// SPDX-License-Identifier: GPL-2.0 /* * Functions corresponding to password object type attributes under * BIOS PASSWORD for use with hp-bioscfg driver. * * Copyright (c) 2022 HP Development Company, L.P. */ #include "bioscfg.h" GET_INSTANCE_ID(password); /* * Clear all passwords copied to memory for a particular * authentication instance */ static int clear_passwords(const int instance) { struct password_data *password_data = &bioscfg_drv.password_data[instance]; if (!password_data->is_enabled) return 0; memset(password_data->current_password, 0, sizeof(password_data->current_password)); memset(password_data->new_password, 0, sizeof(password_data->new_password)); return 0; } /* * Clear all credentials copied to memory for both Power-ON and Setup * BIOS instances */ int hp_clear_all_credentials(void) { int count = bioscfg_drv.password_instances_count; int instance; /* clear all passwords */ for (instance = 0; instance < count; instance++) clear_passwords(instance); /* clear auth_token */ kfree(bioscfg_drv.spm_data.auth_token); bioscfg_drv.spm_data.auth_token = NULL; return 0; } int hp_get_password_instance_for_type(const char *name) { int count = bioscfg_drv.password_instances_count; int instance; for (instance = 0; instance < count; instance++) if (!strcmp(bioscfg_drv.password_data[instance].common.display_name, name)) return instance; return -EINVAL; } static int validate_password_input(int instance_id, const char *buf) { int length; struct password_data *password_data = &bioscfg_drv.password_data[instance_id]; length = strlen(buf); if (buf[length - 1] == '\n') length--; if (length > MAX_PASSWD_SIZE) return INVALID_BIOS_AUTH; if (password_data->min_password_length > length || password_data->max_password_length < length) return INVALID_BIOS_AUTH; return SUCCESS; } ATTRIBUTE_N_PROPERTY_SHOW(is_enabled, password); static struct kobj_attribute password_is_password_set = __ATTR_RO(is_enabled); static int store_password_instance(struct kobject *kobj, const char *buf, size_t count, bool is_current) { char *buf_cp; int id, ret = 0; buf_cp = kstrdup(buf, GFP_KERNEL); if (!buf_cp) return -ENOMEM; ret = hp_enforce_single_line_input(buf_cp, count); if (!ret) { id = get_password_instance_id(kobj); if (id >= 0) ret = validate_password_input(id, buf_cp); } if (!ret) { if (is_current) strscpy(bioscfg_drv.password_data[id].current_password, buf_cp, sizeof(bioscfg_drv.password_data[id].current_password)); else strscpy(bioscfg_drv.password_data[id].new_password, buf_cp, sizeof(bioscfg_drv.password_data[id].new_password)); } kfree(buf_cp); return ret < 0 ? ret : count; } static ssize_t current_password_store(struct kobject *kobj, struct kobj_attribute *attr, const char *buf, size_t count) { return store_password_instance(kobj, buf, count, true); } static struct kobj_attribute password_current_password = __ATTR_WO(current_password); static ssize_t new_password_store(struct kobject *kobj, struct kobj_attribute *attr, const char *buf, size_t count) { return store_password_instance(kobj, buf, count, true); } static struct kobj_attribute password_new_password = __ATTR_WO(new_password); ATTRIBUTE_N_PROPERTY_SHOW(min_password_length, password); static struct kobj_attribute password_min_password_length = __ATTR_RO(min_password_length); ATTRIBUTE_N_PROPERTY_SHOW(max_password_length, password); static struct kobj_attribute password_max_password_length = __ATTR_RO(max_password_length); static ssize_t role_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) { if (!strcmp(kobj->name, SETUP_PASSWD)) return sysfs_emit(buf, "%s\n", BIOS_ADMIN); if (!strcmp(kobj->name, POWER_ON_PASSWD)) return sysfs_emit(buf, "%s\n", POWER_ON); return -EIO; } static struct kobj_attribute password_role = __ATTR_RO(role); static ssize_t mechanism_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) { int i = get_password_instance_id(kobj); if (i < 0) return i; if (bioscfg_drv.password_data[i].mechanism != PASSWORD) return -EINVAL; return sysfs_emit(buf, "%s\n", PASSWD_MECHANISM_TYPES); } static struct kobj_attribute password_mechanism = __ATTR_RO(mechanism); ATTRIBUTE_VALUES_PROPERTY_SHOW(encodings, password, SEMICOLON_SEP); static struct kobj_attribute password_encodings_val = __ATTR_RO(encodings); static struct attribute *password_attrs[] = { &password_is_password_set.attr, &password_min_password_length.attr, &password_max_password_length.attr, &password_current_password.attr, &password_new_password.attr, &password_role.attr, &password_mechanism.attr, &password_encodings_val.attr, NULL }; static const struct attribute_group password_attr_group = { .attrs = password_attrs }; int hp_alloc_password_data(void) { bioscfg_drv.password_instances_count = hp_get_instance_count(HP_WMI_BIOS_PASSWORD_GUID); bioscfg_drv.password_data = kcalloc(bioscfg_drv.password_instances_count, sizeof(*bioscfg_drv.password_data), GFP_KERNEL); if (!bioscfg_drv.password_data) { bioscfg_drv.password_instances_count = 0; return -ENOMEM; } return 0; } /* Expected Values types associated with each element */ static const acpi_object_type expected_password_types[] = { [NAME] = ACPI_TYPE_STRING, [VALUE] = ACPI_TYPE_STRING, [PATH] = ACPI_TYPE_STRING, [IS_READONLY] = ACPI_TYPE_INTEGER, [DISPLAY_IN_UI] = ACPI_TYPE_INTEGER, [REQUIRES_PHYSICAL_PRESENCE] = ACPI_TYPE_INTEGER, [SEQUENCE] = ACPI_TYPE_INTEGER, [PREREQUISITES_SIZE] = ACPI_TYPE_INTEGER, [PREREQUISITES] = ACPI_TYPE_STRING, [SECURITY_LEVEL] = ACPI_TYPE_INTEGER, [PSWD_MIN_LENGTH] = ACPI_TYPE_INTEGER, [PSWD_MAX_LENGTH] = ACPI_TYPE_INTEGER, [PSWD_SIZE] = ACPI_TYPE_INTEGER, [PSWD_ENCODINGS] = ACPI_TYPE_STRING, [PSWD_IS_SET] = ACPI_TYPE_INTEGER, }; static int hp_populate_password_elements_from_package(union acpi_object *password_obj, int password_obj_count, int instance_id) { char *str_value = NULL; int value_len; int ret; u32 size; u32 int_value = 0; int elem; int reqs; int eloc; int pos_values; struct password_data *password_data = &bioscfg_drv.password_data[instance_id]; if (!password_obj) return -EINVAL; for (elem = 1, eloc = 1; elem < password_obj_count; elem++, eloc++) { /* ONLY look at the first PASSWORD_ELEM_CNT elements */ if (eloc == PSWD_ELEM_CNT) goto exit_package; switch (password_obj[elem].type) { case ACPI_TYPE_STRING: if (PREREQUISITES != elem && PSWD_ENCODINGS != elem) { ret = hp_convert_hexstr_to_str(password_obj[elem].string.pointer, password_obj[elem].string.length, &str_value, &value_len); if (ret) continue; } break; case ACPI_TYPE_INTEGER: int_value = (u32)password_obj[elem].integer.value; break; default: pr_warn("Unsupported object type [%d]\n", password_obj[elem].type); continue; } /* Check that both expected and read object type match */ if (expected_password_types[eloc] != password_obj[elem].type) { pr_err("Error expected type %d for elem %d, but got type %d instead\n", expected_password_types[eloc], elem, password_obj[elem].type); kfree(str_value); return -EIO; } /* Assign appropriate element value to corresponding field*/ switch (eloc) { case VALUE: break; case PATH: strscpy(password_data->common.path, str_value, sizeof(password_data->common.path)); break; case IS_READONLY: password_data->common.is_readonly = int_value; break; case DISPLAY_IN_UI: password_data->common.display_in_ui = int_value; break; case REQUIRES_PHYSICAL_PRESENCE: password_data->common.requires_physical_presence = int_value; break; case SEQUENCE: password_data->common.sequence = int_value; break; case PREREQUISITES_SIZE: if (int_value > MAX_PREREQUISITES_SIZE) { pr_warn("Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n"); int_value = MAX_PREREQUISITES_SIZE; } password_data->common.prerequisites_size = int_value; /* This step is needed to keep the expected * element list pointing to the right obj[elem].type * when the size is zero. PREREQUISITES * object is omitted by BIOS when the size is * zero. */ if (int_value == 0) eloc++; break; case PREREQUISITES: size = min_t(u32, password_data->common.prerequisites_size, MAX_PREREQUISITES_SIZE); for (reqs = 0; reqs < size; reqs++) { ret = hp_convert_hexstr_to_str(password_obj[elem + reqs].string.pointer, password_obj[elem + reqs].string.length, &str_value, &value_len); if (ret) break; strscpy(password_data->common.prerequisites[reqs], str_value, sizeof(password_data->common.prerequisites[reqs])); kfree(str_value); str_value = NULL; } break; case SECURITY_LEVEL: password_data->common.security_level = int_value; break; case PSWD_MIN_LENGTH: password_data->min_password_length = int_value; break; case PSWD_MAX_LENGTH: password_data->max_password_length = int_value; break; case PSWD_SIZE: if (int_value > MAX_ENCODINGS_SIZE) { pr_warn("Password Encoding size value exceeded the maximum number of elements supported or data may be malformed\n"); int_value = MAX_ENCODINGS_SIZE; } password_data->encodings_size = int_value; /* This step is needed to keep the expected * element list pointing to the right obj[elem].type * when the size is zero. PSWD_ENCODINGS * object is omitted by BIOS when the size is * zero. */ if (int_value == 0) eloc++; break; case PSWD_ENCODINGS: size = min_t(u32, password_data->encodings_size, MAX_ENCODINGS_SIZE); for (pos_values = 0; pos_values < size; pos_values++) { ret = hp_convert_hexstr_to_str(password_obj[elem + pos_values].string.pointer, password_obj[elem + pos_values].string.length, &str_value, &value_len); if (ret) break; strscpy(password_data->encodings[pos_values], str_value, sizeof(password_data->encodings[pos_values])); kfree(str_value); str_value = NULL; } break; case PSWD_IS_SET: password_data->is_enabled = int_value; break; default: pr_warn("Invalid element: %d found in Password attribute or data may be malformed\n", elem); break; } kfree(str_value); str_value = NULL; } exit_package: kfree(str_value); return 0; } /** * hp_populate_password_package_data() * Populate all properties for an instance under password attribute * * @password_obj: ACPI object with password data * @instance_id: The instance to enumerate * @attr_name_kobj: The parent kernel object */ int hp_populate_password_package_data(union acpi_object *password_obj, int instance_id, struct kobject *attr_name_kobj) { struct password_data *password_data = &bioscfg_drv.password_data[instance_id]; password_data->attr_name_kobj = attr_name_kobj; hp_populate_password_elements_from_package(password_obj, password_obj->package.count, instance_id); hp_friendly_user_name_update(password_data->common.path, attr_name_kobj->name, password_data->common.display_name, sizeof(password_data->common.display_name)); if (!strcmp(attr_name_kobj->name, SETUP_PASSWD)) return sysfs_create_group(attr_name_kobj, &password_attr_group); return sysfs_create_group(attr_name_kobj, &password_attr_group); } static int hp_populate_password_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size, int instance_id) { int values; int isreadonly; struct password_data *password_data = &bioscfg_drv.password_data[instance_id]; int ret = 0; /* * Only data relevant to this driver and its functionality is * read. BIOS defines the order in which each * element is * read. Element 0 data is not relevant to this * driver hence it is ignored. For clarity, all element names * (DISPLAY_IN_UI) which defines the order in which is read * and the name matches the variable where the data is stored. * * In earlier implementation, reported errors were ignored * causing the data to remain uninitialized. It is not * possible to determine if data read from BIOS is valid or * not. It is for this reason functions may return a error * without validating the data itself. */ // VALUE: ret = hp_get_string_from_buffer(&buffer_ptr, buffer_size, password_data->current_password, sizeof(password_data->current_password)); if (ret < 0) goto buffer_exit; // COMMON: ret = hp_get_common_data_from_buffer(&buffer_ptr, buffer_size, &password_data->common); if (ret < 0) goto buffer_exit; // PSWD_MIN_LENGTH: ret = hp_get_integer_from_buffer(&buffer_ptr, buffer_size, &password_data->min_password_length); if (ret < 0) goto buffer_exit; // PSWD_MAX_LENGTH: ret = hp_get_integer_from_buffer(&buffer_ptr, buffer_size, &password_data->max_password_length); if (ret < 0) goto buffer_exit; // PSWD_SIZE: ret = hp_get_integer_from_buffer(&buffer_ptr, buffer_size, &password_data->encodings_size); if (ret < 0) goto buffer_exit; if (password_data->encodings_size > MAX_ENCODINGS_SIZE) { /* Report a message and limit possible values size to maximum value */ pr_warn("Password Encoding size value exceeded the maximum number of elements supported or data may be malformed\n"); password_data->encodings_size = MAX_ENCODINGS_SIZE; } // PSWD_ENCODINGS: for (values = 0; values < password_data->encodings_size; values++) { ret = hp_get_string_from_buffer(&buffer_ptr, buffer_size, password_data->encodings[values], sizeof(password_data->encodings[values])); if (ret < 0) break; } // PSWD_IS_SET: ret = hp_get_integer_from_buffer(&buffer_ptr, buffer_size, &isreadonly); if (ret < 0) goto buffer_exit; password_data->is_enabled = isreadonly ? true : false; buffer_exit: return ret; } /** * hp_populate_password_buffer_data() * Populate all properties for an instance under password object attribute * * @buffer_ptr: Buffer pointer * @buffer_size: Buffer size * @instance_id: The instance to enumerate * @attr_name_kobj: The parent kernel object */ int hp_populate_password_buffer_data(u8 *buffer_ptr, u32 *buffer_size, int instance_id, struct kobject *attr_name_kobj) { struct password_data *password_data = &bioscfg_drv.password_data[instance_id]; int ret = 0; password_data->attr_name_kobj = attr_name_kobj; /* Populate Password attributes */ ret = hp_populate_password_elements_from_buffer(buffer_ptr, buffer_size, instance_id); if (ret < 0) return ret; hp_friendly_user_name_update(password_data->common.path, attr_name_kobj->name, password_data->common.display_name, sizeof(password_data->common.display_name)); if (!strcmp(attr_name_kobj->name, SETUP_PASSWD)) return sysfs_create_group(attr_name_kobj, &password_attr_group); return sysfs_create_group(attr_name_kobj, &password_attr_group); } /** * hp_exit_password_attributes() - Clear all attribute data * * Clears all data allocated for this group of attributes */ void hp_exit_password_attributes(void) { int instance_id; for (instance_id = 0; instance_id < bioscfg_drv.password_instances_count; instance_id++) { struct kobject *attr_name_kobj = bioscfg_drv.password_data[instance_id].attr_name_kobj; if (attr_name_kobj) { if (!strcmp(attr_name_kobj->name, SETUP_PASSWD)) sysfs_remove_group(attr_name_kobj, &password_attr_group); else sysfs_remove_group(attr_name_kobj, &password_attr_group); } } bioscfg_drv.password_instances_count = 0; kfree(bioscfg_drv.password_data); bioscfg_drv.password_data = NULL; }