Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp2115838rwd; Mon, 15 May 2023 07:28:56 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7QFasvqKI8U5Cs/LjSmn/6o2sAKZUJd3swF8wDzwa7lCWTriYaPb/4GvN5v2HkTpkPKL1w X-Received: by 2002:a17:903:2289:b0:1a9:7dc2:9427 with SMTP id b9-20020a170903228900b001a97dc29427mr46415927plh.21.1684160936197; Mon, 15 May 2023 07:28:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684160936; cv=none; d=google.com; s=arc-20160816; b=DBTxorZCtU5TJK9Wep4+8yUyuV1t0LDCLqtN+2e8QKJKkjHBq4lL2o4CPZ+PrONFnh 7gzmiJkRCA0ODZ4BfOkbJMYkR8MG64GZXo/0MgmpC/Lm0S7ouD4fa4+TQhGcdAxWpog2 SyDomzrePpEE92dbChZ87TsktEsZfsTWThyusR+LWjMkHmEw8FU3mmvrhvZvVCUzc55k vWuiVA+mjxBAAOnq+t0/eo9UVjtn+z8I9XOR3ntfOcVNA+MpFfYiEOkVOltwVWLs5Cff cXurIslCfPDbQnwQ+1NJFdFFAO3oAd/ytdtDbJpIz0dK0OE7o/AEuOK6qYKSa1695Abu lL/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=chkZheqYGYzsbUmgQjZR+WqcgawPReoRF0Mt00D+UqA=; b=sBwnGi56z76B5Zg5ziUszk1cElbzU7Bn5tLJfYbWee/IiaEFR/DEoxZ0qBP7VaCvhP 77957KbYC/hO93nsnqFAZLUtbEuMnnJe5bdS/pAXQLt0WSueObWtyf5FKbvTFWQoQqUP Tu5amyEbTVru6oQ8s+4AGBcId9AfJuhrwdos/ygYaIQBXX3bwJ3WauCHyxQtmwH3Rfhw 5KEvygP34SUjxhx4ETT2yQmZd4UTCXge92QqcosT3Octwyib0ZxRN41jjYpu1OoBfrHx aYm7Q7Hkd1jlfy7kIKSFYA/57rKGNOlqIUHRX0ph9v1QwQwXq/m6K2g24J3Xp6yvE9cG x+5w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=ZWgwlfvx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r9-20020a170902be0900b001aaf7a9d7aasi15180471pls.126.2023.05.15.07.28.40; Mon, 15 May 2023 07:28:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=ZWgwlfvx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239217AbjEOONG (ORCPT + 99 others); Mon, 15 May 2023 10:13:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45736 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229568AbjEOONE (ORCPT ); Mon, 15 May 2023 10:13:04 -0400 Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1BD8D1727; Mon, 15 May 2023 07:13:03 -0700 (PDT) Received: by mail-lj1-x230.google.com with SMTP id 38308e7fff4ca-2ac82912a59so135948651fa.3; Mon, 15 May 2023 07:13:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1684159981; x=1686751981; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=chkZheqYGYzsbUmgQjZR+WqcgawPReoRF0Mt00D+UqA=; b=ZWgwlfvxUB0S1xeKw6ZiyF3zHl+Ipk8aw00WTABAru+4kbJOBcNVp1Sj3CO+7d6u5g HeyfCghJDQ44KYgn4QplEzIuFvahGuj81Z4oVxHyzseIyEZCclcNYM9CDRWqdgefvyEv NOEcgnG/6C6FwlsYlIX5+jXPgp1ofnBj9p7mVVkFpNlYUp3jbB8bJv+ZpN/+jap6aHGR T7mHLQfxij8LU+RwHR4iQ1IXSTBxDI6Algmns6BFaf2PP2L1taRE7KhZdbLHH87wfpgz 9QMiOWlotkDY4eYDFhNnkih7JuhydLS9ihxtbK2ljwejc49UZxUkD/ysrHy/UVB2FW9q +eEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684159981; x=1686751981; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=chkZheqYGYzsbUmgQjZR+WqcgawPReoRF0Mt00D+UqA=; b=ahQIH0qbMWSZBMbz1hO6njRt26so77uHp+Kf0XRyvSDdJKvDu4JghxbihJby7rVG6j yJ560xNiQtnS2CH6HTvBYR/IBE6aUgOLijpfusyoWe5t/6WfuhF16qx2I95NA/QPlhqe V14lAVjPuVXMs6IPEv0gnSWKzB1Vyxuuw6/+GB3i8x7ZVVjA2EVHOaH49a8HdJoPrO9o 6RY5Xy6jXvlQlD34nAPiTEk+zp+xFUwB8fqtvknFy4jBXBNF3yfinrTS8BREhSBEMIUj 7XRU2v/U+KVBC0B6RshzqoCMyY3rHdAQYYUZm3mqxYzgBcOtJ7tIHvIi6WTcWypCmoYK clzw== X-Gm-Message-State: AC+VfDz16HPWi8/4NcRhBL1cjV2Hcy4MIdQDJKtsJWYBzzscscQEK1Ke /JXN7Lc/9auPQWwAJSADT6NgEBFssPz9bOm2yHXiF4jO X-Received: by 2002:a2e:93d5:0:b0:2ae:d757:4c41 with SMTP id p21-20020a2e93d5000000b002aed7574c41mr1649060ljh.23.1684159980843; Mon, 15 May 2023 07:13:00 -0700 (PDT) MIME-Version: 1.0 References: <20230505220043.39036-1-jorge.lopez2@hp.com> <20230505220043.39036-11-jorge.lopez2@hp.com> <4537f210-4a7a-3c11-ecbb-ed4762a1f598@linux.intel.com> <4a14de7-58fb-4192-496a-279dd4109b6@linux.intel.com> In-Reply-To: <4a14de7-58fb-4192-496a-279dd4109b6@linux.intel.com> From: Jorge Lopez Date: Mon, 15 May 2023 09:12:30 -0500 Message-ID: Subject: Re: [PATCH v12 10/13] HP BIOSCFG driver - spmobj-attributes To: =?UTF-8?Q?Ilpo_J=C3=A4rvinen?= Cc: hdegoede@redhat.com, platform-driver-x86@vger.kernel.org, LKML , thomas@t-8ch.de Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 11, 2023 at 4:23=E2=80=AFAM Ilpo J=C3=A4rvinen wrote: > > On Wed, 10 May 2023, Jorge Lopez wrote: > > > On Tue, May 9, 2023 at 8:48=E2=80=AFAM Ilpo J=C3=A4rvinen > > wrote: > > > > > > On Fri, 5 May 2023, Jorge Lopez wrote: > > > > > > > HP BIOS Configuration driver purpose is to provide a driver support= ing > > > > the latest sysfs class firmware attributes framework allowing the u= ser > > > > to change BIOS settings and security solutions on HP Inc.=E2=80=99s= commercial > > > > notebooks. > > > > > > > > Many features of HP Commercial notebooks can be managed using Windo= ws > > > > Management Instrumentation (WMI). WMI is an implementation of Web-B= ased > > > > Enterprise Management (WBEM) that provides a standards-based interf= ace > > > > for changing and monitoring system settings. HP BIOSCFG driver prov= ides > > > > a native Linux solution and the exposed features facilitates the > > > > migration to Linux environments. > > > > > > > > The Linux security features to be provided in hp-bioscfg driver ena= bles > > > > managing the BIOS settings and security solutions via sysfs, a virt= ual > > > > filesystem that can be used by user-mode applications. The new > > > > documentation cover HP-specific firmware sysfs attributes such Secu= re > > > > Platform Management and Sure Start. Each section provides security > > > > feature description and identifies sysfs directories and files expo= sed > > > > by the driver. > > > > > > > > Many HP Commercial notebooks include a feature called Secure Platfo= rm > > > > Management (SPM), which replaces older password-based BIOS settings > > > > management with public key cryptography. PC secure product manageme= nt > > > > begins when a target system is provisioned with cryptographic keys > > > > that are used to ensure the integrity of communications between sys= tem > > > > management utilities and the BIOS. > > > > > > > > HP Commercial notebooks have several BIOS settings that control its > > > > behaviour and capabilities, many of which are related to security. > > > > To prevent unauthorized changes to these settings, the system can > > > > be configured to use a cryptographic signature-based authorization > > > > string that the BIOS will use to verify authorization to modify the > > > > setting. > > > > > > > > Linux Security components are under development and not published y= et. > > > > The only linux component is the driver (hp bioscfg) at this time. > > > > Other published security components are under Windows. > > > > > > > > Signed-off-by: Jorge Lopez > > > > > > > > --- > > > > > > + } else { > > > > + /* > > > > + * UTF-16 prefix is append to the * buffer when a BIO= S > > > > > > What is "the * buffer" ? > > > > It is the data stored in 'buffer' variable which is composed of three > > strings concatenated together to be submitted to BIOS via WMI call. > > 'Buffer' will looks something as [size attribute][attribute][size > > value][value][auth size][auth payload] > > size is the length in bytes, attribute/value/auth are string represent= ed in u16 > > Even after this explanation I don't understand why it's called "the * > buffer". Is that common terminology in this domain (in which case it's > fine, I just haven't come across such term before)? > Point taken. Replaced 'buffer' variable name to 'authbuf' > > > > + * admin password is configured in BIOS > > > > + */ > > > > + > > [...snip...] > > > > > +/* > > > > + * status_show - Reads SPM status > > > > + */ > > > > +static ssize_t status_show(struct kobject *kobj, struct kobj_attri= bute > > > > + *attr, char *buf) > > > > +{ > > > > + int ret, i; > > > > + struct secureplatform_provisioning_data data; > > > > + > > > > + ret =3D statusbin(kobj, attr, &data); > > > > + if (ret < 0) > > > > + goto status_exit; > > > > > > Can you calculate strnlen() from buf at this point, or is the result > > > garbage? Should you return ret instead here? > > > > It should return the error instead. Done! > > > > > > > + > > > > + sysfs_emit(buf, "%s{\n", buf); > > > > + sysfs_emit(buf, "%s\t\"State\": \"%s\",\n", buf, > > > > + spm_state_types[data.state]); > > > > + sysfs_emit(buf, "%s\t\"Version\": \"%d.%d\",\n", buf, data.ve= rsion[0], > > > > + data.version[1]); > > > > + > > > > + /* > > > > + * state =3D=3D 0 means secure platform management > > > > + * feature is not configured in BIOS. > > > > + */ > > > > + if (data.state =3D=3D 0) > > > > + goto status_exit; > > > > + > > > > + sysfs_emit(buf, "%s\t\"Nonce\": %d,\n", buf, data.nonce); > > > > + sysfs_emit(buf, "%s\t\"FeaturesInUse\": %d,\n", buf, data.fea= tures); > > > > + sysfs_emit(buf, "%s\t\"EndorsementKeyMod\": \"", buf); > > > > + > > > > + for (i =3D 255; i >=3D 0; i--) > > > > + sysfs_emit(buf, "%s %u", buf, data.kek_mod[i]); > > > > + > > > > + sysfs_emit(buf, "%s \",\n", buf); > > > > + sysfs_emit(buf, "%s\t\"SigningKeyMod\": \"", buf); > > > > + > > > > + for (i =3D 255; i >=3D 0; i--) > > > > + sysfs_emit(buf, "%s %u", buf, data.sk_mod[i]); > > > > + > > > > + /* Return buf contents */ > > > > + > > > > + sysfs_emit(buf, "%s \"\n", buf); > > > > + sysfs_emit(buf, "%s}\n", buf); > > > > + > > > > +status_exit: > > > > + return strnlen(buf, PAGE_SIZE); > > > > +} > > > > > > Emit buf into buf? There's sysfs_emit_at(), however, > > > > > > while I'm far from sysfs formatting expert, this feels something that > > > tries to expose more than one thing over same sysfs file. Shouldn't t= hey > > > be each in their own files? > > > > This concern was brought up in earlier reviews but it was decided to > > allow returning the information as a single json file. > > Because the information is part of the same structure and received in > > a single WMI call, separating the components into multiple files can > > cause the data read in one field to be stale by the time is read. > > Okay, makes more sense. Maybe add a comment that the return is a json > string because that's not very obvious (I only realized now when you told > me). > A comment will be added. > The other point is still valid though, you should keep length in a > variable and use sysfs_emit_at() to avoid printing buf into buf on > every line. > I will update the function as indicated. > > -- > i.