search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'trace-printf-v6.13' of git://git.kernel.org/pub/scm/linux/kernel/git/trace...
[drm/drm-misc.git] / drivers / platform / x86 / think-lmi.c
blob38de0cb20d7785d4e3b490e07edaf4d02f8f3370
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Think LMI BIOS configuration driver
4 *
5 * Copyright(C) 2019-2021 Lenovo
6 *
7 * Original code from Thinkpad-wmi project https://github.com/iksaif/thinkpad-wmi
8 * Copyright(C) 2017 Corentin Chary <corentin.chary@gmail.com>
9 * Distributed under the GPL-2.0 license
10 */
11
12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13
14 #include <linux/acpi.h>
15 #include <linux/array_size.h>
16 #include <linux/errno.h>
17 #include <linux/fs.h>
18 #include <linux/mutex.h>
19 #include <linux/string_helpers.h>
20 #include <linux/types.h>
21 #include <linux/dmi.h>
22 #include <linux/wmi.h>
23 #include "firmware_attributes_class.h"
24 #include "think-lmi.h"
25
26 static bool debug_support;
27 module_param(debug_support, bool, 0444);
28 MODULE_PARM_DESC(debug_support, "Enable debug command support");
29
30 /*
31 * Name: BiosSetting
32 * Description: Get item name and settings for current LMI instance.
33 * Type: Query
34 * Returns: "Item,Value"
35 * Example: "WakeOnLAN,Enable"
36 */
37 #define LENOVO_BIOS_SETTING_GUID "51F5230E-9677-46CD-A1CF-C0B23EE34DB7"
38
39 /*
40 * Name: SetBiosSetting
41 * Description: Change the BIOS setting to the desired value using the SetBiosSetting
42 * class. To save the settings, use the SaveBiosSetting class.
43 * BIOS settings and values are case sensitive.
44 * After making changes to the BIOS settings, you must reboot the computer
45 * before the changes will take effect.
46 * Type: Method
47 * Arguments: "Item,Value,Password,Encoding,KbdLang;"
48 * Example: "WakeOnLAN,Disable,pa55w0rd,ascii,us;"
49 */
50 #define LENOVO_SET_BIOS_SETTINGS_GUID "98479A64-33F5-4E33-A707-8E251EBBC3A1"
51
52 /*
53 * Name: SaveBiosSettings
54 * Description: Save any pending changes in settings.
55 * Type: Method
56 * Arguments: "Password,Encoding,KbdLang;"
57 * Example: "pa55w0rd,ascii,us;"
58 */
59 #define LENOVO_SAVE_BIOS_SETTINGS_GUID "6A4B54EF-A5ED-4D33-9455-B0D9B48DF4B3"
60
61 /*
62 * Name: BiosPasswordSettings
63 * Description: Return BIOS Password settings
64 * Type: Query
65 * Returns: PasswordMode, PasswordState, MinLength, MaxLength,
66 * SupportedEncoding, SupportedKeyboard
67 */
68 #define LENOVO_BIOS_PASSWORD_SETTINGS_GUID "8ADB159E-1E32-455C-BC93-308A7ED98246"
69
70 /*
71 * Name: SetBiosPassword
72 * Description: Change a specific password.
73 * - BIOS settings cannot be changed at the same boot as power-on
74 * passwords (POP) and hard disk passwords (HDP). If you want to change
75 * BIOS settings and POP or HDP, you must reboot the system after changing
76 * one of them.
77 * - A password cannot be set using this method when one does not already
78 * exist. Passwords can only be updated or cleared.
79 * Type: Method
80 * Arguments: "PasswordType,CurrentPassword,NewPassword,Encoding,KbdLang;"
81 * Example: "pop,pa55w0rd,newpa55w0rd,ascii,us;”
82 */
83 #define LENOVO_SET_BIOS_PASSWORD_GUID "2651D9FD-911C-4B69-B94E-D0DED5963BD7"
84
85 /*
86 * Name: GetBiosSelections
87 * Description: Return a list of valid settings for a given item.
88 * Type: Method
89 * Arguments: "Item"
90 * Returns: "Value1,Value2,Value3,..."
91 * Example:
92 * -> "FlashOverLAN"
93 * <- "Enabled,Disabled"
94 */
95 #define LENOVO_GET_BIOS_SELECTIONS_GUID "7364651A-132F-4FE7-ADAA-40C6C7EE2E3B"
96
97 /*
98 * Name: DebugCmd
99 * Description: Debug entry method for entering debug commands to the BIOS
100 */
101 #define LENOVO_DEBUG_CMD_GUID "7FF47003-3B6C-4E5E-A227-E979824A85D1"
102
103 /*
104 * Name: OpcodeIF
105 * Description: Opcode interface which provides the ability to set multiple
106 * parameters and then trigger an action with a final command.
107 * This is particularly useful for simplifying setting passwords.
108 * With this support comes the ability to set System, HDD and NVMe
109 * passwords.
110 * This is currently available on ThinkCenter and ThinkStations platforms
111 */
112 #define LENOVO_OPCODE_IF_GUID "DFDDEF2C-57D4-48ce-B196-0FB787D90836"
113
114 /*
115 * Name: SetBiosCert
116 * Description: Install BIOS certificate.
117 * Type: Method
118 * Arguments: "Certificate,Password"
119 * You must reboot the computer before the changes will take effect.
120 */
121 #define LENOVO_SET_BIOS_CERT_GUID "26861C9F-47E9-44C4-BD8B-DFE7FA2610FE"
122
123 /*
124 * Name: UpdateBiosCert
125 * Description: Update BIOS certificate.
126 * Type: Method
127 * Format: "Certificate,Signature"
128 * You must reboot the computer before the changes will take effect.
129 */
130 #define LENOVO_UPDATE_BIOS_CERT_GUID "9AA3180A-9750-41F7-B9F7-D5D3B1BAC3CE"
131
132 /*
133 * Name: ClearBiosCert
134 * Description: Uninstall BIOS certificate.
135 * Type: Method
136 * Format: "Serial,Signature"
137 * You must reboot the computer before the changes will take effect.
138 */
139 #define LENOVO_CLEAR_BIOS_CERT_GUID "B2BC39A7-78DD-4D71-B059-A510DEC44890"
140 /*
141 * Name: CertToPassword
142 * Description: Switch from certificate to password authentication.
143 * Type: Method
144 * Format: "Password,Signature"
145 * You must reboot the computer before the changes will take effect.
146 */
147 #define LENOVO_CERT_TO_PASSWORD_GUID "0DE8590D-5510-4044-9621-77C227F5A70D"
148
149 /*
150 * Name: SetBiosSettingCert
151 * Description: Set attribute using certificate authentication.
152 * Type: Method
153 * Format: "Item,Value,Signature"
154 */
155 #define LENOVO_SET_BIOS_SETTING_CERT_GUID "34A008CC-D205-4B62-9E67-31DFA8B90003"
156
157 /*
158 * Name: SaveBiosSettingCert
159 * Description: Save any pending changes in settings.
160 * Type: Method
161 * Format: "Signature"
162 */
163 #define LENOVO_SAVE_BIOS_SETTING_CERT_GUID "C050FB9D-DF5F-4606-B066-9EFC401B2551"
164
165 /*
166 * Name: CertThumbprint
167 * Description: Display Certificate thumbprints
168 * Type: Query
169 * Returns: MD5, SHA1 & SHA256 thumbprints
170 */
171 #define LENOVO_CERT_THUMBPRINT_GUID "C59119ED-1C0D-4806-A8E9-59AA318176C4"
172
173 #define TLMI_POP_PWD BIT(0) /* Supervisor */
174 #define TLMI_PAP_PWD BIT(1) /* Power-on */
175 #define TLMI_HDD_PWD BIT(2) /* HDD/NVME */
176 #define TLMI_SMP_PWD BIT(6) /* System Management */
177 #define TLMI_CERT_SVC BIT(7) /* Admin Certificate Based */
178 #define TLMI_CERT_SMC BIT(8) /* System Certificate Based */
179
180 static const struct tlmi_err_codes tlmi_errs[] = {
181 {"Success", 0},
182 {"Not Supported", -EOPNOTSUPP},
183 {"Invalid Parameter", -EINVAL},
184 {"Access Denied", -EACCES},
185 {"System Busy", -EBUSY},
186 };
187
188 static const char * const encoding_options[] = {
189 [TLMI_ENCODING_ASCII] = "ascii",
190 [TLMI_ENCODING_SCANCODE] = "scancode",
191 };
192 static const char * const level_options[] = {
193 [TLMI_LEVEL_USER] = "user",
194 [TLMI_LEVEL_MASTER] = "master",
195 };
196 static struct think_lmi tlmi_priv;
197 static const struct class *fw_attr_class;
198 static DEFINE_MUTEX(tlmi_mutex);
199
200 static inline struct tlmi_pwd_setting *to_tlmi_pwd_setting(struct kobject *kobj)
201 {
202 return container_of(kobj, struct tlmi_pwd_setting, kobj);
203 }
204
205 static inline struct tlmi_attr_setting *to_tlmi_attr_setting(struct kobject *kobj)
206 {
207 return container_of(kobj, struct tlmi_attr_setting, kobj);
208 }
209
210 /* Convert BIOS WMI error string to suitable error code */
211 static int tlmi_errstr_to_err(const char *errstr)
212 {
213 int i;
214
215 for (i = 0; i < sizeof(tlmi_errs)/sizeof(struct tlmi_err_codes); i++) {
216 if (!strcmp(tlmi_errs[i].err_str, errstr))
217 return tlmi_errs[i].err_code;
218 }
219 return -EPERM;
220 }
221
222 /* Extract error string from WMI return buffer */
223 static int tlmi_extract_error(const struct acpi_buffer *output)
224 {
225 const union acpi_object *obj;
226
227 obj = output->pointer;
228 if (!obj)
229 return -ENOMEM;
230 if (obj->type != ACPI_TYPE_STRING || !obj->string.pointer)
231 return -EIO;
232
233 return tlmi_errstr_to_err(obj->string.pointer);
234 }
235
236 /* Utility function to execute WMI call to BIOS */
237 static int tlmi_simple_call(const char *guid, const char *arg)
238 {
239 const struct acpi_buffer input = { strlen(arg), (char *)arg };
240 struct acpi_buffer output = { ACPI_ALLOCATE_BUFFER, NULL };
241 acpi_status status;
242 int i, err;
243
244 /*
245 * Duplicated call required to match BIOS workaround for behavior
246 * seen when WMI accessed via scripting on other OS.
247 */
248 for (i = 0; i < 2; i++) {
249 /* (re)initialize output buffer to default state */
250 output.length = ACPI_ALLOCATE_BUFFER;
251 output.pointer = NULL;
252
253 status = wmi_evaluate_method(guid, 0, 0, &input, &output);
254 if (ACPI_FAILURE(status)) {
255 kfree(output.pointer);
256 return -EIO;
257 }
258 err = tlmi_extract_error(&output);
259 kfree(output.pointer);
260 if (err)
261 return err;
262 }
263 return 0;
264 }
265
266 /* Extract output string from WMI return buffer */
267 static int tlmi_extract_output_string(const struct acpi_buffer *output,
268 char **string)
269 {
270 const union acpi_object *obj;
271 char *s;
272
273 obj = output->pointer;
274 if (!obj)
275 return -ENOMEM;
276 if (obj->type != ACPI_TYPE_STRING || !obj->string.pointer)
277 return -EIO;
278
279 s = kstrdup(obj->string.pointer, GFP_KERNEL);
280 if (!s)
281 return -ENOMEM;
282 *string = s;
283 return 0;
284 }
285
286 /* ------ Core interface functions ------------*/
287
288 /* Get password settings from BIOS */
289 static int tlmi_get_pwd_settings(struct tlmi_pwdcfg *pwdcfg)
290 {
291 struct acpi_buffer output = { ACPI_ALLOCATE_BUFFER, NULL };
292 const union acpi_object *obj;
293 acpi_status status;
294 int copy_size;
295
296 if (!tlmi_priv.can_get_password_settings)
297 return -EOPNOTSUPP;
298
299 status = wmi_query_block(LENOVO_BIOS_PASSWORD_SETTINGS_GUID, 0,
300 &output);
301 if (ACPI_FAILURE(status))
302 return -EIO;
303
304 obj = output.pointer;
305 if (!obj)
306 return -ENOMEM;
307 if (obj->type != ACPI_TYPE_BUFFER || !obj->buffer.pointer) {
308 kfree(obj);
309 return -EIO;
310 }
311 /*
312 * The size of thinkpad_wmi_pcfg on ThinkStation is larger than ThinkPad.
313 * To make the driver compatible on different brands, we permit it to get
314 * the data in below case.
315 * Settings must have at minimum the core fields available
316 */
317 if (obj->buffer.length < sizeof(struct tlmi_pwdcfg_core)) {
318 pr_warn("Unknown pwdcfg buffer length %d\n", obj->buffer.length);
319 kfree(obj);
320 return -EIO;
321 }
322
323 copy_size = min_t(size_t, obj->buffer.length, sizeof(struct tlmi_pwdcfg));
324
325 memcpy(pwdcfg, obj->buffer.pointer, copy_size);
326 kfree(obj);
327
328 if (WARN_ON(pwdcfg->core.max_length >= TLMI_PWD_BUFSIZE))
329 pwdcfg->core.max_length = TLMI_PWD_BUFSIZE - 1;
330 return 0;
331 }
332
333 static int tlmi_save_bios_settings(const char *password)
334 {
335 return tlmi_simple_call(LENOVO_SAVE_BIOS_SETTINGS_GUID,
336 password);
337 }
338
339 static int tlmi_opcode_setting(char *setting, const char *value)
340 {
341 char *opcode_str;
342 int ret;
343
344 opcode_str = kasprintf(GFP_KERNEL, "%s:%s;", setting, value);
345 if (!opcode_str)
346 return -ENOMEM;
347
348 ret = tlmi_simple_call(LENOVO_OPCODE_IF_GUID, opcode_str);
349 kfree(opcode_str);
350 return ret;
351 }
352
353 static int tlmi_setting(int item, char **value, const char *guid_string)
354 {
355 struct acpi_buffer output = { ACPI_ALLOCATE_BUFFER, NULL };
356 acpi_status status;
357 int ret;
358
359 status = wmi_query_block(guid_string, item, &output);
360 if (ACPI_FAILURE(status)) {
361 kfree(output.pointer);
362 return -EIO;
363 }
364
365 ret = tlmi_extract_output_string(&output, value);
366 kfree(output.pointer);
367 return ret;
368 }
369
370 static int tlmi_get_bios_selections(const char *item, char **value)
371 {
372 const struct acpi_buffer input = { strlen(item), (char *)item };
373 struct acpi_buffer output = { ACPI_ALLOCATE_BUFFER, NULL };
374 acpi_status status;
375 int ret;
376
377 status = wmi_evaluate_method(LENOVO_GET_BIOS_SELECTIONS_GUID,
378 0, 0, &input, &output);
379
380 if (ACPI_FAILURE(status)) {
381 kfree(output.pointer);
382 return -EIO;
383 }
384
385 ret = tlmi_extract_output_string(&output, value);
386 kfree(output.pointer);
387 return ret;
388 }
389
390 /* ---- Authentication sysfs --------------------------------------------------------- */
391 static ssize_t is_enabled_show(struct kobject *kobj, struct kobj_attribute *attr,
392 char *buf)
393 {
394 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
395
396 return sysfs_emit(buf, "%d\n", setting->pwd_enabled || setting->cert_installed);
397 }
398
399 static struct kobj_attribute auth_is_pass_set = __ATTR_RO(is_enabled);
400
401 static ssize_t current_password_store(struct kobject *kobj,
402 struct kobj_attribute *attr,
403 const char *buf, size_t count)
404 {
405 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
406 size_t pwdlen;
407
408 pwdlen = strlen(buf);
409 /* pwdlen == 0 is allowed to clear the password */
410 if (pwdlen && ((pwdlen < setting->minlen) || (pwdlen > setting->maxlen)))
411 return -EINVAL;
412
413 strscpy(setting->password, buf, setting->maxlen);
414 /* Strip out CR if one is present, setting password won't work if it is present */
415 strreplace(setting->password, '\n', '\0');
416 return count;
417 }
418
419 static struct kobj_attribute auth_current_password = __ATTR_WO(current_password);
420
421 static ssize_t new_password_store(struct kobject *kobj,
422 struct kobj_attribute *attr,
423 const char *buf, size_t count)
424 {
425 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
426 char *auth_str, *new_pwd;
427 size_t pwdlen;
428 int ret;
429
430 if (!capable(CAP_SYS_ADMIN))
431 return -EPERM;
432
433 if (!tlmi_priv.can_set_bios_password)
434 return -EOPNOTSUPP;
435
436 /* Strip out CR if one is present, setting password won't work if it is present */
437 new_pwd = kstrdup_and_replace(buf, '\n', '\0', GFP_KERNEL);
438 if (!new_pwd)
439 return -ENOMEM;
440
441 /* Use lock in case multiple WMI operations needed */
442 mutex_lock(&tlmi_mutex);
443
444 pwdlen = strlen(new_pwd);
445 /* pwdlen == 0 is allowed to clear the password */
446 if (pwdlen && ((pwdlen < setting->minlen) || (pwdlen > setting->maxlen))) {
447 ret = -EINVAL;
448 goto out;
449 }
450
451 /* If opcode support is present use that interface */
452 if (tlmi_priv.opcode_support) {
453 char pwd_type[8];
454
455 /* Special handling required for HDD and NVMe passwords */
456 if (setting == tlmi_priv.pwd_hdd) {
457 if (setting->level == TLMI_LEVEL_USER)
458 sprintf(pwd_type, "uhdp%d", setting->index);
459 else
460 sprintf(pwd_type, "mhdp%d", setting->index);
461 } else if (setting == tlmi_priv.pwd_nvme) {
462 if (setting->level == TLMI_LEVEL_USER)
463 sprintf(pwd_type, "udrp%d", setting->index);
464 else
465 sprintf(pwd_type, "adrp%d", setting->index);
466 } else {
467 sprintf(pwd_type, "%s", setting->pwd_type);
468 }
469
470 ret = tlmi_opcode_setting("WmiOpcodePasswordType", pwd_type);
471 if (ret)
472 goto out;
473
474 /*
475 * Note admin password is not always required if SMPControl enabled in BIOS,
476 * So only set if it's configured.
477 * Let BIOS figure it out - we'll get an error if operation is not permitted
478 */
479 if (tlmi_priv.pwd_admin->pwd_enabled && strlen(tlmi_priv.pwd_admin->password)) {
480 ret = tlmi_opcode_setting("WmiOpcodePasswordAdmin",
481 tlmi_priv.pwd_admin->password);
482 if (ret)
483 goto out;
484 }
485 ret = tlmi_opcode_setting("WmiOpcodePasswordCurrent01", setting->password);
486 if (ret)
487 goto out;
488 ret = tlmi_opcode_setting("WmiOpcodePasswordNew01", new_pwd);
489 if (ret)
490 goto out;
491 ret = tlmi_simple_call(LENOVO_OPCODE_IF_GUID, "WmiOpcodePasswordSetUpdate;");
492 } else {
493 /* Format: 'PasswordType,CurrentPw,NewPw,Encoding,KbdLang;' */
494 auth_str = kasprintf(GFP_KERNEL, "%s,%s,%s,%s,%s;",
495 setting->pwd_type, setting->password, new_pwd,
496 encoding_options[setting->encoding], setting->kbdlang);
497 if (!auth_str) {
498 ret = -ENOMEM;
499 goto out;
500 }
501 ret = tlmi_simple_call(LENOVO_SET_BIOS_PASSWORD_GUID, auth_str);
502 kfree(auth_str);
503 }
504 out:
505 mutex_unlock(&tlmi_mutex);
506 kfree(new_pwd);
507 return ret ?: count;
508 }
509
510 static struct kobj_attribute auth_new_password = __ATTR_WO(new_password);
511
512 static ssize_t min_password_length_show(struct kobject *kobj, struct kobj_attribute *attr,
513 char *buf)
514 {
515 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
516
517 return sysfs_emit(buf, "%d\n", setting->minlen);
518 }
519
520 static struct kobj_attribute auth_min_pass_length = __ATTR_RO(min_password_length);
521
522 static ssize_t max_password_length_show(struct kobject *kobj, struct kobj_attribute *attr,
523 char *buf)
524 {
525 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
526
527 return sysfs_emit(buf, "%d\n", setting->maxlen);
528 }
529 static struct kobj_attribute auth_max_pass_length = __ATTR_RO(max_password_length);
530
531 static ssize_t mechanism_show(struct kobject *kobj, struct kobj_attribute *attr,
532 char *buf)
533 {
534 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
535
536 if (setting->cert_installed)
537 return sysfs_emit(buf, "certificate\n");
538 return sysfs_emit(buf, "password\n");
539 }
540 static struct kobj_attribute auth_mechanism = __ATTR_RO(mechanism);
541
542 static ssize_t encoding_show(struct kobject *kobj, struct kobj_attribute *attr,
543 char *buf)
544 {
545 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
546
547 return sysfs_emit(buf, "%s\n", encoding_options[setting->encoding]);
548 }
549
550 static ssize_t encoding_store(struct kobject *kobj,
551 struct kobj_attribute *attr,
552 const char *buf, size_t count)
553 {
554 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
555 int i;
556
557 /* Scan for a matching profile */
558 i = sysfs_match_string(encoding_options, buf);
559 if (i < 0)
560 return -EINVAL;
561
562 setting->encoding = i;
563 return count;
564 }
565
566 static struct kobj_attribute auth_encoding = __ATTR_RW(encoding);
567
568 static ssize_t kbdlang_show(struct kobject *kobj, struct kobj_attribute *attr,
569 char *buf)
570 {
571 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
572
573 return sysfs_emit(buf, "%s\n", setting->kbdlang);
574 }
575
576 static ssize_t kbdlang_store(struct kobject *kobj,
577 struct kobj_attribute *attr,
578 const char *buf, size_t count)
579 {
580 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
581 int length;
582
583 /* Calculate length till '\n' or terminating 0 */
584 length = strchrnul(buf, '\n') - buf;
585 if (!length || length >= TLMI_LANG_MAXLEN)
586 return -EINVAL;
587
588 memcpy(setting->kbdlang, buf, length);
589 setting->kbdlang[length] = '\0';
590 return count;
591 }
592
593 static struct kobj_attribute auth_kbdlang = __ATTR_RW(kbdlang);
594
595 static ssize_t role_show(struct kobject *kobj, struct kobj_attribute *attr,
596 char *buf)
597 {
598 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
599
600 return sysfs_emit(buf, "%s\n", setting->role);
601 }
602 static struct kobj_attribute auth_role = __ATTR_RO(role);
603
604 static ssize_t index_show(struct kobject *kobj, struct kobj_attribute *attr,
605 char *buf)
606 {
607 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
608
609 return sysfs_emit(buf, "%d\n", setting->index);
610 }
611
612 static ssize_t index_store(struct kobject *kobj,
613 struct kobj_attribute *attr,
614 const char *buf, size_t count)
615 {
616 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
617 int err, val;
618
619 err = kstrtoint(buf, 10, &val);
620 if (err < 0)
621 return err;
622
623 if (val < 0 || val > TLMI_INDEX_MAX)
624 return -EINVAL;
625
626 setting->index = val;
627 return count;
628 }
629
630 static struct kobj_attribute auth_index = __ATTR_RW(index);
631
632 static ssize_t level_show(struct kobject *kobj, struct kobj_attribute *attr,
633 char *buf)
634 {
635 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
636
637 return sysfs_emit(buf, "%s\n", level_options[setting->level]);
638 }
639
640 static ssize_t level_store(struct kobject *kobj,
641 struct kobj_attribute *attr,
642 const char *buf, size_t count)
643 {
644 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
645 int i;
646
647 /* Scan for a matching profile */
648 i = sysfs_match_string(level_options, buf);
649 if (i < 0)
650 return -EINVAL;
651
652 setting->level = i;
653 return count;
654 }
655
656 static struct kobj_attribute auth_level = __ATTR_RW(level);
657
658 static char *cert_command(struct tlmi_pwd_setting *setting, const char *arg1, const char *arg2)
659 {
660 /* Prepend with SVC or SMC if multicert supported */
661 if (tlmi_priv.pwdcfg.core.password_mode >= TLMI_PWDCFG_MODE_MULTICERT)
662 return kasprintf(GFP_KERNEL, "%s,%s,%s",
663 setting == tlmi_priv.pwd_admin ? "SVC" : "SMC",
664 arg1, arg2);
665 else
666 return kasprintf(GFP_KERNEL, "%s,%s", arg1, arg2);
667 }
668
669 static ssize_t cert_thumbprint(char *buf, const char *arg, int count)
670 {
671 const struct acpi_buffer input = { strlen(arg), (char *)arg };
672 struct acpi_buffer output = { ACPI_ALLOCATE_BUFFER, NULL };
673 const union acpi_object *obj;
674 acpi_status status;
675
676 status = wmi_evaluate_method(LENOVO_CERT_THUMBPRINT_GUID, 0, 0, &input, &output);
677 if (ACPI_FAILURE(status)) {
678 kfree(output.pointer);
679 return -EIO;
680 }
681 obj = output.pointer;
682 if (!obj)
683 return -ENOMEM;
684 if (obj->type != ACPI_TYPE_STRING || !obj->string.pointer) {
685 kfree(output.pointer);
686 return -EIO;
687 }
688 count += sysfs_emit_at(buf, count, "%s : %s\n", arg, (char *)obj->string.pointer);
689 kfree(output.pointer);
690
691 return count;
692 }
693
694 static char *thumbtypes[] = {"Md5", "Sha1", "Sha256"};
695
696 static ssize_t certificate_thumbprint_show(struct kobject *kobj, struct kobj_attribute *attr,
697 char *buf)
698 {
699 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
700 unsigned int i;
701 int count = 0;
702 char *wmistr;
703
704 if (!tlmi_priv.certificate_support || !setting->cert_installed)
705 return -EOPNOTSUPP;
706
707 for (i = 0; i < ARRAY_SIZE(thumbtypes); i++) {
708 if (tlmi_priv.pwdcfg.core.password_mode >= TLMI_PWDCFG_MODE_MULTICERT) {
709 /* Format: 'SVC | SMC, Thumbtype' */
710 wmistr = kasprintf(GFP_KERNEL, "%s,%s",
711 setting == tlmi_priv.pwd_admin ? "SVC" : "SMC",
712 thumbtypes[i]);
713 } else {
714 /* Format: 'Thumbtype' */
715 wmistr = kasprintf(GFP_KERNEL, "%s", thumbtypes[i]);
716 }
717 if (!wmistr)
718 return -ENOMEM;
719 count += cert_thumbprint(buf, wmistr, count);
720 kfree(wmistr);
721 }
722
723 return count;
724 }
725
726 static struct kobj_attribute auth_cert_thumb = __ATTR_RO(certificate_thumbprint);
727
728 static ssize_t cert_to_password_store(struct kobject *kobj,
729 struct kobj_attribute *attr,
730 const char *buf, size_t count)
731 {
732 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
733 char *auth_str, *passwd;
734 int ret;
735
736 if (!capable(CAP_SYS_ADMIN))
737 return -EPERM;
738
739 if (!tlmi_priv.certificate_support)
740 return -EOPNOTSUPP;
741
742 if (!setting->cert_installed)
743 return -EINVAL;
744
745 if (!setting->signature || !setting->signature[0])
746 return -EACCES;
747
748 /* Strip out CR if one is present */
749 passwd = kstrdup_and_replace(buf, '\n', '\0', GFP_KERNEL);
750 if (!passwd)
751 return -ENOMEM;
752
753 /* Format: 'Password,Signature' */
754 auth_str = cert_command(setting, passwd, setting->signature);
755 if (!auth_str) {
756 kfree_sensitive(passwd);
757 return -ENOMEM;
758 }
759 ret = tlmi_simple_call(LENOVO_CERT_TO_PASSWORD_GUID, auth_str);
760 kfree(auth_str);
761 kfree_sensitive(passwd);
762
763 return ret ?: count;
764 }
765
766 static struct kobj_attribute auth_cert_to_password = __ATTR_WO(cert_to_password);
767
768 enum cert_install_mode {
769 TLMI_CERT_INSTALL,
770 TLMI_CERT_UPDATE,
771 };
772
773 static ssize_t certificate_store(struct kobject *kobj,
774 struct kobj_attribute *attr,
775 const char *buf, size_t count)
776 {
777 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
778 enum cert_install_mode install_mode = TLMI_CERT_INSTALL;
779 char *auth_str, *new_cert;
780 char *signature;
781 char *guid;
782 int ret;
783
784 if (!capable(CAP_SYS_ADMIN))
785 return -EPERM;
786
787 if (!tlmi_priv.certificate_support)
788 return -EOPNOTSUPP;
789
790 /* If empty then clear installed certificate */
791 if ((buf[0] == '\0') || (buf[0] == '\n')) { /* Clear installed certificate */
792 /* Check that signature is set */
793 if (!setting->signature || !setting->signature[0])
794 return -EACCES;
795
796 /* Format: 'serial#, signature' */
797 auth_str = cert_command(setting,
798 dmi_get_system_info(DMI_PRODUCT_SERIAL),
799 setting->signature);
800 if (!auth_str)
801 return -ENOMEM;
802
803 ret = tlmi_simple_call(LENOVO_CLEAR_BIOS_CERT_GUID, auth_str);
804 kfree(auth_str);
805
806 return ret ?: count;
807 }
808
809 /* Strip out CR if one is present */
810 new_cert = kstrdup_and_replace(buf, '\n', '\0', GFP_KERNEL);
811 if (!new_cert)
812 return -ENOMEM;
813
814 if (setting->cert_installed) {
815 /* Certificate is installed so this is an update */
816 install_mode = TLMI_CERT_UPDATE;
817 /* If admin account enabled - need to use its signature */
818 if (tlmi_priv.pwd_admin->pwd_enabled)
819 signature = tlmi_priv.pwd_admin->signature;
820 else
821 signature = setting->signature;
822 } else { /* Cert install */
823 /* Check if SMC and SVC already installed */
824 if ((setting == tlmi_priv.pwd_system) && tlmi_priv.pwd_admin->cert_installed) {
825 /* This gets treated as a cert update */
826 install_mode = TLMI_CERT_UPDATE;
827 signature = tlmi_priv.pwd_admin->signature;
828 } else { /* Regular cert install */
829 install_mode = TLMI_CERT_INSTALL;
830 signature = setting->signature;
831 }
832 }
833
834 if (install_mode == TLMI_CERT_UPDATE) {
835 /* This is a certificate update */
836 if (!signature || !signature[0]) {
837 kfree(new_cert);
838 return -EACCES;
839 }
840 guid = LENOVO_UPDATE_BIOS_CERT_GUID;
841 /* Format: 'Certificate,Signature' */
842 auth_str = cert_command(setting, new_cert, signature);
843 } else {
844 /* This is a fresh install */
845 /* To set admin cert, a password must be enabled */
846 if ((setting == tlmi_priv.pwd_admin) &&
847 (!setting->pwd_enabled || !setting->password[0])) {
848 kfree(new_cert);
849 return -EACCES;
850 }
851 guid = LENOVO_SET_BIOS_CERT_GUID;
852 /* Format: 'Certificate, password' */
853 auth_str = cert_command(setting, new_cert, setting->password);
854 }
855 kfree(new_cert);
856 if (!auth_str)
857 return -ENOMEM;
858
859 ret = tlmi_simple_call(guid, auth_str);
860 kfree(auth_str);
861
862 return ret ?: count;
863 }
864
865 static struct kobj_attribute auth_certificate = __ATTR_WO(certificate);
866
867 static ssize_t signature_store(struct kobject *kobj,
868 struct kobj_attribute *attr,
869 const char *buf, size_t count)
870 {
871 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
872 char *new_signature;
873
874 if (!capable(CAP_SYS_ADMIN))
875 return -EPERM;
876
877 if (!tlmi_priv.certificate_support)
878 return -EOPNOTSUPP;
879
880 /* Strip out CR if one is present */
881 new_signature = kstrdup_and_replace(buf, '\n', '\0', GFP_KERNEL);
882 if (!new_signature)
883 return -ENOMEM;
884
885 /* Free any previous signature */
886 kfree(setting->signature);
887 setting->signature = new_signature;
888
889 return count;
890 }
891
892 static struct kobj_attribute auth_signature = __ATTR_WO(signature);
893
894 static ssize_t save_signature_store(struct kobject *kobj,
895 struct kobj_attribute *attr,
896 const char *buf, size_t count)
897 {
898 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
899 char *new_signature;
900
901 if (!capable(CAP_SYS_ADMIN))
902 return -EPERM;
903
904 if (!tlmi_priv.certificate_support)
905 return -EOPNOTSUPP;
906
907 /* Strip out CR if one is present */
908 new_signature = kstrdup_and_replace(buf, '\n', '\0', GFP_KERNEL);
909 if (!new_signature)
910 return -ENOMEM;
911
912 /* Free any previous signature */
913 kfree(setting->save_signature);
914 setting->save_signature = new_signature;
915
916 return count;
917 }
918
919 static struct kobj_attribute auth_save_signature = __ATTR_WO(save_signature);
920
921 static umode_t auth_attr_is_visible(struct kobject *kobj,
922 struct attribute *attr, int n)
923 {
924 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
925
926 /* We only want to display level and index settings on HDD/NVMe */
927 if (attr == &auth_index.attr || attr == &auth_level.attr) {
928 if ((setting == tlmi_priv.pwd_hdd) || (setting == tlmi_priv.pwd_nvme))
929 return attr->mode;
930 return 0;
931 }
932
933 /* We only display certificates, if supported */
934 if (attr == &auth_certificate.attr ||
935 attr == &auth_signature.attr ||
936 attr == &auth_save_signature.attr ||
937 attr == &auth_cert_thumb.attr ||
938 attr == &auth_cert_to_password.attr) {
939 if (tlmi_priv.certificate_support) {
940 if (setting == tlmi_priv.pwd_admin)
941 return attr->mode;
942 if ((tlmi_priv.pwdcfg.core.password_mode >= TLMI_PWDCFG_MODE_MULTICERT) &&
943 (setting == tlmi_priv.pwd_system))
944 return attr->mode;
945 }
946 return 0;
947 }
948
949 /* Don't display un-needed settings if opcode available */
950 if ((attr == &auth_encoding.attr || attr == &auth_kbdlang.attr) &&
951 tlmi_priv.opcode_support)
952 return 0;
953
954 return attr->mode;
955 }
956
957 static struct attribute *auth_attrs[] = {
958 &auth_is_pass_set.attr,
959 &auth_min_pass_length.attr,
960 &auth_max_pass_length.attr,
961 &auth_current_password.attr,
962 &auth_new_password.attr,
963 &auth_role.attr,
964 &auth_mechanism.attr,
965 &auth_encoding.attr,
966 &auth_kbdlang.attr,
967 &auth_index.attr,
968 &auth_level.attr,
969 &auth_certificate.attr,
970 &auth_signature.attr,
971 &auth_save_signature.attr,
972 &auth_cert_thumb.attr,
973 &auth_cert_to_password.attr,
974 NULL
975 };
976
977 static const struct attribute_group auth_attr_group = {
978 .is_visible = auth_attr_is_visible,
979 .attrs = auth_attrs,
980 };
981
982 /* ---- Attributes sysfs --------------------------------------------------------- */
983 static ssize_t display_name_show(struct kobject *kobj, struct kobj_attribute *attr,
984 char *buf)
985 {
986 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj);
987
988 return sysfs_emit(buf, "%s\n", setting->display_name);
989 }
990
991 static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
992 {
993 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj);
994 char *item, *value;
995 int ret;
996
997 ret = tlmi_setting(setting->index, &item, LENOVO_BIOS_SETTING_GUID);
998 if (ret)
999 return ret;
1000
1001 /* validate and split from `item,value` -> `value` */
1002 value = strpbrk(item, ",");
1003 if (!value || value == item || !strlen(value + 1))
1004 ret = -EINVAL;
1005 else {
1006 /* On Workstations remove the Options part after the value */
1007 strreplace(value, ';', '\0');
1008 ret = sysfs_emit(buf, "%s\n", value + 1);
1009 }
1010 kfree(item);
1011
1012 return ret;
1013 }
1014
1015 static ssize_t possible_values_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
1016 {
1017 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj);
1018
1019 return sysfs_emit(buf, "%s\n", setting->possible_values);
1020 }
1021
1022 static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
1023 char *buf)
1024 {
1025 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj);
1026
1027 if (setting->possible_values) {
1028 /* Figure out what setting type is as BIOS does not return this */
1029 if (strchr(setting->possible_values, ';'))
1030 return sysfs_emit(buf, "enumeration\n");
1031 }
1032 /* Anything else is going to be a string */
1033 return sysfs_emit(buf, "string\n");
1034 }
1035
1036 static ssize_t current_value_store(struct kobject *kobj,
1037 struct kobj_attribute *attr,
1038 const char *buf, size_t count)
1039 {
1040 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj);
1041 char *set_str = NULL, *new_setting = NULL;
1042 char *auth_str = NULL;
1043 int ret;
1044
1045 if (!tlmi_priv.can_set_bios_settings)
1046 return -EOPNOTSUPP;
1047
1048 /*
1049 * If we are using bulk saves a reboot should be done once save has
1050 * been called
1051 */
1052 if (tlmi_priv.save_mode == TLMI_SAVE_BULK && tlmi_priv.reboot_required)
1053 return -EPERM;
1054
1055 /* Strip out CR if one is present */
1056 new_setting = kstrdup_and_replace(buf, '\n', '\0', GFP_KERNEL);
1057 if (!new_setting)
1058 return -ENOMEM;
1059
1060 /* Use lock in case multiple WMI operations needed */
1061 mutex_lock(&tlmi_mutex);
1062
1063 /* Check if certificate authentication is enabled and active */
1064 if (tlmi_priv.certificate_support && tlmi_priv.pwd_admin->cert_installed) {
1065 if (!tlmi_priv.pwd_admin->signature || !tlmi_priv.pwd_admin->save_signature) {
1066 ret = -EINVAL;
1067 goto out;
1068 }
1069 set_str = kasprintf(GFP_KERNEL, "%s,%s,%s", setting->display_name,
1070 new_setting, tlmi_priv.pwd_admin->signature);
1071 if (!set_str) {
1072 ret = -ENOMEM;
1073 goto out;
1074 }
1075
1076 ret = tlmi_simple_call(LENOVO_SET_BIOS_SETTING_CERT_GUID, set_str);
1077 if (ret)
1078 goto out;
1079 if (tlmi_priv.save_mode == TLMI_SAVE_BULK)
1080 tlmi_priv.save_required = true;
1081 else
1082 ret = tlmi_simple_call(LENOVO_SAVE_BIOS_SETTING_CERT_GUID,
1083 tlmi_priv.pwd_admin->save_signature);
1084 } else if (tlmi_priv.opcode_support) {
1085 /*
1086 * If opcode support is present use that interface.
1087 * Note - this sets the variable and then the password as separate
1088 * WMI calls. Function tlmi_save_bios_settings will error if the
1089 * password is incorrect.
1090 * Workstation's require the opcode to be set before changing the
1091 * attribute.
1092 */
1093 if (tlmi_priv.pwd_admin->pwd_enabled && tlmi_priv.pwd_admin->password[0]) {
1094 ret = tlmi_opcode_setting("WmiOpcodePasswordAdmin",
1095 tlmi_priv.pwd_admin->password);
1096 if (ret)
1097 goto out;
1098 }
1099
1100 set_str = kasprintf(GFP_KERNEL, "%s,%s;", setting->display_name,
1101 new_setting);
1102 if (!set_str) {
1103 ret = -ENOMEM;
1104 goto out;
1105 }
1106
1107 ret = tlmi_simple_call(LENOVO_SET_BIOS_SETTINGS_GUID, set_str);
1108 if (ret)
1109 goto out;
1110
1111 if (tlmi_priv.save_mode == TLMI_SAVE_BULK)
1112 tlmi_priv.save_required = true;
1113 else
1114 ret = tlmi_save_bios_settings("");
1115 } else { /* old non-opcode based authentication method (deprecated) */
1116 if (tlmi_priv.pwd_admin->pwd_enabled && tlmi_priv.pwd_admin->password[0]) {
1117 auth_str = kasprintf(GFP_KERNEL, "%s,%s,%s;",
1118 tlmi_priv.pwd_admin->password,
1119 encoding_options[tlmi_priv.pwd_admin->encoding],
1120 tlmi_priv.pwd_admin->kbdlang);
1121 if (!auth_str) {
1122 ret = -ENOMEM;
1123 goto out;
1124 }
1125 }
1126
1127 if (auth_str)
1128 set_str = kasprintf(GFP_KERNEL, "%s,%s,%s", setting->display_name,
1129 new_setting, auth_str);
1130 else
1131 set_str = kasprintf(GFP_KERNEL, "%s,%s;", setting->display_name,
1132 new_setting);
1133 if (!set_str) {
1134 ret = -ENOMEM;
1135 goto out;
1136 }
1137
1138 ret = tlmi_simple_call(LENOVO_SET_BIOS_SETTINGS_GUID, set_str);
1139 if (ret)
1140 goto out;
1141
1142 if (tlmi_priv.save_mode == TLMI_SAVE_BULK) {
1143 tlmi_priv.save_required = true;
1144 } else {
1145 if (auth_str)
1146 ret = tlmi_save_bios_settings(auth_str);
1147 else
1148 ret = tlmi_save_bios_settings("");
1149 }
1150 }
1151 if (!ret && !tlmi_priv.pending_changes) {
1152 tlmi_priv.pending_changes = true;
1153 /* let userland know it may need to check reboot pending again */
1154 kobject_uevent(&tlmi_priv.class_dev->kobj, KOBJ_CHANGE);
1155 }
1156 out:
1157 mutex_unlock(&tlmi_mutex);
1158 kfree(auth_str);
1159 kfree(set_str);
1160 kfree(new_setting);
1161 return ret ?: count;
1162 }
1163
1164 static struct kobj_attribute attr_displ_name = __ATTR_RO(display_name);
1165
1166 static struct kobj_attribute attr_possible_values = __ATTR_RO(possible_values);
1167
1168 static struct kobj_attribute attr_current_val = __ATTR_RW_MODE(current_value, 0600);
1169
1170 static struct kobj_attribute attr_type = __ATTR_RO(type);
1171
1172 static umode_t attr_is_visible(struct kobject *kobj,
1173 struct attribute *attr, int n)
1174 {
1175 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj);
1176
1177 /* We don't want to display possible_values attributes if not available */
1178 if ((attr == &attr_possible_values.attr) && (!setting->possible_values))
1179 return 0;
1180
1181 return attr->mode;
1182 }
1183
1184 static struct attribute *tlmi_attrs[] = {
1185 &attr_displ_name.attr,
1186 &attr_current_val.attr,
1187 &attr_possible_values.attr,
1188 &attr_type.attr,
1189 NULL
1190 };
1191
1192 static const struct attribute_group tlmi_attr_group = {
1193 .is_visible = attr_is_visible,
1194 .attrs = tlmi_attrs,
1195 };
1196
1197 static void tlmi_attr_setting_release(struct kobject *kobj)
1198 {
1199 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj);
1200
1201 kfree(setting->possible_values);
1202 kfree(setting);
1203 }
1204
1205 static void tlmi_pwd_setting_release(struct kobject *kobj)
1206 {
1207 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
1208
1209 kfree(setting);
1210 }
1211
1212 static const struct kobj_type tlmi_attr_setting_ktype = {
1213 .release = &tlmi_attr_setting_release,
1214 .sysfs_ops = &kobj_sysfs_ops,
1215 };
1216
1217 static const struct kobj_type tlmi_pwd_setting_ktype = {
1218 .release = &tlmi_pwd_setting_release,
1219 .sysfs_ops = &kobj_sysfs_ops,
1220 };
1221
1222 static ssize_t pending_reboot_show(struct kobject *kobj, struct kobj_attribute *attr,
1223 char *buf)
1224 {
1225 return sprintf(buf, "%d\n", tlmi_priv.pending_changes);
1226 }
1227
1228 static struct kobj_attribute pending_reboot = __ATTR_RO(pending_reboot);
1229
1230 static const char * const save_mode_strings[] = {
1231 [TLMI_SAVE_SINGLE] = "single",
1232 [TLMI_SAVE_BULK] = "bulk",
1233 [TLMI_SAVE_SAVE] = "save"
1234 };
1235
1236 static ssize_t save_settings_show(struct kobject *kobj, struct kobj_attribute *attr,
1237 char *buf)
1238 {
1239 /* Check that setting is valid */
1240 if (WARN_ON(tlmi_priv.save_mode < TLMI_SAVE_SINGLE ||
1241 tlmi_priv.save_mode > TLMI_SAVE_BULK))
1242 return -EIO;
1243 return sysfs_emit(buf, "%s\n", save_mode_strings[tlmi_priv.save_mode]);
1244 }
1245
1246 static ssize_t save_settings_store(struct kobject *kobj, struct kobj_attribute *attr,
1247 const char *buf, size_t count)
1248 {
1249 char *auth_str = NULL;
1250 int ret = 0;
1251 int cmd;
1252
1253 cmd = sysfs_match_string(save_mode_strings, buf);
1254 if (cmd < 0)
1255 return cmd;
1256
1257 /* Use lock in case multiple WMI operations needed */
1258 mutex_lock(&tlmi_mutex);
1259
1260 switch (cmd) {
1261 case TLMI_SAVE_SINGLE:
1262 case TLMI_SAVE_BULK:
1263 tlmi_priv.save_mode = cmd;
1264 goto out;
1265 case TLMI_SAVE_SAVE:
1266 /* Check if supported*/
1267 if (!tlmi_priv.can_set_bios_settings ||
1268 tlmi_priv.save_mode == TLMI_SAVE_SINGLE) {
1269 ret = -EOPNOTSUPP;
1270 goto out;
1271 }
1272 /* Check there is actually something to save */
1273 if (!tlmi_priv.save_required) {
1274 ret = -ENOENT;
1275 goto out;
1276 }
1277 /* Check if certificate authentication is enabled and active */
1278 if (tlmi_priv.certificate_support && tlmi_priv.pwd_admin->cert_installed) {
1279 if (!tlmi_priv.pwd_admin->signature ||
1280 !tlmi_priv.pwd_admin->save_signature) {
1281 ret = -EINVAL;
1282 goto out;
1283 }
1284 ret = tlmi_simple_call(LENOVO_SAVE_BIOS_SETTING_CERT_GUID,
1285 tlmi_priv.pwd_admin->save_signature);
1286 if (ret)
1287 goto out;
1288 } else if (tlmi_priv.opcode_support) {
1289 if (tlmi_priv.pwd_admin->pwd_enabled && tlmi_priv.pwd_admin->password[0]) {
1290 ret = tlmi_opcode_setting("WmiOpcodePasswordAdmin",
1291 tlmi_priv.pwd_admin->password);
1292 if (ret)
1293 goto out;
1294 }
1295 ret = tlmi_save_bios_settings("");
1296 } else { /* old non-opcode based authentication method (deprecated) */
1297 if (tlmi_priv.pwd_admin->pwd_enabled && tlmi_priv.pwd_admin->password[0]) {
1298 auth_str = kasprintf(GFP_KERNEL, "%s,%s,%s;",
1299 tlmi_priv.pwd_admin->password,
1300 encoding_options[tlmi_priv.pwd_admin->encoding],
1301 tlmi_priv.pwd_admin->kbdlang);
1302 if (!auth_str) {
1303 ret = -ENOMEM;
1304 goto out;
1305 }
1306 }
1307
1308 if (auth_str)
1309 ret = tlmi_save_bios_settings(auth_str);
1310 else
1311 ret = tlmi_save_bios_settings("");
1312 }
1313 tlmi_priv.save_required = false;
1314 tlmi_priv.reboot_required = true;
1315
1316 if (!ret && !tlmi_priv.pending_changes) {
1317 tlmi_priv.pending_changes = true;
1318 /* let userland know it may need to check reboot pending again */
1319 kobject_uevent(&tlmi_priv.class_dev->kobj, KOBJ_CHANGE);
1320 }
1321 break;
1322 }
1323 out:
1324 mutex_unlock(&tlmi_mutex);
1325 kfree(auth_str);
1326 return ret ?: count;
1327 }
1328
1329 static struct kobj_attribute save_settings = __ATTR_RW(save_settings);
1330
1331 /* ---- Debug interface--------------------------------------------------------- */
1332 static ssize_t debug_cmd_store(struct kobject *kobj, struct kobj_attribute *attr,
1333 const char *buf, size_t count)
1334 {
1335 char *set_str = NULL, *new_setting = NULL;
1336 char *auth_str = NULL;
1337 int ret;
1338
1339 if (!tlmi_priv.can_debug_cmd)
1340 return -EOPNOTSUPP;
1341
1342 /* Strip out CR if one is present */
1343 new_setting = kstrdup_and_replace(buf, '\n', '\0', GFP_KERNEL);
1344 if (!new_setting)
1345 return -ENOMEM;
1346
1347 if (tlmi_priv.pwd_admin->pwd_enabled && tlmi_priv.pwd_admin->password[0]) {
1348 auth_str = kasprintf(GFP_KERNEL, "%s,%s,%s;",
1349 tlmi_priv.pwd_admin->password,
1350 encoding_options[tlmi_priv.pwd_admin->encoding],
1351 tlmi_priv.pwd_admin->kbdlang);
1352 if (!auth_str) {
1353 ret = -ENOMEM;
1354 goto out;
1355 }
1356 }
1357
1358 if (auth_str)
1359 set_str = kasprintf(GFP_KERNEL, "%s,%s", new_setting, auth_str);
1360 else
1361 set_str = kasprintf(GFP_KERNEL, "%s;", new_setting);
1362 if (!set_str) {
1363 ret = -ENOMEM;
1364 goto out;
1365 }
1366
1367 ret = tlmi_simple_call(LENOVO_DEBUG_CMD_GUID, set_str);
1368 if (ret)
1369 goto out;
1370
1371 if (!ret && !tlmi_priv.pending_changes) {
1372 tlmi_priv.pending_changes = true;
1373 /* let userland know it may need to check reboot pending again */
1374 kobject_uevent(&tlmi_priv.class_dev->kobj, KOBJ_CHANGE);
1375 }
1376 out:
1377 kfree(auth_str);
1378 kfree(set_str);
1379 kfree(new_setting);
1380 return ret ?: count;
1381 }
1382
1383 static struct kobj_attribute debug_cmd = __ATTR_WO(debug_cmd);
1384
1385 /* ---- Initialisation --------------------------------------------------------- */
1386 static void tlmi_release_attr(void)
1387 {
1388 int i;
1389
1390 /* Attribute structures */
1391 for (i = 0; i < TLMI_SETTINGS_COUNT; i++) {
1392 if (tlmi_priv.setting[i]) {
1393 sysfs_remove_group(&tlmi_priv.setting[i]->kobj, &tlmi_attr_group);
1394 kobject_put(&tlmi_priv.setting[i]->kobj);
1395 }
1396 }
1397 sysfs_remove_file(&tlmi_priv.attribute_kset->kobj, &pending_reboot.attr);
1398 sysfs_remove_file(&tlmi_priv.attribute_kset->kobj, &save_settings.attr);
1399
1400 if (tlmi_priv.can_debug_cmd && debug_support)
1401 sysfs_remove_file(&tlmi_priv.attribute_kset->kobj, &debug_cmd.attr);
1402
1403 kset_unregister(tlmi_priv.attribute_kset);
1404
1405 /* Free up any saved signatures */
1406 kfree(tlmi_priv.pwd_admin->signature);
1407 kfree(tlmi_priv.pwd_admin->save_signature);
1408
1409 /* Authentication structures */
1410 sysfs_remove_group(&tlmi_priv.pwd_admin->kobj, &auth_attr_group);
1411 kobject_put(&tlmi_priv.pwd_admin->kobj);
1412 sysfs_remove_group(&tlmi_priv.pwd_power->kobj, &auth_attr_group);
1413 kobject_put(&tlmi_priv.pwd_power->kobj);
1414
1415 if (tlmi_priv.opcode_support) {
1416 sysfs_remove_group(&tlmi_priv.pwd_system->kobj, &auth_attr_group);
1417 kobject_put(&tlmi_priv.pwd_system->kobj);
1418 sysfs_remove_group(&tlmi_priv.pwd_hdd->kobj, &auth_attr_group);
1419 kobject_put(&tlmi_priv.pwd_hdd->kobj);
1420 sysfs_remove_group(&tlmi_priv.pwd_nvme->kobj, &auth_attr_group);
1421 kobject_put(&tlmi_priv.pwd_nvme->kobj);
1422 }
1423
1424 kset_unregister(tlmi_priv.authentication_kset);
1425 }
1426
1427 static int tlmi_validate_setting_name(struct kset *attribute_kset, char *name)
1428 {
1429 struct kobject *duplicate;
1430
1431 if (!strcmp(name, "Reserved"))
1432 return -EINVAL;
1433
1434 duplicate = kset_find_obj(attribute_kset, name);
1435 if (duplicate) {
1436 pr_debug("Duplicate attribute name found - %s\n", name);
1437 /* kset_find_obj() returns a reference */
1438 kobject_put(duplicate);
1439 return -EBUSY;
1440 }
1441
1442 return 0;
1443 }
1444
1445 static int tlmi_sysfs_init(void)
1446 {
1447 int i, ret;
1448
1449 ret = fw_attributes_class_get(&fw_attr_class);
1450 if (ret)
1451 return ret;
1452
1453 tlmi_priv.class_dev = device_create(fw_attr_class, NULL, MKDEV(0, 0),
1454 NULL, "%s", "thinklmi");
1455 if (IS_ERR(tlmi_priv.class_dev)) {
1456 ret = PTR_ERR(tlmi_priv.class_dev);
1457 goto fail_class_created;
1458 }
1459
1460 tlmi_priv.attribute_kset = kset_create_and_add("attributes", NULL,
1461 &tlmi_priv.class_dev->kobj);
1462 if (!tlmi_priv.attribute_kset) {
1463 ret = -ENOMEM;
1464 goto fail_device_created;
1465 }
1466
1467 for (i = 0; i < TLMI_SETTINGS_COUNT; i++) {
1468 /* Check if index is a valid setting - skip if it isn't */
1469 if (!tlmi_priv.setting[i])
1470 continue;
1471
1472 /* check for duplicate or reserved values */
1473 if (tlmi_validate_setting_name(tlmi_priv.attribute_kset,
1474 tlmi_priv.setting[i]->display_name) < 0) {
1475 kfree(tlmi_priv.setting[i]->possible_values);
1476 kfree(tlmi_priv.setting[i]);
1477 tlmi_priv.setting[i] = NULL;
1478 continue;
1479 }
1480
1481 /* Build attribute */
1482 tlmi_priv.setting[i]->kobj.kset = tlmi_priv.attribute_kset;
1483 ret = kobject_add(&tlmi_priv.setting[i]->kobj, NULL,
1484 "%s", tlmi_priv.setting[i]->display_name);
1485 if (ret)
1486 goto fail_create_attr;
1487
1488 ret = sysfs_create_group(&tlmi_priv.setting[i]->kobj, &tlmi_attr_group);
1489 if (ret)
1490 goto fail_create_attr;
1491 }
1492
1493 ret = sysfs_create_file(&tlmi_priv.attribute_kset->kobj, &pending_reboot.attr);
1494 if (ret)
1495 goto fail_create_attr;
1496
1497 ret = sysfs_create_file(&tlmi_priv.attribute_kset->kobj, &save_settings.attr);
1498 if (ret)
1499 goto fail_create_attr;
1500
1501 if (tlmi_priv.can_debug_cmd && debug_support) {
1502 ret = sysfs_create_file(&tlmi_priv.attribute_kset->kobj, &debug_cmd.attr);
1503 if (ret)
1504 goto fail_create_attr;
1505 }
1506
1507 /* Create authentication entries */
1508 tlmi_priv.authentication_kset = kset_create_and_add("authentication", NULL,
1509 &tlmi_priv.class_dev->kobj);
1510 if (!tlmi_priv.authentication_kset) {
1511 ret = -ENOMEM;
1512 goto fail_create_attr;
1513 }
1514 tlmi_priv.pwd_admin->kobj.kset = tlmi_priv.authentication_kset;
1515 ret = kobject_add(&tlmi_priv.pwd_admin->kobj, NULL, "%s", "Admin");
1516 if (ret)
1517 goto fail_create_attr;
1518
1519 ret = sysfs_create_group(&tlmi_priv.pwd_admin->kobj, &auth_attr_group);
1520 if (ret)
1521 goto fail_create_attr;
1522
1523 tlmi_priv.pwd_power->kobj.kset = tlmi_priv.authentication_kset;
1524 ret = kobject_add(&tlmi_priv.pwd_power->kobj, NULL, "%s", "Power-on");
1525 if (ret)
1526 goto fail_create_attr;
1527
1528 ret = sysfs_create_group(&tlmi_priv.pwd_power->kobj, &auth_attr_group);
1529 if (ret)
1530 goto fail_create_attr;
1531
1532 if (tlmi_priv.opcode_support) {
1533 tlmi_priv.pwd_system->kobj.kset = tlmi_priv.authentication_kset;
1534 ret = kobject_add(&tlmi_priv.pwd_system->kobj, NULL, "%s", "System");
1535 if (ret)
1536 goto fail_create_attr;
1537
1538 ret = sysfs_create_group(&tlmi_priv.pwd_system->kobj, &auth_attr_group);
1539 if (ret)
1540 goto fail_create_attr;
1541
1542 tlmi_priv.pwd_hdd->kobj.kset = tlmi_priv.authentication_kset;
1543 ret = kobject_add(&tlmi_priv.pwd_hdd->kobj, NULL, "%s", "HDD");
1544 if (ret)
1545 goto fail_create_attr;
1546
1547 ret = sysfs_create_group(&tlmi_priv.pwd_hdd->kobj, &auth_attr_group);
1548 if (ret)
1549 goto fail_create_attr;
1550
1551 tlmi_priv.pwd_nvme->kobj.kset = tlmi_priv.authentication_kset;
1552 ret = kobject_add(&tlmi_priv.pwd_nvme->kobj, NULL, "%s", "NVMe");
1553 if (ret)
1554 goto fail_create_attr;
1555
1556 ret = sysfs_create_group(&tlmi_priv.pwd_nvme->kobj, &auth_attr_group);
1557 if (ret)
1558 goto fail_create_attr;
1559 }
1560
1561 return ret;
1562
1563 fail_create_attr:
1564 tlmi_release_attr();
1565 fail_device_created:
1566 device_destroy(fw_attr_class, MKDEV(0, 0));
1567 fail_class_created:
1568 fw_attributes_class_put();
1569 return ret;
1570 }
1571
1572 /* ---- Base Driver -------------------------------------------------------- */
1573 static struct tlmi_pwd_setting *tlmi_create_auth(const char *pwd_type,
1574 const char *pwd_role)
1575 {
1576 struct tlmi_pwd_setting *new_pwd;
1577
1578 new_pwd = kzalloc(sizeof(struct tlmi_pwd_setting), GFP_KERNEL);
1579 if (!new_pwd)
1580 return NULL;
1581
1582 strscpy(new_pwd->kbdlang, "us");
1583 new_pwd->encoding = TLMI_ENCODING_ASCII;
1584 new_pwd->pwd_type = pwd_type;
1585 new_pwd->role = pwd_role;
1586 new_pwd->minlen = tlmi_priv.pwdcfg.core.min_length;
1587 new_pwd->maxlen = tlmi_priv.pwdcfg.core.max_length;
1588 new_pwd->index = 0;
1589
1590 kobject_init(&new_pwd->kobj, &tlmi_pwd_setting_ktype);
1591
1592 return new_pwd;
1593 }
1594
1595 static int tlmi_analyze(void)
1596 {
1597 int i, ret;
1598
1599 if (wmi_has_guid(LENOVO_SET_BIOS_SETTINGS_GUID) &&
1600 wmi_has_guid(LENOVO_SAVE_BIOS_SETTINGS_GUID))
1601 tlmi_priv.can_set_bios_settings = true;
1602
1603 if (wmi_has_guid(LENOVO_GET_BIOS_SELECTIONS_GUID))
1604 tlmi_priv.can_get_bios_selections = true;
1605
1606 if (wmi_has_guid(LENOVO_SET_BIOS_PASSWORD_GUID))
1607 tlmi_priv.can_set_bios_password = true;
1608
1609 if (wmi_has_guid(LENOVO_BIOS_PASSWORD_SETTINGS_GUID))
1610 tlmi_priv.can_get_password_settings = true;
1611
1612 if (wmi_has_guid(LENOVO_DEBUG_CMD_GUID))
1613 tlmi_priv.can_debug_cmd = true;
1614
1615 if (wmi_has_guid(LENOVO_OPCODE_IF_GUID))
1616 tlmi_priv.opcode_support = true;
1617
1618 if (wmi_has_guid(LENOVO_SET_BIOS_CERT_GUID) &&
1619 wmi_has_guid(LENOVO_SET_BIOS_SETTING_CERT_GUID) &&
1620 wmi_has_guid(LENOVO_SAVE_BIOS_SETTING_CERT_GUID))
1621 tlmi_priv.certificate_support = true;
1622
1623 /*
1624 * Try to find the number of valid settings of this machine
1625 * and use it to create sysfs attributes.
1626 */
1627 for (i = 0; i < TLMI_SETTINGS_COUNT; ++i) {
1628 struct tlmi_attr_setting *setting;
1629 char *item = NULL;
1630
1631 tlmi_priv.setting[i] = NULL;
1632 ret = tlmi_setting(i, &item, LENOVO_BIOS_SETTING_GUID);
1633 if (ret)
1634 break;
1635 if (!item)
1636 break;
1637 if (!*item) {
1638 kfree(item);
1639 continue;
1640 }
1641
1642 /* It is not allowed to have '/' for file name. Convert it into '\'. */
1643 strreplace(item, '/', '\\');
1644
1645 /* Remove the value part */
1646 strreplace(item, ',', '\0');
1647
1648 /* Create a setting entry */
1649 setting = kzalloc(sizeof(*setting), GFP_KERNEL);
1650 if (!setting) {
1651 ret = -ENOMEM;
1652 kfree(item);
1653 goto fail_clear_attr;
1654 }
1655 setting->index = i;
1656 strscpy(setting->display_name, item);
1657 /* If BIOS selections supported, load those */
1658 if (tlmi_priv.can_get_bios_selections) {
1659 ret = tlmi_get_bios_selections(setting->display_name,
1660 &setting->possible_values);
1661 if (ret || !setting->possible_values)
1662 pr_info("Error retrieving possible values for %d : %s\n",
1663 i, setting->display_name);
1664 } else {
1665 /*
1666 * Older Thinkstations don't support the bios_selections API.
1667 * Instead they store this as a [Optional:Option1,Option2] section of the
1668 * name string.
1669 * Try and pull that out if it's available.
1670 */
1671 char *optitem, *optstart, *optend;
1672
1673 if (!tlmi_setting(setting->index, &optitem, LENOVO_BIOS_SETTING_GUID)) {
1674 optstart = strstr(optitem, "[Optional:");
1675 if (optstart) {
1676 optstart += strlen("[Optional:");
1677 optend = strstr(optstart, "]");
1678 if (optend)
1679 setting->possible_values =
1680 kstrndup(optstart, optend - optstart,
1681 GFP_KERNEL);
1682 }
1683 kfree(optitem);
1684 }
1685 }
1686 /*
1687 * firmware-attributes requires that possible_values are separated by ';' but
1688 * Lenovo FW uses ','. Replace appropriately.
1689 */
1690 if (setting->possible_values)
1691 strreplace(setting->possible_values, ',', ';');
1692
1693 kobject_init(&setting->kobj, &tlmi_attr_setting_ktype);
1694 tlmi_priv.setting[i] = setting;
1695 kfree(item);
1696 }
1697
1698 /* Create password setting structure */
1699 ret = tlmi_get_pwd_settings(&tlmi_priv.pwdcfg);
1700 if (ret)
1701 goto fail_clear_attr;
1702
1703 /* All failures below boil down to kmalloc failures */
1704 ret = -ENOMEM;
1705
1706 tlmi_priv.pwd_admin = tlmi_create_auth("pap", "bios-admin");
1707 if (!tlmi_priv.pwd_admin)
1708 goto fail_clear_attr;
1709
1710 if (tlmi_priv.pwdcfg.core.password_state & TLMI_PAP_PWD)
1711 tlmi_priv.pwd_admin->pwd_enabled = true;
1712
1713 tlmi_priv.pwd_power = tlmi_create_auth("pop", "power-on");
1714 if (!tlmi_priv.pwd_power)
1715 goto fail_clear_attr;
1716
1717 if (tlmi_priv.pwdcfg.core.password_state & TLMI_POP_PWD)
1718 tlmi_priv.pwd_power->pwd_enabled = true;
1719
1720 if (tlmi_priv.opcode_support) {
1721 tlmi_priv.pwd_system = tlmi_create_auth("smp", "system");
1722 if (!tlmi_priv.pwd_system)
1723 goto fail_clear_attr;
1724
1725 if (tlmi_priv.pwdcfg.core.password_state & TLMI_SMP_PWD)
1726 tlmi_priv.pwd_system->pwd_enabled = true;
1727
1728 tlmi_priv.pwd_hdd = tlmi_create_auth("hdd", "hdd");
1729 if (!tlmi_priv.pwd_hdd)
1730 goto fail_clear_attr;
1731
1732 tlmi_priv.pwd_nvme = tlmi_create_auth("nvm", "nvme");
1733 if (!tlmi_priv.pwd_nvme)
1734 goto fail_clear_attr;
1735
1736 /* Set default hdd/nvme index to 1 as there is no device 0 */
1737 tlmi_priv.pwd_hdd->index = 1;
1738 tlmi_priv.pwd_nvme->index = 1;
1739
1740 if (tlmi_priv.pwdcfg.core.password_state & TLMI_HDD_PWD) {
1741 /* Check if PWD is configured and set index to first drive found */
1742 if (tlmi_priv.pwdcfg.ext.hdd_user_password ||
1743 tlmi_priv.pwdcfg.ext.hdd_master_password) {
1744 tlmi_priv.pwd_hdd->pwd_enabled = true;
1745 if (tlmi_priv.pwdcfg.ext.hdd_master_password)
1746 tlmi_priv.pwd_hdd->index =
1747 ffs(tlmi_priv.pwdcfg.ext.hdd_master_password) - 1;
1748 else
1749 tlmi_priv.pwd_hdd->index =
1750 ffs(tlmi_priv.pwdcfg.ext.hdd_user_password) - 1;
1751 }
1752 if (tlmi_priv.pwdcfg.ext.nvme_user_password ||
1753 tlmi_priv.pwdcfg.ext.nvme_master_password) {
1754 tlmi_priv.pwd_nvme->pwd_enabled = true;
1755 if (tlmi_priv.pwdcfg.ext.nvme_master_password)
1756 tlmi_priv.pwd_nvme->index =
1757 ffs(tlmi_priv.pwdcfg.ext.nvme_master_password) - 1;
1758 else
1759 tlmi_priv.pwd_nvme->index =
1760 ffs(tlmi_priv.pwdcfg.ext.nvme_user_password) - 1;
1761 }
1762 }
1763 }
1764
1765 if (tlmi_priv.certificate_support) {
1766 tlmi_priv.pwd_admin->cert_installed =
1767 tlmi_priv.pwdcfg.core.password_state & TLMI_CERT_SVC;
1768 tlmi_priv.pwd_system->cert_installed =
1769 tlmi_priv.pwdcfg.core.password_state & TLMI_CERT_SMC;
1770 }
1771 return 0;
1772
1773 fail_clear_attr:
1774 for (i = 0; i < TLMI_SETTINGS_COUNT; ++i) {
1775 if (tlmi_priv.setting[i]) {
1776 kfree(tlmi_priv.setting[i]->possible_values);
1777 kfree(tlmi_priv.setting[i]);
1778 }
1779 }
1780 kfree(tlmi_priv.pwd_admin);
1781 kfree(tlmi_priv.pwd_power);
1782 kfree(tlmi_priv.pwd_system);
1783 kfree(tlmi_priv.pwd_hdd);
1784 kfree(tlmi_priv.pwd_nvme);
1785 return ret;
1786 }
1787
1788 static void tlmi_remove(struct wmi_device *wdev)
1789 {
1790 tlmi_release_attr();
1791 device_destroy(fw_attr_class, MKDEV(0, 0));
1792 fw_attributes_class_put();
1793 }
1794
1795 static int tlmi_probe(struct wmi_device *wdev, const void *context)
1796 {
1797 int ret;
1798
1799 ret = tlmi_analyze();
1800 if (ret)
1801 return ret;
1802
1803 return tlmi_sysfs_init();
1804 }
1805
1806 static const struct wmi_device_id tlmi_id_table[] = {
1807 { .guid_string = LENOVO_BIOS_SETTING_GUID },
1808 { }
1809 };
1810 MODULE_DEVICE_TABLE(wmi, tlmi_id_table);
1811
1812 static struct wmi_driver tlmi_driver = {
1813 .driver = {
1814 .name = "think-lmi",
1815 },
1816 .id_table = tlmi_id_table,
1817 .probe = tlmi_probe,
1818 .remove = tlmi_remove,
1819 };
1820
1821 MODULE_AUTHOR("Sugumaran L <slacshiminar@lenovo.com>");
1822 MODULE_AUTHOR("Mark Pearson <markpearson@lenovo.com>");
1823 MODULE_AUTHOR("Corentin Chary <corentin.chary@gmail.com>");
1824 MODULE_DESCRIPTION("ThinkLMI Driver");
1825 MODULE_LICENSE("GPL");
1826
1827 module_wmi_driver(tlmi_driver);
Kernel DRM miscellaneous fixes and cross-tree changes