think-lmi.c (42746B)
1// SPDX-License-Identifier: GPL-2.0-or-later 2/* 3 * Think LMI BIOS configuration driver 4 * 5 * Copyright(C) 2019-2021 Lenovo 6 * 7 * Original code from Thinkpad-wmi project https://github.com/iksaif/thinkpad-wmi 8 * Copyright(C) 2017 Corentin Chary <corentin.chary@gmail.com> 9 * Distributed under the GPL-2.0 license 10 */ 11 12#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 13 14#include <linux/acpi.h> 15#include <linux/errno.h> 16#include <linux/fs.h> 17#include <linux/string.h> 18#include <linux/types.h> 19#include <linux/dmi.h> 20#include <linux/wmi.h> 21#include "firmware_attributes_class.h" 22#include "think-lmi.h" 23 24static bool debug_support; 25module_param(debug_support, bool, 0444); 26MODULE_PARM_DESC(debug_support, "Enable debug command support"); 27 28/* 29 * Name: BiosSetting 30 * Description: Get item name and settings for current LMI instance. 31 * Type: Query 32 * Returns: "Item,Value" 33 * Example: "WakeOnLAN,Enable" 34 */ 35#define LENOVO_BIOS_SETTING_GUID "51F5230E-9677-46CD-A1CF-C0B23EE34DB7" 36 37/* 38 * Name: SetBiosSetting 39 * Description: Change the BIOS setting to the desired value using the SetBiosSetting 40 * class. To save the settings, use the SaveBiosSetting class. 41 * BIOS settings and values are case sensitive. 42 * After making changes to the BIOS settings, you must reboot the computer 43 * before the changes will take effect. 44 * Type: Method 45 * Arguments: "Item,Value,Password,Encoding,KbdLang;" 46 * Example: "WakeOnLAN,Disable,pa55w0rd,ascii,us;" 47 */ 48#define LENOVO_SET_BIOS_SETTINGS_GUID "98479A64-33F5-4E33-A707-8E251EBBC3A1" 49 50/* 51 * Name: SaveBiosSettings 52 * Description: Save any pending changes in settings. 53 * Type: Method 54 * Arguments: "Password,Encoding,KbdLang;" 55 * Example: "pa55w0rd,ascii,us;" 56 */ 57#define LENOVO_SAVE_BIOS_SETTINGS_GUID "6A4B54EF-A5ED-4D33-9455-B0D9B48DF4B3" 58 59/* 60 * Name: BiosPasswordSettings 61 * Description: Return BIOS Password settings 62 * Type: Query 63 * Returns: PasswordMode, PasswordState, MinLength, MaxLength, 64 * SupportedEncoding, SupportedKeyboard 65 */ 66#define LENOVO_BIOS_PASSWORD_SETTINGS_GUID "8ADB159E-1E32-455C-BC93-308A7ED98246" 67 68/* 69 * Name: SetBiosPassword 70 * Description: Change a specific password. 71 * - BIOS settings cannot be changed at the same boot as power-on 72 * passwords (POP) and hard disk passwords (HDP). If you want to change 73 * BIOS settings and POP or HDP, you must reboot the system after changing 74 * one of them. 75 * - A password cannot be set using this method when one does not already 76 * exist. Passwords can only be updated or cleared. 77 * Type: Method 78 * Arguments: "PasswordType,CurrentPassword,NewPassword,Encoding,KbdLang;" 79 * Example: "pop,pa55w0rd,newpa55w0rd,ascii,us;” 80 */ 81#define LENOVO_SET_BIOS_PASSWORD_GUID "2651D9FD-911C-4B69-B94E-D0DED5963BD7" 82 83/* 84 * Name: GetBiosSelections 85 * Description: Return a list of valid settings for a given item. 86 * Type: Method 87 * Arguments: "Item" 88 * Returns: "Value1,Value2,Value3,..." 89 * Example: 90 * -> "FlashOverLAN" 91 * <- "Enabled,Disabled" 92 */ 93#define LENOVO_GET_BIOS_SELECTIONS_GUID "7364651A-132F-4FE7-ADAA-40C6C7EE2E3B" 94 95/* 96 * Name: DebugCmd 97 * Description: Debug entry method for entering debug commands to the BIOS 98 */ 99#define LENOVO_DEBUG_CMD_GUID "7FF47003-3B6C-4E5E-A227-E979824A85D1" 100 101/* 102 * Name: OpcodeIF 103 * Description: Opcode interface which provides the ability to set multiple 104 * parameters and then trigger an action with a final command. 105 * This is particularly useful for simplifying setting passwords. 106 * With this support comes the ability to set System, HDD and NVMe 107 * passwords. 108 * This is currently available on ThinkCenter and ThinkStations platforms 109 */ 110#define LENOVO_OPCODE_IF_GUID "DFDDEF2C-57D4-48ce-B196-0FB787D90836" 111 112/* 113 * Name: SetBiosCert 114 * Description: Install BIOS certificate. 115 * Type: Method 116 * Arguments: "Certificate,Password" 117 * You must reboot the computer before the changes will take effect. 118 */ 119#define LENOVO_SET_BIOS_CERT_GUID "26861C9F-47E9-44C4-BD8B-DFE7FA2610FE" 120 121/* 122 * Name: UpdateBiosCert 123 * Description: Update BIOS certificate. 124 * Type: Method 125 * Format: "Certificate,Signature" 126 * You must reboot the computer before the changes will take effect. 127 */ 128#define LENOVO_UPDATE_BIOS_CERT_GUID "9AA3180A-9750-41F7-B9F7-D5D3B1BAC3CE" 129 130/* 131 * Name: ClearBiosCert 132 * Description: Uninstall BIOS certificate. 133 * Type: Method 134 * Format: "Serial,Signature" 135 * You must reboot the computer before the changes will take effect. 136 */ 137#define LENOVO_CLEAR_BIOS_CERT_GUID "B2BC39A7-78DD-4D71-B059-A510DEC44890" 138/* 139 * Name: CertToPassword 140 * Description: Switch from certificate to password authentication. 141 * Type: Method 142 * Format: "Password,Signature" 143 * You must reboot the computer before the changes will take effect. 144 */ 145#define LENOVO_CERT_TO_PASSWORD_GUID "0DE8590D-5510-4044-9621-77C227F5A70D" 146 147/* 148 * Name: SetBiosSettingCert 149 * Description: Set attribute using certificate authentication. 150 * Type: Method 151 * Format: "Item,Value,Signature" 152 */ 153#define LENOVO_SET_BIOS_SETTING_CERT_GUID "34A008CC-D205-4B62-9E67-31DFA8B90003" 154 155/* 156 * Name: SaveBiosSettingCert 157 * Description: Save any pending changes in settings. 158 * Type: Method 159 * Format: "Signature" 160 */ 161#define LENOVO_SAVE_BIOS_SETTING_CERT_GUID "C050FB9D-DF5F-4606-B066-9EFC401B2551" 162 163/* 164 * Name: CertThumbprint 165 * Description: Display Certificate thumbprints 166 * Type: Query 167 * Returns: MD5, SHA1 & SHA256 thumbprints 168 */ 169#define LENOVO_CERT_THUMBPRINT_GUID "C59119ED-1C0D-4806-A8E9-59AA318176C4" 170 171#define TLMI_POP_PWD (1 << 0) 172#define TLMI_PAP_PWD (1 << 1) 173#define TLMI_HDD_PWD (1 << 2) 174#define TLMI_SYS_PWD (1 << 3) 175#define TLMI_CERT (1 << 7) 176 177#define to_tlmi_pwd_setting(kobj) container_of(kobj, struct tlmi_pwd_setting, kobj) 178#define to_tlmi_attr_setting(kobj) container_of(kobj, struct tlmi_attr_setting, kobj) 179 180static const struct tlmi_err_codes tlmi_errs[] = { 181 {"Success", 0}, 182 {"Not Supported", -EOPNOTSUPP}, 183 {"Invalid Parameter", -EINVAL}, 184 {"Access Denied", -EACCES}, 185 {"System Busy", -EBUSY}, 186}; 187 188static const char * const encoding_options[] = { 189 [TLMI_ENCODING_ASCII] = "ascii", 190 [TLMI_ENCODING_SCANCODE] = "scancode", 191}; 192static const char * const level_options[] = { 193 [TLMI_LEVEL_USER] = "user", 194 [TLMI_LEVEL_MASTER] = "master", 195}; 196static struct think_lmi tlmi_priv; 197static struct class *fw_attr_class; 198 199/* ------ Utility functions ------------*/ 200/* Strip out CR if one is present */ 201static void strip_cr(char *str) 202{ 203 char *p = strchrnul(str, '\n'); 204 *p = '\0'; 205} 206 207/* Convert BIOS WMI error string to suitable error code */ 208static int tlmi_errstr_to_err(const char *errstr) 209{ 210 int i; 211 212 for (i = 0; i < sizeof(tlmi_errs)/sizeof(struct tlmi_err_codes); i++) { 213 if (!strcmp(tlmi_errs[i].err_str, errstr)) 214 return tlmi_errs[i].err_code; 215 } 216 return -EPERM; 217} 218 219/* Extract error string from WMI return buffer */ 220static int tlmi_extract_error(const struct acpi_buffer *output) 221{ 222 const union acpi_object *obj; 223 224 obj = output->pointer; 225 if (!obj) 226 return -ENOMEM; 227 if (obj->type != ACPI_TYPE_STRING || !obj->string.pointer) 228 return -EIO; 229 230 return tlmi_errstr_to_err(obj->string.pointer); 231} 232 233/* Utility function to execute WMI call to BIOS */ 234static int tlmi_simple_call(const char *guid, const char *arg) 235{ 236 const struct acpi_buffer input = { strlen(arg), (char *)arg }; 237 struct acpi_buffer output = { ACPI_ALLOCATE_BUFFER, NULL }; 238 acpi_status status; 239 int i, err; 240 241 /* 242 * Duplicated call required to match BIOS workaround for behavior 243 * seen when WMI accessed via scripting on other OS. 244 */ 245 for (i = 0; i < 2; i++) { 246 /* (re)initialize output buffer to default state */ 247 output.length = ACPI_ALLOCATE_BUFFER; 248 output.pointer = NULL; 249 250 status = wmi_evaluate_method(guid, 0, 0, &input, &output); 251 if (ACPI_FAILURE(status)) { 252 kfree(output.pointer); 253 return -EIO; 254 } 255 err = tlmi_extract_error(&output); 256 kfree(output.pointer); 257 if (err) 258 return err; 259 } 260 return 0; 261} 262 263/* Extract output string from WMI return buffer */ 264static int tlmi_extract_output_string(const struct acpi_buffer *output, 265 char **string) 266{ 267 const union acpi_object *obj; 268 char *s; 269 270 obj = output->pointer; 271 if (!obj) 272 return -ENOMEM; 273 if (obj->type != ACPI_TYPE_STRING || !obj->string.pointer) 274 return -EIO; 275 276 s = kstrdup(obj->string.pointer, GFP_KERNEL); 277 if (!s) 278 return -ENOMEM; 279 *string = s; 280 return 0; 281} 282 283/* ------ Core interface functions ------------*/ 284 285/* Get password settings from BIOS */ 286static int tlmi_get_pwd_settings(struct tlmi_pwdcfg *pwdcfg) 287{ 288 struct acpi_buffer output = { ACPI_ALLOCATE_BUFFER, NULL }; 289 const union acpi_object *obj; 290 acpi_status status; 291 int copy_size; 292 293 if (!tlmi_priv.can_get_password_settings) 294 return -EOPNOTSUPP; 295 296 status = wmi_query_block(LENOVO_BIOS_PASSWORD_SETTINGS_GUID, 0, 297 &output); 298 if (ACPI_FAILURE(status)) 299 return -EIO; 300 301 obj = output.pointer; 302 if (!obj) 303 return -ENOMEM; 304 if (obj->type != ACPI_TYPE_BUFFER || !obj->buffer.pointer) { 305 kfree(obj); 306 return -EIO; 307 } 308 /* 309 * The size of thinkpad_wmi_pcfg on ThinkStation is larger than ThinkPad. 310 * To make the driver compatible on different brands, we permit it to get 311 * the data in below case. 312 * Settings must have at minimum the core fields available 313 */ 314 if (obj->buffer.length < sizeof(struct tlmi_pwdcfg_core)) { 315 pr_warn("Unknown pwdcfg buffer length %d\n", obj->buffer.length); 316 kfree(obj); 317 return -EIO; 318 } 319 320 copy_size = obj->buffer.length < sizeof(struct tlmi_pwdcfg) ? 321 obj->buffer.length : sizeof(struct tlmi_pwdcfg); 322 memcpy(pwdcfg, obj->buffer.pointer, copy_size); 323 kfree(obj); 324 325 if (WARN_ON(pwdcfg->core.max_length >= TLMI_PWD_BUFSIZE)) 326 pwdcfg->core.max_length = TLMI_PWD_BUFSIZE - 1; 327 return 0; 328} 329 330static int tlmi_save_bios_settings(const char *password) 331{ 332 return tlmi_simple_call(LENOVO_SAVE_BIOS_SETTINGS_GUID, 333 password); 334} 335 336static int tlmi_opcode_setting(char *setting, const char *value) 337{ 338 char *opcode_str; 339 int ret; 340 341 opcode_str = kasprintf(GFP_KERNEL, "%s:%s;", setting, value); 342 if (!opcode_str) 343 return -ENOMEM; 344 345 ret = tlmi_simple_call(LENOVO_OPCODE_IF_GUID, opcode_str); 346 kfree(opcode_str); 347 return ret; 348} 349 350static int tlmi_setting(int item, char **value, const char *guid_string) 351{ 352 struct acpi_buffer output = { ACPI_ALLOCATE_BUFFER, NULL }; 353 acpi_status status; 354 int ret; 355 356 status = wmi_query_block(guid_string, item, &output); 357 if (ACPI_FAILURE(status)) { 358 kfree(output.pointer); 359 return -EIO; 360 } 361 362 ret = tlmi_extract_output_string(&output, value); 363 kfree(output.pointer); 364 return ret; 365} 366 367static int tlmi_get_bios_selections(const char *item, char **value) 368{ 369 const struct acpi_buffer input = { strlen(item), (char *)item }; 370 struct acpi_buffer output = { ACPI_ALLOCATE_BUFFER, NULL }; 371 acpi_status status; 372 int ret; 373 374 status = wmi_evaluate_method(LENOVO_GET_BIOS_SELECTIONS_GUID, 375 0, 0, &input, &output); 376 377 if (ACPI_FAILURE(status)) { 378 kfree(output.pointer); 379 return -EIO; 380 } 381 382 ret = tlmi_extract_output_string(&output, value); 383 kfree(output.pointer); 384 return ret; 385} 386 387/* ---- Authentication sysfs --------------------------------------------------------- */ 388static ssize_t is_enabled_show(struct kobject *kobj, struct kobj_attribute *attr, 389 char *buf) 390{ 391 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 392 393 return sysfs_emit(buf, "%d\n", setting->valid); 394} 395 396static struct kobj_attribute auth_is_pass_set = __ATTR_RO(is_enabled); 397 398static ssize_t current_password_store(struct kobject *kobj, 399 struct kobj_attribute *attr, 400 const char *buf, size_t count) 401{ 402 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 403 size_t pwdlen; 404 405 pwdlen = strlen(buf); 406 /* pwdlen == 0 is allowed to clear the password */ 407 if (pwdlen && ((pwdlen < setting->minlen) || (pwdlen > setting->maxlen))) 408 return -EINVAL; 409 410 strscpy(setting->password, buf, setting->maxlen); 411 /* Strip out CR if one is present, setting password won't work if it is present */ 412 strip_cr(setting->password); 413 return count; 414} 415 416static struct kobj_attribute auth_current_password = __ATTR_WO(current_password); 417 418static ssize_t new_password_store(struct kobject *kobj, 419 struct kobj_attribute *attr, 420 const char *buf, size_t count) 421{ 422 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 423 char *auth_str, *new_pwd; 424 size_t pwdlen; 425 int ret; 426 427 if (!capable(CAP_SYS_ADMIN)) 428 return -EPERM; 429 430 if (!tlmi_priv.can_set_bios_password) 431 return -EOPNOTSUPP; 432 433 new_pwd = kstrdup(buf, GFP_KERNEL); 434 if (!new_pwd) 435 return -ENOMEM; 436 437 /* Strip out CR if one is present, setting password won't work if it is present */ 438 strip_cr(new_pwd); 439 440 pwdlen = strlen(new_pwd); 441 /* pwdlen == 0 is allowed to clear the password */ 442 if (pwdlen && ((pwdlen < setting->minlen) || (pwdlen > setting->maxlen))) { 443 ret = -EINVAL; 444 goto out; 445 } 446 447 /* If opcode support is present use that interface */ 448 if (tlmi_priv.opcode_support) { 449 char pwd_type[8]; 450 451 /* Special handling required for HDD and NVMe passwords */ 452 if (setting == tlmi_priv.pwd_hdd) { 453 if (setting->level == TLMI_LEVEL_USER) 454 sprintf(pwd_type, "uhdp%d", setting->index); 455 else 456 sprintf(pwd_type, "mhdp%d", setting->index); 457 } else if (setting == tlmi_priv.pwd_nvme) { 458 if (setting->level == TLMI_LEVEL_USER) 459 sprintf(pwd_type, "unvp%d", setting->index); 460 else 461 sprintf(pwd_type, "mnvp%d", setting->index); 462 } else { 463 sprintf(pwd_type, "%s", setting->pwd_type); 464 } 465 466 ret = tlmi_opcode_setting("WmiOpcodePasswordType", pwd_type); 467 if (ret) 468 goto out; 469 470 if (tlmi_priv.pwd_admin->valid) { 471 ret = tlmi_opcode_setting("WmiOpcodePasswordAdmin", 472 tlmi_priv.pwd_admin->password); 473 if (ret) 474 goto out; 475 } 476 ret = tlmi_opcode_setting("WmiOpcodePasswordCurrent01", setting->password); 477 if (ret) 478 goto out; 479 ret = tlmi_opcode_setting("WmiOpcodePasswordNew01", new_pwd); 480 if (ret) 481 goto out; 482 ret = tlmi_simple_call(LENOVO_OPCODE_IF_GUID, "WmiOpcodePasswordSetUpdate;"); 483 } else { 484 /* Format: 'PasswordType,CurrentPw,NewPw,Encoding,KbdLang;' */ 485 auth_str = kasprintf(GFP_KERNEL, "%s,%s,%s,%s,%s;", 486 setting->pwd_type, setting->password, new_pwd, 487 encoding_options[setting->encoding], setting->kbdlang); 488 if (!auth_str) { 489 ret = -ENOMEM; 490 goto out; 491 } 492 ret = tlmi_simple_call(LENOVO_SET_BIOS_PASSWORD_GUID, auth_str); 493 kfree(auth_str); 494 } 495out: 496 kfree(new_pwd); 497 return ret ?: count; 498} 499 500static struct kobj_attribute auth_new_password = __ATTR_WO(new_password); 501 502static ssize_t min_password_length_show(struct kobject *kobj, struct kobj_attribute *attr, 503 char *buf) 504{ 505 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 506 507 return sysfs_emit(buf, "%d\n", setting->minlen); 508} 509 510static struct kobj_attribute auth_min_pass_length = __ATTR_RO(min_password_length); 511 512static ssize_t max_password_length_show(struct kobject *kobj, struct kobj_attribute *attr, 513 char *buf) 514{ 515 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 516 517 return sysfs_emit(buf, "%d\n", setting->maxlen); 518} 519static struct kobj_attribute auth_max_pass_length = __ATTR_RO(max_password_length); 520 521static ssize_t mechanism_show(struct kobject *kobj, struct kobj_attribute *attr, 522 char *buf) 523{ 524 return sysfs_emit(buf, "password\n"); 525} 526static struct kobj_attribute auth_mechanism = __ATTR_RO(mechanism); 527 528static ssize_t encoding_show(struct kobject *kobj, struct kobj_attribute *attr, 529 char *buf) 530{ 531 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 532 533 return sysfs_emit(buf, "%s\n", encoding_options[setting->encoding]); 534} 535 536static ssize_t encoding_store(struct kobject *kobj, 537 struct kobj_attribute *attr, 538 const char *buf, size_t count) 539{ 540 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 541 int i; 542 543 /* Scan for a matching profile */ 544 i = sysfs_match_string(encoding_options, buf); 545 if (i < 0) 546 return -EINVAL; 547 548 setting->encoding = i; 549 return count; 550} 551 552static struct kobj_attribute auth_encoding = __ATTR_RW(encoding); 553 554static ssize_t kbdlang_show(struct kobject *kobj, struct kobj_attribute *attr, 555 char *buf) 556{ 557 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 558 559 return sysfs_emit(buf, "%s\n", setting->kbdlang); 560} 561 562static ssize_t kbdlang_store(struct kobject *kobj, 563 struct kobj_attribute *attr, 564 const char *buf, size_t count) 565{ 566 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 567 int length; 568 569 /* Calculate length till '\n' or terminating 0 */ 570 length = strchrnul(buf, '\n') - buf; 571 if (!length || length >= TLMI_LANG_MAXLEN) 572 return -EINVAL; 573 574 memcpy(setting->kbdlang, buf, length); 575 setting->kbdlang[length] = '\0'; 576 return count; 577} 578 579static struct kobj_attribute auth_kbdlang = __ATTR_RW(kbdlang); 580 581static ssize_t role_show(struct kobject *kobj, struct kobj_attribute *attr, 582 char *buf) 583{ 584 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 585 586 return sysfs_emit(buf, "%s\n", setting->role); 587} 588static struct kobj_attribute auth_role = __ATTR_RO(role); 589 590static ssize_t index_show(struct kobject *kobj, struct kobj_attribute *attr, 591 char *buf) 592{ 593 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 594 595 return sysfs_emit(buf, "%d\n", setting->index); 596} 597 598static ssize_t index_store(struct kobject *kobj, 599 struct kobj_attribute *attr, 600 const char *buf, size_t count) 601{ 602 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 603 int err, val; 604 605 err = kstrtoint(buf, 10, &val); 606 if (err < 0) 607 return err; 608 609 if (val < 0 || val > TLMI_INDEX_MAX) 610 return -EINVAL; 611 612 setting->index = val; 613 return count; 614} 615 616static struct kobj_attribute auth_index = __ATTR_RW(index); 617 618static ssize_t level_show(struct kobject *kobj, struct kobj_attribute *attr, 619 char *buf) 620{ 621 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 622 623 return sysfs_emit(buf, "%s\n", level_options[setting->level]); 624} 625 626static ssize_t level_store(struct kobject *kobj, 627 struct kobj_attribute *attr, 628 const char *buf, size_t count) 629{ 630 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 631 int i; 632 633 /* Scan for a matching profile */ 634 i = sysfs_match_string(level_options, buf); 635 if (i < 0) 636 return -EINVAL; 637 638 setting->level = i; 639 return count; 640} 641 642static struct kobj_attribute auth_level = __ATTR_RW(level); 643 644static ssize_t cert_thumbprint(char *buf, const char *arg, int count) 645{ 646 const struct acpi_buffer input = { strlen(arg), (char *)arg }; 647 struct acpi_buffer output = { ACPI_ALLOCATE_BUFFER, NULL }; 648 const union acpi_object *obj; 649 acpi_status status; 650 651 status = wmi_evaluate_method(LENOVO_CERT_THUMBPRINT_GUID, 0, 0, &input, &output); 652 if (ACPI_FAILURE(status)) { 653 kfree(output.pointer); 654 return -EIO; 655 } 656 obj = output.pointer; 657 if (!obj) 658 return -ENOMEM; 659 if (obj->type != ACPI_TYPE_STRING || !obj->string.pointer) { 660 kfree(output.pointer); 661 return -EIO; 662 } 663 count += sysfs_emit_at(buf, count, "%s : %s\n", arg, (char *)obj->string.pointer); 664 kfree(output.pointer); 665 666 return count; 667} 668 669static ssize_t certificate_thumbprint_show(struct kobject *kobj, struct kobj_attribute *attr, 670 char *buf) 671{ 672 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 673 int count = 0; 674 675 if (!tlmi_priv.certificate_support || !setting->cert_installed) 676 return -EOPNOTSUPP; 677 678 count += cert_thumbprint(buf, "Md5", count); 679 count += cert_thumbprint(buf, "Sha1", count); 680 count += cert_thumbprint(buf, "Sha256", count); 681 return count; 682} 683 684static struct kobj_attribute auth_cert_thumb = __ATTR_RO(certificate_thumbprint); 685 686static ssize_t cert_to_password_store(struct kobject *kobj, 687 struct kobj_attribute *attr, 688 const char *buf, size_t count) 689{ 690 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 691 char *auth_str, *passwd; 692 int ret; 693 694 if (!capable(CAP_SYS_ADMIN)) 695 return -EPERM; 696 697 if (!tlmi_priv.certificate_support) 698 return -EOPNOTSUPP; 699 700 if (!setting->cert_installed) 701 return -EINVAL; 702 703 if (!setting->signature || !setting->signature[0]) 704 return -EACCES; 705 706 passwd = kstrdup(buf, GFP_KERNEL); 707 if (!passwd) 708 return -ENOMEM; 709 710 /* Strip out CR if one is present */ 711 strip_cr(passwd); 712 713 /* Format: 'Password,Signature' */ 714 auth_str = kasprintf(GFP_KERNEL, "%s,%s", passwd, setting->signature); 715 if (!auth_str) { 716 kfree(passwd); 717 return -ENOMEM; 718 } 719 ret = tlmi_simple_call(LENOVO_CERT_TO_PASSWORD_GUID, auth_str); 720 kfree(auth_str); 721 kfree(passwd); 722 723 return ret ?: count; 724} 725 726static struct kobj_attribute auth_cert_to_password = __ATTR_WO(cert_to_password); 727 728static ssize_t certificate_store(struct kobject *kobj, 729 struct kobj_attribute *attr, 730 const char *buf, size_t count) 731{ 732 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 733 char *auth_str, *new_cert; 734 char *guid; 735 int ret; 736 737 if (!capable(CAP_SYS_ADMIN)) 738 return -EPERM; 739 740 if (!tlmi_priv.certificate_support) 741 return -EOPNOTSUPP; 742 743 /* If empty then clear installed certificate */ 744 if ((buf[0] == '\0') || (buf[0] == '\n')) { /* Clear installed certificate */ 745 /* Check that signature is set */ 746 if (!setting->signature || !setting->signature[0]) 747 return -EACCES; 748 749 /* Format: 'serial#, signature' */ 750 auth_str = kasprintf(GFP_KERNEL, "%s,%s", 751 dmi_get_system_info(DMI_PRODUCT_SERIAL), 752 setting->signature); 753 if (!auth_str) 754 return -ENOMEM; 755 756 ret = tlmi_simple_call(LENOVO_CLEAR_BIOS_CERT_GUID, auth_str); 757 kfree(auth_str); 758 759 return ret ?: count; 760 } 761 762 new_cert = kstrdup(buf, GFP_KERNEL); 763 if (!new_cert) 764 return -ENOMEM; 765 /* Strip out CR if one is present */ 766 strip_cr(new_cert); 767 768 if (setting->cert_installed) { 769 /* Certificate is installed so this is an update */ 770 if (!setting->signature || !setting->signature[0]) { 771 kfree(new_cert); 772 return -EACCES; 773 } 774 guid = LENOVO_UPDATE_BIOS_CERT_GUID; 775 /* Format: 'Certificate,Signature' */ 776 auth_str = kasprintf(GFP_KERNEL, "%s,%s", 777 new_cert, setting->signature); 778 } else { 779 /* This is a fresh install */ 780 if (!setting->valid || !setting->password[0]) { 781 kfree(new_cert); 782 return -EACCES; 783 } 784 guid = LENOVO_SET_BIOS_CERT_GUID; 785 /* Format: 'Certificate,Admin-password' */ 786 auth_str = kasprintf(GFP_KERNEL, "%s,%s", 787 new_cert, setting->password); 788 } 789 kfree(new_cert); 790 if (!auth_str) 791 return -ENOMEM; 792 793 ret = tlmi_simple_call(guid, auth_str); 794 kfree(auth_str); 795 796 return ret ?: count; 797} 798 799static struct kobj_attribute auth_certificate = __ATTR_WO(certificate); 800 801static ssize_t signature_store(struct kobject *kobj, 802 struct kobj_attribute *attr, 803 const char *buf, size_t count) 804{ 805 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 806 char *new_signature; 807 808 if (!capable(CAP_SYS_ADMIN)) 809 return -EPERM; 810 811 if (!tlmi_priv.certificate_support) 812 return -EOPNOTSUPP; 813 814 new_signature = kstrdup(buf, GFP_KERNEL); 815 if (!new_signature) 816 return -ENOMEM; 817 818 /* Strip out CR if one is present */ 819 strip_cr(new_signature); 820 821 /* Free any previous signature */ 822 kfree(setting->signature); 823 setting->signature = new_signature; 824 825 return count; 826} 827 828static struct kobj_attribute auth_signature = __ATTR_WO(signature); 829 830static ssize_t save_signature_store(struct kobject *kobj, 831 struct kobj_attribute *attr, 832 const char *buf, size_t count) 833{ 834 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 835 char *new_signature; 836 837 if (!capable(CAP_SYS_ADMIN)) 838 return -EPERM; 839 840 if (!tlmi_priv.certificate_support) 841 return -EOPNOTSUPP; 842 843 new_signature = kstrdup(buf, GFP_KERNEL); 844 if (!new_signature) 845 return -ENOMEM; 846 847 /* Strip out CR if one is present */ 848 strip_cr(new_signature); 849 850 /* Free any previous signature */ 851 kfree(setting->save_signature); 852 setting->save_signature = new_signature; 853 854 return count; 855} 856 857static struct kobj_attribute auth_save_signature = __ATTR_WO(save_signature); 858 859static umode_t auth_attr_is_visible(struct kobject *kobj, 860 struct attribute *attr, int n) 861{ 862 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 863 864 /* We only want to display level and index settings on HDD/NVMe */ 865 if ((attr == (struct attribute *)&auth_index) || 866 (attr == (struct attribute *)&auth_level)) { 867 if ((setting == tlmi_priv.pwd_hdd) || (setting == tlmi_priv.pwd_nvme)) 868 return attr->mode; 869 return 0; 870 } 871 872 /* We only display certificates on Admin account, if supported */ 873 if ((attr == (struct attribute *)&auth_certificate) || 874 (attr == (struct attribute *)&auth_signature) || 875 (attr == (struct attribute *)&auth_save_signature) || 876 (attr == (struct attribute *)&auth_cert_thumb) || 877 (attr == (struct attribute *)&auth_cert_to_password)) { 878 if ((setting == tlmi_priv.pwd_admin) && tlmi_priv.certificate_support) 879 return attr->mode; 880 return 0; 881 } 882 883 return attr->mode; 884} 885 886static struct attribute *auth_attrs[] = { 887 &auth_is_pass_set.attr, 888 &auth_min_pass_length.attr, 889 &auth_max_pass_length.attr, 890 &auth_current_password.attr, 891 &auth_new_password.attr, 892 &auth_role.attr, 893 &auth_mechanism.attr, 894 &auth_encoding.attr, 895 &auth_kbdlang.attr, 896 &auth_index.attr, 897 &auth_level.attr, 898 &auth_certificate.attr, 899 &auth_signature.attr, 900 &auth_save_signature.attr, 901 &auth_cert_thumb.attr, 902 &auth_cert_to_password.attr, 903 NULL 904}; 905 906static const struct attribute_group auth_attr_group = { 907 .is_visible = auth_attr_is_visible, 908 .attrs = auth_attrs, 909}; 910 911/* ---- Attributes sysfs --------------------------------------------------------- */ 912static ssize_t display_name_show(struct kobject *kobj, struct kobj_attribute *attr, 913 char *buf) 914{ 915 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj); 916 917 return sysfs_emit(buf, "%s\n", setting->display_name); 918} 919 920static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) 921{ 922 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj); 923 char *item, *value; 924 int ret; 925 926 ret = tlmi_setting(setting->index, &item, LENOVO_BIOS_SETTING_GUID); 927 if (ret) 928 return ret; 929 930 /* validate and split from `item,value` -> `value` */ 931 value = strpbrk(item, ","); 932 if (!value || value == item || !strlen(value + 1)) 933 return -EINVAL; 934 935 ret = sysfs_emit(buf, "%s\n", value + 1); 936 kfree(item); 937 return ret; 938} 939 940static ssize_t possible_values_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) 941{ 942 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj); 943 944 if (!tlmi_priv.can_get_bios_selections) 945 return -EOPNOTSUPP; 946 947 return sysfs_emit(buf, "%s\n", setting->possible_values); 948} 949 950static ssize_t current_value_store(struct kobject *kobj, 951 struct kobj_attribute *attr, 952 const char *buf, size_t count) 953{ 954 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj); 955 char *set_str = NULL, *new_setting = NULL; 956 char *auth_str = NULL; 957 int ret; 958 959 if (!tlmi_priv.can_set_bios_settings) 960 return -EOPNOTSUPP; 961 962 new_setting = kstrdup(buf, GFP_KERNEL); 963 if (!new_setting) 964 return -ENOMEM; 965 966 /* Strip out CR if one is present */ 967 strip_cr(new_setting); 968 969 /* Check if certificate authentication is enabled and active */ 970 if (tlmi_priv.certificate_support && tlmi_priv.pwd_admin->cert_installed) { 971 if (!tlmi_priv.pwd_admin->signature || !tlmi_priv.pwd_admin->save_signature) { 972 ret = -EINVAL; 973 goto out; 974 } 975 set_str = kasprintf(GFP_KERNEL, "%s,%s,%s", setting->display_name, 976 new_setting, tlmi_priv.pwd_admin->signature); 977 if (!set_str) { 978 ret = -ENOMEM; 979 goto out; 980 } 981 982 ret = tlmi_simple_call(LENOVO_SET_BIOS_SETTING_CERT_GUID, set_str); 983 if (ret) 984 goto out; 985 ret = tlmi_simple_call(LENOVO_SAVE_BIOS_SETTING_CERT_GUID, 986 tlmi_priv.pwd_admin->save_signature); 987 if (ret) 988 goto out; 989 } else { /* Non certiifcate based authentication */ 990 if (tlmi_priv.pwd_admin->valid && tlmi_priv.pwd_admin->password[0]) { 991 auth_str = kasprintf(GFP_KERNEL, "%s,%s,%s;", 992 tlmi_priv.pwd_admin->password, 993 encoding_options[tlmi_priv.pwd_admin->encoding], 994 tlmi_priv.pwd_admin->kbdlang); 995 if (!auth_str) { 996 ret = -ENOMEM; 997 goto out; 998 } 999 } 1000 1001 if (auth_str) 1002 set_str = kasprintf(GFP_KERNEL, "%s,%s,%s", setting->display_name, 1003 new_setting, auth_str); 1004 else 1005 set_str = kasprintf(GFP_KERNEL, "%s,%s;", setting->display_name, 1006 new_setting); 1007 if (!set_str) { 1008 ret = -ENOMEM; 1009 goto out; 1010 } 1011 1012 ret = tlmi_simple_call(LENOVO_SET_BIOS_SETTINGS_GUID, set_str); 1013 if (ret) 1014 goto out; 1015 1016 if (auth_str) 1017 ret = tlmi_save_bios_settings(auth_str); 1018 else 1019 ret = tlmi_save_bios_settings(""); 1020 } 1021 if (!ret && !tlmi_priv.pending_changes) { 1022 tlmi_priv.pending_changes = true; 1023 /* let userland know it may need to check reboot pending again */ 1024 kobject_uevent(&tlmi_priv.class_dev->kobj, KOBJ_CHANGE); 1025 } 1026out: 1027 kfree(auth_str); 1028 kfree(set_str); 1029 kfree(new_setting); 1030 return ret ?: count; 1031} 1032 1033static struct kobj_attribute attr_displ_name = __ATTR_RO(display_name); 1034 1035static struct kobj_attribute attr_possible_values = __ATTR_RO(possible_values); 1036 1037static struct kobj_attribute attr_current_val = __ATTR_RW_MODE(current_value, 0600); 1038 1039static struct attribute *tlmi_attrs[] = { 1040 &attr_displ_name.attr, 1041 &attr_current_val.attr, 1042 &attr_possible_values.attr, 1043 NULL 1044}; 1045 1046static const struct attribute_group tlmi_attr_group = { 1047 .attrs = tlmi_attrs, 1048}; 1049 1050static ssize_t tlmi_attr_show(struct kobject *kobj, struct attribute *attr, 1051 char *buf) 1052{ 1053 struct kobj_attribute *kattr; 1054 1055 kattr = container_of(attr, struct kobj_attribute, attr); 1056 if (kattr->show) 1057 return kattr->show(kobj, kattr, buf); 1058 return -EIO; 1059} 1060 1061static ssize_t tlmi_attr_store(struct kobject *kobj, struct attribute *attr, 1062 const char *buf, size_t count) 1063{ 1064 struct kobj_attribute *kattr; 1065 1066 kattr = container_of(attr, struct kobj_attribute, attr); 1067 if (kattr->store) 1068 return kattr->store(kobj, kattr, buf, count); 1069 return -EIO; 1070} 1071 1072static const struct sysfs_ops tlmi_kobj_sysfs_ops = { 1073 .show = tlmi_attr_show, 1074 .store = tlmi_attr_store, 1075}; 1076 1077static void tlmi_attr_setting_release(struct kobject *kobj) 1078{ 1079 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj); 1080 1081 kfree(setting->possible_values); 1082 kfree(setting); 1083} 1084 1085static void tlmi_pwd_setting_release(struct kobject *kobj) 1086{ 1087 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 1088 1089 kfree(setting); 1090} 1091 1092static struct kobj_type tlmi_attr_setting_ktype = { 1093 .release = &tlmi_attr_setting_release, 1094 .sysfs_ops = &tlmi_kobj_sysfs_ops, 1095}; 1096 1097static struct kobj_type tlmi_pwd_setting_ktype = { 1098 .release = &tlmi_pwd_setting_release, 1099 .sysfs_ops = &tlmi_kobj_sysfs_ops, 1100}; 1101 1102static ssize_t pending_reboot_show(struct kobject *kobj, struct kobj_attribute *attr, 1103 char *buf) 1104{ 1105 return sprintf(buf, "%d\n", tlmi_priv.pending_changes); 1106} 1107 1108static struct kobj_attribute pending_reboot = __ATTR_RO(pending_reboot); 1109 1110/* ---- Debug interface--------------------------------------------------------- */ 1111static ssize_t debug_cmd_store(struct kobject *kobj, struct kobj_attribute *attr, 1112 const char *buf, size_t count) 1113{ 1114 char *set_str = NULL, *new_setting = NULL; 1115 char *auth_str = NULL; 1116 int ret; 1117 1118 if (!tlmi_priv.can_debug_cmd) 1119 return -EOPNOTSUPP; 1120 1121 new_setting = kstrdup(buf, GFP_KERNEL); 1122 if (!new_setting) 1123 return -ENOMEM; 1124 1125 /* Strip out CR if one is present */ 1126 strip_cr(new_setting); 1127 1128 if (tlmi_priv.pwd_admin->valid && tlmi_priv.pwd_admin->password[0]) { 1129 auth_str = kasprintf(GFP_KERNEL, "%s,%s,%s;", 1130 tlmi_priv.pwd_admin->password, 1131 encoding_options[tlmi_priv.pwd_admin->encoding], 1132 tlmi_priv.pwd_admin->kbdlang); 1133 if (!auth_str) { 1134 ret = -ENOMEM; 1135 goto out; 1136 } 1137 } 1138 1139 if (auth_str) 1140 set_str = kasprintf(GFP_KERNEL, "%s,%s", new_setting, auth_str); 1141 else 1142 set_str = kasprintf(GFP_KERNEL, "%s;", new_setting); 1143 if (!set_str) { 1144 ret = -ENOMEM; 1145 goto out; 1146 } 1147 1148 ret = tlmi_simple_call(LENOVO_DEBUG_CMD_GUID, set_str); 1149 if (ret) 1150 goto out; 1151 1152 if (!ret && !tlmi_priv.pending_changes) { 1153 tlmi_priv.pending_changes = true; 1154 /* let userland know it may need to check reboot pending again */ 1155 kobject_uevent(&tlmi_priv.class_dev->kobj, KOBJ_CHANGE); 1156 } 1157out: 1158 kfree(auth_str); 1159 kfree(set_str); 1160 kfree(new_setting); 1161 return ret ?: count; 1162} 1163 1164static struct kobj_attribute debug_cmd = __ATTR_WO(debug_cmd); 1165 1166/* ---- Initialisation --------------------------------------------------------- */ 1167static void tlmi_release_attr(void) 1168{ 1169 int i; 1170 1171 /* Attribute structures */ 1172 for (i = 0; i < TLMI_SETTINGS_COUNT; i++) { 1173 if (tlmi_priv.setting[i]) { 1174 sysfs_remove_group(&tlmi_priv.setting[i]->kobj, &tlmi_attr_group); 1175 kobject_put(&tlmi_priv.setting[i]->kobj); 1176 } 1177 } 1178 sysfs_remove_file(&tlmi_priv.attribute_kset->kobj, &pending_reboot.attr); 1179 if (tlmi_priv.can_debug_cmd && debug_support) 1180 sysfs_remove_file(&tlmi_priv.attribute_kset->kobj, &debug_cmd.attr); 1181 1182 kset_unregister(tlmi_priv.attribute_kset); 1183 1184 /* Free up any saved signatures */ 1185 kfree(tlmi_priv.pwd_admin->signature); 1186 kfree(tlmi_priv.pwd_admin->save_signature); 1187 1188 /* Authentication structures */ 1189 sysfs_remove_group(&tlmi_priv.pwd_admin->kobj, &auth_attr_group); 1190 kobject_put(&tlmi_priv.pwd_admin->kobj); 1191 sysfs_remove_group(&tlmi_priv.pwd_power->kobj, &auth_attr_group); 1192 kobject_put(&tlmi_priv.pwd_power->kobj); 1193 1194 if (tlmi_priv.opcode_support) { 1195 sysfs_remove_group(&tlmi_priv.pwd_system->kobj, &auth_attr_group); 1196 kobject_put(&tlmi_priv.pwd_system->kobj); 1197 sysfs_remove_group(&tlmi_priv.pwd_hdd->kobj, &auth_attr_group); 1198 kobject_put(&tlmi_priv.pwd_hdd->kobj); 1199 sysfs_remove_group(&tlmi_priv.pwd_nvme->kobj, &auth_attr_group); 1200 kobject_put(&tlmi_priv.pwd_nvme->kobj); 1201 } 1202 1203 kset_unregister(tlmi_priv.authentication_kset); 1204} 1205 1206static int tlmi_sysfs_init(void) 1207{ 1208 int i, ret; 1209 1210 ret = fw_attributes_class_get(&fw_attr_class); 1211 if (ret) 1212 return ret; 1213 1214 tlmi_priv.class_dev = device_create(fw_attr_class, NULL, MKDEV(0, 0), 1215 NULL, "%s", "thinklmi"); 1216 if (IS_ERR(tlmi_priv.class_dev)) { 1217 ret = PTR_ERR(tlmi_priv.class_dev); 1218 goto fail_class_created; 1219 } 1220 1221 tlmi_priv.attribute_kset = kset_create_and_add("attributes", NULL, 1222 &tlmi_priv.class_dev->kobj); 1223 if (!tlmi_priv.attribute_kset) { 1224 ret = -ENOMEM; 1225 goto fail_device_created; 1226 } 1227 1228 for (i = 0; i < TLMI_SETTINGS_COUNT; i++) { 1229 /* Check if index is a valid setting - skip if it isn't */ 1230 if (!tlmi_priv.setting[i]) 1231 continue; 1232 1233 /* check for duplicate or reserved values */ 1234 if (kset_find_obj(tlmi_priv.attribute_kset, tlmi_priv.setting[i]->display_name) || 1235 !strcmp(tlmi_priv.setting[i]->display_name, "Reserved")) { 1236 pr_debug("duplicate or reserved attribute name found - %s\n", 1237 tlmi_priv.setting[i]->display_name); 1238 kfree(tlmi_priv.setting[i]->possible_values); 1239 kfree(tlmi_priv.setting[i]); 1240 tlmi_priv.setting[i] = NULL; 1241 continue; 1242 } 1243 1244 /* Build attribute */ 1245 tlmi_priv.setting[i]->kobj.kset = tlmi_priv.attribute_kset; 1246 ret = kobject_add(&tlmi_priv.setting[i]->kobj, NULL, 1247 "%s", tlmi_priv.setting[i]->display_name); 1248 if (ret) 1249 goto fail_create_attr; 1250 1251 ret = sysfs_create_group(&tlmi_priv.setting[i]->kobj, &tlmi_attr_group); 1252 if (ret) 1253 goto fail_create_attr; 1254 } 1255 1256 ret = sysfs_create_file(&tlmi_priv.attribute_kset->kobj, &pending_reboot.attr); 1257 if (ret) 1258 goto fail_create_attr; 1259 1260 if (tlmi_priv.can_debug_cmd && debug_support) { 1261 ret = sysfs_create_file(&tlmi_priv.attribute_kset->kobj, &debug_cmd.attr); 1262 if (ret) 1263 goto fail_create_attr; 1264 } 1265 1266 /* Create authentication entries */ 1267 tlmi_priv.authentication_kset = kset_create_and_add("authentication", NULL, 1268 &tlmi_priv.class_dev->kobj); 1269 if (!tlmi_priv.authentication_kset) { 1270 ret = -ENOMEM; 1271 goto fail_create_attr; 1272 } 1273 tlmi_priv.pwd_admin->kobj.kset = tlmi_priv.authentication_kset; 1274 ret = kobject_add(&tlmi_priv.pwd_admin->kobj, NULL, "%s", "Admin"); 1275 if (ret) 1276 goto fail_create_attr; 1277 1278 ret = sysfs_create_group(&tlmi_priv.pwd_admin->kobj, &auth_attr_group); 1279 if (ret) 1280 goto fail_create_attr; 1281 1282 tlmi_priv.pwd_power->kobj.kset = tlmi_priv.authentication_kset; 1283 ret = kobject_add(&tlmi_priv.pwd_power->kobj, NULL, "%s", "Power-on"); 1284 if (ret) 1285 goto fail_create_attr; 1286 1287 ret = sysfs_create_group(&tlmi_priv.pwd_power->kobj, &auth_attr_group); 1288 if (ret) 1289 goto fail_create_attr; 1290 1291 if (tlmi_priv.opcode_support) { 1292 tlmi_priv.pwd_system->kobj.kset = tlmi_priv.authentication_kset; 1293 ret = kobject_add(&tlmi_priv.pwd_system->kobj, NULL, "%s", "System"); 1294 if (ret) 1295 goto fail_create_attr; 1296 1297 ret = sysfs_create_group(&tlmi_priv.pwd_system->kobj, &auth_attr_group); 1298 if (ret) 1299 goto fail_create_attr; 1300 1301 tlmi_priv.pwd_hdd->kobj.kset = tlmi_priv.authentication_kset; 1302 ret = kobject_add(&tlmi_priv.pwd_hdd->kobj, NULL, "%s", "HDD"); 1303 if (ret) 1304 goto fail_create_attr; 1305 1306 ret = sysfs_create_group(&tlmi_priv.pwd_hdd->kobj, &auth_attr_group); 1307 if (ret) 1308 goto fail_create_attr; 1309 1310 tlmi_priv.pwd_nvme->kobj.kset = tlmi_priv.authentication_kset; 1311 ret = kobject_add(&tlmi_priv.pwd_nvme->kobj, NULL, "%s", "NVMe"); 1312 if (ret) 1313 goto fail_create_attr; 1314 1315 ret = sysfs_create_group(&tlmi_priv.pwd_nvme->kobj, &auth_attr_group); 1316 if (ret) 1317 goto fail_create_attr; 1318 } 1319 1320 return ret; 1321 1322fail_create_attr: 1323 tlmi_release_attr(); 1324fail_device_created: 1325 device_destroy(fw_attr_class, MKDEV(0, 0)); 1326fail_class_created: 1327 fw_attributes_class_put(); 1328 return ret; 1329} 1330 1331/* ---- Base Driver -------------------------------------------------------- */ 1332static struct tlmi_pwd_setting *tlmi_create_auth(const char *pwd_type, 1333 const char *pwd_role) 1334{ 1335 struct tlmi_pwd_setting *new_pwd; 1336 1337 new_pwd = kzalloc(sizeof(struct tlmi_pwd_setting), GFP_KERNEL); 1338 if (!new_pwd) 1339 return NULL; 1340 1341 strscpy(new_pwd->kbdlang, "us", TLMI_LANG_MAXLEN); 1342 new_pwd->encoding = TLMI_ENCODING_ASCII; 1343 new_pwd->pwd_type = pwd_type; 1344 new_pwd->role = pwd_role; 1345 new_pwd->minlen = tlmi_priv.pwdcfg.core.min_length; 1346 new_pwd->maxlen = tlmi_priv.pwdcfg.core.max_length; 1347 new_pwd->index = 0; 1348 1349 kobject_init(&new_pwd->kobj, &tlmi_pwd_setting_ktype); 1350 1351 return new_pwd; 1352} 1353 1354static int tlmi_analyze(void) 1355{ 1356 acpi_status status; 1357 int i, ret; 1358 1359 if (wmi_has_guid(LENOVO_SET_BIOS_SETTINGS_GUID) && 1360 wmi_has_guid(LENOVO_SAVE_BIOS_SETTINGS_GUID)) 1361 tlmi_priv.can_set_bios_settings = true; 1362 1363 if (wmi_has_guid(LENOVO_GET_BIOS_SELECTIONS_GUID)) 1364 tlmi_priv.can_get_bios_selections = true; 1365 1366 if (wmi_has_guid(LENOVO_SET_BIOS_PASSWORD_GUID)) 1367 tlmi_priv.can_set_bios_password = true; 1368 1369 if (wmi_has_guid(LENOVO_BIOS_PASSWORD_SETTINGS_GUID)) 1370 tlmi_priv.can_get_password_settings = true; 1371 1372 if (wmi_has_guid(LENOVO_DEBUG_CMD_GUID)) 1373 tlmi_priv.can_debug_cmd = true; 1374 1375 if (wmi_has_guid(LENOVO_OPCODE_IF_GUID)) 1376 tlmi_priv.opcode_support = true; 1377 1378 if (wmi_has_guid(LENOVO_SET_BIOS_CERT_GUID) && 1379 wmi_has_guid(LENOVO_SET_BIOS_SETTING_CERT_GUID) && 1380 wmi_has_guid(LENOVO_SAVE_BIOS_SETTING_CERT_GUID)) 1381 tlmi_priv.certificate_support = true; 1382 1383 /* 1384 * Try to find the number of valid settings of this machine 1385 * and use it to create sysfs attributes. 1386 */ 1387 for (i = 0; i < TLMI_SETTINGS_COUNT; ++i) { 1388 struct tlmi_attr_setting *setting; 1389 char *item = NULL; 1390 char *p; 1391 1392 tlmi_priv.setting[i] = NULL; 1393 status = tlmi_setting(i, &item, LENOVO_BIOS_SETTING_GUID); 1394 if (ACPI_FAILURE(status)) 1395 break; 1396 if (!item) 1397 break; 1398 if (!*item) { 1399 kfree(item); 1400 continue; 1401 } 1402 1403 /* It is not allowed to have '/' for file name. Convert it into '\'. */ 1404 strreplace(item, '/', '\\'); 1405 1406 /* Remove the value part */ 1407 p = strchrnul(item, ','); 1408 *p = '\0'; 1409 1410 /* Create a setting entry */ 1411 setting = kzalloc(sizeof(*setting), GFP_KERNEL); 1412 if (!setting) { 1413 ret = -ENOMEM; 1414 kfree(item); 1415 goto fail_clear_attr; 1416 } 1417 setting->index = i; 1418 strscpy(setting->display_name, item, TLMI_SETTINGS_MAXLEN); 1419 /* If BIOS selections supported, load those */ 1420 if (tlmi_priv.can_get_bios_selections) { 1421 ret = tlmi_get_bios_selections(setting->display_name, 1422 &setting->possible_values); 1423 if (ret || !setting->possible_values) 1424 pr_info("Error retrieving possible values for %d : %s\n", 1425 i, setting->display_name); 1426 } 1427 kobject_init(&setting->kobj, &tlmi_attr_setting_ktype); 1428 tlmi_priv.setting[i] = setting; 1429 kfree(item); 1430 } 1431 1432 /* Create password setting structure */ 1433 ret = tlmi_get_pwd_settings(&tlmi_priv.pwdcfg); 1434 if (ret) 1435 goto fail_clear_attr; 1436 1437 /* All failures below boil down to kmalloc failures */ 1438 ret = -ENOMEM; 1439 1440 tlmi_priv.pwd_admin = tlmi_create_auth("pap", "bios-admin"); 1441 if (!tlmi_priv.pwd_admin) 1442 goto fail_clear_attr; 1443 1444 if (tlmi_priv.pwdcfg.core.password_state & TLMI_PAP_PWD) 1445 tlmi_priv.pwd_admin->valid = true; 1446 1447 tlmi_priv.pwd_power = tlmi_create_auth("pop", "power-on"); 1448 if (!tlmi_priv.pwd_power) 1449 goto fail_clear_attr; 1450 1451 if (tlmi_priv.pwdcfg.core.password_state & TLMI_POP_PWD) 1452 tlmi_priv.pwd_power->valid = true; 1453 1454 if (tlmi_priv.opcode_support) { 1455 tlmi_priv.pwd_system = tlmi_create_auth("sys", "system"); 1456 if (!tlmi_priv.pwd_system) 1457 goto fail_clear_attr; 1458 1459 if (tlmi_priv.pwdcfg.core.password_state & TLMI_SYS_PWD) 1460 tlmi_priv.pwd_system->valid = true; 1461 1462 tlmi_priv.pwd_hdd = tlmi_create_auth("hdd", "hdd"); 1463 if (!tlmi_priv.pwd_hdd) 1464 goto fail_clear_attr; 1465 1466 tlmi_priv.pwd_nvme = tlmi_create_auth("nvm", "nvme"); 1467 if (!tlmi_priv.pwd_nvme) 1468 goto fail_clear_attr; 1469 1470 if (tlmi_priv.pwdcfg.core.password_state & TLMI_HDD_PWD) { 1471 /* Check if PWD is configured and set index to first drive found */ 1472 if (tlmi_priv.pwdcfg.ext.hdd_user_password || 1473 tlmi_priv.pwdcfg.ext.hdd_master_password) { 1474 tlmi_priv.pwd_hdd->valid = true; 1475 if (tlmi_priv.pwdcfg.ext.hdd_master_password) 1476 tlmi_priv.pwd_hdd->index = 1477 ffs(tlmi_priv.pwdcfg.ext.hdd_master_password) - 1; 1478 else 1479 tlmi_priv.pwd_hdd->index = 1480 ffs(tlmi_priv.pwdcfg.ext.hdd_user_password) - 1; 1481 } 1482 if (tlmi_priv.pwdcfg.ext.nvme_user_password || 1483 tlmi_priv.pwdcfg.ext.nvme_master_password) { 1484 tlmi_priv.pwd_nvme->valid = true; 1485 if (tlmi_priv.pwdcfg.ext.nvme_master_password) 1486 tlmi_priv.pwd_nvme->index = 1487 ffs(tlmi_priv.pwdcfg.ext.nvme_master_password) - 1; 1488 else 1489 tlmi_priv.pwd_nvme->index = 1490 ffs(tlmi_priv.pwdcfg.ext.nvme_user_password) - 1; 1491 } 1492 } 1493 } 1494 1495 if (tlmi_priv.certificate_support && 1496 (tlmi_priv.pwdcfg.core.password_state & TLMI_CERT)) 1497 tlmi_priv.pwd_admin->cert_installed = true; 1498 1499 return 0; 1500 1501fail_clear_attr: 1502 for (i = 0; i < TLMI_SETTINGS_COUNT; ++i) { 1503 if (tlmi_priv.setting[i]) { 1504 kfree(tlmi_priv.setting[i]->possible_values); 1505 kfree(tlmi_priv.setting[i]); 1506 } 1507 } 1508 kfree(tlmi_priv.pwd_admin); 1509 kfree(tlmi_priv.pwd_power); 1510 kfree(tlmi_priv.pwd_system); 1511 kfree(tlmi_priv.pwd_hdd); 1512 kfree(tlmi_priv.pwd_nvme); 1513 return ret; 1514} 1515 1516static void tlmi_remove(struct wmi_device *wdev) 1517{ 1518 tlmi_release_attr(); 1519 device_destroy(fw_attr_class, MKDEV(0, 0)); 1520 fw_attributes_class_put(); 1521} 1522 1523static int tlmi_probe(struct wmi_device *wdev, const void *context) 1524{ 1525 int ret; 1526 1527 ret = tlmi_analyze(); 1528 if (ret) 1529 return ret; 1530 1531 return tlmi_sysfs_init(); 1532} 1533 1534static const struct wmi_device_id tlmi_id_table[] = { 1535 { .guid_string = LENOVO_BIOS_SETTING_GUID }, 1536 { } 1537}; 1538MODULE_DEVICE_TABLE(wmi, tlmi_id_table); 1539 1540static struct wmi_driver tlmi_driver = { 1541 .driver = { 1542 .name = "think-lmi", 1543 }, 1544 .id_table = tlmi_id_table, 1545 .probe = tlmi_probe, 1546 .remove = tlmi_remove, 1547}; 1548 1549MODULE_AUTHOR("Sugumaran L <slacshiminar@lenovo.com>"); 1550MODULE_AUTHOR("Mark Pearson <markpearson@lenovo.com>"); 1551MODULE_AUTHOR("Corentin Chary <corentin.chary@gmail.com>"); 1552MODULE_DESCRIPTION("ThinkLMI Driver"); 1553MODULE_LICENSE("GPL"); 1554 1555module_wmi_driver(tlmi_driver);