1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Think LMI BIOS configuration driver
4 *
5 * Copyright(C) 2019-2021 Lenovo
6 *
7 * Original code from Thinkpad-wmi project https://github.com/iksaif/thinkpad-wmi
8 * Copyright(C) 2017 Corentin Chary <corentin.chary@gmail.com>
9 * Distributed under the GPL-2.0 license
10 */
11
12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13
14 #include <linux/acpi.h>
15 #include <linux/array_size.h>
16 #include <linux/errno.h>
17 #include <linux/fs.h>
18 #include <linux/mutex.h>
19 #include <linux/string_helpers.h>
20 #include <linux/types.h>
21 #include <linux/dmi.h>
22 #include <linux/wmi.h>
23 #include "../firmware_attributes_class.h"
24 #include "think-lmi.h"
25
26 static bool debug_support;
27 module_param(debug_support, bool, 0444);
28 MODULE_PARM_DESC(debug_support, "Enable debug command support");
29
30 /*
31 * Name: BiosSetting
32 * Description: Get item name and settings for current LMI instance.
33 * Type: Query
34 * Returns: "Item,Value"
35 * Example: "WakeOnLAN,Enable"
36 */
37 #define LENOVO_BIOS_SETTING_GUID "51F5230E-9677-46CD-A1CF-C0B23EE34DB7"
38
39 /*
40 * Name: SetBiosSetting
41 * Description: Change the BIOS setting to the desired value using the SetBiosSetting
42 * class. To save the settings, use the SaveBiosSetting class.
43 * BIOS settings and values are case sensitive.
44 * After making changes to the BIOS settings, you must reboot the computer
45 * before the changes will take effect.
46 * Type: Method
47 * Arguments: "Item,Value,Password,Encoding,KbdLang;"
48 * Example: "WakeOnLAN,Disable,pa55w0rd,ascii,us;"
49 */
50 #define LENOVO_SET_BIOS_SETTINGS_GUID "98479A64-33F5-4E33-A707-8E251EBBC3A1"
51
52 /*
53 * Name: SaveBiosSettings
54 * Description: Save any pending changes in settings.
55 * Type: Method
56 * Arguments: "Password,Encoding,KbdLang;"
57 * Example: "pa55w0rd,ascii,us;"
58 */
59 #define LENOVO_SAVE_BIOS_SETTINGS_GUID "6A4B54EF-A5ED-4D33-9455-B0D9B48DF4B3"
60
61 /*
62 * Name: BiosPasswordSettings
63 * Description: Return BIOS Password settings
64 * Type: Query
65 * Returns: PasswordMode, PasswordState, MinLength, MaxLength,
66 * SupportedEncoding, SupportedKeyboard
67 */
68 #define LENOVO_BIOS_PASSWORD_SETTINGS_GUID "8ADB159E-1E32-455C-BC93-308A7ED98246"
69
70 /*
71 * Name: SetBiosPassword
72 * Description: Change a specific password.
73 * - BIOS settings cannot be changed at the same boot as power-on
74 * passwords (POP) and hard disk passwords (HDP). If you want to change
75 * BIOS settings and POP or HDP, you must reboot the system after changing
76 * one of them.
77 * - A password cannot be set using this method when one does not already
78 * exist. Passwords can only be updated or cleared.
79 * Type: Method
80 * Arguments: "PasswordType,CurrentPassword,NewPassword,Encoding,KbdLang;"
81 * Example: "pop,pa55w0rd,newpa55w0rd,ascii,us;”
82 */
83 #define LENOVO_SET_BIOS_PASSWORD_GUID "2651D9FD-911C-4B69-B94E-D0DED5963BD7"
84
85 /*
86 * Name: GetBiosSelections
87 * Description: Return a list of valid settings for a given item.
88 * Type: Method
89 * Arguments: "Item"
90 * Returns: "Value1,Value2,Value3,..."
91 * Example:
92 * -> "FlashOverLAN"
93 * <- "Enabled,Disabled"
94 */
95 #define LENOVO_GET_BIOS_SELECTIONS_GUID "7364651A-132F-4FE7-ADAA-40C6C7EE2E3B"
96
97 /*
98 * Name: DebugCmd
99 * Description: Debug entry method for entering debug commands to the BIOS
100 */
101 #define LENOVO_DEBUG_CMD_GUID "7FF47003-3B6C-4E5E-A227-E979824A85D1"
102
103 /*
104 * Name: OpcodeIF
105 * Description: Opcode interface which provides the ability to set multiple
106 * parameters and then trigger an action with a final command.
107 * This is particularly useful for simplifying setting passwords.
108 * With this support comes the ability to set System, HDD and NVMe
109 * passwords.
110 * This is currently available on ThinkCenter and ThinkStations platforms
111 */
112 #define LENOVO_OPCODE_IF_GUID "DFDDEF2C-57D4-48ce-B196-0FB787D90836"
113
114 /*
115 * Name: SetBiosCert
116 * Description: Install BIOS certificate.
117 * Type: Method
118 * Arguments: "Certificate,Password"
119 * You must reboot the computer before the changes will take effect.
120 */
121 #define LENOVO_SET_BIOS_CERT_GUID "26861C9F-47E9-44C4-BD8B-DFE7FA2610FE"
122
123 /*
124 * Name: UpdateBiosCert
125 * Description: Update BIOS certificate.
126 * Type: Method
127 * Format: "Certificate,Signature"
128 * You must reboot the computer before the changes will take effect.
129 */
130 #define LENOVO_UPDATE_BIOS_CERT_GUID "9AA3180A-9750-41F7-B9F7-D5D3B1BAC3CE"
131
132 /*
133 * Name: ClearBiosCert
134 * Description: Uninstall BIOS certificate.
135 * Type: Method
136 * Format: "Serial,Signature"
137 * You must reboot the computer before the changes will take effect.
138 */
139 #define LENOVO_CLEAR_BIOS_CERT_GUID "B2BC39A7-78DD-4D71-B059-A510DEC44890"
140 /*
141 * Name: CertToPassword
142 * Description: Switch from certificate to password authentication.
143 * Type: Method
144 * Format: "Password,Signature"
145 * You must reboot the computer before the changes will take effect.
146 */
147 #define LENOVO_CERT_TO_PASSWORD_GUID "0DE8590D-5510-4044-9621-77C227F5A70D"
148
149 /*
150 * Name: SetBiosSettingCert
151 * Description: Set attribute using certificate authentication.
152 * Type: Method
153 * Format: "Item,Value,Signature"
154 */
155 #define LENOVO_SET_BIOS_SETTING_CERT_GUID "34A008CC-D205-4B62-9E67-31DFA8B90003"
156
157 /*
158 * Name: SaveBiosSettingCert
159 * Description: Save any pending changes in settings.
160 * Type: Method
161 * Format: "Signature"
162 */
163 #define LENOVO_SAVE_BIOS_SETTING_CERT_GUID "C050FB9D-DF5F-4606-B066-9EFC401B2551"
164
165 /*
166 * Name: CertThumbprint
167 * Description: Display Certificate thumbprints
168 * Type: Query
169 * Returns: MD5, SHA1 & SHA256 thumbprints
170 */
171 #define LENOVO_CERT_THUMBPRINT_GUID "C59119ED-1C0D-4806-A8E9-59AA318176C4"
172
173 #define TLMI_POP_PWD BIT(0) /* Supervisor */
174 #define TLMI_PAP_PWD BIT(1) /* Power-on */
175 #define TLMI_HDD_PWD BIT(2) /* HDD/NVME */
176 #define TLMI_SMP_PWD BIT(6) /* System Management */
177 #define TLMI_CERT_SVC BIT(7) /* Admin Certificate Based */
178 #define TLMI_CERT_SMC BIT(8) /* System Certificate Based */
179
180 static const struct tlmi_err_codes tlmi_errs[] = {
181 {"Success", 0},
182 {"Not Supported", -EOPNOTSUPP},
183 {"Invalid Parameter", -EINVAL},
184 {"Access Denied", -EACCES},
185 {"System Busy", -EBUSY},
186 };
187
188 static const char * const encoding_options[] = {
189 [TLMI_ENCODING_ASCII] = "ascii",
190 [TLMI_ENCODING_SCANCODE] = "scancode",
191 };
192 static const char * const level_options[] = {
193 [TLMI_LEVEL_USER] = "user",
194 [TLMI_LEVEL_MASTER] = "master",
195 };
196 static struct think_lmi tlmi_priv;
197 static DEFINE_MUTEX(tlmi_mutex);
198
to_tlmi_pwd_setting(struct kobject * kobj)199 static inline struct tlmi_pwd_setting *to_tlmi_pwd_setting(struct kobject *kobj)
200 {
201 return container_of(kobj, struct tlmi_pwd_setting, kobj);
202 }
203
to_tlmi_attr_setting(struct kobject * kobj)204 static inline struct tlmi_attr_setting *to_tlmi_attr_setting(struct kobject *kobj)
205 {
206 return container_of(kobj, struct tlmi_attr_setting, kobj);
207 }
208
209 /* Convert BIOS WMI error string to suitable error code */
tlmi_errstr_to_err(const char * errstr)210 static int tlmi_errstr_to_err(const char *errstr)
211 {
212 int i;
213
214 for (i = 0; i < sizeof(tlmi_errs)/sizeof(struct tlmi_err_codes); i++) {
215 if (!strcmp(tlmi_errs[i].err_str, errstr))
216 return tlmi_errs[i].err_code;
217 }
218 return -EPERM;
219 }
220
221 /* Extract error string from WMI return buffer */
tlmi_extract_error(const struct acpi_buffer * output)222 static int tlmi_extract_error(const struct acpi_buffer *output)
223 {
224 const union acpi_object *obj;
225
226 obj = output->pointer;
227 if (!obj)
228 return -ENOMEM;
229 if (obj->type != ACPI_TYPE_STRING || !obj->string.pointer)
230 return -EIO;
231
232 return tlmi_errstr_to_err(obj->string.pointer);
233 }
234
235 /* Utility function to execute WMI call to BIOS */
tlmi_simple_call(const char * guid,const char * arg)236 static int tlmi_simple_call(const char *guid, const char *arg)
237 {
238 const struct acpi_buffer input = { strlen(arg), (char *)arg };
239 struct acpi_buffer output = { ACPI_ALLOCATE_BUFFER, NULL };
240 acpi_status status;
241 int i, err;
242
243 /*
244 * Duplicated call required to match BIOS workaround for behavior
245 * seen when WMI accessed via scripting on other OS.
246 */
247 for (i = 0; i < 2; i++) {
248 /* (re)initialize output buffer to default state */
249 output.length = ACPI_ALLOCATE_BUFFER;
250 output.pointer = NULL;
251
252 status = wmi_evaluate_method(guid, 0, 0, &input, &output);
253 if (ACPI_FAILURE(status)) {
254 kfree(output.pointer);
255 return -EIO;
256 }
257 err = tlmi_extract_error(&output);
258 kfree(output.pointer);
259 if (err)
260 return err;
261 }
262 return 0;
263 }
264
265 /* Extract output string from WMI return value */
tlmi_extract_output_string(union acpi_object * obj,char ** string)266 static int tlmi_extract_output_string(union acpi_object *obj, char **string)
267 {
268 char *s;
269
270 if (obj->type != ACPI_TYPE_STRING || !obj->string.pointer)
271 return -EIO;
272
273 s = kstrdup(obj->string.pointer, GFP_KERNEL);
274 if (!s)
275 return -ENOMEM;
276 *string = s;
277 return 0;
278 }
279
280 /* ------ Core interface functions ------------*/
281
282 /* Get password settings from BIOS */
tlmi_get_pwd_settings(struct tlmi_pwdcfg * pwdcfg)283 static int tlmi_get_pwd_settings(struct tlmi_pwdcfg *pwdcfg)
284 {
285 struct acpi_buffer output = { ACPI_ALLOCATE_BUFFER, NULL };
286 const union acpi_object *obj;
287 acpi_status status;
288 int copy_size;
289
290 if (!tlmi_priv.can_get_password_settings)
291 return -EOPNOTSUPP;
292
293 status = wmi_query_block(LENOVO_BIOS_PASSWORD_SETTINGS_GUID, 0,
294 &output);
295 if (ACPI_FAILURE(status))
296 return -EIO;
297
298 obj = output.pointer;
299 if (!obj)
300 return -ENOMEM;
301 if (obj->type != ACPI_TYPE_BUFFER || !obj->buffer.pointer) {
302 kfree(obj);
303 return -EIO;
304 }
305 /*
306 * The size of thinkpad_wmi_pcfg on ThinkStation is larger than ThinkPad.
307 * To make the driver compatible on different brands, we permit it to get
308 * the data in below case.
309 * Settings must have at minimum the core fields available
310 */
311 if (obj->buffer.length < sizeof(struct tlmi_pwdcfg_core)) {
312 pr_warn("Unknown pwdcfg buffer length %d\n", obj->buffer.length);
313 kfree(obj);
314 return -EIO;
315 }
316
317 copy_size = min_t(size_t, obj->buffer.length, sizeof(struct tlmi_pwdcfg));
318
319 memcpy(pwdcfg, obj->buffer.pointer, copy_size);
320 kfree(obj);
321
322 if (WARN_ON(pwdcfg->core.max_length >= TLMI_PWD_BUFSIZE))
323 pwdcfg->core.max_length = TLMI_PWD_BUFSIZE - 1;
324 return 0;
325 }
326
tlmi_save_bios_settings(const char * password)327 static int tlmi_save_bios_settings(const char *password)
328 {
329 return tlmi_simple_call(LENOVO_SAVE_BIOS_SETTINGS_GUID,
330 password);
331 }
332
tlmi_opcode_setting(char * setting,const char * value)333 static int tlmi_opcode_setting(char *setting, const char *value)
334 {
335 char *opcode_str;
336 int ret;
337
338 opcode_str = kasprintf(GFP_KERNEL, "%s:%s;", setting, value);
339 if (!opcode_str)
340 return -ENOMEM;
341
342 ret = tlmi_simple_call(LENOVO_OPCODE_IF_GUID, opcode_str);
343 kfree(opcode_str);
344 return ret;
345 }
346
tlmi_setting(struct wmi_device * wdev,int item,char ** value)347 static int tlmi_setting(struct wmi_device *wdev, int item, char **value)
348 {
349 union acpi_object *obj;
350 int ret;
351
352 obj = wmidev_block_query(wdev, item);
353 if (!obj)
354 return -EIO;
355
356 ret = tlmi_extract_output_string(obj, value);
357 kfree(obj);
358
359 return ret;
360 }
361
tlmi_get_bios_selections(const char * item,char ** value)362 static int tlmi_get_bios_selections(const char *item, char **value)
363 {
364 const struct acpi_buffer input = { strlen(item), (char *)item };
365 struct acpi_buffer output = { ACPI_ALLOCATE_BUFFER, NULL };
366 union acpi_object *obj;
367 acpi_status status;
368 int ret;
369
370 status = wmi_evaluate_method(LENOVO_GET_BIOS_SELECTIONS_GUID,
371 0, 0, &input, &output);
372 if (ACPI_FAILURE(status))
373 return -EIO;
374
375 obj = output.pointer;
376 if (!obj)
377 return -ENODATA;
378
379 ret = tlmi_extract_output_string(obj, value);
380 kfree(obj);
381
382 return ret;
383 }
384
385 /* ---- Authentication sysfs --------------------------------------------------------- */
is_enabled_show(struct kobject * kobj,struct kobj_attribute * attr,char * buf)386 static ssize_t is_enabled_show(struct kobject *kobj, struct kobj_attribute *attr,
387 char *buf)
388 {
389 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
390
391 return sysfs_emit(buf, "%d\n", setting->pwd_enabled || setting->cert_installed);
392 }
393
394 static struct kobj_attribute auth_is_pass_set = __ATTR_RO(is_enabled);
395
current_password_store(struct kobject * kobj,struct kobj_attribute * attr,const char * buf,size_t count)396 static ssize_t current_password_store(struct kobject *kobj,
397 struct kobj_attribute *attr,
398 const char *buf, size_t count)
399 {
400 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
401 size_t pwdlen;
402
403 pwdlen = strlen(buf);
404 /* pwdlen == 0 is allowed to clear the password */
405 if (pwdlen && ((pwdlen < setting->minlen) || (pwdlen > setting->maxlen)))
406 return -EINVAL;
407
408 strscpy(setting->password, buf, setting->maxlen);
409 /* Strip out CR if one is present, setting password won't work if it is present */
410 strreplace(setting->password, '\n', '\0');
411 return count;
412 }
413
414 static struct kobj_attribute auth_current_password = __ATTR_WO(current_password);
415
new_password_store(struct kobject * kobj,struct kobj_attribute * attr,const char * buf,size_t count)416 static ssize_t new_password_store(struct kobject *kobj,
417 struct kobj_attribute *attr,
418 const char *buf, size_t count)
419 {
420 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
421 char *auth_str, *new_pwd;
422 size_t pwdlen;
423 int ret;
424
425 if (!capable(CAP_SYS_ADMIN))
426 return -EPERM;
427
428 if (!tlmi_priv.can_set_bios_password)
429 return -EOPNOTSUPP;
430
431 /* Strip out CR if one is present, setting password won't work if it is present */
432 new_pwd = kstrdup_and_replace(buf, '\n', '\0', GFP_KERNEL);
433 if (!new_pwd)
434 return -ENOMEM;
435
436 /* Use lock in case multiple WMI operations needed */
437 mutex_lock(&tlmi_mutex);
438
439 pwdlen = strlen(new_pwd);
440 /* pwdlen == 0 is allowed to clear the password */
441 if (pwdlen && ((pwdlen < setting->minlen) || (pwdlen > setting->maxlen))) {
442 ret = -EINVAL;
443 goto out;
444 }
445
446 /* If opcode support is present use that interface */
447 if (tlmi_priv.opcode_support) {
448 char pwd_type[8];
449
450 /* Special handling required for HDD and NVMe passwords */
451 if (setting == tlmi_priv.pwd_hdd) {
452 if (setting->level == TLMI_LEVEL_USER)
453 sprintf(pwd_type, "uhdp%d", setting->index);
454 else
455 sprintf(pwd_type, "mhdp%d", setting->index);
456 } else if (setting == tlmi_priv.pwd_nvme) {
457 if (setting->level == TLMI_LEVEL_USER)
458 sprintf(pwd_type, "udrp%d", setting->index);
459 else
460 sprintf(pwd_type, "adrp%d", setting->index);
461 } else {
462 sprintf(pwd_type, "%s", setting->pwd_type);
463 }
464
465 ret = tlmi_opcode_setting("WmiOpcodePasswordType", pwd_type);
466 if (ret)
467 goto out;
468
469 /*
470 * Note admin password is not always required if SMPControl enabled in BIOS,
471 * So only set if it's configured.
472 * Let BIOS figure it out - we'll get an error if operation is not permitted
473 */
474 if (tlmi_priv.pwd_admin->pwd_enabled && strlen(tlmi_priv.pwd_admin->password)) {
475 ret = tlmi_opcode_setting("WmiOpcodePasswordAdmin",
476 tlmi_priv.pwd_admin->password);
477 if (ret)
478 goto out;
479 }
480 ret = tlmi_opcode_setting("WmiOpcodePasswordCurrent01", setting->password);
481 if (ret)
482 goto out;
483 ret = tlmi_opcode_setting("WmiOpcodePasswordNew01", new_pwd);
484 if (ret)
485 goto out;
486 ret = tlmi_simple_call(LENOVO_OPCODE_IF_GUID, "WmiOpcodePasswordSetUpdate;");
487 } else {
488 /* Format: 'PasswordType,CurrentPw,NewPw,Encoding,KbdLang;' */
489 auth_str = kasprintf(GFP_KERNEL, "%s,%s,%s,%s,%s;",
490 setting->pwd_type, setting->password, new_pwd,
491 encoding_options[setting->encoding], setting->kbdlang);
492 if (!auth_str) {
493 ret = -ENOMEM;
494 goto out;
495 }
496 ret = tlmi_simple_call(LENOVO_SET_BIOS_PASSWORD_GUID, auth_str);
497 kfree(auth_str);
498 }
499 out:
500 mutex_unlock(&tlmi_mutex);
501 kfree(new_pwd);
502 return ret ?: count;
503 }
504
505 static struct kobj_attribute auth_new_password = __ATTR_WO(new_password);
506
min_password_length_show(struct kobject * kobj,struct kobj_attribute * attr,char * buf)507 static ssize_t min_password_length_show(struct kobject *kobj, struct kobj_attribute *attr,
508 char *buf)
509 {
510 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
511
512 return sysfs_emit(buf, "%d\n", setting->minlen);
513 }
514
515 static struct kobj_attribute auth_min_pass_length = __ATTR_RO(min_password_length);
516
max_password_length_show(struct kobject * kobj,struct kobj_attribute * attr,char * buf)517 static ssize_t max_password_length_show(struct kobject *kobj, struct kobj_attribute *attr,
518 char *buf)
519 {
520 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
521
522 return sysfs_emit(buf, "%d\n", setting->maxlen);
523 }
524 static struct kobj_attribute auth_max_pass_length = __ATTR_RO(max_password_length);
525
mechanism_show(struct kobject * kobj,struct kobj_attribute * attr,char * buf)526 static ssize_t mechanism_show(struct kobject *kobj, struct kobj_attribute *attr,
527 char *buf)
528 {
529 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
530
531 if (setting->cert_installed)
532 return sysfs_emit(buf, "certificate\n");
533 return sysfs_emit(buf, "password\n");
534 }
535 static struct kobj_attribute auth_mechanism = __ATTR_RO(mechanism);
536
encoding_show(struct kobject * kobj,struct kobj_attribute * attr,char * buf)537 static ssize_t encoding_show(struct kobject *kobj, struct kobj_attribute *attr,
538 char *buf)
539 {
540 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
541
542 return sysfs_emit(buf, "%s\n", encoding_options[setting->encoding]);
543 }
544
encoding_store(struct kobject * kobj,struct kobj_attribute * attr,const char * buf,size_t count)545 static ssize_t encoding_store(struct kobject *kobj,
546 struct kobj_attribute *attr,
547 const char *buf, size_t count)
548 {
549 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
550 int i;
551
552 /* Scan for a matching profile */
553 i = sysfs_match_string(encoding_options, buf);
554 if (i < 0)
555 return -EINVAL;
556
557 setting->encoding = i;
558 return count;
559 }
560
561 static struct kobj_attribute auth_encoding = __ATTR_RW(encoding);
562
kbdlang_show(struct kobject * kobj,struct kobj_attribute * attr,char * buf)563 static ssize_t kbdlang_show(struct kobject *kobj, struct kobj_attribute *attr,
564 char *buf)
565 {
566 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
567
568 return sysfs_emit(buf, "%s\n", setting->kbdlang);
569 }
570
kbdlang_store(struct kobject * kobj,struct kobj_attribute * attr,const char * buf,size_t count)571 static ssize_t kbdlang_store(struct kobject *kobj,
572 struct kobj_attribute *attr,
573 const char *buf, size_t count)
574 {
575 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
576 int length;
577
578 /* Calculate length till '\n' or terminating 0 */
579 length = strchrnul(buf, '\n') - buf;
580 if (!length || length >= TLMI_LANG_MAXLEN)
581 return -EINVAL;
582
583 memcpy(setting->kbdlang, buf, length);
584 setting->kbdlang[length] = '\0';
585 return count;
586 }
587
588 static struct kobj_attribute auth_kbdlang = __ATTR_RW(kbdlang);
589
role_show(struct kobject * kobj,struct kobj_attribute * attr,char * buf)590 static ssize_t role_show(struct kobject *kobj, struct kobj_attribute *attr,
591 char *buf)
592 {
593 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
594
595 return sysfs_emit(buf, "%s\n", setting->role);
596 }
597 static struct kobj_attribute auth_role = __ATTR_RO(role);
598
index_show(struct kobject * kobj,struct kobj_attribute * attr,char * buf)599 static ssize_t index_show(struct kobject *kobj, struct kobj_attribute *attr,
600 char *buf)
601 {
602 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
603
604 return sysfs_emit(buf, "%d\n", setting->index);
605 }
606
index_store(struct kobject * kobj,struct kobj_attribute * attr,const char * buf,size_t count)607 static ssize_t index_store(struct kobject *kobj,
608 struct kobj_attribute *attr,
609 const char *buf, size_t count)
610 {
611 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
612 int err, val;
613
614 err = kstrtoint(buf, 10, &val);
615 if (err < 0)
616 return err;
617
618 if (val < 0 || val > TLMI_INDEX_MAX)
619 return -EINVAL;
620
621 setting->index = val;
622 return count;
623 }
624
625 static struct kobj_attribute auth_index = __ATTR_RW(index);
626
level_show(struct kobject * kobj,struct kobj_attribute * attr,char * buf)627 static ssize_t level_show(struct kobject *kobj, struct kobj_attribute *attr,
628 char *buf)
629 {
630 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
631
632 return sysfs_emit(buf, "%s\n", level_options[setting->level]);
633 }
634
level_store(struct kobject * kobj,struct kobj_attribute * attr,const char * buf,size_t count)635 static ssize_t level_store(struct kobject *kobj,
636 struct kobj_attribute *attr,
637 const char *buf, size_t count)
638 {
639 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
640 int i;
641
642 /* Scan for a matching profile */
643 i = sysfs_match_string(level_options, buf);
644 if (i < 0)
645 return -EINVAL;
646
647 setting->level = i;
648 return count;
649 }
650
651 static struct kobj_attribute auth_level = __ATTR_RW(level);
652
cert_command(struct tlmi_pwd_setting * setting,const char * arg1,const char * arg2)653 static char *cert_command(struct tlmi_pwd_setting *setting, const char *arg1, const char *arg2)
654 {
655 /* Prepend with SVC or SMC if multicert supported */
656 if (tlmi_priv.pwdcfg.core.password_mode >= TLMI_PWDCFG_MODE_MULTICERT)
657 return kasprintf(GFP_KERNEL, "%s,%s,%s",
658 setting == tlmi_priv.pwd_admin ? "SVC" : "SMC",
659 arg1, arg2);
660 else
661 return kasprintf(GFP_KERNEL, "%s,%s", arg1, arg2);
662 }
663
cert_thumbprint(char * buf,const char * arg,int count)664 static ssize_t cert_thumbprint(char *buf, const char *arg, int count)
665 {
666 const struct acpi_buffer input = { strlen(arg), (char *)arg };
667 struct acpi_buffer output = { ACPI_ALLOCATE_BUFFER, NULL };
668 const union acpi_object *obj;
669 acpi_status status;
670
671 status = wmi_evaluate_method(LENOVO_CERT_THUMBPRINT_GUID, 0, 0, &input, &output);
672 if (ACPI_FAILURE(status)) {
673 kfree(output.pointer);
674 return -EIO;
675 }
676 obj = output.pointer;
677 if (!obj)
678 return -ENOMEM;
679 if (obj->type != ACPI_TYPE_STRING || !obj->string.pointer) {
680 kfree(output.pointer);
681 return -EIO;
682 }
683 count += sysfs_emit_at(buf, count, "%s : %s\n", arg, (char *)obj->string.pointer);
684 kfree(output.pointer);
685
686 return count;
687 }
688
689 static char *thumbtypes[] = {"Md5", "Sha1", "Sha256"};
690
certificate_thumbprint_show(struct kobject * kobj,struct kobj_attribute * attr,char * buf)691 static ssize_t certificate_thumbprint_show(struct kobject *kobj, struct kobj_attribute *attr,
692 char *buf)
693 {
694 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
695 unsigned int i;
696 int count = 0;
697 char *wmistr;
698
699 if (!tlmi_priv.certificate_support || !setting->cert_installed)
700 return -EOPNOTSUPP;
701
702 for (i = 0; i < ARRAY_SIZE(thumbtypes); i++) {
703 if (tlmi_priv.pwdcfg.core.password_mode >= TLMI_PWDCFG_MODE_MULTICERT) {
704 /* Format: 'SVC | SMC, Thumbtype' */
705 wmistr = kasprintf(GFP_KERNEL, "%s,%s",
706 setting == tlmi_priv.pwd_admin ? "SVC" : "SMC",
707 thumbtypes[i]);
708 } else {
709 /* Format: 'Thumbtype' */
710 wmistr = kasprintf(GFP_KERNEL, "%s", thumbtypes[i]);
711 }
712 if (!wmistr)
713 return -ENOMEM;
714 count += cert_thumbprint(buf, wmistr, count);
715 kfree(wmistr);
716 }
717
718 return count;
719 }
720
721 static struct kobj_attribute auth_cert_thumb = __ATTR_RO(certificate_thumbprint);
722
cert_to_password_store(struct kobject * kobj,struct kobj_attribute * attr,const char * buf,size_t count)723 static ssize_t cert_to_password_store(struct kobject *kobj,
724 struct kobj_attribute *attr,
725 const char *buf, size_t count)
726 {
727 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
728 char *auth_str, *passwd;
729 int ret;
730
731 if (!capable(CAP_SYS_ADMIN))
732 return -EPERM;
733
734 if (!tlmi_priv.certificate_support)
735 return -EOPNOTSUPP;
736
737 if (!setting->cert_installed)
738 return -EINVAL;
739
740 if (!setting->signature || !setting->signature[0])
741 return -EACCES;
742
743 /* Strip out CR if one is present */
744 passwd = kstrdup_and_replace(buf, '\n', '\0', GFP_KERNEL);
745 if (!passwd)
746 return -ENOMEM;
747
748 /* Format: 'Password,Signature' */
749 auth_str = cert_command(setting, passwd, setting->signature);
750 if (!auth_str) {
751 kfree_sensitive(passwd);
752 return -ENOMEM;
753 }
754 ret = tlmi_simple_call(LENOVO_CERT_TO_PASSWORD_GUID, auth_str);
755 kfree(auth_str);
756 kfree_sensitive(passwd);
757
758 return ret ?: count;
759 }
760
761 static struct kobj_attribute auth_cert_to_password = __ATTR_WO(cert_to_password);
762
763 enum cert_install_mode {
764 TLMI_CERT_INSTALL,
765 TLMI_CERT_UPDATE,
766 };
767
certificate_store(struct kobject * kobj,struct kobj_attribute * attr,const char * buf,size_t count)768 static ssize_t certificate_store(struct kobject *kobj,
769 struct kobj_attribute *attr,
770 const char *buf, size_t count)
771 {
772 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
773 enum cert_install_mode install_mode = TLMI_CERT_INSTALL;
774 char *auth_str, *new_cert;
775 const char *serial;
776 char *signature;
777 char *guid;
778 int ret;
779
780 if (!capable(CAP_SYS_ADMIN))
781 return -EPERM;
782
783 if (!tlmi_priv.certificate_support)
784 return -EOPNOTSUPP;
785
786 /* If empty then clear installed certificate */
787 if ((buf[0] == '\0') || (buf[0] == '\n')) { /* Clear installed certificate */
788 /* Check that signature is set */
789 if (!setting->signature || !setting->signature[0])
790 return -EACCES;
791
792 /* Format: 'serial#, signature' */
793 serial = dmi_get_system_info(DMI_PRODUCT_SERIAL);
794 if (!serial)
795 return -ENODEV;
796 auth_str = cert_command(setting, serial, setting->signature);
797 if (!auth_str)
798 return -ENOMEM;
799
800 ret = tlmi_simple_call(LENOVO_CLEAR_BIOS_CERT_GUID, auth_str);
801 kfree(auth_str);
802
803 return ret ?: count;
804 }
805
806 /* Strip out CR if one is present */
807 new_cert = kstrdup_and_replace(buf, '\n', '\0', GFP_KERNEL);
808 if (!new_cert)
809 return -ENOMEM;
810
811 if (setting->cert_installed) {
812 /* Certificate is installed so this is an update */
813 install_mode = TLMI_CERT_UPDATE;
814 /* If admin account enabled - need to use its signature */
815 if (tlmi_priv.pwd_admin->pwd_enabled)
816 signature = tlmi_priv.pwd_admin->signature;
817 else
818 signature = setting->signature;
819 } else { /* Cert install */
820 /* Check if SMC and SVC already installed */
821 if ((setting == tlmi_priv.pwd_system) && tlmi_priv.pwd_admin->cert_installed) {
822 /* This gets treated as a cert update */
823 install_mode = TLMI_CERT_UPDATE;
824 signature = tlmi_priv.pwd_admin->signature;
825 } else { /* Regular cert install */
826 install_mode = TLMI_CERT_INSTALL;
827 signature = setting->signature;
828 }
829 }
830
831 if (install_mode == TLMI_CERT_UPDATE) {
832 /* This is a certificate update */
833 if (!signature || !signature[0]) {
834 kfree(new_cert);
835 return -EACCES;
836 }
837 guid = LENOVO_UPDATE_BIOS_CERT_GUID;
838 /* Format: 'Certificate,Signature' */
839 auth_str = cert_command(setting, new_cert, signature);
840 } else {
841 /* This is a fresh install */
842 /* To set admin cert, a password must be enabled */
843 if ((setting == tlmi_priv.pwd_admin) &&
844 (!setting->pwd_enabled || !setting->password[0])) {
845 kfree(new_cert);
846 return -EACCES;
847 }
848 guid = LENOVO_SET_BIOS_CERT_GUID;
849 /* Format: 'Certificate, password' */
850 auth_str = cert_command(setting, new_cert, setting->password);
851 }
852 kfree(new_cert);
853 if (!auth_str)
854 return -ENOMEM;
855
856 ret = tlmi_simple_call(guid, auth_str);
857 kfree(auth_str);
858
859 return ret ?: count;
860 }
861
862 static struct kobj_attribute auth_certificate = __ATTR_WO(certificate);
863
signature_store(struct kobject * kobj,struct kobj_attribute * attr,const char * buf,size_t count)864 static ssize_t signature_store(struct kobject *kobj,
865 struct kobj_attribute *attr,
866 const char *buf, size_t count)
867 {
868 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
869 char *new_signature;
870
871 if (!capable(CAP_SYS_ADMIN))
872 return -EPERM;
873
874 if (!tlmi_priv.certificate_support)
875 return -EOPNOTSUPP;
876
877 /* Strip out CR if one is present */
878 new_signature = kstrdup_and_replace(buf, '\n', '\0', GFP_KERNEL);
879 if (!new_signature)
880 return -ENOMEM;
881
882 /* Free any previous signature */
883 kfree(setting->signature);
884 setting->signature = new_signature;
885
886 return count;
887 }
888
889 static struct kobj_attribute auth_signature = __ATTR_WO(signature);
890
save_signature_store(struct kobject * kobj,struct kobj_attribute * attr,const char * buf,size_t count)891 static ssize_t save_signature_store(struct kobject *kobj,
892 struct kobj_attribute *attr,
893 const char *buf, size_t count)
894 {
895 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
896 char *new_signature;
897
898 if (!capable(CAP_SYS_ADMIN))
899 return -EPERM;
900
901 if (!tlmi_priv.certificate_support)
902 return -EOPNOTSUPP;
903
904 /* Strip out CR if one is present */
905 new_signature = kstrdup_and_replace(buf, '\n', '\0', GFP_KERNEL);
906 if (!new_signature)
907 return -ENOMEM;
908
909 /* Free any previous signature */
910 kfree(setting->save_signature);
911 setting->save_signature = new_signature;
912
913 return count;
914 }
915
916 static struct kobj_attribute auth_save_signature = __ATTR_WO(save_signature);
917
auth_attr_is_visible(struct kobject * kobj,struct attribute * attr,int n)918 static umode_t auth_attr_is_visible(struct kobject *kobj,
919 struct attribute *attr, int n)
920 {
921 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
922
923 /* We only want to display level and index settings on HDD/NVMe */
924 if (attr == &auth_index.attr || attr == &auth_level.attr) {
925 if ((setting == tlmi_priv.pwd_hdd) || (setting == tlmi_priv.pwd_nvme))
926 return attr->mode;
927 return 0;
928 }
929
930 /* We only display certificates, if supported */
931 if (attr == &auth_certificate.attr ||
932 attr == &auth_signature.attr ||
933 attr == &auth_save_signature.attr ||
934 attr == &auth_cert_thumb.attr ||
935 attr == &auth_cert_to_password.attr) {
936 if (tlmi_priv.certificate_support) {
937 if (setting == tlmi_priv.pwd_admin)
938 return attr->mode;
939 if ((tlmi_priv.pwdcfg.core.password_mode >= TLMI_PWDCFG_MODE_MULTICERT) &&
940 (setting == tlmi_priv.pwd_system))
941 return attr->mode;
942 }
943 return 0;
944 }
945
946 /* Don't display un-needed settings if opcode available */
947 if ((attr == &auth_encoding.attr || attr == &auth_kbdlang.attr) &&
948 tlmi_priv.opcode_support)
949 return 0;
950
951 return attr->mode;
952 }
953
954 static struct attribute *auth_attrs[] = {
955 &auth_is_pass_set.attr,
956 &auth_min_pass_length.attr,
957 &auth_max_pass_length.attr,
958 &auth_current_password.attr,
959 &auth_new_password.attr,
960 &auth_role.attr,
961 &auth_mechanism.attr,
962 &auth_encoding.attr,
963 &auth_kbdlang.attr,
964 &auth_index.attr,
965 &auth_level.attr,
966 &auth_certificate.attr,
967 &auth_signature.attr,
968 &auth_save_signature.attr,
969 &auth_cert_thumb.attr,
970 &auth_cert_to_password.attr,
971 NULL
972 };
973
974 static const struct attribute_group auth_attr_group = {
975 .is_visible = auth_attr_is_visible,
976 .attrs = auth_attrs,
977 };
978 __ATTRIBUTE_GROUPS(auth_attr);
979
980 /* ---- Attributes sysfs --------------------------------------------------------- */
display_name_show(struct kobject * kobj,struct kobj_attribute * attr,char * buf)981 static ssize_t display_name_show(struct kobject *kobj, struct kobj_attribute *attr,
982 char *buf)
983 {
984 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj);
985
986 return sysfs_emit(buf, "%s\n", setting->display_name);
987 }
988
current_value_show(struct kobject * kobj,struct kobj_attribute * attr,char * buf)989 static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
990 {
991 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj);
992 char *item, *value;
993 int ret;
994
995 ret = tlmi_setting(setting->wdev, setting->index, &item);
996 if (ret)
997 return ret;
998
999 /* validate and split from `item,value` -> `value` */
1000 value = strpbrk(item, ",");
1001 if (!value || value == item || !strlen(value + 1))
1002 ret = -EINVAL;
1003 else {
1004 /* On Workstations remove the Options part after the value */
1005 strreplace(value, ';', '\0');
1006 ret = sysfs_emit(buf, "%s\n", value + 1);
1007 }
1008 kfree(item);
1009
1010 return ret;
1011 }
1012
possible_values_show(struct kobject * kobj,struct kobj_attribute * attr,char * buf)1013 static ssize_t possible_values_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
1014 {
1015 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj);
1016
1017 return sysfs_emit(buf, "%s\n", setting->possible_values);
1018 }
1019
type_show(struct kobject * kobj,struct kobj_attribute * attr,char * buf)1020 static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
1021 char *buf)
1022 {
1023 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj);
1024
1025 if (setting->possible_values) {
1026 /* Figure out what setting type is as BIOS does not return this */
1027 if (strchr(setting->possible_values, ';'))
1028 return sysfs_emit(buf, "enumeration\n");
1029 }
1030 /* Anything else is going to be a string */
1031 return sysfs_emit(buf, "string\n");
1032 }
1033
current_value_store(struct kobject * kobj,struct kobj_attribute * attr,const char * buf,size_t count)1034 static ssize_t current_value_store(struct kobject *kobj,
1035 struct kobj_attribute *attr,
1036 const char *buf, size_t count)
1037 {
1038 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj);
1039 char *set_str = NULL, *new_setting = NULL;
1040 char *auth_str = NULL;
1041 int ret;
1042
1043 if (!tlmi_priv.can_set_bios_settings)
1044 return -EOPNOTSUPP;
1045
1046 /*
1047 * If we are using bulk saves a reboot should be done once save has
1048 * been called
1049 */
1050 if (tlmi_priv.save_mode == TLMI_SAVE_BULK && tlmi_priv.reboot_required)
1051 return -EPERM;
1052
1053 /* Strip out CR if one is present */
1054 new_setting = kstrdup_and_replace(buf, '\n', '\0', GFP_KERNEL);
1055 if (!new_setting)
1056 return -ENOMEM;
1057
1058 /* Use lock in case multiple WMI operations needed */
1059 mutex_lock(&tlmi_mutex);
1060
1061 /* Check if certificate authentication is enabled and active */
1062 if (tlmi_priv.certificate_support && tlmi_priv.pwd_admin->cert_installed) {
1063 if (!tlmi_priv.pwd_admin->signature || !tlmi_priv.pwd_admin->save_signature) {
1064 ret = -EINVAL;
1065 goto out;
1066 }
1067 set_str = kasprintf(GFP_KERNEL, "%s,%s,%s", setting->name,
1068 new_setting, tlmi_priv.pwd_admin->signature);
1069 if (!set_str) {
1070 ret = -ENOMEM;
1071 goto out;
1072 }
1073
1074 ret = tlmi_simple_call(LENOVO_SET_BIOS_SETTING_CERT_GUID, set_str);
1075 if (ret)
1076 goto out;
1077 if (tlmi_priv.save_mode == TLMI_SAVE_BULK)
1078 tlmi_priv.save_required = true;
1079 else
1080 ret = tlmi_simple_call(LENOVO_SAVE_BIOS_SETTING_CERT_GUID,
1081 tlmi_priv.pwd_admin->save_signature);
1082 } else if (tlmi_priv.opcode_support) {
1083 /*
1084 * If opcode support is present use that interface.
1085 * Note - this sets the variable and then the password as separate
1086 * WMI calls. Function tlmi_save_bios_settings will error if the
1087 * password is incorrect.
1088 * Workstation's require the opcode to be set before changing the
1089 * attribute.
1090 */
1091 if (tlmi_priv.pwd_admin->pwd_enabled && tlmi_priv.pwd_admin->password[0]) {
1092 ret = tlmi_opcode_setting("WmiOpcodePasswordAdmin",
1093 tlmi_priv.pwd_admin->password);
1094 if (ret)
1095 goto out;
1096 }
1097
1098 set_str = kasprintf(GFP_KERNEL, "%s,%s;", setting->name,
1099 new_setting);
1100 if (!set_str) {
1101 ret = -ENOMEM;
1102 goto out;
1103 }
1104
1105 ret = tlmi_simple_call(LENOVO_SET_BIOS_SETTINGS_GUID, set_str);
1106 if (ret)
1107 goto out;
1108
1109 if (tlmi_priv.save_mode == TLMI_SAVE_BULK)
1110 tlmi_priv.save_required = true;
1111 else
1112 ret = tlmi_save_bios_settings("");
1113 } else { /* old non-opcode based authentication method (deprecated) */
1114 if (tlmi_priv.pwd_admin->pwd_enabled && tlmi_priv.pwd_admin->password[0]) {
1115 auth_str = kasprintf(GFP_KERNEL, "%s,%s,%s;",
1116 tlmi_priv.pwd_admin->password,
1117 encoding_options[tlmi_priv.pwd_admin->encoding],
1118 tlmi_priv.pwd_admin->kbdlang);
1119 if (!auth_str) {
1120 ret = -ENOMEM;
1121 goto out;
1122 }
1123 }
1124
1125 if (auth_str)
1126 set_str = kasprintf(GFP_KERNEL, "%s,%s,%s", setting->name,
1127 new_setting, auth_str);
1128 else
1129 set_str = kasprintf(GFP_KERNEL, "%s,%s;", setting->name,
1130 new_setting);
1131 if (!set_str) {
1132 ret = -ENOMEM;
1133 goto out;
1134 }
1135
1136 ret = tlmi_simple_call(LENOVO_SET_BIOS_SETTINGS_GUID, set_str);
1137 if (ret)
1138 goto out;
1139
1140 if (tlmi_priv.save_mode == TLMI_SAVE_BULK) {
1141 tlmi_priv.save_required = true;
1142 } else {
1143 if (auth_str)
1144 ret = tlmi_save_bios_settings(auth_str);
1145 else
1146 ret = tlmi_save_bios_settings("");
1147 }
1148 }
1149 if (!ret && !tlmi_priv.pending_changes) {
1150 tlmi_priv.pending_changes = true;
1151 /* let userland know it may need to check reboot pending again */
1152 kobject_uevent(&tlmi_priv.class_dev->kobj, KOBJ_CHANGE);
1153 }
1154 out:
1155 mutex_unlock(&tlmi_mutex);
1156 kfree(auth_str);
1157 kfree(set_str);
1158 kfree(new_setting);
1159 return ret ?: count;
1160 }
1161
1162 static struct kobj_attribute attr_displ_name = __ATTR_RO(display_name);
1163
1164 static struct kobj_attribute attr_possible_values = __ATTR_RO(possible_values);
1165
1166 static struct kobj_attribute attr_current_val = __ATTR_RW_MODE(current_value, 0600);
1167
1168 static struct kobj_attribute attr_type = __ATTR_RO(type);
1169
attr_is_visible(struct kobject * kobj,struct attribute * attr,int n)1170 static umode_t attr_is_visible(struct kobject *kobj,
1171 struct attribute *attr, int n)
1172 {
1173 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj);
1174
1175 /* We don't want to display possible_values attributes if not available */
1176 if ((attr == &attr_possible_values.attr) && (!setting->possible_values))
1177 return 0;
1178
1179 return attr->mode;
1180 }
1181
1182 static struct attribute *tlmi_attrs[] = {
1183 &attr_displ_name.attr,
1184 &attr_current_val.attr,
1185 &attr_possible_values.attr,
1186 &attr_type.attr,
1187 NULL
1188 };
1189
1190 static const struct attribute_group tlmi_attr_group = {
1191 .is_visible = attr_is_visible,
1192 .attrs = tlmi_attrs,
1193 };
1194 __ATTRIBUTE_GROUPS(tlmi_attr);
1195
tlmi_attr_setting_release(struct kobject * kobj)1196 static void tlmi_attr_setting_release(struct kobject *kobj)
1197 {
1198 struct tlmi_attr_setting *setting = to_tlmi_attr_setting(kobj);
1199
1200 kfree(setting->possible_values);
1201 kfree(setting);
1202 }
1203
tlmi_pwd_setting_release(struct kobject * kobj)1204 static void tlmi_pwd_setting_release(struct kobject *kobj)
1205 {
1206 struct tlmi_pwd_setting *setting = to_tlmi_pwd_setting(kobj);
1207
1208 kfree(setting);
1209 }
1210
1211 static const struct kobj_type tlmi_attr_setting_ktype = {
1212 .release = &tlmi_attr_setting_release,
1213 .sysfs_ops = &kobj_sysfs_ops,
1214 .default_groups = tlmi_attr_groups,
1215 };
1216
1217 static const struct kobj_type tlmi_pwd_setting_ktype = {
1218 .release = &tlmi_pwd_setting_release,
1219 .sysfs_ops = &kobj_sysfs_ops,
1220 .default_groups = auth_attr_groups,
1221 };
1222
pending_reboot_show(struct kobject * kobj,struct kobj_attribute * attr,char * buf)1223 static ssize_t pending_reboot_show(struct kobject *kobj, struct kobj_attribute *attr,
1224 char *buf)
1225 {
1226 return sprintf(buf, "%d\n", tlmi_priv.pending_changes);
1227 }
1228
1229 static struct kobj_attribute pending_reboot = __ATTR_RO(pending_reboot);
1230
1231 static const char * const save_mode_strings[] = {
1232 [TLMI_SAVE_SINGLE] = "single",
1233 [TLMI_SAVE_BULK] = "bulk",
1234 [TLMI_SAVE_SAVE] = "save"
1235 };
1236
save_settings_show(struct kobject * kobj,struct kobj_attribute * attr,char * buf)1237 static ssize_t save_settings_show(struct kobject *kobj, struct kobj_attribute *attr,
1238 char *buf)
1239 {
1240 /* Check that setting is valid */
1241 if (WARN_ON(tlmi_priv.save_mode < TLMI_SAVE_SINGLE ||
1242 tlmi_priv.save_mode > TLMI_SAVE_BULK))
1243 return -EIO;
1244 return sysfs_emit(buf, "%s\n", save_mode_strings[tlmi_priv.save_mode]);
1245 }
1246
save_settings_store(struct kobject * kobj,struct kobj_attribute * attr,const char * buf,size_t count)1247 static ssize_t save_settings_store(struct kobject *kobj, struct kobj_attribute *attr,
1248 const char *buf, size_t count)
1249 {
1250 char *auth_str = NULL;
1251 int ret = 0;
1252 int cmd;
1253
1254 cmd = sysfs_match_string(save_mode_strings, buf);
1255 if (cmd < 0)
1256 return cmd;
1257
1258 /* Use lock in case multiple WMI operations needed */
1259 mutex_lock(&tlmi_mutex);
1260
1261 switch (cmd) {
1262 case TLMI_SAVE_SINGLE:
1263 case TLMI_SAVE_BULK:
1264 tlmi_priv.save_mode = cmd;
1265 goto out;
1266 case TLMI_SAVE_SAVE:
1267 /* Check if supported*/
1268 if (!tlmi_priv.can_set_bios_settings ||
1269 tlmi_priv.save_mode == TLMI_SAVE_SINGLE) {
1270 ret = -EOPNOTSUPP;
1271 goto out;
1272 }
1273 /* Check there is actually something to save */
1274 if (!tlmi_priv.save_required) {
1275 ret = -ENOENT;
1276 goto out;
1277 }
1278 /* Check if certificate authentication is enabled and active */
1279 if (tlmi_priv.certificate_support && tlmi_priv.pwd_admin->cert_installed) {
1280 if (!tlmi_priv.pwd_admin->signature ||
1281 !tlmi_priv.pwd_admin->save_signature) {
1282 ret = -EINVAL;
1283 goto out;
1284 }
1285 ret = tlmi_simple_call(LENOVO_SAVE_BIOS_SETTING_CERT_GUID,
1286 tlmi_priv.pwd_admin->save_signature);
1287 if (ret)
1288 goto out;
1289 } else if (tlmi_priv.opcode_support) {
1290 if (tlmi_priv.pwd_admin->pwd_enabled && tlmi_priv.pwd_admin->password[0]) {
1291 ret = tlmi_opcode_setting("WmiOpcodePasswordAdmin",
1292 tlmi_priv.pwd_admin->password);
1293 if (ret)
1294 goto out;
1295 }
1296 ret = tlmi_save_bios_settings("");
1297 } else { /* old non-opcode based authentication method (deprecated) */
1298 if (tlmi_priv.pwd_admin->pwd_enabled && tlmi_priv.pwd_admin->password[0]) {
1299 auth_str = kasprintf(GFP_KERNEL, "%s,%s,%s;",
1300 tlmi_priv.pwd_admin->password,
1301 encoding_options[tlmi_priv.pwd_admin->encoding],
1302 tlmi_priv.pwd_admin->kbdlang);
1303 if (!auth_str) {
1304 ret = -ENOMEM;
1305 goto out;
1306 }
1307 }
1308
1309 if (auth_str)
1310 ret = tlmi_save_bios_settings(auth_str);
1311 else
1312 ret = tlmi_save_bios_settings("");
1313 }
1314 tlmi_priv.save_required = false;
1315 tlmi_priv.reboot_required = true;
1316
1317 if (!ret && !tlmi_priv.pending_changes) {
1318 tlmi_priv.pending_changes = true;
1319 /* let userland know it may need to check reboot pending again */
1320 kobject_uevent(&tlmi_priv.class_dev->kobj, KOBJ_CHANGE);
1321 }
1322 break;
1323 }
1324 out:
1325 mutex_unlock(&tlmi_mutex);
1326 kfree(auth_str);
1327 return ret ?: count;
1328 }
1329
1330 static struct kobj_attribute save_settings = __ATTR_RW(save_settings);
1331
1332 /* ---- Debug interface--------------------------------------------------------- */
debug_cmd_store(struct kobject * kobj,struct kobj_attribute * attr,const char * buf,size_t count)1333 static ssize_t debug_cmd_store(struct kobject *kobj, struct kobj_attribute *attr,
1334 const char *buf, size_t count)
1335 {
1336 char *set_str = NULL, *new_setting = NULL;
1337 char *auth_str = NULL;
1338 int ret;
1339
1340 if (!tlmi_priv.can_debug_cmd)
1341 return -EOPNOTSUPP;
1342
1343 /* Strip out CR if one is present */
1344 new_setting = kstrdup_and_replace(buf, '\n', '\0', GFP_KERNEL);
1345 if (!new_setting)
1346 return -ENOMEM;
1347
1348 if (tlmi_priv.pwd_admin->pwd_enabled && tlmi_priv.pwd_admin->password[0]) {
1349 auth_str = kasprintf(GFP_KERNEL, "%s,%s,%s;",
1350 tlmi_priv.pwd_admin->password,
1351 encoding_options[tlmi_priv.pwd_admin->encoding],
1352 tlmi_priv.pwd_admin->kbdlang);
1353 if (!auth_str) {
1354 ret = -ENOMEM;
1355 goto out;
1356 }
1357 }
1358
1359 if (auth_str)
1360 set_str = kasprintf(GFP_KERNEL, "%s,%s", new_setting, auth_str);
1361 else
1362 set_str = kasprintf(GFP_KERNEL, "%s;", new_setting);
1363 if (!set_str) {
1364 ret = -ENOMEM;
1365 goto out;
1366 }
1367
1368 ret = tlmi_simple_call(LENOVO_DEBUG_CMD_GUID, set_str);
1369 if (ret)
1370 goto out;
1371
1372 if (!ret && !tlmi_priv.pending_changes) {
1373 tlmi_priv.pending_changes = true;
1374 /* let userland know it may need to check reboot pending again */
1375 kobject_uevent(&tlmi_priv.class_dev->kobj, KOBJ_CHANGE);
1376 }
1377 out:
1378 kfree(auth_str);
1379 kfree(set_str);
1380 kfree(new_setting);
1381 return ret ?: count;
1382 }
1383
1384 static struct kobj_attribute debug_cmd = __ATTR_WO(debug_cmd);
1385
1386 /* ---- Initialisation --------------------------------------------------------- */
tlmi_release_attr(void)1387 static void tlmi_release_attr(void)
1388 {
1389 struct kobject *pos, *n;
1390
1391 /* Attribute structures */
1392 sysfs_remove_file(&tlmi_priv.attribute_kset->kobj, &pending_reboot.attr);
1393 sysfs_remove_file(&tlmi_priv.attribute_kset->kobj, &save_settings.attr);
1394
1395 if (tlmi_priv.can_debug_cmd && debug_support)
1396 sysfs_remove_file(&tlmi_priv.attribute_kset->kobj, &debug_cmd.attr);
1397
1398 list_for_each_entry_safe(pos, n, &tlmi_priv.attribute_kset->list, entry)
1399 kobject_put(pos);
1400
1401 kset_unregister(tlmi_priv.attribute_kset);
1402
1403 /* Free up any saved signatures */
1404 kfree(tlmi_priv.pwd_admin->signature);
1405 kfree(tlmi_priv.pwd_admin->save_signature);
1406
1407 /* Authentication structures */
1408 list_for_each_entry_safe(pos, n, &tlmi_priv.authentication_kset->list, entry)
1409 kobject_put(pos);
1410
1411 kset_unregister(tlmi_priv.authentication_kset);
1412 }
1413
tlmi_validate_setting_name(struct kset * attribute_kset,char * name)1414 static int tlmi_validate_setting_name(struct kset *attribute_kset, char *name)
1415 {
1416 struct kobject *duplicate;
1417
1418 if (!strcmp(name, "Reserved"))
1419 return -EINVAL;
1420
1421 duplicate = kset_find_obj(attribute_kset, name);
1422 if (duplicate) {
1423 pr_debug("Duplicate attribute name found - %s\n", name);
1424 /* kset_find_obj() returns a reference */
1425 kobject_put(duplicate);
1426 return -EBUSY;
1427 }
1428
1429 return 0;
1430 }
1431
tlmi_sysfs_init(void)1432 static int tlmi_sysfs_init(void)
1433 {
1434 int i, ret;
1435
1436 tlmi_priv.class_dev = device_create(&firmware_attributes_class, NULL, MKDEV(0, 0),
1437 NULL, "%s", "thinklmi");
1438 if (IS_ERR(tlmi_priv.class_dev)) {
1439 ret = PTR_ERR(tlmi_priv.class_dev);
1440 goto fail_class_created;
1441 }
1442
1443 tlmi_priv.attribute_kset = kset_create_and_add("attributes", NULL,
1444 &tlmi_priv.class_dev->kobj);
1445 if (!tlmi_priv.attribute_kset) {
1446 ret = -ENOMEM;
1447 goto fail_device_created;
1448 }
1449
1450 tlmi_priv.authentication_kset = kset_create_and_add("authentication", NULL,
1451 &tlmi_priv.class_dev->kobj);
1452 if (!tlmi_priv.authentication_kset) {
1453 kset_unregister(tlmi_priv.attribute_kset);
1454 ret = -ENOMEM;
1455 goto fail_device_created;
1456 }
1457
1458 for (i = 0; i < TLMI_SETTINGS_COUNT; i++) {
1459 /* Check if index is a valid setting - skip if it isn't */
1460 if (!tlmi_priv.setting[i])
1461 continue;
1462
1463 /* check for duplicate or reserved values */
1464 if (tlmi_validate_setting_name(tlmi_priv.attribute_kset,
1465 tlmi_priv.setting[i]->display_name) < 0) {
1466 kfree(tlmi_priv.setting[i]->possible_values);
1467 kfree(tlmi_priv.setting[i]);
1468 tlmi_priv.setting[i] = NULL;
1469 continue;
1470 }
1471
1472 /* Build attribute */
1473 tlmi_priv.setting[i]->kobj.kset = tlmi_priv.attribute_kset;
1474 ret = kobject_init_and_add(&tlmi_priv.setting[i]->kobj, &tlmi_attr_setting_ktype,
1475 NULL, "%s", tlmi_priv.setting[i]->display_name);
1476 if (ret)
1477 goto fail_create_attr;
1478 }
1479
1480 ret = sysfs_create_file(&tlmi_priv.attribute_kset->kobj, &pending_reboot.attr);
1481 if (ret)
1482 goto fail_create_attr;
1483
1484 ret = sysfs_create_file(&tlmi_priv.attribute_kset->kobj, &save_settings.attr);
1485 if (ret)
1486 goto fail_create_attr;
1487
1488 if (tlmi_priv.can_debug_cmd && debug_support) {
1489 ret = sysfs_create_file(&tlmi_priv.attribute_kset->kobj, &debug_cmd.attr);
1490 if (ret)
1491 goto fail_create_attr;
1492 }
1493
1494 /* Create authentication entries */
1495 tlmi_priv.pwd_admin->kobj.kset = tlmi_priv.authentication_kset;
1496 ret = kobject_init_and_add(&tlmi_priv.pwd_admin->kobj, &tlmi_pwd_setting_ktype,
1497 NULL, "%s", "Admin");
1498 if (ret)
1499 goto fail_create_attr;
1500
1501 tlmi_priv.pwd_power->kobj.kset = tlmi_priv.authentication_kset;
1502 ret = kobject_init_and_add(&tlmi_priv.pwd_power->kobj, &tlmi_pwd_setting_ktype,
1503 NULL, "%s", "Power-on");
1504 if (ret)
1505 goto fail_create_attr;
1506
1507 if (tlmi_priv.opcode_support) {
1508 tlmi_priv.pwd_system->kobj.kset = tlmi_priv.authentication_kset;
1509 ret = kobject_init_and_add(&tlmi_priv.pwd_system->kobj, &tlmi_pwd_setting_ktype,
1510 NULL, "%s", "System");
1511 if (ret)
1512 goto fail_create_attr;
1513
1514 tlmi_priv.pwd_hdd->kobj.kset = tlmi_priv.authentication_kset;
1515 ret = kobject_init_and_add(&tlmi_priv.pwd_hdd->kobj, &tlmi_pwd_setting_ktype,
1516 NULL, "%s", "HDD");
1517 if (ret)
1518 goto fail_create_attr;
1519
1520 tlmi_priv.pwd_nvme->kobj.kset = tlmi_priv.authentication_kset;
1521 ret = kobject_init_and_add(&tlmi_priv.pwd_nvme->kobj, &tlmi_pwd_setting_ktype,
1522 NULL, "%s", "NVMe");
1523 if (ret)
1524 goto fail_create_attr;
1525 }
1526
1527 return ret;
1528
1529 fail_create_attr:
1530 tlmi_release_attr();
1531 fail_device_created:
1532 device_unregister(tlmi_priv.class_dev);
1533 fail_class_created:
1534 return ret;
1535 }
1536
1537 /* ---- Base Driver -------------------------------------------------------- */
tlmi_create_auth(const char * pwd_type,const char * pwd_role)1538 static struct tlmi_pwd_setting *tlmi_create_auth(const char *pwd_type,
1539 const char *pwd_role)
1540 {
1541 struct tlmi_pwd_setting *new_pwd;
1542
1543 new_pwd = kzalloc(sizeof(struct tlmi_pwd_setting), GFP_KERNEL);
1544 if (!new_pwd)
1545 return NULL;
1546
1547 strscpy(new_pwd->kbdlang, "us");
1548 new_pwd->encoding = TLMI_ENCODING_ASCII;
1549 new_pwd->pwd_type = pwd_type;
1550 new_pwd->role = pwd_role;
1551 new_pwd->minlen = tlmi_priv.pwdcfg.core.min_length;
1552 new_pwd->maxlen = tlmi_priv.pwdcfg.core.max_length;
1553 new_pwd->index = 0;
1554
1555 return new_pwd;
1556 }
1557
tlmi_analyze(struct wmi_device * wdev)1558 static int tlmi_analyze(struct wmi_device *wdev)
1559 {
1560 int i, ret;
1561
1562 if (wmi_has_guid(LENOVO_SET_BIOS_SETTINGS_GUID) &&
1563 wmi_has_guid(LENOVO_SAVE_BIOS_SETTINGS_GUID))
1564 tlmi_priv.can_set_bios_settings = true;
1565
1566 if (wmi_has_guid(LENOVO_GET_BIOS_SELECTIONS_GUID))
1567 tlmi_priv.can_get_bios_selections = true;
1568
1569 if (wmi_has_guid(LENOVO_SET_BIOS_PASSWORD_GUID))
1570 tlmi_priv.can_set_bios_password = true;
1571
1572 if (wmi_has_guid(LENOVO_BIOS_PASSWORD_SETTINGS_GUID))
1573 tlmi_priv.can_get_password_settings = true;
1574
1575 if (wmi_has_guid(LENOVO_DEBUG_CMD_GUID))
1576 tlmi_priv.can_debug_cmd = true;
1577
1578 if (wmi_has_guid(LENOVO_OPCODE_IF_GUID))
1579 tlmi_priv.opcode_support = true;
1580
1581 if (wmi_has_guid(LENOVO_SET_BIOS_CERT_GUID) &&
1582 wmi_has_guid(LENOVO_SET_BIOS_SETTING_CERT_GUID) &&
1583 wmi_has_guid(LENOVO_SAVE_BIOS_SETTING_CERT_GUID))
1584 tlmi_priv.certificate_support = true;
1585
1586 /*
1587 * Try to find the number of valid settings of this machine
1588 * and use it to create sysfs attributes.
1589 */
1590 for (i = 0; i < TLMI_SETTINGS_COUNT; ++i) {
1591 struct tlmi_attr_setting *setting;
1592 char *item = NULL;
1593
1594 tlmi_priv.setting[i] = NULL;
1595 ret = tlmi_setting(wdev, i, &item);
1596 if (ret)
1597 break;
1598 if (!item)
1599 break;
1600 if (!*item) {
1601 kfree(item);
1602 continue;
1603 }
1604
1605 /* Remove the value part */
1606 strreplace(item, ',', '\0');
1607
1608 /* Create a setting entry */
1609 setting = kzalloc(sizeof(*setting), GFP_KERNEL);
1610 if (!setting) {
1611 ret = -ENOMEM;
1612 kfree(item);
1613 goto fail_clear_attr;
1614 }
1615 setting->wdev = wdev;
1616 setting->index = i;
1617
1618 strscpy(setting->name, item);
1619 /* It is not allowed to have '/' for file name. Convert it into '\'. */
1620 strreplace(item, '/', '\\');
1621 strscpy(setting->display_name, item);
1622
1623 /* If BIOS selections supported, load those */
1624 if (tlmi_priv.can_get_bios_selections) {
1625 ret = tlmi_get_bios_selections(setting->name,
1626 &setting->possible_values);
1627 if (ret || !setting->possible_values)
1628 pr_info("Error retrieving possible values for %d : %s\n",
1629 i, setting->display_name);
1630 } else {
1631 /*
1632 * Older Thinkstations don't support the bios_selections API.
1633 * Instead they store this as a [Optional:Option1,Option2] section of the
1634 * name string.
1635 * Try and pull that out if it's available.
1636 */
1637 char *optitem, *optstart, *optend;
1638
1639 if (!tlmi_setting(setting->wdev, setting->index, &optitem)) {
1640 optstart = strstr(optitem, "[Optional:");
1641 if (optstart) {
1642 optstart += strlen("[Optional:");
1643 optend = strstr(optstart, "]");
1644 if (optend)
1645 setting->possible_values =
1646 kstrndup(optstart, optend - optstart,
1647 GFP_KERNEL);
1648 }
1649 kfree(optitem);
1650 }
1651 }
1652 /*
1653 * firmware-attributes requires that possible_values are separated by ';' but
1654 * Lenovo FW uses ','. Replace appropriately.
1655 */
1656 if (setting->possible_values)
1657 strreplace(setting->possible_values, ',', ';');
1658
1659 tlmi_priv.setting[i] = setting;
1660 kfree(item);
1661 }
1662
1663 /* Create password setting structure */
1664 ret = tlmi_get_pwd_settings(&tlmi_priv.pwdcfg);
1665 if (ret)
1666 goto fail_clear_attr;
1667
1668 /* All failures below boil down to kmalloc failures */
1669 ret = -ENOMEM;
1670
1671 tlmi_priv.pwd_admin = tlmi_create_auth("pap", "bios-admin");
1672 if (!tlmi_priv.pwd_admin)
1673 goto fail_clear_attr;
1674
1675 if (tlmi_priv.pwdcfg.core.password_state & TLMI_PAP_PWD)
1676 tlmi_priv.pwd_admin->pwd_enabled = true;
1677
1678 tlmi_priv.pwd_power = tlmi_create_auth("pop", "power-on");
1679 if (!tlmi_priv.pwd_power)
1680 goto fail_clear_attr;
1681
1682 if (tlmi_priv.pwdcfg.core.password_state & TLMI_POP_PWD)
1683 tlmi_priv.pwd_power->pwd_enabled = true;
1684
1685 if (tlmi_priv.opcode_support) {
1686 tlmi_priv.pwd_system = tlmi_create_auth("smp", "system");
1687 if (!tlmi_priv.pwd_system)
1688 goto fail_clear_attr;
1689
1690 if (tlmi_priv.pwdcfg.core.password_state & TLMI_SMP_PWD)
1691 tlmi_priv.pwd_system->pwd_enabled = true;
1692
1693 tlmi_priv.pwd_hdd = tlmi_create_auth("hdd", "hdd");
1694 if (!tlmi_priv.pwd_hdd)
1695 goto fail_clear_attr;
1696
1697 tlmi_priv.pwd_nvme = tlmi_create_auth("nvm", "nvme");
1698 if (!tlmi_priv.pwd_nvme)
1699 goto fail_clear_attr;
1700
1701 /* Set default hdd/nvme index to 1 as there is no device 0 */
1702 tlmi_priv.pwd_hdd->index = 1;
1703 tlmi_priv.pwd_nvme->index = 1;
1704
1705 if (tlmi_priv.pwdcfg.core.password_state & TLMI_HDD_PWD) {
1706 /* Check if PWD is configured and set index to first drive found */
1707 if (tlmi_priv.pwdcfg.ext.hdd_user_password ||
1708 tlmi_priv.pwdcfg.ext.hdd_master_password) {
1709 tlmi_priv.pwd_hdd->pwd_enabled = true;
1710 if (tlmi_priv.pwdcfg.ext.hdd_master_password)
1711 tlmi_priv.pwd_hdd->index =
1712 ffs(tlmi_priv.pwdcfg.ext.hdd_master_password) - 1;
1713 else
1714 tlmi_priv.pwd_hdd->index =
1715 ffs(tlmi_priv.pwdcfg.ext.hdd_user_password) - 1;
1716 }
1717 if (tlmi_priv.pwdcfg.ext.nvme_user_password ||
1718 tlmi_priv.pwdcfg.ext.nvme_master_password) {
1719 tlmi_priv.pwd_nvme->pwd_enabled = true;
1720 if (tlmi_priv.pwdcfg.ext.nvme_master_password)
1721 tlmi_priv.pwd_nvme->index =
1722 ffs(tlmi_priv.pwdcfg.ext.nvme_master_password) - 1;
1723 else
1724 tlmi_priv.pwd_nvme->index =
1725 ffs(tlmi_priv.pwdcfg.ext.nvme_user_password) - 1;
1726 }
1727 }
1728 }
1729
1730 if (tlmi_priv.certificate_support) {
1731 tlmi_priv.pwd_admin->cert_installed =
1732 tlmi_priv.pwdcfg.core.password_state & TLMI_CERT_SVC;
1733 tlmi_priv.pwd_system->cert_installed =
1734 tlmi_priv.pwdcfg.core.password_state & TLMI_CERT_SMC;
1735 }
1736 return 0;
1737
1738 fail_clear_attr:
1739 for (i = 0; i < TLMI_SETTINGS_COUNT; ++i) {
1740 if (tlmi_priv.setting[i]) {
1741 kfree(tlmi_priv.setting[i]->possible_values);
1742 kfree(tlmi_priv.setting[i]);
1743 }
1744 }
1745 kfree(tlmi_priv.pwd_admin);
1746 kfree(tlmi_priv.pwd_power);
1747 kfree(tlmi_priv.pwd_system);
1748 kfree(tlmi_priv.pwd_hdd);
1749 kfree(tlmi_priv.pwd_nvme);
1750 return ret;
1751 }
1752
tlmi_remove(struct wmi_device * wdev)1753 static void tlmi_remove(struct wmi_device *wdev)
1754 {
1755 tlmi_release_attr();
1756 device_unregister(tlmi_priv.class_dev);
1757 }
1758
tlmi_probe(struct wmi_device * wdev,const void * context)1759 static int tlmi_probe(struct wmi_device *wdev, const void *context)
1760 {
1761 int ret;
1762
1763 ret = tlmi_analyze(wdev);
1764 if (ret)
1765 return ret;
1766
1767 return tlmi_sysfs_init();
1768 }
1769
1770 static const struct wmi_device_id tlmi_id_table[] = {
1771 { .guid_string = LENOVO_BIOS_SETTING_GUID },
1772 { }
1773 };
1774 MODULE_DEVICE_TABLE(wmi, tlmi_id_table);
1775
1776 static struct wmi_driver tlmi_driver = {
1777 .driver = {
1778 .name = "think-lmi",
1779 },
1780 .id_table = tlmi_id_table,
1781 .probe = tlmi_probe,
1782 .remove = tlmi_remove,
1783 };
1784
1785 MODULE_AUTHOR("Sugumaran L <slacshiminar@lenovo.com>");
1786 MODULE_AUTHOR("Mark Pearson <markpearson@lenovo.com>");
1787 MODULE_AUTHOR("Corentin Chary <corentin.chary@gmail.com>");
1788 MODULE_DESCRIPTION("ThinkLMI Driver");
1789 MODULE_LICENSE("GPL");
1790
1791 module_wmi_driver(tlmi_driver);
1792