passwdobj-attributes.c source code [linux/drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c]

1	// SPDX-License-Identifier: GPL-2.0
2	/*
3	* Functions corresponding to password object type attributes under
4	* BIOS PASSWORD for use with hp-bioscfg driver.
5	*
6	* Copyright (c) 2022 HP Development Company, L.P.
7	*/
8
9	#include "bioscfg.h"
10
11	GET_INSTANCE_ID(password);
12	/*
13	* Clear all passwords copied to memory for a particular
14	* authentication instance
15	*/
16	static int clear_passwords(const int instance)
17	{
18	struct password_data *password_data = &bioscfg_drv.password_data[instance];
19
20	if (!password_data->is_enabled)
21	return `0`;
22
23	memset(password_data->current_password,
24	`0`, sizeof(password_data->current_password));
25	memset(password_data->new_password,
26	`0`, sizeof(password_data->new_password));
27
28	return `0`;
29	}
30
31	/*
32	* Clear all credentials copied to memory for both Power-ON and Setup
33	* BIOS instances
34	*/
35	int hp_clear_all_credentials(void)
36	{
37	int count = bioscfg_drv.password_instances_count;
38	int instance;
39
40	/ clear all passwords /
41	for (instance = `0`; instance < count; instance++)
42	clear_passwords(instance);
43
44	/ clear auth_token /
45	kfree(objp: bioscfg_drv.spm_data.auth_token);
46	bioscfg_drv.spm_data.auth_token = NULL;
47
48	return `0`;
49	}
50
51	int hp_get_password_instance_for_type(const char *name)
52	{
53	int count = bioscfg_drv.password_instances_count;
54	int instance;
55
56	for (instance = `0`; instance < count; instance++)
57	if (!strcmp(bioscfg_drv.password_data[instance].common.display_name, name))
58	return instance;
59
60	return -EINVAL;
61	}
62
63	static int validate_password_input(int instance_id, const char *buf)
64	{
65	int length;
66	struct password_data *password_data = &bioscfg_drv.password_data[instance_id];
67
68	length = strlen(buf);
69	if (buf[length - `1`] == `'\n'`)
70	length--;
71
72	if (length > MAX_PASSWD_SIZE)
73	return INVALID_BIOS_AUTH;
74
75	if (password_data->min_password_length > length \|\|
76	password_data->max_password_length < length)
77	return INVALID_BIOS_AUTH;
78	return SUCCESS;
79	}
80
81	ATTRIBUTE_N_PROPERTY_SHOW(is_enabled, password);
82	static struct kobj_attribute password_is_password_set = __ATTR_RO(is_enabled);
83
84	static int store_password_instance(struct kobject kobj, const* char *buf,
85	size_t count, bool is_current)
86	{
87	char *buf_cp;
88	int id, ret = `0`;
89
90	buf_cp = kstrdup(s: buf, GFP_KERNEL);
91	if (!buf_cp)
92	return -ENOMEM;
93
94	ret = hp_enforce_single_line_input(buf: buf_cp, count);
95	if (!ret) {
96	id = get_password_instance_id(kobj);
97
98	if (id >= `0`)
99	ret = validate_password_input(instance_id: id, buf: buf_cp);
100	}
101
102	if (!ret) {
103	if (is_current)
104	strscpy(bioscfg_drv.password_data[id].current_password,
105	buf_cp,
106	sizeof(bioscfg_drv.password_data[id].current_password));
107	else
108	strscpy(bioscfg_drv.password_data[id].new_password,
109	buf_cp,
110	sizeof(bioscfg_drv.password_data[id].new_password));
111	}
112
113	kfree(objp: buf_cp);
114	return ret < `0` ? ret : count;
115	}
116
117	static ssize_t current_password_store(struct kobject *kobj,
118	struct kobj_attribute *attr,
119	const char *buf, size_t count)
120	{
121	return store_password_instance(kobj, buf, count, is_current: true);
122	}
123
124	static struct kobj_attribute password_current_password = __ATTR_WO(current_password);
125
126	static ssize_t new_password_store(struct kobject *kobj,
127	struct kobj_attribute *attr,
128	const char *buf, size_t count)
129	{
130	return store_password_instance(kobj, buf, count, is_current: true);
131	}
132
133	static struct kobj_attribute password_new_password = __ATTR_WO(new_password);
134
135	ATTRIBUTE_N_PROPERTY_SHOW(min_password_length, password);
136	static struct kobj_attribute password_min_password_length = __ATTR_RO(min_password_length);
137
138	ATTRIBUTE_N_PROPERTY_SHOW(max_password_length, password);
139	static struct kobj_attribute password_max_password_length = __ATTR_RO(max_password_length);
140
141	static ssize_t role_show(struct kobject kobj, struct* kobj_attribute attr, char* *buf)
142	{
143	if (!strcmp(kobj->name, SETUP_PASSWD))
144	return sysfs_emit(buf, fmt: "%s\n", BIOS_ADMIN);
145
146	if (!strcmp(kobj->name, POWER_ON_PASSWD))
147	return sysfs_emit(buf, fmt: "%s\n", POWER_ON);
148
149	return -EIO;
150	}
151
152	static struct kobj_attribute password_role = __ATTR_RO(role);
153
154	static ssize_t mechanism_show(struct kobject kobj, struct* kobj_attribute *attr,
155	char *buf)
156	{
157	int i = get_password_instance_id(kobj);
158
159	if (i < `0`)
160	return i;
161
162	if (bioscfg_drv.password_data[i].mechanism != PASSWORD)
163	return -EINVAL;
164
165	return sysfs_emit(buf, fmt: "%s\n", PASSWD_MECHANISM_TYPES);
166	}
167
168	static struct kobj_attribute password_mechanism = __ATTR_RO(mechanism);
169
170	ATTRIBUTE_VALUES_PROPERTY_SHOW(encodings, password, SEMICOLON_SEP);
171	static struct kobj_attribute password_encodings_val = __ATTR_RO(encodings);
172
173	static struct attribute *password_attrs[] = {
174	&password_is_password_set.attr,
175	&password_min_password_length.attr,
176	&password_max_password_length.attr,
177	&password_current_password.attr,
178	&password_new_password.attr,
179	&password_role.attr,
180	&password_mechanism.attr,
181	&password_encodings_val.attr,
182	NULL
183	};
184
185	static const struct attribute_group password_attr_group = {
186	.attrs = password_attrs
187	};
188
189	int hp_alloc_password_data(void)
190	{
191	bioscfg_drv.password_instances_count = hp_get_instance_count(HP_WMI_BIOS_PASSWORD_GUID);
192	bioscfg_drv.password_data = kcalloc(n: bioscfg_drv.password_instances_count,
193	size: sizeof(*bioscfg_drv.password_data), GFP_KERNEL);
194	if (!bioscfg_drv.password_data) {
195	bioscfg_drv.password_instances_count = `0`;
196	return -ENOMEM;
197	}
198
199	return `0`;
200	}
201
202	/ Expected Values types associated with each element /
203	static const acpi_object_type expected_password_types[] = {
204	[NAME] = ACPI_TYPE_STRING,
205	[VALUE] = ACPI_TYPE_STRING,
206	[PATH] = ACPI_TYPE_STRING,
207	[IS_READONLY] = ACPI_TYPE_INTEGER,
208	[DISPLAY_IN_UI] = ACPI_TYPE_INTEGER,
209	[REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER,
210	[SEQUENCE] = ACPI_TYPE_INTEGER,
211	[PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER,
212	[PREREQUISITES] = ACPI_TYPE_STRING,
213	[SECURITY_LEVEL] = ACPI_TYPE_INTEGER,
214	[PSWD_MIN_LENGTH] = ACPI_TYPE_INTEGER,
215	[PSWD_MAX_LENGTH] = ACPI_TYPE_INTEGER,
216	[PSWD_SIZE] = ACPI_TYPE_INTEGER,
217	[PSWD_ENCODINGS] = ACPI_TYPE_STRING,
218	[PSWD_IS_SET] = ACPI_TYPE_INTEGER,
219	};
220
221	static int hp_populate_password_elements_from_package(union acpi_object *password_obj,
222	int password_obj_count,
223	int instance_id)
224	{
225	char *str_value = NULL;
226	int value_len;
227	int ret;
228	u32 size;
229	u32 int_value = `0`;
230	int elem;
231	int reqs;
232	int eloc;
233	int pos_values;
234	struct password_data *password_data = &bioscfg_drv.password_data[instance_id];
235
236	if (!password_obj)
237	return -EINVAL;
238
239	for (elem = `1`, eloc = `1`; elem < password_obj_count; elem++, eloc++) {
240	/ ONLY look at the first PASSWORD_ELEM_CNT elements /
241	if (eloc == PSWD_ELEM_CNT)
242	goto exit_package;
243
244	switch (password_obj[elem].type) {
245	case ACPI_TYPE_STRING:
246	if (PREREQUISITES != elem && PSWD_ENCODINGS != elem) {
247	ret = hp_convert_hexstr_to_str(input: password_obj[elem].string.pointer,
248	input_len: password_obj[elem].string.length,
249	str: &str_value, len: &value_len);
250	if (ret)
251	continue;
252	}
253	break;
254	case ACPI_TYPE_INTEGER:
255	int_value = (u32)password_obj[elem].integer.value;
256	break;
257	default:
258	pr_warn("Unsupported object type [%d]\n", password_obj[elem].type);
259	continue;
260	}
261
262	/ Check that both expected and read object type match /
263	if (expected_password_types[eloc] != password_obj[elem].type) {
264	pr_err("Error expected type %d for elem %d, but got type %d instead\n",
265	expected_password_types[eloc], elem, password_obj[elem].type);
266	kfree(objp: str_value);
267	return -EIO;
268	}
269
270	/ Assign appropriate element value to corresponding field/
271	switch (eloc) {
272	case VALUE:
273	break;
274	case PATH:
275	strscpy(password_data->common.path, str_value,
276	sizeof(password_data->common.path));
277	break;
278	case IS_READONLY:
279	password_data->common.is_readonly = int_value;
280	break;
281	case DISPLAY_IN_UI:
282	password_data->common.display_in_ui = int_value;
283	break;
284	case REQUIRES_PHYSICAL_PRESENCE:
285	password_data->common.requires_physical_presence = int_value;
286	break;
287	case SEQUENCE:
288	password_data->common.sequence = int_value;
289	break;
290	case PREREQUISITES_SIZE:
291	if (int_value > MAX_PREREQUISITES_SIZE) {
292	pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
293	int_value = MAX_PREREQUISITES_SIZE;
294	}
295	password_data->common.prerequisites_size = int_value;
296
297	/ This step is needed to keep the expected*
298	* element list pointing to the right obj[elem].type
299	* when the size is zero. PREREQUISITES
300	* object is omitted by BIOS when the size is
301	* zero.
302	*/
303	if (int_value == `0`)
304	eloc++;
305	break;
306	case PREREQUISITES:
307	size = min_t(u32, password_data->common.prerequisites_size,
308	MAX_PREREQUISITES_SIZE);
309
310	for (reqs = `0`; reqs < size; reqs++) {
311	ret = hp_convert_hexstr_to_str(input: password_obj[elem + reqs].string.pointer,
312	input_len: password_obj[elem + reqs].string.length,
313	str: &str_value, len: &value_len);
314
315	if (ret)
316	break;
317
318	strscpy(password_data->common.prerequisites[reqs],
319	str_value,
320	sizeof(password_data->common.prerequisites[reqs]));
321
322	kfree(objp: str_value);
323	str_value = NULL;
324
325	}
326	break;
327	case SECURITY_LEVEL:
328	password_data->common.security_level = int_value;
329	break;
330	case PSWD_MIN_LENGTH:
331	password_data->min_password_length = int_value;
332	break;
333	case PSWD_MAX_LENGTH:
334	password_data->max_password_length = int_value;
335	break;
336	case PSWD_SIZE:
337
338	if (int_value > MAX_ENCODINGS_SIZE) {
339	pr_warn("Password Encoding size value exceeded the maximum number of elements supported or data may be malformed\n");
340	int_value = MAX_ENCODINGS_SIZE;
341	}
342	password_data->encodings_size = int_value;
343
344	/ This step is needed to keep the expected*
345	* element list pointing to the right obj[elem].type
346	* when the size is zero. PSWD_ENCODINGS
347	* object is omitted by BIOS when the size is
348	* zero.
349	*/
350	if (int_value == `0`)
351	eloc++;
352	break;
353	case PSWD_ENCODINGS:
354	size = min_t(u32, password_data->encodings_size, MAX_ENCODINGS_SIZE);
355	for (pos_values = `0`; pos_values < size; pos_values++) {
356	ret = hp_convert_hexstr_to_str(input: password_obj[elem + pos_values].string.pointer,
357	input_len: password_obj[elem + pos_values].string.length,
358	str: &str_value, len: &value_len);
359	if (ret)
360	break;
361
362	strscpy(password_data->encodings[pos_values],
363	str_value,
364	sizeof(password_data->encodings[pos_values]));
365	kfree(objp: str_value);
366	str_value = NULL;
367
368	}
369	break;
370	case PSWD_IS_SET:
371	password_data->is_enabled = int_value;
372	break;
373	default:
374	pr_warn("Invalid element: %d found in Password attribute or data may be malformed\n", elem);
375	break;
376	}
377
378	kfree(objp: str_value);
379	str_value = NULL;
380	}
381
382	exit_package:
383	kfree(objp: str_value);
384	return `0`;
385	}
386
387	/**
388	* hp_populate_password_package_data()
389	* Populate all properties for an instance under password attribute
390	*
391	* @password_obj: ACPI object with password data
392	* @instance_id: The instance to enumerate
393	* @attr_name_kobj: The parent kernel object
394	*/
395	int hp_populate_password_package_data(union acpi_object password_obj, int* instance_id,
396	struct kobject *attr_name_kobj)
397	{
398	struct password_data *password_data = &bioscfg_drv.password_data[instance_id];
399
400	password_data->attr_name_kobj = attr_name_kobj;
401
402	hp_populate_password_elements_from_package(password_obj,
403	password_obj_count: password_obj->package.count,
404	instance_id);
405
406	hp_friendly_user_name_update(path: password_data->common.path,
407	attr_name: attr_name_kobj->name,
408	attr_display: password_data->common.display_name,
409	attr_size: sizeof(password_data->common.display_name));
410
411	if (!strcmp(attr_name_kobj->name, SETUP_PASSWD))
412	return sysfs_create_group(kobj: attr_name_kobj, grp: &password_attr_group);
413
414	return sysfs_create_group(kobj: attr_name_kobj, grp: &password_attr_group);
415	}
416
417	static int hp_populate_password_elements_from_buffer(u8 buffer_ptr, u32 buffer_size,
418	int instance_id)
419	{
420	int values;
421	int isreadonly;
422	struct password_data *password_data = &bioscfg_drv.password_data[instance_id];
423	int ret = `0`;
424
425	/*
426	* Only data relevant to this driver and its functionality is
427	* read. BIOS defines the order in which each * element is
428	* read. Element 0 data is not relevant to this
429	* driver hence it is ignored. For clarity, all element names
430	* (DISPLAY_IN_UI) which defines the order in which is read
431	* and the name matches the variable where the data is stored.
432	*
433	* In earlier implementation, reported errors were ignored
434	* causing the data to remain uninitialized. It is not
435	* possible to determine if data read from BIOS is valid or
436	* not. It is for this reason functions may return a error
437	* without validating the data itself.
438	*/
439
440	// VALUE:
441	ret = hp_get_string_from_buffer(buffer: &buffer_ptr, buffer_size, dst: password_data->current_password,
442	dst_size: sizeof(password_data->current_password));
443	if (ret < `0`)
444	goto buffer_exit;
445
446	// COMMON:
447	ret = hp_get_common_data_from_buffer(buffer_ptr: &buffer_ptr, buffer_size,
448	common: &password_data->common);
449	if (ret < `0`)
450	goto buffer_exit;
451
452	// PSWD_MIN_LENGTH:
453	ret = hp_get_integer_from_buffer(buffer: &buffer_ptr, buffer_size,
454	integer: &password_data->min_password_length);
455	if (ret < `0`)
456	goto buffer_exit;
457
458	// PSWD_MAX_LENGTH:
459	ret = hp_get_integer_from_buffer(buffer: &buffer_ptr, buffer_size,
460	integer: &password_data->max_password_length);
461	if (ret < `0`)
462	goto buffer_exit;
463
464	// PSWD_SIZE:
465	ret = hp_get_integer_from_buffer(buffer: &buffer_ptr, buffer_size,
466	integer: &password_data->encodings_size);
467	if (ret < `0`)
468	goto buffer_exit;
469
470	if (password_data->encodings_size > MAX_ENCODINGS_SIZE) {
471	/ Report a message and limit possible values size to maximum value /
472	pr_warn("Password Encoding size value exceeded the maximum number of elements supported or data may be malformed\n");
473	password_data->encodings_size = MAX_ENCODINGS_SIZE;
474	}
475
476	// PSWD_ENCODINGS:
477	for (values = `0`; values < password_data->encodings_size; values++) {
478	ret = hp_get_string_from_buffer(buffer: &buffer_ptr, buffer_size,
479	dst: password_data->encodings[values],
480	dst_size: sizeof(password_data->encodings[values]));
481	if (ret < `0`)
482	break;
483	}
484
485	// PSWD_IS_SET:
486	ret = hp_get_integer_from_buffer(buffer: &buffer_ptr, buffer_size, integer: &isreadonly);
487	if (ret < `0`)
488	goto buffer_exit;
489
490	password_data->is_enabled = isreadonly ? true : false;
491
492	buffer_exit:
493	return ret;
494	}
495
496	/**
497	* hp_populate_password_buffer_data()
498	* Populate all properties for an instance under password object attribute
499	*
500	* @buffer_ptr: Buffer pointer
501	* @buffer_size: Buffer size
502	* @instance_id: The instance to enumerate
503	* @attr_name_kobj: The parent kernel object
504	*/
505	int hp_populate_password_buffer_data(u8 buffer_ptr, u32 buffer_size, int instance_id,
506	struct kobject *attr_name_kobj)
507	{
508	struct password_data *password_data = &bioscfg_drv.password_data[instance_id];
509	int ret = `0`;
510
511	password_data->attr_name_kobj = attr_name_kobj;
512
513	/ Populate Password attributes /
514	ret = hp_populate_password_elements_from_buffer(buffer_ptr, buffer_size,
515	instance_id);
516	if (ret < `0`)
517	return ret;
518
519	hp_friendly_user_name_update(path: password_data->common.path,
520	attr_name: attr_name_kobj->name,
521	attr_display: password_data->common.display_name,
522	attr_size: sizeof(password_data->common.display_name));
523	if (!strcmp(attr_name_kobj->name, SETUP_PASSWD))
524	return sysfs_create_group(kobj: attr_name_kobj, grp: &password_attr_group);
525
526	return sysfs_create_group(kobj: attr_name_kobj, grp: &password_attr_group);
527	}
528
529	/**
530	* hp_exit_password_attributes() - Clear all attribute data
531	*
532	* Clears all data allocated for this group of attributes
533	*/
534	void hp_exit_password_attributes(void)
535	{
536	int instance_id;
537
538	for (instance_id = `0`; instance_id < bioscfg_drv.password_instances_count;
539	instance_id++) {
540	struct kobject *attr_name_kobj =
541	bioscfg_drv.password_data[instance_id].attr_name_kobj;
542
543	if (attr_name_kobj) {
544	if (!strcmp(attr_name_kobj->name, SETUP_PASSWD))
545	sysfs_remove_group(kobj: attr_name_kobj,
546	grp: &password_attr_group);
547	else
548	sysfs_remove_group(kobj: attr_name_kobj,
549	grp: &password_attr_group);
550	}
551	}
552	bioscfg_drv.password_instances_count = `0`;
553	kfree(objp: bioscfg_drv.password_data);
554	bioscfg_drv.password_data = NULL;
555	}
556

source code of linux/drivers/platform/x86/hp/hp-bioscfg/passwdobj-attributes.c