + union acpi_object *obj = NULL; > + struct bios_args *args = NULL; > + u32 mid, actual_outsize, ret; > + size_t bios_args_size; > + > + mid = encode_outsize_for_pvsz(outsize); > + if (WARN_ON(mid < 0)) > + return mid; > + > + bios_args_size = struct_size(args, data, insize); > + args = kmalloc(bios_args_size, GFP_KERNEL); > + if (!args) > + return -ENOMEM; > + > + input.length = bios_args_size; > + input.pointer = args; > + > + /* BIOS expects 'SECU' in hex as the signature value*/ > + args->signature = 0x55434553; > + args->command = command; > + args->commandtype = query; > + args->datasize = insize; > + memcpy(args->data, buffer, flex_array_size(args, data, insize)); > + > + ret = wmi_evaluate_method(HP_WMI_BIOS_GUID, 0, mid, &input, &output); > + hp_wmi_error_and_message(ret); > + > + if (ret) > + goto out_free; > + > + obj = output.pointer; > + if (!obj) { > + ret = -EINVAL; > + goto out_free; > + } > + > + if (obj->type != ACPI_TYPE_BUFFER || > + obj->buffer.length < sizeof(*bios_return)) { > + pr_warn("query 0x%x returned wrong type or too small buffer\n", query); > + ret = -EINVAL; > + goto out_free; > + } > + > + bios_return = (struct bios_return *)obj->buffer.pointer; > + ret = bios_return->return_code; > + hp_wmi_error_and_message(ret); > + > + if (ret) { > + if (ret != INVALID_CMD_VALUE && > + ret != INVALID_CMD_TYPE) To the same line. > + pr_warn("query 0x%x returned error 0x%x\n", query, ret); > + goto out_free; > + } > + > + /* Ignore output data of zero size */ > + if (!outsize) > + goto out_free; > + > + actual_outsize = min(outsize, (u32)(obj->buffer.length - sizeof(*bios_return))); Use min_t() instead of casting. > + memcpy_and_pad(buffer, outsize, obj->buffer.pointer + sizeof(*bios_return), > + actual_outsize, 0); > + > +out_free: > + kfree(obj); > + kfree(args); > + return ret; > +} > + > +static void *utf16_empty_string(u16 *p) > +{ > + *p++ = 2; > + *p++ = (u8)0x00; Useless and non-sensical cast. > + return p; > +} > + > +/** > + * hp_ascii_to_utf16_unicode - Convert ascii string to UTF-16 unicode > + * > + * BIOS supports UTF-16 characters that are 2 bytes long. No variable > + * multi-byte language supported. > + * > + * @p: Unicode buffer address > + * @str: string to convert to unicode > + * > + * Returns a void pointer to the buffer string > + */ > +void *hp_ascii_to_utf16_unicode(u16 *p, const u8 *str) > +{ > + int len = strlen(str); > + int ret; > + > + /* > + * Add null character when reading an empty string > + * "02 00 00 00" > + */ > + if (len == 0) > + return utf16_empty_string(p); > + > + /* Move pointer len * 2 number of bytes */ > + *p++ = len * 2; The comment sounds odd given the code context here. > + ret = utf8s_to_utf16s(str, strlen(str), UTF16_HOST_ENDIAN, p, len); Why is strlen(str) recalculated here? > + if (ret < 0) { > + dev_err(bioscfg_drv.class_dev, "UTF16 conversion failed\n"); > + return NULL; > + } > + > + if ((ret * sizeof(u16)) > U16_MAX) { Unnecessary parenthesis. > + dev_err(bioscfg_drv.class_dev, "Error string too long\n"); > + return NULL; > + } > + > + p += len; Is this correct ? > + return p; > +} > + > +/** > + * hp_wmi_set_bios_setting - Set setting's value in BIOS > + * > + * @input_buffer: Input buffer address > + * @input_size: Input buffer size > + * > + * Returns: Count of unicode characters written to BIOS if successful, otherwise > + * -ENOMEM unable to allocate memory > + * -EINVAL buffer not allocated or too small > + */ > +int hp_wmi_set_bios_setting(u16 *input_buffer, u32 input_size) > +{ > + union acpi_object *obj; > + struct acpi_buffer input = {input_size, input_buffer}; > + struct acpi_buffer output = {ACPI_ALLOCATE_BUFFER, NULL}; > + int ret; > + > + ret = wmi_evaluate_method(HP_WMI_SET_BIOS_SETTING_GUID, 0, 1, &input, &output); > + > + obj = output.pointer; > + if (!obj) > + return -EINVAL; > + > + if (obj->type != ACPI_TYPE_INTEGER) > + ret = -EINVAL; Missing goto? > + > + ret = obj->integer.value; > + hp_wmi_error_and_message(ret); > + > + kfree(obj); > + return ret; > +} -- i. > + > +static int hp_attr_set_interface_probe(struct wmi_device *wdev, const void *context) > +{ > + mutex_lock(&bioscfg_drv.mutex); > + bioscfg_drv.bios_attr_wdev = wdev; > + mutex_unlock(&bioscfg_drv.mutex); > + return 0; > +} > + > +static void hp_attr_set_interface_remove(struct wmi_device *wdev) > +{ > + mutex_lock(&bioscfg_drv.mutex); > + bioscfg_drv.bios_attr_wdev = NULL; > + mutex_unlock(&bioscfg_drv.mutex); > +} > + > +static const struct wmi_device_id hp_attr_set_interface_id_table[] = { > + { .guid_string = HP_WMI_BIOS_GUID}, > + { } > +}; > + > +static struct wmi_driver hp_attr_set_interface_driver = { > + .driver = { > + .name = DRIVER_NAME, > + }, > + .probe = hp_attr_set_interface_probe, > + .remove = hp_attr_set_interface_remove, > + .id_table = hp_attr_set_interface_id_table, > +}; > + > +int init_hp_attr_set_interface(void) > +{ > + return wmi_driver_register(&hp_attr_set_interface_driver); > +} > + > +void exit_hp_attr_set_interface(void) > +{ > + wmi_driver_unregister(&hp_attr_set_interface_driver); > +} > + > +MODULE_DEVICE_TABLE(wmi, hp_attr_set_interface_id_table); > --8323329-1180939315-1683554876=:1790--