1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Functions corresponding to password object type attributes under 4 * BIOS PASSWORD for use with hp-bioscfg driver. 5 * 6 * Copyright (c) 2022 HP Development Company, L.P. 7 */ 8 9 #include "bioscfg.h" 10 11 GET_INSTANCE_ID(password); 12 /* 13 * Clear all passwords copied to memory for a particular 14 * authentication instance 15 */ 16 static int clear_passwords(const int instance) 17 { 18 struct password_data *password_data = &bioscfg_drv.password_data[instance]; 19 20 if (!password_data->is_enabled) 21 return 0; 22 23 memset(password_data->current_password, 24 0, sizeof(password_data->current_password)); 25 memset(password_data->new_password, 26 0, sizeof(password_data->new_password)); 27 28 return 0; 29 } 30 31 /* 32 * Clear all credentials copied to memory for both Power-ON and Setup 33 * BIOS instances 34 */ 35 int hp_clear_all_credentials(void) 36 { 37 int count = bioscfg_drv.password_instances_count; 38 int instance; 39 40 /* clear all passwords */ 41 for (instance = 0; instance < count; instance++) 42 clear_passwords(instance); 43 44 /* clear auth_token */ 45 kfree(bioscfg_drv.spm_data.auth_token); 46 bioscfg_drv.spm_data.auth_token = NULL; 47 48 return 0; 49 } 50 51 int hp_get_password_instance_for_type(const char *name) 52 { 53 int count = bioscfg_drv.password_instances_count; 54 int instance; 55 56 for (instance = 0; instance < count; instance++) 57 if (!strcmp(bioscfg_drv.password_data[instance].common.display_name, name)) 58 return instance; 59 60 return -EINVAL; 61 } 62 63 static int validate_password_input(int instance_id, const char *buf) 64 { 65 int length; 66 struct password_data *password_data = &bioscfg_drv.password_data[instance_id]; 67 68 length = strlen(buf); 69 if (buf[length - 1] == '\n') 70 length--; 71 72 if (length > MAX_PASSWD_SIZE) 73 return INVALID_BIOS_AUTH; 74 75 if (password_data->min_password_length > length || 76 password_data->max_password_length < length) 77 return INVALID_BIOS_AUTH; 78 return SUCCESS; 79 } 80 81 ATTRIBUTE_N_PROPERTY_SHOW(is_enabled, password); 82 static struct kobj_attribute password_is_password_set = __ATTR_RO(is_enabled); 83 84 static int store_password_instance(struct kobject *kobj, const char *buf, 85 size_t count, bool is_current) 86 { 87 char *buf_cp; 88 int id, ret = 0; 89 90 buf_cp = kstrdup(buf, GFP_KERNEL); 91 if (!buf_cp) 92 return -ENOMEM; 93 94 ret = hp_enforce_single_line_input(buf_cp, count); 95 if (!ret) { 96 id = get_password_instance_id(kobj); 97 98 if (id >= 0) 99 ret = validate_password_input(id, buf_cp); 100 } 101 102 if (!ret) { 103 if (is_current) 104 strscpy(bioscfg_drv.password_data[id].current_password, 105 buf_cp, 106 sizeof(bioscfg_drv.password_data[id].current_password)); 107 else 108 strscpy(bioscfg_drv.password_data[id].new_password, 109 buf_cp, 110 sizeof(bioscfg_drv.password_data[id].new_password)); 111 } 112 113 kfree(buf_cp); 114 return ret < 0 ? ret : count; 115 } 116 117 static ssize_t current_password_store(struct kobject *kobj, 118 struct kobj_attribute *attr, 119 const char *buf, size_t count) 120 { 121 return store_password_instance(kobj, buf, count, true); 122 } 123 124 static struct kobj_attribute password_current_password = __ATTR_WO(current_password); 125 126 static ssize_t new_password_store(struct kobject *kobj, 127 struct kobj_attribute *attr, 128 const char *buf, size_t count) 129 { 130 return store_password_instance(kobj, buf, count, true); 131 } 132 133 static struct kobj_attribute password_new_password = __ATTR_WO(new_password); 134 135 ATTRIBUTE_N_PROPERTY_SHOW(min_password_length, password); 136 static struct kobj_attribute password_min_password_length = __ATTR_RO(min_password_length); 137 138 ATTRIBUTE_N_PROPERTY_SHOW(max_password_length, password); 139 static struct kobj_attribute password_max_password_length = __ATTR_RO(max_password_length); 140 141 static ssize_t role_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) 142 { 143 if (!strcmp(kobj->name, SETUP_PASSWD)) 144 return sysfs_emit(buf, "%s\n", BIOS_ADMIN); 145 146 if (!strcmp(kobj->name, POWER_ON_PASSWD)) 147 return sysfs_emit(buf, "%s\n", POWER_ON); 148 149 return -EIO; 150 } 151 152 static struct kobj_attribute password_role = __ATTR_RO(role); 153 154 static ssize_t mechanism_show(struct kobject *kobj, struct kobj_attribute *attr, 155 char *buf) 156 { 157 int i = get_password_instance_id(kobj); 158 159 if (i < 0) 160 return i; 161 162 if (bioscfg_drv.password_data[i].mechanism != PASSWORD) 163 return -EINVAL; 164 165 return sysfs_emit(buf, "%s\n", PASSWD_MECHANISM_TYPES); 166 } 167 168 static struct kobj_attribute password_mechanism = __ATTR_RO(mechanism); 169 170 ATTRIBUTE_VALUES_PROPERTY_SHOW(encodings, password, SEMICOLON_SEP); 171 static struct kobj_attribute password_encodings_val = __ATTR_RO(encodings); 172 173 static struct attribute *password_attrs[] = { 174 &password_is_password_set.attr, 175 &password_min_password_length.attr, 176 &password_max_password_length.attr, 177 &password_current_password.attr, 178 &password_new_password.attr, 179 &password_role.attr, 180 &password_mechanism.attr, 181 &password_encodings_val.attr, 182 NULL 183 }; 184 185 static const struct attribute_group password_attr_group = { 186 .attrs = password_attrs 187 }; 188 189 int hp_alloc_password_data(void) 190 { 191 bioscfg_drv.password_instances_count = hp_get_instance_count(HP_WMI_BIOS_PASSWORD_GUID); 192 bioscfg_drv.password_data = kcalloc(bioscfg_drv.password_instances_count, 193 sizeof(*bioscfg_drv.password_data), GFP_KERNEL); 194 if (!bioscfg_drv.password_data) { 195 bioscfg_drv.password_instances_count = 0; 196 return -ENOMEM; 197 } 198 199 return 0; 200 } 201 202 /* Expected Values types associated with each element */ 203 static const acpi_object_type expected_password_types[] = { 204 [NAME] = ACPI_TYPE_STRING, 205 [VALUE] = ACPI_TYPE_STRING, 206 [PATH] = ACPI_TYPE_STRING, 207 [IS_READONLY] = ACPI_TYPE_INTEGER, 208 [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER, 209 [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER, 210 [SEQUENCE] = ACPI_TYPE_INTEGER, 211 [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER, 212 [PREREQUISITES] = ACPI_TYPE_STRING, 213 [SECURITY_LEVEL] = ACPI_TYPE_INTEGER, 214 [PSWD_MIN_LENGTH] = ACPI_TYPE_INTEGER, 215 [PSWD_MAX_LENGTH] = ACPI_TYPE_INTEGER, 216 [PSWD_SIZE] = ACPI_TYPE_INTEGER, 217 [PSWD_ENCODINGS] = ACPI_TYPE_STRING, 218 [PSWD_IS_SET] = ACPI_TYPE_INTEGER, 219 }; 220 221 static int hp_populate_password_elements_from_package(union acpi_object *password_obj, 222 int password_obj_count, 223 int instance_id) 224 { 225 char *str_value = NULL; 226 int value_len; 227 int ret; 228 u32 size; 229 u32 int_value = 0; 230 int elem; 231 int reqs; 232 int eloc; 233 int pos_values; 234 struct password_data *password_data = &bioscfg_drv.password_data[instance_id]; 235 236 if (!password_obj) 237 return -EINVAL; 238 239 for (elem = 1, eloc = 1; elem < password_obj_count; elem++, eloc++) { 240 /* ONLY look at the first PASSWORD_ELEM_CNT elements */ 241 if (eloc == PSWD_ELEM_CNT) 242 goto exit_package; 243 244 switch (password_obj[elem].type) { 245 case ACPI_TYPE_STRING: 246 if (PREREQUISITES != elem && PSWD_ENCODINGS != elem) { 247 ret = hp_convert_hexstr_to_str(password_obj[elem].string.pointer, 248 password_obj[elem].string.length, 249 &str_value, &value_len); 250 if (ret) 251 continue; 252 } 253 break; 254 case ACPI_TYPE_INTEGER: 255 int_value = (u32)password_obj[elem].integer.value; 256 break; 257 default: 258 pr_warn("Unsupported object type [%d]\n", password_obj[elem].type); 259 continue; 260 } 261 262 /* Check that both expected and read object type match */ 263 if (expected_password_types[eloc] != password_obj[elem].type) { 264 pr_err("Error expected type %d for elem %d, but got type %d instead\n", 265 expected_password_types[eloc], elem, password_obj[elem].type); 266 kfree(str_value); 267 return -EIO; 268 } 269 270 /* Assign appropriate element value to corresponding field*/ 271 switch (eloc) { 272 case VALUE: 273 break; 274 case PATH: 275 strscpy(password_data->common.path, str_value, 276 sizeof(password_data->common.path)); 277 break; 278 case IS_READONLY: 279 password_data->common.is_readonly = int_value; 280 break; 281 case DISPLAY_IN_UI: 282 password_data->common.display_in_ui = int_value; 283 break; 284 case REQUIRES_PHYSICAL_PRESENCE: 285 password_data->common.requires_physical_presence = int_value; 286 break; 287 case SEQUENCE: 288 password_data->common.sequence = int_value; 289 break; 290 case PREREQUISITES_SIZE: 291 if (int_value > MAX_PREREQUISITES_SIZE) { 292 pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n"); 293 int_value = MAX_PREREQUISITES_SIZE; 294 } 295 password_data->common.prerequisites_size = int_value; 296 297 /* This step is needed to keep the expected 298 * element list pointing to the right obj[elem].type 299 * when the size is zero. PREREQUISITES 300 * object is omitted by BIOS when the size is 301 * zero. 302 */ 303 if (int_value == 0) 304 eloc++; 305 break; 306 case PREREQUISITES: 307 size = min_t(u32, password_data->common.prerequisites_size, 308 MAX_PREREQUISITES_SIZE); 309 310 for (reqs = 0; reqs < size; reqs++) { 311 ret = hp_convert_hexstr_to_str(password_obj[elem + reqs].string.pointer, 312 password_obj[elem + reqs].string.length, 313 &str_value, &value_len); 314 315 if (ret) 316 break; 317 318 strscpy(password_data->common.prerequisites[reqs], 319 str_value, 320 sizeof(password_data->common.prerequisites[reqs])); 321 322 kfree(str_value); 323 str_value = NULL; 324 325 } 326 break; 327 case SECURITY_LEVEL: 328 password_data->common.security_level = int_value; 329 break; 330 case PSWD_MIN_LENGTH: 331 password_data->min_password_length = int_value; 332 break; 333 case PSWD_MAX_LENGTH: 334 password_data->max_password_length = int_value; 335 break; 336 case PSWD_SIZE: 337 338 if (int_value > MAX_ENCODINGS_SIZE) { 339 pr_warn("Password Encoding size value exceeded the maximum number of elements supported or data may be malformed\n"); 340 int_value = MAX_ENCODINGS_SIZE; 341 } 342 password_data->encodings_size = int_value; 343 344 /* This step is needed to keep the expected 345 * element list pointing to the right obj[elem].type 346 * when the size is zero. PSWD_ENCODINGS 347 * object is omitted by BIOS when the size is 348 * zero. 349 */ 350 if (int_value == 0) 351 eloc++; 352 break; 353 case PSWD_ENCODINGS: 354 size = min_t(u32, password_data->encodings_size, MAX_ENCODINGS_SIZE); 355 for (pos_values = 0; pos_values < size; pos_values++) { 356 ret = hp_convert_hexstr_to_str(password_obj[elem + pos_values].string.pointer, 357 password_obj[elem + pos_values].string.length, 358 &str_value, &value_len); 359 if (ret) 360 break; 361 362 strscpy(password_data->encodings[pos_values], 363 str_value, 364 sizeof(password_data->encodings[pos_values])); 365 kfree(str_value); 366 str_value = NULL; 367 368 } 369 break; 370 case PSWD_IS_SET: 371 password_data->is_enabled = int_value; 372 break; 373 default: 374 pr_warn("Invalid element: %d found in Password attribute or data may be malformed\n", elem); 375 break; 376 } 377 378 kfree(str_value); 379 str_value = NULL; 380 } 381 382 exit_package: 383 kfree(str_value); 384 return 0; 385 } 386 387 /** 388 * hp_populate_password_package_data() 389 * Populate all properties for an instance under password attribute 390 * 391 * @password_obj: ACPI object with password data 392 * @instance_id: The instance to enumerate 393 * @attr_name_kobj: The parent kernel object 394 */ 395 int hp_populate_password_package_data(union acpi_object *password_obj, int instance_id, 396 struct kobject *attr_name_kobj) 397 { 398 struct password_data *password_data = &bioscfg_drv.password_data[instance_id]; 399 400 password_data->attr_name_kobj = attr_name_kobj; 401 402 hp_populate_password_elements_from_package(password_obj, 403 password_obj->package.count, 404 instance_id); 405 406 hp_friendly_user_name_update(password_data->common.path, 407 attr_name_kobj->name, 408 password_data->common.display_name, 409 sizeof(password_data->common.display_name)); 410 411 if (!strcmp(attr_name_kobj->name, SETUP_PASSWD)) 412 return sysfs_create_group(attr_name_kobj, &password_attr_group); 413 414 return sysfs_create_group(attr_name_kobj, &password_attr_group); 415 } 416 417 static int hp_populate_password_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size, 418 int instance_id) 419 { 420 int values; 421 int isreadonly; 422 struct password_data *password_data = &bioscfg_drv.password_data[instance_id]; 423 int ret = 0; 424 425 /* 426 * Only data relevant to this driver and its functionality is 427 * read. BIOS defines the order in which each * element is 428 * read. Element 0 data is not relevant to this 429 * driver hence it is ignored. For clarity, all element names 430 * (DISPLAY_IN_UI) which defines the order in which is read 431 * and the name matches the variable where the data is stored. 432 * 433 * In earlier implementation, reported errors were ignored 434 * causing the data to remain uninitialized. It is not 435 * possible to determine if data read from BIOS is valid or 436 * not. It is for this reason functions may return a error 437 * without validating the data itself. 438 */ 439 440 // VALUE: 441 ret = hp_get_string_from_buffer(&buffer_ptr, buffer_size, password_data->current_password, 442 sizeof(password_data->current_password)); 443 if (ret < 0) 444 goto buffer_exit; 445 446 // COMMON: 447 ret = hp_get_common_data_from_buffer(&buffer_ptr, buffer_size, 448 &password_data->common); 449 if (ret < 0) 450 goto buffer_exit; 451 452 // PSWD_MIN_LENGTH: 453 ret = hp_get_integer_from_buffer(&buffer_ptr, buffer_size, 454 &password_data->min_password_length); 455 if (ret < 0) 456 goto buffer_exit; 457 458 // PSWD_MAX_LENGTH: 459 ret = hp_get_integer_from_buffer(&buffer_ptr, buffer_size, 460 &password_data->max_password_length); 461 if (ret < 0) 462 goto buffer_exit; 463 464 // PSWD_SIZE: 465 ret = hp_get_integer_from_buffer(&buffer_ptr, buffer_size, 466 &password_data->encodings_size); 467 if (ret < 0) 468 goto buffer_exit; 469 470 if (password_data->encodings_size > MAX_ENCODINGS_SIZE) { 471 /* Report a message and limit possible values size to maximum value */ 472 pr_warn("Password Encoding size value exceeded the maximum number of elements supported or data may be malformed\n"); 473 password_data->encodings_size = MAX_ENCODINGS_SIZE; 474 } 475 476 // PSWD_ENCODINGS: 477 for (values = 0; values < password_data->encodings_size; values++) { 478 ret = hp_get_string_from_buffer(&buffer_ptr, buffer_size, 479 password_data->encodings[values], 480 sizeof(password_data->encodings[values])); 481 if (ret < 0) 482 break; 483 } 484 485 // PSWD_IS_SET: 486 ret = hp_get_integer_from_buffer(&buffer_ptr, buffer_size, &isreadonly); 487 if (ret < 0) 488 goto buffer_exit; 489 490 password_data->is_enabled = isreadonly ? true : false; 491 492 buffer_exit: 493 return ret; 494 } 495 496 /** 497 * hp_populate_password_buffer_data() 498 * Populate all properties for an instance under password object attribute 499 * 500 * @buffer_ptr: Buffer pointer 501 * @buffer_size: Buffer size 502 * @instance_id: The instance to enumerate 503 * @attr_name_kobj: The parent kernel object 504 */ 505 int hp_populate_password_buffer_data(u8 *buffer_ptr, u32 *buffer_size, int instance_id, 506 struct kobject *attr_name_kobj) 507 { 508 struct password_data *password_data = &bioscfg_drv.password_data[instance_id]; 509 int ret = 0; 510 511 password_data->attr_name_kobj = attr_name_kobj; 512 513 /* Populate Password attributes */ 514 ret = hp_populate_password_elements_from_buffer(buffer_ptr, buffer_size, 515 instance_id); 516 if (ret < 0) 517 return ret; 518 519 hp_friendly_user_name_update(password_data->common.path, 520 attr_name_kobj->name, 521 password_data->common.display_name, 522 sizeof(password_data->common.display_name)); 523 if (!strcmp(attr_name_kobj->name, SETUP_PASSWD)) 524 return sysfs_create_group(attr_name_kobj, &password_attr_group); 525 526 return sysfs_create_group(attr_name_kobj, &password_attr_group); 527 } 528 529 /** 530 * hp_exit_password_attributes() - Clear all attribute data 531 * 532 * Clears all data allocated for this group of attributes 533 */ 534 void hp_exit_password_attributes(void) 535 { 536 int instance_id; 537 538 for (instance_id = 0; instance_id < bioscfg_drv.password_instances_count; 539 instance_id++) { 540 struct kobject *attr_name_kobj = 541 bioscfg_drv.password_data[instance_id].attr_name_kobj; 542 543 if (attr_name_kobj) { 544 if (!strcmp(attr_name_kobj->name, SETUP_PASSWD)) 545 sysfs_remove_group(attr_name_kobj, 546 &password_attr_group); 547 else 548 sysfs_remove_group(attr_name_kobj, 549 &password_attr_group); 550 } 551 } 552 bioscfg_drv.password_instances_count = 0; 553 kfree(bioscfg_drv.password_data); 554 bioscfg_drv.password_data = NULL; 555 } 556