Re: [PATCH v12 04/13] HP BIOSCFG driver - int-attributes
From: Jorge Lopez
Date: Mon May 08 2023 - 17:33:47 EST
On Mon, May 8, 2023 at 9:45 AM Ilpo Järvinen
<ilpo.jarvinen@xxxxxxxxxxxxxxx> wrote:
>
> On Fri, 5 May 2023, Jorge Lopez wrote:
>
> > HP BIOS Configuration driver purpose is to provide a driver supporting
> > the latest sysfs class firmware attributes framework allowing the user
> > to change BIOS settings and security solutions on HP Inc.’s commercial
> > notebooks.
> >
> > Many features of HP Commercial notebooks can be managed using Windows
> > Management Instrumentation (WMI). WMI is an implementation of Web-Based
> > Enterprise Management (WBEM) that provides a standards-based interface
> > for changing and monitoring system settings. HP BIOSCFG driver provides
> > a native Linux solution and the exposed features facilitates the
> > migration to Linux environments.
> >
> > The Linux security features to be provided in hp-bioscfg driver enables
> > managing the BIOS settings and security solutions via sysfs, a virtual
> > filesystem that can be used by user-mode applications. The new
> > documentation cover HP-specific firmware sysfs attributes such Secure
> > Platform Management and Sure Start. Each section provides security
> > feature description and identifies sysfs directories and files exposed
> > by the driver.
> >
> > Many HP Commercial notebooks include a feature called Secure Platform
> > Management (SPM), which replaces older password-based BIOS settings
> > management with public key cryptography. PC secure product management
> > begins when a target system is provisioned with cryptographic keys
> > that are used to ensure the integrity of communications between system
> > management utilities and the BIOS.
> >
> > HP Commercial notebooks have several BIOS settings that control its
> > behaviour and capabilities, many of which are related to security.
> > To prevent unauthorized changes to these settings, the system can
> > be configured to use a cryptographic signature-based authorization
> > string that the BIOS will use to verify authorization to modify the
> > setting.
> >
> > Linux Security components are under development and not published yet.
> > The only linux component is the driver (hp bioscfg) at this time.
> > Other published security components are under Windows.
> >
> > Signed-off-by: Jorge Lopez <jorge.lopez2@xxxxxx>
> >
> > ---
> > Based on the latest platform-drivers-x86.git/for-next
> > ---
> > .../x86/hp/hp-bioscfg/int-attributes.c | 448 ++++++++++++++++++
> > 1 file changed, 448 insertions(+)
> > create mode 100644 drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
> >
> > diff --git a/drivers/platform/x86/hp/hp-bioscfg/int-attributes.c b/drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
> > new file mode 100644
> > index 000000000000..1395043d5c9f
> > --- /dev/null
> > +++ b/drivers/platform/x86/hp/hp-bioscfg/int-attributes.c
> > @@ -0,0 +1,448 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/*
> > + * Functions corresponding to integer type attributes under
> > + * BIOS Enumeration GUID for use with hp-bioscfg driver.
> > + *
> > + * Copyright (c) 2022 Hewlett-Packard Inc.
> > + */
> > +
> > +#include "bioscfg.h"
> > +
> > +GET_INSTANCE_ID(integer);
> > +
> > +static ssize_t current_value_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
> > +{
> > +<snip>
> > +int alloc_integer_data(void)
> > +{
> > + bioscfg_drv.integer_instances_count = get_instance_count(HP_WMI_BIOS_INTEGER_GUID);
> > + bioscfg_drv.integer_data = kcalloc(bioscfg_drv.integer_instances_count,
> > + sizeof(struct integer_data), GFP_KERNEL);
>
> It would be better to use sizeof(*...) format.
I cannot use sizeof(*...) at this time, because it is allocating
bioscfg_drv.integer_instances_count number of integer_data
structures.
>
> > +
> > + if (!bioscfg_drv.integer_data) {
> > + bioscfg_drv.integer_instances_count = 0;
> > + return -ENOMEM;
> > + }
> > + return 0;
> > +}
<snip>
> > +int populate_integer_elements_from_package(union acpi_object *integer_obj,
> > + int integer_obj_count,
> > + int instance_id)
> > +{
> > + char *str_value = NULL;
> > + int value_len;
> > + int ret;
> > + u32 int_value;
> > + int elem;
> > + int reqs;
> > + int eloc;
> > + struct integer_data *integer_data = &bioscfg_drv.integer_data[instance_id];
> > +
> > + if (!integer_obj)
> > + return -EINVAL;
> > +
> > + strscpy(integer_data->common.display_name_language_code,
> > + LANG_CODE_STR,
> > + sizeof(integer_data->common.display_name_language_code));
> > +
> > + for (elem = 1, eloc = 1; elem < integer_obj_count; elem++, eloc++) {
> > + /* ONLY look at the first INTEGER_ELEM_CNT elements */
> > + if (eloc == INT_ELEM_CNT)
> > + goto exit_integer_package;
> > +
> > + switch (integer_obj[elem].type) {
> > + case ACPI_TYPE_STRING:
> > +
>
> Extra newline.
Done!
>
> > + if (elem != PREREQUISITES) {
> > + ret = convert_hexstr_to_str(integer_obj[elem].string.pointer,
> > + integer_obj[elem].string.length,
> > + &str_value, &value_len);
> > + if (ret)
> > + continue;
> > + }
> > + break;
> > + case ACPI_TYPE_INTEGER:
> > + int_value = (u32)integer_obj[elem].integer.value;
> > + break;
> > + default:
> > + pr_warn("Unsupported object type [%d]\n", integer_obj[elem].type);
> > + continue;
> > + }
> > + /* Check that both expected and read object type match */
<snip>
> > + if (integer_data->common.prerequisites_size > MAX_PREREQUISITES_SIZE) {
> > + /* Report a message and limit prerequisite size to maximum value */
> > + pr_warn("Integer Prerequisites size value exceeded the maximum number of elements supported or data may be malformed\n");
> > + integer_data->common.prerequisites_size = MAX_PREREQUISITES_SIZE;
> > + }
> > +
> > + // PREREQUISITES:
> > + for (reqs = 0;
> > + reqs < integer_data->common.prerequisites_size && reqs < MAX_PREREQUISITES_SIZE;
>
> Why is the second check necessary, didn't you just above force it
> prerequisites_size to never be larger than that???
>
> After removing it, put the whole for () for a single line.
I will remove the second check and put the whole () in a single line.
I will apply the same changes to all affected files.
>
> > + reqs++)
> > + get_string_from_buffer(&buffer_ptr, buffer_size,
> > + integer_data->common.prerequisites[reqs],
> > + sizeof(integer_data->common.prerequisites[reqs]));
> > +
> > + // SECURITY_LEVEL:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &integer_data->common.security_level);
> > +
> > + // INT_LOWER_BOUND:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &integer_data->lower_bound);
> > +
> > + // INT_UPPER_BOUND:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &integer_data->upper_bound);
> > +
> > + // INT_SCALAR_INCREMENT:
> > + get_integer_from_buffer(&buffer_ptr, buffer_size,
> > + &integer_data->scalar_increment);
> > +
> > + kfree(dst);
> > + return 0;
> > +}
> > +
> > +/*
> > + * exit_integer_attributes() - Clear all attribute data
> > + *
> > + * Clears all data allocated for this group of attributes
> > + */
> > +void exit_integer_attributes(void)
> > +{
> > + int instance_id;
> > +
> > + for (instance_id = 0; instance_id < bioscfg_drv.integer_instances_count;
> > + instance_id++) {
> > + struct kobject *attr_name_kobj =
> > + bioscfg_drv.integer_data[instance_id].attr_name_kobj;
>
> You could consider shorter variable name for instance_id. IMHO, it add
> very little value in the long form over i or id.
>
> > +
> > + if (attr_name_kobj)
> > + sysfs_remove_group(attr_name_kobj, &integer_attr_group);
> > + }
> > + bioscfg_drv.integer_instances_count = 0;
> > +
> > + kfree(bioscfg_drv.integer_data);
> > + bioscfg_drv.integer_data = NULL;
> > +}
> >
>
> --
> i.
<snip>