1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Think LMI BIOS configuration driver 4 * 5 * Copyright(C) 2019-2021 Lenovo 6 * 7 * Original code from Thinkpad-wmi project https://github.com/iksaif/thinkpad-wmi 8 * Copyright(C) 2017 Corentin Chary <corentin.chary@gmail.com> 9 * Distributed under the GPL-2.0 license 10 */ 11 12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 13 14 #include <linux/acpi.h> 15 #include <linux/errno.h> 16 #include <linux/fs.h> 17 #include <linux/string.h> 18 #include <linux/types.h> 19 #include <linux/dmi.h> 20 #include <linux/wmi.h> 21 #include "firmware_attributes_class.h" 22 #include "think-lmi.h" 23 24 static bool debug_support; 25 module_param(debug_support, bool, 0444); 26 MODULE_PARM_DESC(debug_support, "Enable debug command support"); 27 28 /* 29 * Name: BiosSetting 30 * Description: Get item name and settings for current LMI instance. 31 * Type: Query 32 * Returns: "Item,Value" 33 * Example: "WakeOnLAN,Enable" 34 */ 35 #define LENOVO_BIOS_SETTING_GUID "51F5230E-9677-46CD-A1CF-C0B23EE34DB7" 36 37 /* 38 * Name: SetBiosSetting 39 * Description: Change the BIOS setting to the desired value using the SetBiosSetting 40 * class. To save the settings, use the SaveBiosSetting class. 41 * BIOS settings and values are case sensitive. 42 * After making changes to the BIOS settings, you must reboot the computer 43 * before the changes will take effect. 44 * Type: Method 45 * Arguments: "Item,Value,Password,Encoding,KbdLang;" 46 * Example: "WakeOnLAN,Disable,pa55w0rd,ascii,us;" 47 */ 48 #define LENOVO_SET_BIOS_SETTINGS_GUID "98479A64-33F5-4E33-A707-8E251EBBC3A1" 49 50 /* 51 * Name: SaveBiosSettings 52 * Description: Save any pending changes in settings. 53 * Type: Method 54 * Arguments: "Password,Encoding,KbdLang;" 55 * Example: "pa55w0rd,ascii,us;" 56 */ 57 #define LENOVO_SAVE_BIOS_SETTINGS_GUID "6A4B54EF-A5ED-4D33-9455-B0D9B48DF4B3" 58 59 /* 60 * Name: BiosPasswordSettings 61 * Description: Return BIOS Password settings 62 * Type: Query 63 * Returns: PasswordMode, PasswordState, MinLength, MaxLength, 64 * SupportedEncoding, SupportedKeyboard 65 */ 66 #define LENOVO_BIOS_PASSWORD_SETTINGS_GUID "8ADB159E-1E32-455C-BC93-308A7ED98246" 67 68 /* 69 * Name: SetBiosPassword 70 * Description: Change a specific password. 71 * - BIOS settings cannot be changed at the same boot as power-on 72 * passwords (POP) and hard disk passwords (HDP). If you want to change 73 * BIOS settings and POP or HDP, you must reboot the system after changing 74 * one of them. 75 * - A password cannot be set using this method when one does not already 76 * exist. Passwords can only be updated or cleared. 77 * Type: Method 78 * Arguments: "PasswordType,CurrentPassword,NewPassword,Encoding,KbdLang;" 79 * Example: "pop,pa55w0rd,newpa55w0rd,ascii,us;” 80 */ 81 #define LENOVO_SET_BIOS_PASSWORD_GUID "2651D9FD-911C-4B69-B94E-D0DED5963BD7" 82 83 /* 84 * Name: GetBiosSelections 85 * Description: Return a list of valid settings for a given item. 86 * Type: Method 87 * Arguments: "Item" 88 * Returns: "Value1,Value2,Value3,..." 89 * Example: 90 * -> "FlashOverLAN" 91 * <- "Enabled,Disabled" 92 */ 93 #define LENOVO_GET_BIOS_SELECTIONS_GUID "7364651A-132F-4FE7-ADAA-40C6C7EE2E3B" 94 95 /* 96 * Name: DebugCmd 97 * Description: Debug entry method for entering debug commands to the BIOS 98 */ 99 #define LENOVO_DEBUG_CMD_GUID "7FF47003-3B6C-4E5E-A227-E979824A85D1" 100 101 /* 102 * Name: OpcodeIF 103 * Description: Opcode interface which provides the ability to set multiple 104 * parameters and then trigger an action with a final command. 105 * This is particularly useful for simplifying setting passwords. 106 * With this support comes the ability to set System, HDD and NVMe 107 * passwords. 108 * This is currently available on ThinkCenter and ThinkStations platforms 109 */ 110 #define LENOVO_OPCODE_IF_GUID "DFDDEF2C-57D4-48ce-B196-0FB787D90836" 111 112 /* 113 * Name: SetBiosCert 114 * Description: Install BIOS certificate. 115 * Type: Method 116 * Arguments: "Certificate,Password" 117 * You must reboot the computer before the changes will take effect. 118 */ 119 #define LENOVO_SET_BIOS_CERT_GUID "26861C9F-47E9-44C4-BD8B-DFE7FA2610FE" 120 121 /* 122 * Name: UpdateBiosCert 123 * Description: Update BIOS certificate. 124 * Type: Method 125 * Format: "Certificate,Signature" 126 * You must reboot the computer before the changes will take effect. 127 */ 128 #define LENOVO_UPDATE_BIOS_CERT_GUID "9AA3180A-9750-41F7-B9F7-D5D3B1BAC3CE" 129 130 /* 131 * Name: ClearBiosCert 132 * Description: Uninstall BIOS certificate. 133 * Type: Method 134 * Format: "Serial,Signature" 135 * You must reboot the computer before the changes will take effect. 136 */ 137 #define LENOVO_CLEAR_BIOS_CERT_GUID "B2BC39A7-78DD-4D71-B059-A510DEC44890" 138 /* 139 * Name: CertToPassword 140 * Description: Switch from certificate to password authentication. 141 * Type: Method 142 * Format: "Password,Signature" 143 * You must reboot the computer before the changes will take effect. 144 */ 145 #define LENOVO_CERT_TO_PASSWORD_GUID "0DE8590D-5510-4044-9621-77C227F5A70D" 146 147 /* 148 * Name: SetBiosSettingCert 149 * Description: Set attribute using certificate authentication. 150 * Type: Method 151 * Format: "Item,Value,Signature" 152 */ 153 #define LENOVO_SET_BIOS_SETTING_CERT_GUID "34A008CC-D205-4B62-9E67-31DFA8B90003" 154 155 /* 156 * Name: SaveBiosSettingCert 157 * Description: Save any pending changes in settings. 158 * Type: Method 159 * Format: "Signature" 160 */ 161 #define LENOVO_SAVE_BIOS_SETTING_CERT_GUID "C050FB9D-DF5F-4606-B066-9EFC401B2551" 162 163 /* 164 * Name: CertThumbprint 165 * Description: Display Certificate thumbprints 166 * Type: Query 167 * Returns: MD5, SHA1 & SHA256 thumbprints 168 */ 169 #define LENOVO_CERT_THUMBPRINT_GUID "C59119ED-1C0D-4806-A8E9-59AA318176C4" 170 171 #define TLMI_POP_PWD (1 << 0) 172 #define TLMI_PAP_PWD (1 << 1) 173 #define TLMI_HDD_PWD (1 << 2) 174 #define TLMI_SYS_PWD (1 << 3) 175 #define TLMI_CERT (1 << 7) 176 177 #define to_tlmi_pwd_setting(kobj) container_of(kobj, struct tlmi_pwd_setting, kobj) 178 #define to_tlmi_attr_setting(kobj) container_of(kobj, struct tlmi_attr_setting, kobj) 179 180 static const struct tlmi_err_codes tlmi_errs[] = { 181 {"Success", 0}, 182 {"Not Supported", -EOPNOTSUPP}, 183 {"Invalid Parameter", -EINVAL}, 184 {"Access Denied", -EACCES}, 185 {"System Busy", -EBUSY}, 186 }; 187 188 static const char * const encoding_options[] = { 189 [TLMI_ENCODING_ASCII] = "ascii", 190 [TLMI_ENCODING_SCANCODE] = "scancode", 191 }; 192 static const char * const level_options[] = { 193 [TLMI_LEVEL_USER] = "user", 194 [TLMI_LEVEL_MASTER] = "master", 195 }; 196 static struct think_lmi tlmi_priv; 197 static struct class *fw_attr_class; 198 199 /* ------ Utility functions ------------*/ 200 /* Strip out CR if one is present */ 201 static void strip_cr(char *str) 202 { 203 char *p = strchrnul(str, '\n'); 204 *p = '\0'; 205 } 206 207 /* Convert BIOS WMI error string to suitable error code */ 208 static int tlmi_errstr_to_err(const char *errstr) 209 { 210 int i; 211 212 for (i = 0; i < sizeof(tlmi_errs)/sizeof(struct tlmi_err_codes); i++) { 213 if (!strcmp(tlmi_errs[i].err_str, errstr)) 214 return tlmi_errs[i].err_code; 215 } 216 return -EPERM; 217 } 218 219 /* Extract error string from WMI return buffer */ 220 static int tlmi_extract_error(const struct acpi_buffer *output) 221 { 222 const union acpi_object *obj; 223 224 obj = output->pointer; 225 if (!obj) 226 return -ENOMEM; 227 if (obj->type != ACPI_TYPE_STRING || !obj->string.pointer) 228 return -EIO; 229 230 return tlmi_errstr_to_err(obj->string.pointer); 231 } 232 233 /* Utility function to execute WMI call to BIOS */ 234 static int tlmi_simple_call(const char *guid, const char *arg) 235 { 236 const struct acpi_buffer input = { strlen(arg), (char *)arg }; 237 struct acpi_buffer output = { ACPI_ALLOCATE_BUFFER, NULL }; 238 acpi_status status; 239 int i, err; 240 241 /* 242 * Duplicated call required to match BIOS workaround for behavior 243 * seen when WMI accessed via scripting on other OS. 244 */ 245 for (i = 0; i < 2; i++) { 246 /* (re)initialize output buffer to default state */ 247 output.length = ACPI_ALLOCATE_BUFFER; 248 output.pointer = NULL; 249 250 status = wmi_evaluate_method(guid, 0, 0, &input, &output); 251 if (ACPI_FAILURE(status)) { 252 kfree(output.pointer); 253 return -EIO; 254 } 255 err = tlmi_extract_error(&output); 256 kfree(output.pointer); 257 if (err) 258 return err; 259 } 260 return 0; 261 } 262 263 /* Extract output string from WMI return buffer */ 264 static int tlmi_extract_output_string(const struct acpi_buffer *output, 265 char **string) 266 { 267 const union acpi_object *obj; 268 char *s; 269 270 obj = output->pointer; 271 if (!obj) 272 return -ENOMEM; 273 if (obj->type != ACPI_TYPE_STRING || !obj->string.pointer) 274 return -EIO; 275 276 s = kstrdup(obj->string.pointer, GFP_KERNEL); 277 if (!s) 278 return -ENOMEM; 279 *string = s; 280 return 0; 281 } 282 283 /* ------ Core interface functions ------------*/ 284 285 /* Get password settings from BIOS */ 286 static int tlmi_get_pwd_settings(struct tlmi_pwdcfg *pwdcfg) 287 { 288 struct acpi_buffer output = { ACPI_ALLOCATE_BUFFER, NULL }; 289 const union acpi_object *obj; 290 acpi_status status; 291 int copy_size; 292 293 if (!tlmi_priv.can_get_password_settings) 294 return -EOPNOTSUPP; 295 296 status = wmi_query_block(LENOVO_BIOS_PASSWORD_SETTINGS_GUID, 0, 297 &output); 298 if (ACPI_FAILURE(status)) 299 return -EIO; 300 301 obj = output.pointer; 302 if (!obj) 303 return -ENOMEM; 304 if (obj->type != ACPI_TYPE_BUFFER || !obj->buffer.pointer) { 305 kfree(obj); 306 return -EIO; 307 } 308 /* 309 * The size of thinkpad_wmi_pcfg on ThinkStation is larger than ThinkPad. 310 * To make the driver compatible on different brands, we permit it to get 311 * the data in below case. 312 * Settings must have at minimum the core fields available 313 */ 314 if (obj->buffer.length < sizeof(struct tlmi_pwdcfg_core)) { 315 pr_warn("Unknown pwdcfg buffer length %d\n", obj->buffer.length); 316 kfree(obj); 317 return -EIO; 318 } 319 320 copy_size = min_t(size_t, obj->buffer.length, sizeof(struct tlmi_pwdcfg)); 321 322 memcpy(pwdcfg, obj->buffer.pointer, copy_size); 323 kfree(obj); 324 325 if (WARN_ON(pwdcfg->core.max_length >= TLMI_PWD_BUFSIZE)) 326 pwdcfg->core.max_length = TLMI_PWD_BUFSIZE - 1; 327 return 0; 328 } 329 330 static int tlmi_save_bios_settings(const char *password) 331 { 332 return tlmi_simple_call(LENOVO_SAVE_BIOS_SETTINGS_GUID, 333 password); 334 } 335 336 static int tlmi_opcode_setting(char *setting, const char *value) 337 { 338 char *opcode_str; 339 int ret; 340 341 opcode_str = kasprintf(GFP_KERNEL, "%s:%s;", setting, value); 342 if (!opcode_str) 343 return -ENOMEM; 344 345 ret = tlmi_simple_call(LENOVO_OPCODE_IF_GUID, opcode_str); 346 kfree(opcode_str); 347 return ret; 348 } 349 350 static int tlmi_setting(int item, char **value, const char *guid_string) 351 { 352 struct acpi_buffer output = { ACPI_ALLOCATE_BUFFER, NULL }; 353 acpi_status status; 354 int ret; 355 356 status = wmi_query_block(guid_string, item, &output); 357 if (ACPI_FAILURE(status)) { 358 kfree(output.pointer); 359 return -EIO; 360 } 361 362 ret = tlmi_extract_output_string(&output, value); 363 kfree(output.pointer); 364 return ret; 365 } 366 367 static int tlmi_get_bios_selections(const char *item, char **value) 368 { 369 const struct acpi_buffer input = { strlen(item), (char *)item }; 370 struct acpi_buffer output = { ACPI_ALLOCATE_BUFFER, NULL }; 371 acpi_status status; 372 int ret; 373 374 status = wmi_evaluate_method(LENOVO_GET_BIOS_SELECTIONS_GUID, 375 0, 0, &input, &output); 376 377 if (ACPI_FAILURE(status)) { 378 kfree(output.pointer); 379 return -EIO; 380 } 381 382 ret = tlmi_extract_output_string(&output, value); 383 kfree(output.pointer); 384 return ret; 385 } 386 387 /* ---- Authentication sysfs --------------------------------------------------------- */ 388 static ssize_t is_enabled_show(struct kobject *kobj, struct kobj_attribute *attr, 389 char *buf) 390 { 391 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 392 393 return sysfs_emit(buf, "%d\n", setting->valid); 394 } 395 396 static struct kobj_attribute auth_is_pass_set = __ATTR_RO(is_enabled); 397 398 static ssize_t current_password_store(struct kobject *kobj, 399 struct kobj_attribute *attr, 400 const char *buf, size_t count) 401 { 402 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 403 size_t pwdlen; 404 405 pwdlen = strlen(buf); 406 /* pwdlen == 0 is allowed to clear the password */ 407 if (pwdlen && ((pwdlen < setting->minlen) || (pwdlen > setting->maxlen))) 408 return -EINVAL; 409 410 strscpy(setting->password, buf, setting->maxlen); 411 /* Strip out CR if one is present, setting password won't work if it is present */ 412 strip_cr(setting->password); 413 return count; 414 } 415 416 static struct kobj_attribute auth_current_password = __ATTR_WO(current_password); 417 418 static ssize_t new_password_store(struct kobject *kobj, 419 struct kobj_attribute *attr, 420 const char *buf, size_t count) 421 { 422 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 423 char *auth_str, *new_pwd; 424 size_t pwdlen; 425 int ret; 426 427 if (!capable(CAP_SYS_ADMIN)) 428 return -EPERM; 429 430 if (!tlmi_priv.can_set_bios_password) 431 return -EOPNOTSUPP; 432 433 new_pwd = kstrdup(buf, GFP_KERNEL); 434 if (!new_pwd) 435 return -ENOMEM; 436 437 /* Strip out CR if one is present, setting password won't work if it is present */ 438 strip_cr(new_pwd); 439 440 pwdlen = strlen(new_pwd); 441 /* pwdlen == 0 is allowed to clear the password */ 442 if (pwdlen && ((pwdlen < setting->minlen) || (pwdlen > setting->maxlen))) { 443 ret = -EINVAL; 444 goto out; 445 } 446 447 /* If opcode support is present use that interface */ 448 if (tlmi_priv.opcode_support) { 449 char pwd_type[8]; 450 451 /* Special handling required for HDD and NVMe passwords */ 452 if (setting == tlmi_priv.pwd_hdd) { 453 if (setting->level == TLMI_LEVEL_USER) 454 sprintf(pwd_type, "uhdp%d", setting->index); 455 else 456 sprintf(pwd_type, "mhdp%d", setting->index); 457 } else if (setting == tlmi_priv.pwd_nvme) { 458 if (setting->level == TLMI_LEVEL_USER) 459 sprintf(pwd_type, "unvp%d", setting->index); 460 else 461 sprintf(pwd_type, "mnvp%d", setting->index); 462 } else { 463 sprintf(pwd_type, "%s", setting->pwd_type); 464 } 465 466 ret = tlmi_opcode_setting("WmiOpcodePasswordType", pwd_type); 467 if (ret) 468 goto out; 469 470 if (tlmi_priv.pwd_admin->valid) { 471 ret = tlmi_opcode_setting("WmiOpcodePasswordAdmin", 472 tlmi_priv.pwd_admin->password); 473 if (ret) 474 goto out; 475 } 476 ret = tlmi_opcode_setting("WmiOpcodePasswordCurrent01", setting->password); 477 if (ret) 478 goto out; 479 ret = tlmi_opcode_setting("WmiOpcodePasswordNew01", new_pwd); 480 if (ret) 481 goto out; 482 ret = tlmi_simple_call(LENOVO_OPCODE_IF_GUID, "WmiOpcodePasswordSetUpdate;"); 483 } else { 484 /* Format: 'PasswordType,CurrentPw,NewPw,Encoding,KbdLang;' */ 485 auth_str = kasprintf(GFP_KERNEL, "%s,%s,%s,%s,%s;", 486 setting->pwd_type, setting->password, new_pwd, 487 encoding_options[setting->encoding], setting->kbdlang); 488 if (!auth_str) { 489 ret = -ENOMEM; 490 goto out; 491 } 492 ret = tlmi_simple_call(LENOVO_SET_BIOS_PASSWORD_GUID, auth_str); 493 kfree(auth_str); 494 } 495 out: 496 kfree(new_pwd); 497 return ret ?: count; 498 } 499 500 static struct kobj_attribute auth_new_password = __ATTR_WO(new_password); 501 502 static ssize_t min_password_length_show(struct kobject *kobj, struct kobj_attribute *attr, 503 char *buf) 504 { 505 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 506 507 return sysfs_emit(buf, "%d\n", setting->minlen); 508 } 509 510 static struct kobj_attribute auth_min_pass_length = __ATTR_RO(min_password_length); 511 512 static ssize_t max_password_length_show(struct kobject *kobj, struct kobj_attribute *attr, 513 char *buf) 514 { 515 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 516 517 return sysfs_emit(buf, "%d\n", setting->maxlen); 518 } 519 static struct kobj_attribute auth_max_pass_length = __ATTR_RO(max_password_length); 520 521 static ssize_t mechanism_show(struct kobject *kobj, struct kobj_attribute *attr, 522 char *buf) 523 { 524 return sysfs_emit(buf, "password\n"); 525 } 526 static struct kobj_attribute auth_mechanism = __ATTR_RO(mechanism); 527 528 static ssize_t encoding_show(struct kobject *kobj, struct kobj_attribute *attr, 529 char *buf) 530 { 531 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 532 533 return sysfs_emit(buf, "%s\n", encoding_options[setting->encoding]); 534 } 535 536 static ssize_t encoding_store(struct kobject *kobj, 537 struct kobj_attribute *attr, 538 const char *buf, size_t count) 539 { 540 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 541 int i; 542 543 /* Scan for a matching profile */ 544 i = sysfs_match_string(encoding_options, buf); 545 if (i < 0) 546 return -EINVAL; 547 548 setting->encoding = i; 549 return count; 550 } 551 552 static struct kobj_attribute auth_encoding = __ATTR_RW(encoding); 553 554 static ssize_t kbdlang_show(struct kobject *kobj, struct kobj_attribute *attr, 555 char *buf) 556 { 557 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 558 559 return sysfs_emit(buf, "%s\n", setting->kbdlang); 560 } 561 562 static ssize_t kbdlang_store(struct kobject *kobj, 563 struct kobj_attribute *attr, 564 const char *buf, size_t count) 565 { 566 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 567 int length; 568 569 /* Calculate length till '\n' or terminating 0 */ 570 length = strchrnul(buf, '\n') - buf; 571 if (!length || length >= TLMI_LANG_MAXLEN) 572 return -EINVAL; 573 574 memcpy(setting->kbdlang, buf, length); 575 setting->kbdlang[length] = '\0'; 576 return count; 577 } 578 579 static struct kobj_attribute auth_kbdlang = __ATTR_RW(kbdlang); 580 581 static ssize_t role_show(struct kobject *kobj, struct kobj_attribute *attr, 582 char *buf) 583 { 584 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 585 586 return sysfs_emit(buf, "%s\n", setting->role); 587 } 588 static struct kobj_attribute auth_role = __ATTR_RO(role); 589 590 static ssize_t index_show(struct kobject *kobj, struct kobj_attribute *attr, 591 char *buf) 592 { 593 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 594 595 return sysfs_emit(buf, "%d\n", setting->index); 596 } 597 598 static ssize_t index_store(struct kobject *kobj, 599 struct kobj_attribute *attr, 600 const char *buf, size_t count) 601 { 602 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 603 int err, val; 604 605 err = kstrtoint(buf, 10, &val); 606 if (err < 0) 607 return err; 608 609 if (val < 0 || val > TLMI_INDEX_MAX) 610 return -EINVAL; 611 612 setting->index = val; 613 return count; 614 } 615 616 static struct kobj_attribute auth_index = __ATTR_RW(index); 617 618 static ssize_t level_show(struct kobject *kobj, struct kobj_attribute *attr, 619 char *buf) 620 { 621 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 622 623 return sysfs_emit(buf, "%s\n", level_options[setting->level]); 624 } 625 626 static ssize_t level_store(struct kobject *kobj, 627 struct kobj_attribute *attr, 628 const char *buf, size_t count) 629 { 630 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 631 int i; 632 633 /* Scan for a matching profile */ 634 i = sysfs_match_string(level_options, buf); 635 if (i < 0) 636 return -EINVAL; 637 638 setting->level = i; 639 return count; 640 } 641 642 static struct kobj_attribute auth_level = __ATTR_RW(level); 643 644 static ssize_t cert_thumbprint(char *buf, const char *arg, int count) 645 { 646 const struct acpi_buffer input = { strlen(arg), (char *)arg }; 647 struct acpi_buffer output = { ACPI_ALLOCATE_BUFFER, NULL }; 648 const union acpi_object *obj; 649 acpi_status status; 650 651 status = wmi_evaluate_method(LENOVO_CERT_THUMBPRINT_GUID, 0, 0, &input, &output); 652 if (ACPI_FAILURE(status)) { 653 kfree(output.pointer); 654 return -EIO; 655 } 656 obj = output.pointer; 657 if (!obj) 658 return -ENOMEM; 659 if (obj->type != ACPI_TYPE_STRING || !obj->string.pointer) { 660 kfree(output.pointer); 661 return -EIO; 662 } 663 count += sysfs_emit_at(buf, count, "%s : %s\n", arg, (char *)obj->string.pointer); 664 kfree(output.pointer); 665 666 return count; 667 } 668 669 static ssize_t certificate_thumbprint_show(struct kobject *kobj, struct kobj_attribute *attr, 670 char *buf) 671 { 672 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 673 int count = 0; 674 675 if (!tlmi_priv.certificate_support || !setting->cert_installed) 676 return -EOPNOTSUPP; 677 678 count += cert_thumbprint(buf, "Md5", count); 679 count += cert_thumbprint(buf, "Sha1", count); 680 count += cert_thumbprint(buf, "Sha256", count); 681 return count; 682 } 683 684 static struct kobj_attribute auth_cert_thumb = __ATTR_RO(certificate_thumbprint); 685 686 static ssize_t cert_to_password_store(struct kobject *kobj, 687 struct kobj_attribute *attr, 688 const char *buf, size_t count) 689 { 690 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 691 char *auth_str, *passwd; 692 int ret; 693 694 if (!capable(CAP_SYS_ADMIN)) 695 return -EPERM; 696 697 if (!tlmi_priv.certificate_support) 698 return -EOPNOTSUPP; 699 700 if (!setting->cert_installed) 701 return -EINVAL; 702 703 if (!setting->signature || !setting->signature[0]) 704 return -EACCES; 705 706 passwd = kstrdup(buf, GFP_KERNEL); 707 if (!passwd) 708 return -ENOMEM; 709 710 /* Strip out CR if one is present */ 711 strip_cr(passwd); 712 713 /* Format: 'Password,Signature' */ 714 auth_str = kasprintf(GFP_KERNEL, "%s,%s", passwd, setting->signature); 715 if (!auth_str) { 716 kfree(passwd); 717 return -ENOMEM; 718 } 719 ret = tlmi_simple_call(LENOVO_CERT_TO_PASSWORD_GUID, auth_str); 720 kfree(auth_str); 721 kfree(passwd); 722 723 return ret ?: count; 724 } 725 726 static struct kobj_attribute auth_cert_to_password = __ATTR_WO(cert_to_password); 727 728 static ssize_t certificate_store(struct kobject *kobj, 729 struct kobj_attribute *attr, 730 const char *buf, size_t count) 731 { 732 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 733 char *auth_str, *new_cert; 734 char *guid; 735 int ret; 736 737 if (!capable(CAP_SYS_ADMIN)) 738 return -EPERM; 739 740 if (!tlmi_priv.certificate_support) 741 return -EOPNOTSUPP; 742 743 /* If empty then clear installed certificate */ 744 if ((buf[0] == '\0') || (buf[0] == '\n')) { /* Clear installed certificate */ 745 /* Check that signature is set */ 746 if (!setting->signature || !setting->signature[0]) 747 return -EACCES; 748 749 /* Format: 'serial#, signature' */ 750 auth_str = kasprintf(GFP_KERNEL, "%s,%s", 751 dmi_get_system_info(DMI_PRODUCT_SERIAL), 752 setting->signature); 753 if (!auth_str) 754 return -ENOMEM; 755 756 ret = tlmi_simple_call(LENOVO_CLEAR_BIOS_CERT_GUID, auth_str); 757 kfree(auth_str); 758 759 return ret ?: count; 760 } 761 762 new_cert = kstrdup(buf, GFP_KERNEL); 763 if (!new_cert) 764 return -ENOMEM; 765 /* Strip out CR if one is present */ 766 strip_cr(new_cert); 767 768 if (setting->cert_installed) { 769 /* Certificate is installed so this is an update */ 770 if (!setting->signature || !setting->signature[0]) { 771 kfree(new_cert); 772 return -EACCES; 773 } 774 guid = LENOVO_UPDATE_BIOS_CERT_GUID; 775 /* Format: 'Certificate,Signature' */ 776 auth_str = kasprintf(GFP_KERNEL, "%s,%s", 777 new_cert, setting->signature); 778 } else { 779 /* This is a fresh install */ 780 if (!setting->valid || !setting->password[0]) { 781 kfree(new_cert); 782 return -EACCES; 783 } 784 guid = LENOVO_SET_BIOS_CERT_GUID; 785 /* Format: 'Certificate,Admin-password' */ 786 auth_str = kasprintf(GFP_KERNEL, "%s,%s", 787 new_cert, setting->password); 788 } 789 kfree(new_cert); 790 if (!auth_str) 791 return -ENOMEM; 792 793 ret = tlmi_simple_call(guid, auth_str); 794 kfree(auth_str); 795 796 return ret ?: count; 797 } 798 799 static struct kobj_attribute auth_certificate = __ATTR_WO(certificate); 800 801 static ssize_t signature_store(struct kobject *kobj, 802 struct kobj_attribute *attr, 803 const char *buf, size_t count) 804 { 805 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 806 char *new_signature; 807 808 if (!capable(CAP_SYS_ADMIN)) 809 return -EPERM; 810 811 if (!tlmi_priv.certificate_support) 812 return -EOPNOTSUPP; 813 814 new_signature = kstrdup(buf, GFP_KERNEL); 815 if (!new_signature) 816 return -ENOMEM; 817 818 /* Strip out CR if one is present */ 819 strip_cr(new_signature); 820 821 /* Free any previous signature */ 822 kfree(setting->signature); 823 setting->signature = new_signature; 824 825 return count; 826 } 827 828 static struct kobj_attribute auth_signature = __ATTR_WO(signature); 829 830 static ssize_t save_signature_store(struct kobject *kobj, 831 struct kobj_attribute *attr, 832 const char *buf, size_t count) 833 { 834 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 835 char *new_signature; 836 837 if (!capable(CAP_SYS_ADMIN)) 838 return -EPERM; 839 840 if (!tlmi_priv.certificate_support) 841 return -EOPNOTSUPP; 842 843 new_signature = kstrdup(buf, GFP_KERNEL); 844 if (!new_signature) 845 return -ENOMEM; 846 847 /* Strip out CR if one is present */ 848 strip_cr(new_signature); 849 850 /* Free any previous signature */ 851 kfree(setting->save_signature); 852 setting->save_signature = new_signature; 853 854 return count; 855 } 856 857 static struct kobj_attribute auth_save_signature = __ATTR_WO(save_signature); 858 859 static umode_t auth_attr_is_visible(struct kobject *kobj, 860 struct attribute *attr, int n) 861 { 862 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 863 864 /* We only want to display level and index settings on HDD/NVMe */ 865 if ((attr == (struct attribute *)&auth_index) || 866 (attr == (struct attribute *)&auth_level)) { 867 if ((setting == tlmi_priv.pwd_hdd) || (setting == tlmi_priv.pwd_nvme)) 868 return attr->mode; 869 return 0; 870 } 871 872 /* We only display certificates on Admin account, if supported */ 873 if ((attr == (struct attribute *)&auth_certificate) || 874 (attr == (struct attribute *)&auth_signature) || 875 (attr == (struct attribute *)&auth_save_signature) || 876 (attr == (struct attribute *)&auth_cert_thumb) || 877 (attr == (struct attribute *)&auth_cert_to_password)) { 878 if ((setting == tlmi_priv.pwd_admin) && tlmi_priv.certificate_support) 879 return attr->mode; 880 return 0; 881 } 882 883 return attr->mode; 884 } 885 886 static struct attribute *auth_attrs[] = { 887 &auth_is_pass_set.attr, 888 &auth_min_pass_length.attr, 889 &auth_max_pass_length.attr, 890 &auth_current_password.attr, 891 &auth_new_password.attr, 892 &auth_role.attr, 893 &auth_mechanism.attr, 894 &auth_encoding.attr, 895 &auth_kbdlang.attr, 896 &auth_index.attr, 897 &auth_level.attr, 898 &auth_certificate.attr, 899 &auth_signature.attr, 900 &auth_save_signature.attr, 901 &auth_cert_thumb.attr, 902 &auth_cert_to_password.attr, 903 NULL 904 }; 905 906 static const struct attribute_group auth_attr_group = { 907 .is_visible = auth_attr_is_visible, 908 .attrs = auth_attrs, 909 }; 910 911 /* ---- Attributes sysfs --------------------------------------------------------- */ 912 static ssize_t display_name_show(struct kobject *kobj, struct kobj_attribute *attr, 913 char *buf) 914 { 915 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj); 916 917 return sysfs_emit(buf, "%s\n", setting->display_name); 918 } 919 920 static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) 921 { 922 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj); 923 char *item, *value, *p; 924 int ret; 925 926 ret = tlmi_setting(setting->index, &item, LENOVO_BIOS_SETTING_GUID); 927 if (ret) 928 return ret; 929 930 /* validate and split from `item,value` -> `value` */ 931 value = strpbrk(item, ","); 932 if (!value || value == item || !strlen(value + 1)) 933 ret = -EINVAL; 934 else { 935 /* On Workstations remove the Options part after the value */ 936 p = strchrnul(value, ';'); 937 *p = '\0'; 938 ret = sysfs_emit(buf, "%s\n", value + 1); 939 } 940 kfree(item); 941 942 return ret; 943 } 944 945 static ssize_t possible_values_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) 946 { 947 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj); 948 949 return sysfs_emit(buf, "%s\n", setting->possible_values); 950 } 951 952 static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr, 953 char *buf) 954 { 955 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj); 956 957 if (setting->possible_values) { 958 /* Figure out what setting type is as BIOS does not return this */ 959 if (strchr(setting->possible_values, ';')) 960 return sysfs_emit(buf, "enumeration\n"); 961 } 962 /* Anything else is going to be a string */ 963 return sysfs_emit(buf, "string\n"); 964 } 965 966 static ssize_t current_value_store(struct kobject *kobj, 967 struct kobj_attribute *attr, 968 const char *buf, size_t count) 969 { 970 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj); 971 char *set_str = NULL, *new_setting = NULL; 972 char *auth_str = NULL; 973 int ret; 974 975 if (!tlmi_priv.can_set_bios_settings) 976 return -EOPNOTSUPP; 977 978 new_setting = kstrdup(buf, GFP_KERNEL); 979 if (!new_setting) 980 return -ENOMEM; 981 982 /* Strip out CR if one is present */ 983 strip_cr(new_setting); 984 985 /* Check if certificate authentication is enabled and active */ 986 if (tlmi_priv.certificate_support && tlmi_priv.pwd_admin->cert_installed) { 987 if (!tlmi_priv.pwd_admin->signature || !tlmi_priv.pwd_admin->save_signature) { 988 ret = -EINVAL; 989 goto out; 990 } 991 set_str = kasprintf(GFP_KERNEL, "%s,%s,%s", setting->display_name, 992 new_setting, tlmi_priv.pwd_admin->signature); 993 if (!set_str) { 994 ret = -ENOMEM; 995 goto out; 996 } 997 998 ret = tlmi_simple_call(LENOVO_SET_BIOS_SETTING_CERT_GUID, set_str); 999 if (ret) 1000 goto out; 1001 ret = tlmi_simple_call(LENOVO_SAVE_BIOS_SETTING_CERT_GUID, 1002 tlmi_priv.pwd_admin->save_signature); 1003 if (ret) 1004 goto out; 1005 } else { /* Non certiifcate based authentication */ 1006 if (tlmi_priv.pwd_admin->valid && tlmi_priv.pwd_admin->password[0]) { 1007 auth_str = kasprintf(GFP_KERNEL, "%s,%s,%s;", 1008 tlmi_priv.pwd_admin->password, 1009 encoding_options[tlmi_priv.pwd_admin->encoding], 1010 tlmi_priv.pwd_admin->kbdlang); 1011 if (!auth_str) { 1012 ret = -ENOMEM; 1013 goto out; 1014 } 1015 } 1016 1017 if (auth_str) 1018 set_str = kasprintf(GFP_KERNEL, "%s,%s,%s", setting->display_name, 1019 new_setting, auth_str); 1020 else 1021 set_str = kasprintf(GFP_KERNEL, "%s,%s;", setting->display_name, 1022 new_setting); 1023 if (!set_str) { 1024 ret = -ENOMEM; 1025 goto out; 1026 } 1027 1028 ret = tlmi_simple_call(LENOVO_SET_BIOS_SETTINGS_GUID, set_str); 1029 if (ret) 1030 goto out; 1031 1032 if (auth_str) 1033 ret = tlmi_save_bios_settings(auth_str); 1034 else 1035 ret = tlmi_save_bios_settings(""); 1036 } 1037 if (!ret && !tlmi_priv.pending_changes) { 1038 tlmi_priv.pending_changes = true; 1039 /* let userland know it may need to check reboot pending again */ 1040 kobject_uevent(&tlmi_priv.class_dev->kobj, KOBJ_CHANGE); 1041 } 1042 out: 1043 kfree(auth_str); 1044 kfree(set_str); 1045 kfree(new_setting); 1046 return ret ?: count; 1047 } 1048 1049 static struct kobj_attribute attr_displ_name = __ATTR_RO(display_name); 1050 1051 static struct kobj_attribute attr_possible_values = __ATTR_RO(possible_values); 1052 1053 static struct kobj_attribute attr_current_val = __ATTR_RW_MODE(current_value, 0600); 1054 1055 static struct kobj_attribute attr_type = __ATTR_RO(type); 1056 1057 static umode_t attr_is_visible(struct kobject *kobj, 1058 struct attribute *attr, int n) 1059 { 1060 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj); 1061 1062 /* We don't want to display possible_values attributes if not available */ 1063 if ((attr == &attr_possible_values.attr) && (!setting->possible_values)) 1064 return 0; 1065 1066 return attr->mode; 1067 } 1068 1069 static struct attribute *tlmi_attrs[] = { 1070 &attr_displ_name.attr, 1071 &attr_current_val.attr, 1072 &attr_possible_values.attr, 1073 &attr_type.attr, 1074 NULL 1075 }; 1076 1077 static const struct attribute_group tlmi_attr_group = { 1078 .is_visible = attr_is_visible, 1079 .attrs = tlmi_attrs, 1080 }; 1081 1082 static ssize_t tlmi_attr_show(struct kobject *kobj, struct attribute *attr, 1083 char *buf) 1084 { 1085 struct kobj_attribute *kattr; 1086 1087 kattr = container_of(attr, struct kobj_attribute, attr); 1088 if (kattr->show) 1089 return kattr->show(kobj, kattr, buf); 1090 return -EIO; 1091 } 1092 1093 static ssize_t tlmi_attr_store(struct kobject *kobj, struct attribute *attr, 1094 const char *buf, size_t count) 1095 { 1096 struct kobj_attribute *kattr; 1097 1098 kattr = container_of(attr, struct kobj_attribute, attr); 1099 if (kattr->store) 1100 return kattr->store(kobj, kattr, buf, count); 1101 return -EIO; 1102 } 1103 1104 static const struct sysfs_ops tlmi_kobj_sysfs_ops = { 1105 .show = tlmi_attr_show, 1106 .store = tlmi_attr_store, 1107 }; 1108 1109 static void tlmi_attr_setting_release(struct kobject *kobj) 1110 { 1111 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj); 1112 1113 kfree(setting->possible_values); 1114 kfree(setting); 1115 } 1116 1117 static void tlmi_pwd_setting_release(struct kobject *kobj) 1118 { 1119 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj); 1120 1121 kfree(setting); 1122 } 1123 1124 static const struct kobj_type tlmi_attr_setting_ktype = { 1125 .release = &tlmi_attr_setting_release, 1126 .sysfs_ops = &tlmi_kobj_sysfs_ops, 1127 }; 1128 1129 static const struct kobj_type tlmi_pwd_setting_ktype = { 1130 .release = &tlmi_pwd_setting_release, 1131 .sysfs_ops = &tlmi_kobj_sysfs_ops, 1132 }; 1133 1134 static ssize_t pending_reboot_show(struct kobject *kobj, struct kobj_attribute *attr, 1135 char *buf) 1136 { 1137 return sprintf(buf, "%d\n", tlmi_priv.pending_changes); 1138 } 1139 1140 static struct kobj_attribute pending_reboot = __ATTR_RO(pending_reboot); 1141 1142 /* ---- Debug interface--------------------------------------------------------- */ 1143 static ssize_t debug_cmd_store(struct kobject *kobj, struct kobj_attribute *attr, 1144 const char *buf, size_t count) 1145 { 1146 char *set_str = NULL, *new_setting = NULL; 1147 char *auth_str = NULL; 1148 int ret; 1149 1150 if (!tlmi_priv.can_debug_cmd) 1151 return -EOPNOTSUPP; 1152 1153 new_setting = kstrdup(buf, GFP_KERNEL); 1154 if (!new_setting) 1155 return -ENOMEM; 1156 1157 /* Strip out CR if one is present */ 1158 strip_cr(new_setting); 1159 1160 if (tlmi_priv.pwd_admin->valid && tlmi_priv.pwd_admin->password[0]) { 1161 auth_str = kasprintf(GFP_KERNEL, "%s,%s,%s;", 1162 tlmi_priv.pwd_admin->password, 1163 encoding_options[tlmi_priv.pwd_admin->encoding], 1164 tlmi_priv.pwd_admin->kbdlang); 1165 if (!auth_str) { 1166 ret = -ENOMEM; 1167 goto out; 1168 } 1169 } 1170 1171 if (auth_str) 1172 set_str = kasprintf(GFP_KERNEL, "%s,%s", new_setting, auth_str); 1173 else 1174 set_str = kasprintf(GFP_KERNEL, "%s;", new_setting); 1175 if (!set_str) { 1176 ret = -ENOMEM; 1177 goto out; 1178 } 1179 1180 ret = tlmi_simple_call(LENOVO_DEBUG_CMD_GUID, set_str); 1181 if (ret) 1182 goto out; 1183 1184 if (!ret && !tlmi_priv.pending_changes) { 1185 tlmi_priv.pending_changes = true; 1186 /* let userland know it may need to check reboot pending again */ 1187 kobject_uevent(&tlmi_priv.class_dev->kobj, KOBJ_CHANGE); 1188 } 1189 out: 1190 kfree(auth_str); 1191 kfree(set_str); 1192 kfree(new_setting); 1193 return ret ?: count; 1194 } 1195 1196 static struct kobj_attribute debug_cmd = __ATTR_WO(debug_cmd); 1197 1198 /* ---- Initialisation --------------------------------------------------------- */ 1199 static void tlmi_release_attr(void) 1200 { 1201 int i; 1202 1203 /* Attribute structures */ 1204 for (i = 0; i < TLMI_SETTINGS_COUNT; i++) { 1205 if (tlmi_priv.setting[i]) { 1206 sysfs_remove_group(&tlmi_priv.setting[i]->kobj, &tlmi_attr_group); 1207 kobject_put(&tlmi_priv.setting[i]->kobj); 1208 } 1209 } 1210 sysfs_remove_file(&tlmi_priv.attribute_kset->kobj, &pending_reboot.attr); 1211 if (tlmi_priv.can_debug_cmd && debug_support) 1212 sysfs_remove_file(&tlmi_priv.attribute_kset->kobj, &debug_cmd.attr); 1213 1214 kset_unregister(tlmi_priv.attribute_kset); 1215 1216 /* Free up any saved signatures */ 1217 kfree(tlmi_priv.pwd_admin->signature); 1218 kfree(tlmi_priv.pwd_admin->save_signature); 1219 1220 /* Authentication structures */ 1221 sysfs_remove_group(&tlmi_priv.pwd_admin->kobj, &auth_attr_group); 1222 kobject_put(&tlmi_priv.pwd_admin->kobj); 1223 sysfs_remove_group(&tlmi_priv.pwd_power->kobj, &auth_attr_group); 1224 kobject_put(&tlmi_priv.pwd_power->kobj); 1225 1226 if (tlmi_priv.opcode_support) { 1227 sysfs_remove_group(&tlmi_priv.pwd_system->kobj, &auth_attr_group); 1228 kobject_put(&tlmi_priv.pwd_system->kobj); 1229 sysfs_remove_group(&tlmi_priv.pwd_hdd->kobj, &auth_attr_group); 1230 kobject_put(&tlmi_priv.pwd_hdd->kobj); 1231 sysfs_remove_group(&tlmi_priv.pwd_nvme->kobj, &auth_attr_group); 1232 kobject_put(&tlmi_priv.pwd_nvme->kobj); 1233 } 1234 1235 kset_unregister(tlmi_priv.authentication_kset); 1236 } 1237 1238 static int tlmi_sysfs_init(void) 1239 { 1240 int i, ret; 1241 1242 ret = fw_attributes_class_get(&fw_attr_class); 1243 if (ret) 1244 return ret; 1245 1246 tlmi_priv.class_dev = device_create(fw_attr_class, NULL, MKDEV(0, 0), 1247 NULL, "%s", "thinklmi"); 1248 if (IS_ERR(tlmi_priv.class_dev)) { 1249 ret = PTR_ERR(tlmi_priv.class_dev); 1250 goto fail_class_created; 1251 } 1252 1253 tlmi_priv.attribute_kset = kset_create_and_add("attributes", NULL, 1254 &tlmi_priv.class_dev->kobj); 1255 if (!tlmi_priv.attribute_kset) { 1256 ret = -ENOMEM; 1257 goto fail_device_created; 1258 } 1259 1260 for (i = 0; i < TLMI_SETTINGS_COUNT; i++) { 1261 /* Check if index is a valid setting - skip if it isn't */ 1262 if (!tlmi_priv.setting[i]) 1263 continue; 1264 1265 /* check for duplicate or reserved values */ 1266 if (kset_find_obj(tlmi_priv.attribute_kset, tlmi_priv.setting[i]->display_name) || 1267 !strcmp(tlmi_priv.setting[i]->display_name, "Reserved")) { 1268 pr_debug("duplicate or reserved attribute name found - %s\n", 1269 tlmi_priv.setting[i]->display_name); 1270 kfree(tlmi_priv.setting[i]->possible_values); 1271 kfree(tlmi_priv.setting[i]); 1272 tlmi_priv.setting[i] = NULL; 1273 continue; 1274 } 1275 1276 /* Build attribute */ 1277 tlmi_priv.setting[i]->kobj.kset = tlmi_priv.attribute_kset; 1278 ret = kobject_add(&tlmi_priv.setting[i]->kobj, NULL, 1279 "%s", tlmi_priv.setting[i]->display_name); 1280 if (ret) 1281 goto fail_create_attr; 1282 1283 ret = sysfs_create_group(&tlmi_priv.setting[i]->kobj, &tlmi_attr_group); 1284 if (ret) 1285 goto fail_create_attr; 1286 } 1287 1288 ret = sysfs_create_file(&tlmi_priv.attribute_kset->kobj, &pending_reboot.attr); 1289 if (ret) 1290 goto fail_create_attr; 1291 1292 if (tlmi_priv.can_debug_cmd && debug_support) { 1293 ret = sysfs_create_file(&tlmi_priv.attribute_kset->kobj, &debug_cmd.attr); 1294 if (ret) 1295 goto fail_create_attr; 1296 } 1297 1298 /* Create authentication entries */ 1299 tlmi_priv.authentication_kset = kset_create_and_add("authentication", NULL, 1300 &tlmi_priv.class_dev->kobj); 1301 if (!tlmi_priv.authentication_kset) { 1302 ret = -ENOMEM; 1303 goto fail_create_attr; 1304 } 1305 tlmi_priv.pwd_admin->kobj.kset = tlmi_priv.authentication_kset; 1306 ret = kobject_add(&tlmi_priv.pwd_admin->kobj, NULL, "%s", "Admin"); 1307 if (ret) 1308 goto fail_create_attr; 1309 1310 ret = sysfs_create_group(&tlmi_priv.pwd_admin->kobj, &auth_attr_group); 1311 if (ret) 1312 goto fail_create_attr; 1313 1314 tlmi_priv.pwd_power->kobj.kset = tlmi_priv.authentication_kset; 1315 ret = kobject_add(&tlmi_priv.pwd_power->kobj, NULL, "%s", "Power-on"); 1316 if (ret) 1317 goto fail_create_attr; 1318 1319 ret = sysfs_create_group(&tlmi_priv.pwd_power->kobj, &auth_attr_group); 1320 if (ret) 1321 goto fail_create_attr; 1322 1323 if (tlmi_priv.opcode_support) { 1324 tlmi_priv.pwd_system->kobj.kset = tlmi_priv.authentication_kset; 1325 ret = kobject_add(&tlmi_priv.pwd_system->kobj, NULL, "%s", "System"); 1326 if (ret) 1327 goto fail_create_attr; 1328 1329 ret = sysfs_create_group(&tlmi_priv.pwd_system->kobj, &auth_attr_group); 1330 if (ret) 1331 goto fail_create_attr; 1332 1333 tlmi_priv.pwd_hdd->kobj.kset = tlmi_priv.authentication_kset; 1334 ret = kobject_add(&tlmi_priv.pwd_hdd->kobj, NULL, "%s", "HDD"); 1335 if (ret) 1336 goto fail_create_attr; 1337 1338 ret = sysfs_create_group(&tlmi_priv.pwd_hdd->kobj, &auth_attr_group); 1339 if (ret) 1340 goto fail_create_attr; 1341 1342 tlmi_priv.pwd_nvme->kobj.kset = tlmi_priv.authentication_kset; 1343 ret = kobject_add(&tlmi_priv.pwd_nvme->kobj, NULL, "%s", "NVMe"); 1344 if (ret) 1345 goto fail_create_attr; 1346 1347 ret = sysfs_create_group(&tlmi_priv.pwd_nvme->kobj, &auth_attr_group); 1348 if (ret) 1349 goto fail_create_attr; 1350 } 1351 1352 return ret; 1353 1354 fail_create_attr: 1355 tlmi_release_attr(); 1356 fail_device_created: 1357 device_destroy(fw_attr_class, MKDEV(0, 0)); 1358 fail_class_created: 1359 fw_attributes_class_put(); 1360 return ret; 1361 } 1362 1363 /* ---- Base Driver -------------------------------------------------------- */ 1364 static struct tlmi_pwd_setting *tlmi_create_auth(const char *pwd_type, 1365 const char *pwd_role) 1366 { 1367 struct tlmi_pwd_setting *new_pwd; 1368 1369 new_pwd = kzalloc(sizeof(struct tlmi_pwd_setting), GFP_KERNEL); 1370 if (!new_pwd) 1371 return NULL; 1372 1373 strscpy(new_pwd->kbdlang, "us", TLMI_LANG_MAXLEN); 1374 new_pwd->encoding = TLMI_ENCODING_ASCII; 1375 new_pwd->pwd_type = pwd_type; 1376 new_pwd->role = pwd_role; 1377 new_pwd->minlen = tlmi_priv.pwdcfg.core.min_length; 1378 new_pwd->maxlen = tlmi_priv.pwdcfg.core.max_length; 1379 new_pwd->index = 0; 1380 1381 kobject_init(&new_pwd->kobj, &tlmi_pwd_setting_ktype); 1382 1383 return new_pwd; 1384 } 1385 1386 static int tlmi_analyze(void) 1387 { 1388 acpi_status status; 1389 int i, ret; 1390 1391 if (wmi_has_guid(LENOVO_SET_BIOS_SETTINGS_GUID) && 1392 wmi_has_guid(LENOVO_SAVE_BIOS_SETTINGS_GUID)) 1393 tlmi_priv.can_set_bios_settings = true; 1394 1395 if (wmi_has_guid(LENOVO_GET_BIOS_SELECTIONS_GUID)) 1396 tlmi_priv.can_get_bios_selections = true; 1397 1398 if (wmi_has_guid(LENOVO_SET_BIOS_PASSWORD_GUID)) 1399 tlmi_priv.can_set_bios_password = true; 1400 1401 if (wmi_has_guid(LENOVO_BIOS_PASSWORD_SETTINGS_GUID)) 1402 tlmi_priv.can_get_password_settings = true; 1403 1404 if (wmi_has_guid(LENOVO_DEBUG_CMD_GUID)) 1405 tlmi_priv.can_debug_cmd = true; 1406 1407 if (wmi_has_guid(LENOVO_OPCODE_IF_GUID)) 1408 tlmi_priv.opcode_support = true; 1409 1410 if (wmi_has_guid(LENOVO_SET_BIOS_CERT_GUID) && 1411 wmi_has_guid(LENOVO_SET_BIOS_SETTING_CERT_GUID) && 1412 wmi_has_guid(LENOVO_SAVE_BIOS_SETTING_CERT_GUID)) 1413 tlmi_priv.certificate_support = true; 1414 1415 /* 1416 * Try to find the number of valid settings of this machine 1417 * and use it to create sysfs attributes. 1418 */ 1419 for (i = 0; i < TLMI_SETTINGS_COUNT; ++i) { 1420 struct tlmi_attr_setting *setting; 1421 char *item = NULL; 1422 char *p; 1423 1424 tlmi_priv.setting[i] = NULL; 1425 status = tlmi_setting(i, &item, LENOVO_BIOS_SETTING_GUID); 1426 if (ACPI_FAILURE(status)) 1427 break; 1428 if (!item) 1429 break; 1430 if (!*item) { 1431 kfree(item); 1432 continue; 1433 } 1434 1435 /* It is not allowed to have '/' for file name. Convert it into '\'. */ 1436 strreplace(item, '/', '\\'); 1437 1438 /* Remove the value part */ 1439 p = strchrnul(item, ','); 1440 *p = '\0'; 1441 1442 /* Create a setting entry */ 1443 setting = kzalloc(sizeof(*setting), GFP_KERNEL); 1444 if (!setting) { 1445 ret = -ENOMEM; 1446 kfree(item); 1447 goto fail_clear_attr; 1448 } 1449 setting->index = i; 1450 strscpy(setting->display_name, item, TLMI_SETTINGS_MAXLEN); 1451 /* If BIOS selections supported, load those */ 1452 if (tlmi_priv.can_get_bios_selections) { 1453 ret = tlmi_get_bios_selections(setting->display_name, 1454 &setting->possible_values); 1455 if (ret || !setting->possible_values) 1456 pr_info("Error retrieving possible values for %d : %s\n", 1457 i, setting->display_name); 1458 } else { 1459 /* 1460 * Older Thinkstations don't support the bios_selections API. 1461 * Instead they store this as a [Optional:Option1,Option2] section of the 1462 * name string. 1463 * Try and pull that out if it's available. 1464 */ 1465 char *optitem, *optstart, *optend; 1466 1467 if (!tlmi_setting(setting->index, &optitem, LENOVO_BIOS_SETTING_GUID)) { 1468 optstart = strstr(optitem, "[Optional:"); 1469 if (optstart) { 1470 optstart += strlen("[Optional:"); 1471 optend = strstr(optstart, "]"); 1472 if (optend) 1473 setting->possible_values = 1474 kstrndup(optstart, optend - optstart, 1475 GFP_KERNEL); 1476 } 1477 kfree(optitem); 1478 } 1479 } 1480 /* 1481 * firmware-attributes requires that possible_values are separated by ';' but 1482 * Lenovo FW uses ','. Replace appropriately. 1483 */ 1484 if (setting->possible_values) 1485 strreplace(setting->possible_values, ',', ';'); 1486 1487 kobject_init(&setting->kobj, &tlmi_attr_setting_ktype); 1488 tlmi_priv.setting[i] = setting; 1489 kfree(item); 1490 } 1491 1492 /* Create password setting structure */ 1493 ret = tlmi_get_pwd_settings(&tlmi_priv.pwdcfg); 1494 if (ret) 1495 goto fail_clear_attr; 1496 1497 /* All failures below boil down to kmalloc failures */ 1498 ret = -ENOMEM; 1499 1500 tlmi_priv.pwd_admin = tlmi_create_auth("pap", "bios-admin"); 1501 if (!tlmi_priv.pwd_admin) 1502 goto fail_clear_attr; 1503 1504 if (tlmi_priv.pwdcfg.core.password_state & TLMI_PAP_PWD) 1505 tlmi_priv.pwd_admin->valid = true; 1506 1507 tlmi_priv.pwd_power = tlmi_create_auth("pop", "power-on"); 1508 if (!tlmi_priv.pwd_power) 1509 goto fail_clear_attr; 1510 1511 if (tlmi_priv.pwdcfg.core.password_state & TLMI_POP_PWD) 1512 tlmi_priv.pwd_power->valid = true; 1513 1514 if (tlmi_priv.opcode_support) { 1515 tlmi_priv.pwd_system = tlmi_create_auth("sys", "system"); 1516 if (!tlmi_priv.pwd_system) 1517 goto fail_clear_attr; 1518 1519 if (tlmi_priv.pwdcfg.core.password_state & TLMI_SYS_PWD) 1520 tlmi_priv.pwd_system->valid = true; 1521 1522 tlmi_priv.pwd_hdd = tlmi_create_auth("hdd", "hdd"); 1523 if (!tlmi_priv.pwd_hdd) 1524 goto fail_clear_attr; 1525 1526 tlmi_priv.pwd_nvme = tlmi_create_auth("nvm", "nvme"); 1527 if (!tlmi_priv.pwd_nvme) 1528 goto fail_clear_attr; 1529 1530 if (tlmi_priv.pwdcfg.core.password_state & TLMI_HDD_PWD) { 1531 /* Check if PWD is configured and set index to first drive found */ 1532 if (tlmi_priv.pwdcfg.ext.hdd_user_password || 1533 tlmi_priv.pwdcfg.ext.hdd_master_password) { 1534 tlmi_priv.pwd_hdd->valid = true; 1535 if (tlmi_priv.pwdcfg.ext.hdd_master_password) 1536 tlmi_priv.pwd_hdd->index = 1537 ffs(tlmi_priv.pwdcfg.ext.hdd_master_password) - 1; 1538 else 1539 tlmi_priv.pwd_hdd->index = 1540 ffs(tlmi_priv.pwdcfg.ext.hdd_user_password) - 1; 1541 } 1542 if (tlmi_priv.pwdcfg.ext.nvme_user_password || 1543 tlmi_priv.pwdcfg.ext.nvme_master_password) { 1544 tlmi_priv.pwd_nvme->valid = true; 1545 if (tlmi_priv.pwdcfg.ext.nvme_master_password) 1546 tlmi_priv.pwd_nvme->index = 1547 ffs(tlmi_priv.pwdcfg.ext.nvme_master_password) - 1; 1548 else 1549 tlmi_priv.pwd_nvme->index = 1550 ffs(tlmi_priv.pwdcfg.ext.nvme_user_password) - 1; 1551 } 1552 } 1553 } 1554 1555 if (tlmi_priv.certificate_support && 1556 (tlmi_priv.pwdcfg.core.password_state & TLMI_CERT)) 1557 tlmi_priv.pwd_admin->cert_installed = true; 1558 1559 return 0; 1560 1561 fail_clear_attr: 1562 for (i = 0; i < TLMI_SETTINGS_COUNT; ++i) { 1563 if (tlmi_priv.setting[i]) { 1564 kfree(tlmi_priv.setting[i]->possible_values); 1565 kfree(tlmi_priv.setting[i]); 1566 } 1567 } 1568 kfree(tlmi_priv.pwd_admin); 1569 kfree(tlmi_priv.pwd_power); 1570 kfree(tlmi_priv.pwd_system); 1571 kfree(tlmi_priv.pwd_hdd); 1572 kfree(tlmi_priv.pwd_nvme); 1573 return ret; 1574 } 1575 1576 static void tlmi_remove(struct wmi_device *wdev) 1577 { 1578 tlmi_release_attr(); 1579 device_destroy(fw_attr_class, MKDEV(0, 0)); 1580 fw_attributes_class_put(); 1581 } 1582 1583 static int tlmi_probe(struct wmi_device *wdev, const void *context) 1584 { 1585 int ret; 1586 1587 ret = tlmi_analyze(); 1588 if (ret) 1589 return ret; 1590 1591 return tlmi_sysfs_init(); 1592 } 1593 1594 static const struct wmi_device_id tlmi_id_table[] = { 1595 { .guid_string = LENOVO_BIOS_SETTING_GUID }, 1596 { } 1597 }; 1598 MODULE_DEVICE_TABLE(wmi, tlmi_id_table); 1599 1600 static struct wmi_driver tlmi_driver = { 1601 .driver = { 1602 .name = "think-lmi", 1603 }, 1604 .id_table = tlmi_id_table, 1605 .probe = tlmi_probe, 1606 .remove = tlmi_remove, 1607 }; 1608 1609 MODULE_AUTHOR("Sugumaran L <slacshiminar@lenovo.com>"); 1610 MODULE_AUTHOR("Mark Pearson <markpearson@lenovo.com>"); 1611 MODULE_AUTHOR("Corentin Chary <corentin.chary@gmail.com>"); 1612 MODULE_DESCRIPTION("ThinkLMI Driver"); 1613 MODULE_LICENSE("GPL"); 1614 1615 module_wmi_driver(tlmi_driver); 1616