1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* |
3 | * Functions corresponding to password object type attributes under |
4 | * BIOS PASSWORD for use with hp-bioscfg driver. |
5 | * |
6 | * Copyright (c) 2022 HP Development Company, L.P. |
7 | */ |
8 | |
9 | #include "bioscfg.h" |
10 | |
11 | GET_INSTANCE_ID(password); |
12 | /* |
13 | * Clear all passwords copied to memory for a particular |
14 | * authentication instance |
15 | */ |
16 | static int clear_passwords(const int instance) |
17 | { |
18 | struct password_data *password_data = &bioscfg_drv.password_data[instance]; |
19 | |
20 | if (!password_data->is_enabled) |
21 | return 0; |
22 | |
23 | memset(password_data->current_password, |
24 | 0, sizeof(password_data->current_password)); |
25 | memset(password_data->new_password, |
26 | 0, sizeof(password_data->new_password)); |
27 | |
28 | return 0; |
29 | } |
30 | |
31 | /* |
32 | * Clear all credentials copied to memory for both Power-ON and Setup |
33 | * BIOS instances |
34 | */ |
35 | int hp_clear_all_credentials(void) |
36 | { |
37 | int count = bioscfg_drv.password_instances_count; |
38 | int instance; |
39 | |
40 | /* clear all passwords */ |
41 | for (instance = 0; instance < count; instance++) |
42 | clear_passwords(instance); |
43 | |
44 | /* clear auth_token */ |
45 | kfree(objp: bioscfg_drv.spm_data.auth_token); |
46 | bioscfg_drv.spm_data.auth_token = NULL; |
47 | |
48 | return 0; |
49 | } |
50 | |
51 | int hp_get_password_instance_for_type(const char *name) |
52 | { |
53 | int count = bioscfg_drv.password_instances_count; |
54 | int instance; |
55 | |
56 | for (instance = 0; instance < count; instance++) |
57 | if (!strcmp(bioscfg_drv.password_data[instance].common.display_name, name)) |
58 | return instance; |
59 | |
60 | return -EINVAL; |
61 | } |
62 | |
63 | static int validate_password_input(int instance_id, const char *buf) |
64 | { |
65 | int length; |
66 | struct password_data *password_data = &bioscfg_drv.password_data[instance_id]; |
67 | |
68 | length = strlen(buf); |
69 | if (buf[length - 1] == '\n') |
70 | length--; |
71 | |
72 | if (length > MAX_PASSWD_SIZE) |
73 | return INVALID_BIOS_AUTH; |
74 | |
75 | if (password_data->min_password_length > length || |
76 | password_data->max_password_length < length) |
77 | return INVALID_BIOS_AUTH; |
78 | return SUCCESS; |
79 | } |
80 | |
81 | ATTRIBUTE_N_PROPERTY_SHOW(is_enabled, password); |
82 | static struct kobj_attribute password_is_password_set = __ATTR_RO(is_enabled); |
83 | |
84 | static int store_password_instance(struct kobject *kobj, const char *buf, |
85 | size_t count, bool is_current) |
86 | { |
87 | char *buf_cp; |
88 | int id, ret = 0; |
89 | |
90 | buf_cp = kstrdup(s: buf, GFP_KERNEL); |
91 | if (!buf_cp) |
92 | return -ENOMEM; |
93 | |
94 | ret = hp_enforce_single_line_input(buf: buf_cp, count); |
95 | if (!ret) { |
96 | id = get_password_instance_id(kobj); |
97 | |
98 | if (id >= 0) |
99 | ret = validate_password_input(instance_id: id, buf: buf_cp); |
100 | } |
101 | |
102 | if (!ret) { |
103 | if (is_current) |
104 | strscpy(bioscfg_drv.password_data[id].current_password, |
105 | buf_cp, |
106 | sizeof(bioscfg_drv.password_data[id].current_password)); |
107 | else |
108 | strscpy(bioscfg_drv.password_data[id].new_password, |
109 | buf_cp, |
110 | sizeof(bioscfg_drv.password_data[id].new_password)); |
111 | } |
112 | |
113 | kfree(objp: buf_cp); |
114 | return ret < 0 ? ret : count; |
115 | } |
116 | |
117 | static ssize_t current_password_store(struct kobject *kobj, |
118 | struct kobj_attribute *attr, |
119 | const char *buf, size_t count) |
120 | { |
121 | return store_password_instance(kobj, buf, count, is_current: true); |
122 | } |
123 | |
124 | static struct kobj_attribute password_current_password = __ATTR_WO(current_password); |
125 | |
126 | static ssize_t new_password_store(struct kobject *kobj, |
127 | struct kobj_attribute *attr, |
128 | const char *buf, size_t count) |
129 | { |
130 | return store_password_instance(kobj, buf, count, is_current: true); |
131 | } |
132 | |
133 | static struct kobj_attribute password_new_password = __ATTR_WO(new_password); |
134 | |
135 | ATTRIBUTE_N_PROPERTY_SHOW(min_password_length, password); |
136 | static struct kobj_attribute password_min_password_length = __ATTR_RO(min_password_length); |
137 | |
138 | ATTRIBUTE_N_PROPERTY_SHOW(max_password_length, password); |
139 | static struct kobj_attribute password_max_password_length = __ATTR_RO(max_password_length); |
140 | |
141 | static ssize_t role_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) |
142 | { |
143 | if (!strcmp(kobj->name, SETUP_PASSWD)) |
144 | return sysfs_emit(buf, fmt: "%s\n" , BIOS_ADMIN); |
145 | |
146 | if (!strcmp(kobj->name, POWER_ON_PASSWD)) |
147 | return sysfs_emit(buf, fmt: "%s\n" , POWER_ON); |
148 | |
149 | return -EIO; |
150 | } |
151 | |
152 | static struct kobj_attribute password_role = __ATTR_RO(role); |
153 | |
154 | static ssize_t mechanism_show(struct kobject *kobj, struct kobj_attribute *attr, |
155 | char *buf) |
156 | { |
157 | int i = get_password_instance_id(kobj); |
158 | |
159 | if (i < 0) |
160 | return i; |
161 | |
162 | if (bioscfg_drv.password_data[i].mechanism != PASSWORD) |
163 | return -EINVAL; |
164 | |
165 | return sysfs_emit(buf, fmt: "%s\n" , PASSWD_MECHANISM_TYPES); |
166 | } |
167 | |
168 | static struct kobj_attribute password_mechanism = __ATTR_RO(mechanism); |
169 | |
170 | ATTRIBUTE_VALUES_PROPERTY_SHOW(encodings, password, SEMICOLON_SEP); |
171 | static struct kobj_attribute password_encodings_val = __ATTR_RO(encodings); |
172 | |
173 | static struct attribute *password_attrs[] = { |
174 | &password_is_password_set.attr, |
175 | &password_min_password_length.attr, |
176 | &password_max_password_length.attr, |
177 | &password_current_password.attr, |
178 | &password_new_password.attr, |
179 | &password_role.attr, |
180 | &password_mechanism.attr, |
181 | &password_encodings_val.attr, |
182 | NULL |
183 | }; |
184 | |
185 | static const struct attribute_group password_attr_group = { |
186 | .attrs = password_attrs |
187 | }; |
188 | |
189 | int hp_alloc_password_data(void) |
190 | { |
191 | bioscfg_drv.password_instances_count = hp_get_instance_count(HP_WMI_BIOS_PASSWORD_GUID); |
192 | bioscfg_drv.password_data = kcalloc(n: bioscfg_drv.password_instances_count, |
193 | size: sizeof(*bioscfg_drv.password_data), GFP_KERNEL); |
194 | if (!bioscfg_drv.password_data) { |
195 | bioscfg_drv.password_instances_count = 0; |
196 | return -ENOMEM; |
197 | } |
198 | |
199 | return 0; |
200 | } |
201 | |
202 | /* Expected Values types associated with each element */ |
203 | static const acpi_object_type expected_password_types[] = { |
204 | [NAME] = ACPI_TYPE_STRING, |
205 | [VALUE] = ACPI_TYPE_STRING, |
206 | [PATH] = ACPI_TYPE_STRING, |
207 | [IS_READONLY] = ACPI_TYPE_INTEGER, |
208 | [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER, |
209 | [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER, |
210 | [SEQUENCE] = ACPI_TYPE_INTEGER, |
211 | [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER, |
212 | [PREREQUISITES] = ACPI_TYPE_STRING, |
213 | [SECURITY_LEVEL] = ACPI_TYPE_INTEGER, |
214 | [PSWD_MIN_LENGTH] = ACPI_TYPE_INTEGER, |
215 | [PSWD_MAX_LENGTH] = ACPI_TYPE_INTEGER, |
216 | [PSWD_SIZE] = ACPI_TYPE_INTEGER, |
217 | [PSWD_ENCODINGS] = ACPI_TYPE_STRING, |
218 | [PSWD_IS_SET] = ACPI_TYPE_INTEGER, |
219 | }; |
220 | |
221 | static int hp_populate_password_elements_from_package(union acpi_object *password_obj, |
222 | int password_obj_count, |
223 | int instance_id) |
224 | { |
225 | char *str_value = NULL; |
226 | int value_len; |
227 | int ret; |
228 | u32 size; |
229 | u32 int_value = 0; |
230 | int elem; |
231 | int reqs; |
232 | int eloc; |
233 | int pos_values; |
234 | struct password_data *password_data = &bioscfg_drv.password_data[instance_id]; |
235 | |
236 | if (!password_obj) |
237 | return -EINVAL; |
238 | |
239 | for (elem = 1, eloc = 1; elem < password_obj_count; elem++, eloc++) { |
240 | /* ONLY look at the first PASSWORD_ELEM_CNT elements */ |
241 | if (eloc == PSWD_ELEM_CNT) |
242 | goto exit_package; |
243 | |
244 | switch (password_obj[elem].type) { |
245 | case ACPI_TYPE_STRING: |
246 | if (PREREQUISITES != elem && PSWD_ENCODINGS != elem) { |
247 | ret = hp_convert_hexstr_to_str(input: password_obj[elem].string.pointer, |
248 | input_len: password_obj[elem].string.length, |
249 | str: &str_value, len: &value_len); |
250 | if (ret) |
251 | continue; |
252 | } |
253 | break; |
254 | case ACPI_TYPE_INTEGER: |
255 | int_value = (u32)password_obj[elem].integer.value; |
256 | break; |
257 | default: |
258 | pr_warn("Unsupported object type [%d]\n" , password_obj[elem].type); |
259 | continue; |
260 | } |
261 | |
262 | /* Check that both expected and read object type match */ |
263 | if (expected_password_types[eloc] != password_obj[elem].type) { |
264 | pr_err("Error expected type %d for elem %d, but got type %d instead\n" , |
265 | expected_password_types[eloc], elem, password_obj[elem].type); |
266 | kfree(objp: str_value); |
267 | return -EIO; |
268 | } |
269 | |
270 | /* Assign appropriate element value to corresponding field*/ |
271 | switch (eloc) { |
272 | case VALUE: |
273 | break; |
274 | case PATH: |
275 | strscpy(password_data->common.path, str_value, |
276 | sizeof(password_data->common.path)); |
277 | break; |
278 | case IS_READONLY: |
279 | password_data->common.is_readonly = int_value; |
280 | break; |
281 | case DISPLAY_IN_UI: |
282 | password_data->common.display_in_ui = int_value; |
283 | break; |
284 | case REQUIRES_PHYSICAL_PRESENCE: |
285 | password_data->common.requires_physical_presence = int_value; |
286 | break; |
287 | case SEQUENCE: |
288 | password_data->common.sequence = int_value; |
289 | break; |
290 | case PREREQUISITES_SIZE: |
291 | if (int_value > MAX_PREREQUISITES_SIZE) { |
292 | pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n" ); |
293 | int_value = MAX_PREREQUISITES_SIZE; |
294 | } |
295 | password_data->common.prerequisites_size = int_value; |
296 | |
297 | /* This step is needed to keep the expected |
298 | * element list pointing to the right obj[elem].type |
299 | * when the size is zero. PREREQUISITES |
300 | * object is omitted by BIOS when the size is |
301 | * zero. |
302 | */ |
303 | if (int_value == 0) |
304 | eloc++; |
305 | break; |
306 | case PREREQUISITES: |
307 | size = min_t(u32, password_data->common.prerequisites_size, |
308 | MAX_PREREQUISITES_SIZE); |
309 | |
310 | for (reqs = 0; reqs < size; reqs++) { |
311 | ret = hp_convert_hexstr_to_str(input: password_obj[elem + reqs].string.pointer, |
312 | input_len: password_obj[elem + reqs].string.length, |
313 | str: &str_value, len: &value_len); |
314 | |
315 | if (ret) |
316 | break; |
317 | |
318 | strscpy(password_data->common.prerequisites[reqs], |
319 | str_value, |
320 | sizeof(password_data->common.prerequisites[reqs])); |
321 | |
322 | kfree(objp: str_value); |
323 | str_value = NULL; |
324 | |
325 | } |
326 | break; |
327 | case SECURITY_LEVEL: |
328 | password_data->common.security_level = int_value; |
329 | break; |
330 | case PSWD_MIN_LENGTH: |
331 | password_data->min_password_length = int_value; |
332 | break; |
333 | case PSWD_MAX_LENGTH: |
334 | password_data->max_password_length = int_value; |
335 | break; |
336 | case PSWD_SIZE: |
337 | |
338 | if (int_value > MAX_ENCODINGS_SIZE) { |
339 | pr_warn("Password Encoding size value exceeded the maximum number of elements supported or data may be malformed\n" ); |
340 | int_value = MAX_ENCODINGS_SIZE; |
341 | } |
342 | password_data->encodings_size = int_value; |
343 | |
344 | /* This step is needed to keep the expected |
345 | * element list pointing to the right obj[elem].type |
346 | * when the size is zero. PSWD_ENCODINGS |
347 | * object is omitted by BIOS when the size is |
348 | * zero. |
349 | */ |
350 | if (int_value == 0) |
351 | eloc++; |
352 | break; |
353 | case PSWD_ENCODINGS: |
354 | size = min_t(u32, password_data->encodings_size, MAX_ENCODINGS_SIZE); |
355 | for (pos_values = 0; pos_values < size; pos_values++) { |
356 | ret = hp_convert_hexstr_to_str(input: password_obj[elem + pos_values].string.pointer, |
357 | input_len: password_obj[elem + pos_values].string.length, |
358 | str: &str_value, len: &value_len); |
359 | if (ret) |
360 | break; |
361 | |
362 | strscpy(password_data->encodings[pos_values], |
363 | str_value, |
364 | sizeof(password_data->encodings[pos_values])); |
365 | kfree(objp: str_value); |
366 | str_value = NULL; |
367 | |
368 | } |
369 | break; |
370 | case PSWD_IS_SET: |
371 | password_data->is_enabled = int_value; |
372 | break; |
373 | default: |
374 | pr_warn("Invalid element: %d found in Password attribute or data may be malformed\n" , elem); |
375 | break; |
376 | } |
377 | |
378 | kfree(objp: str_value); |
379 | str_value = NULL; |
380 | } |
381 | |
382 | exit_package: |
383 | kfree(objp: str_value); |
384 | return 0; |
385 | } |
386 | |
387 | /** |
388 | * hp_populate_password_package_data() |
389 | * Populate all properties for an instance under password attribute |
390 | * |
391 | * @password_obj: ACPI object with password data |
392 | * @instance_id: The instance to enumerate |
393 | * @attr_name_kobj: The parent kernel object |
394 | */ |
395 | int hp_populate_password_package_data(union acpi_object *password_obj, int instance_id, |
396 | struct kobject *attr_name_kobj) |
397 | { |
398 | struct password_data *password_data = &bioscfg_drv.password_data[instance_id]; |
399 | |
400 | password_data->attr_name_kobj = attr_name_kobj; |
401 | |
402 | hp_populate_password_elements_from_package(password_obj, |
403 | password_obj_count: password_obj->package.count, |
404 | instance_id); |
405 | |
406 | hp_friendly_user_name_update(path: password_data->common.path, |
407 | attr_name: attr_name_kobj->name, |
408 | attr_display: password_data->common.display_name, |
409 | attr_size: sizeof(password_data->common.display_name)); |
410 | |
411 | if (!strcmp(attr_name_kobj->name, SETUP_PASSWD)) |
412 | return sysfs_create_group(kobj: attr_name_kobj, grp: &password_attr_group); |
413 | |
414 | return sysfs_create_group(kobj: attr_name_kobj, grp: &password_attr_group); |
415 | } |
416 | |
417 | static int hp_populate_password_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size, |
418 | int instance_id) |
419 | { |
420 | int values; |
421 | int isreadonly; |
422 | struct password_data *password_data = &bioscfg_drv.password_data[instance_id]; |
423 | int ret = 0; |
424 | |
425 | /* |
426 | * Only data relevant to this driver and its functionality is |
427 | * read. BIOS defines the order in which each * element is |
428 | * read. Element 0 data is not relevant to this |
429 | * driver hence it is ignored. For clarity, all element names |
430 | * (DISPLAY_IN_UI) which defines the order in which is read |
431 | * and the name matches the variable where the data is stored. |
432 | * |
433 | * In earlier implementation, reported errors were ignored |
434 | * causing the data to remain uninitialized. It is not |
435 | * possible to determine if data read from BIOS is valid or |
436 | * not. It is for this reason functions may return a error |
437 | * without validating the data itself. |
438 | */ |
439 | |
440 | // VALUE: |
441 | ret = hp_get_string_from_buffer(buffer: &buffer_ptr, buffer_size, dst: password_data->current_password, |
442 | dst_size: sizeof(password_data->current_password)); |
443 | if (ret < 0) |
444 | goto buffer_exit; |
445 | |
446 | // COMMON: |
447 | ret = hp_get_common_data_from_buffer(buffer_ptr: &buffer_ptr, buffer_size, |
448 | common: &password_data->common); |
449 | if (ret < 0) |
450 | goto buffer_exit; |
451 | |
452 | // PSWD_MIN_LENGTH: |
453 | ret = hp_get_integer_from_buffer(buffer: &buffer_ptr, buffer_size, |
454 | integer: &password_data->min_password_length); |
455 | if (ret < 0) |
456 | goto buffer_exit; |
457 | |
458 | // PSWD_MAX_LENGTH: |
459 | ret = hp_get_integer_from_buffer(buffer: &buffer_ptr, buffer_size, |
460 | integer: &password_data->max_password_length); |
461 | if (ret < 0) |
462 | goto buffer_exit; |
463 | |
464 | // PSWD_SIZE: |
465 | ret = hp_get_integer_from_buffer(buffer: &buffer_ptr, buffer_size, |
466 | integer: &password_data->encodings_size); |
467 | if (ret < 0) |
468 | goto buffer_exit; |
469 | |
470 | if (password_data->encodings_size > MAX_ENCODINGS_SIZE) { |
471 | /* Report a message and limit possible values size to maximum value */ |
472 | pr_warn("Password Encoding size value exceeded the maximum number of elements supported or data may be malformed\n" ); |
473 | password_data->encodings_size = MAX_ENCODINGS_SIZE; |
474 | } |
475 | |
476 | // PSWD_ENCODINGS: |
477 | for (values = 0; values < password_data->encodings_size; values++) { |
478 | ret = hp_get_string_from_buffer(buffer: &buffer_ptr, buffer_size, |
479 | dst: password_data->encodings[values], |
480 | dst_size: sizeof(password_data->encodings[values])); |
481 | if (ret < 0) |
482 | break; |
483 | } |
484 | |
485 | // PSWD_IS_SET: |
486 | ret = hp_get_integer_from_buffer(buffer: &buffer_ptr, buffer_size, integer: &isreadonly); |
487 | if (ret < 0) |
488 | goto buffer_exit; |
489 | |
490 | password_data->is_enabled = isreadonly ? true : false; |
491 | |
492 | buffer_exit: |
493 | return ret; |
494 | } |
495 | |
496 | /** |
497 | * hp_populate_password_buffer_data() |
498 | * Populate all properties for an instance under password object attribute |
499 | * |
500 | * @buffer_ptr: Buffer pointer |
501 | * @buffer_size: Buffer size |
502 | * @instance_id: The instance to enumerate |
503 | * @attr_name_kobj: The parent kernel object |
504 | */ |
505 | int hp_populate_password_buffer_data(u8 *buffer_ptr, u32 *buffer_size, int instance_id, |
506 | struct kobject *attr_name_kobj) |
507 | { |
508 | struct password_data *password_data = &bioscfg_drv.password_data[instance_id]; |
509 | int ret = 0; |
510 | |
511 | password_data->attr_name_kobj = attr_name_kobj; |
512 | |
513 | /* Populate Password attributes */ |
514 | ret = hp_populate_password_elements_from_buffer(buffer_ptr, buffer_size, |
515 | instance_id); |
516 | if (ret < 0) |
517 | return ret; |
518 | |
519 | hp_friendly_user_name_update(path: password_data->common.path, |
520 | attr_name: attr_name_kobj->name, |
521 | attr_display: password_data->common.display_name, |
522 | attr_size: sizeof(password_data->common.display_name)); |
523 | if (!strcmp(attr_name_kobj->name, SETUP_PASSWD)) |
524 | return sysfs_create_group(kobj: attr_name_kobj, grp: &password_attr_group); |
525 | |
526 | return sysfs_create_group(kobj: attr_name_kobj, grp: &password_attr_group); |
527 | } |
528 | |
529 | /** |
530 | * hp_exit_password_attributes() - Clear all attribute data |
531 | * |
532 | * Clears all data allocated for this group of attributes |
533 | */ |
534 | void hp_exit_password_attributes(void) |
535 | { |
536 | int instance_id; |
537 | |
538 | for (instance_id = 0; instance_id < bioscfg_drv.password_instances_count; |
539 | instance_id++) { |
540 | struct kobject *attr_name_kobj = |
541 | bioscfg_drv.password_data[instance_id].attr_name_kobj; |
542 | |
543 | if (attr_name_kobj) { |
544 | if (!strcmp(attr_name_kobj->name, SETUP_PASSWD)) |
545 | sysfs_remove_group(kobj: attr_name_kobj, |
546 | grp: &password_attr_group); |
547 | else |
548 | sysfs_remove_group(kobj: attr_name_kobj, |
549 | grp: &password_attr_group); |
550 | } |
551 | } |
552 | bioscfg_drv.password_instances_count = 0; |
553 | kfree(objp: bioscfg_drv.password_data); |
554 | bioscfg_drv.password_data = NULL; |
555 | } |
556 | |