lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAOOmCE9XtOrdBJLQFGXyPDycevyv92Aww-CzZuRC9d8M6KSBUA@mail.gmail.com>
Date:   Mon, 8 May 2023 10:36:29 -0500
From:   Jorge Lopez <jorgealtxwork@...il.com>
To:     Thomas Weißschuh <thomas@...ch.de>
Cc:     hdegoede@...hat.com, platform-driver-x86@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v12 08/13] HP BIOSCFG driver - bioscfg-h

On Sat, May 6, 2023 at 2:15 AM Thomas Weißschuh <thomas@...ch.de> wrote:
>
> On 2023-05-05 17:00:38-0500, Jorge Lopez wrote:
> <snip>
>
> > ---
> > Based on the latest platform-drivers-x86.git/for-next
> > ---
> >  drivers/platform/x86/hp/hp-bioscfg/bioscfg.h | 523 +++++++++++++++++++
> >  1 file changed, 523 insertions(+)
> >  create mode 100644 drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
> >
> > diff --git a/drivers/platform/x86/hp/hp-bioscfg/bioscfg.h b/drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
> > new file mode 100644
> > index 000000000000..f27667d7ba9f
> > --- /dev/null
> > +++ b/drivers/platform/x86/hp/hp-bioscfg/bioscfg.h
> > @@ -0,0 +1,523 @@
> > +/* SPDX-License-Identifier: GPL-2.0
> > + *
> > + * Definitions for kernel modules using hp_bioscfg driver
> > + *
> > + *  Copyright (c) 2022 HP Development Company, L.P.
> > + */
> > +
> > +#ifndef _HP_BIOSCFG_H_
> > +#define _HP_BIOSCFG_H_
> > +
> > +#include <linux/wmi.h>
> > +#include <linux/types.h>
> > +#include <linux/device.h>
> > +#include <linux/module.h>
> > +#include <linux/kernel.h>
> > +#include <linux/capability.h>
> > +#include <linux/nls.h>
> > +
> > +#define DRIVER_NAME          "hp-bioscfg"
> > +
> > +#define MAX_BUFF             512
> > +#define MAX_KEY_MOD          256
>
> Seems to need _SIZE suffix.

Done!.   I will update references in all files

>
> > +#define MAX_PASSWD_SIZE              64
> > +#define MAX_MESSAGE_SIZE     256
>
> Never used.

Done!  MAX_MESSAGE_SIZE will be delete

>
> > +#define MAX_PREREQUISITES_SIZE       20
> > +#define MAX_REQ_ELEM_SIZE    128
> > +#define MAX_VALUES_SIZE              16
> > +#define MAX_ENCODINGS_SIZE   16
> > +#define MAX_ELEMENTS_SIZE    16
> > +
> > +#define SPM_STR_DESC         "Secure Platform Management"
> > +#define SPM_STR                      "SPM"
> > +#define SURE_START_DESC              "Sure Start"
> > +#define SURE_START_STR               "Sure_Start"
> > +#define SETUP_PASSWD         "Setup Password"
> > +#define POWER_ON_PASSWD              "Power-On Password"
> > +
> > +#define LANG_CODE_STR                "en_US.UTF-8"
> > +#define SCHEDULE_POWER_ON    "Scheduled Power-On"
> > +
> > +#define COMMA_SEP            ","
> > +#define SEMICOLON_SEP                ";"
> > +
> > +/* Sure Admin Functions */
> > +
> > +#define UTF_PREFIX           "<utf-16/>"
> > +#define BEAM_PREFIX          "<BEAM/>"
> > +
> > +/* mechanism - Authentication attribute */
> > +
> > +#define MAX_MECHANISM_TYPES  3
>
> Never used.

Done!

>
> > +
> > +enum mechanism_values {
> > +     PASSWORD                = 0x00,
> > +     NOT_PROVISION           = 0x00,
>
> Never used.

Done!
>
> > +     SIGNING_KEY             = 0x01,
> > +     ENDORSEMENT_KEY         = 0x02,
> > +};
> > +

<snip>

> > +
> > +enum spm_features {
> > +     HEP_ENABLED                     = 0x01,
> > +     PLATFORM_RECOVERY               = 0x02,
> > +     ENHANCED_BIOS_AUTH_MODE         = 0x04,
> > +};
> > +
> > +enum spm_states_values {
> > +     NOT_PROVISIONED                 = 0x00,
> > +     PROVISIONED                     = 0x01,
> > +     PROVISIONING_IN_PROGRESS        = 0x02,
> > +};
>
> Are these enums used?

Done!

>
> > +
> > +struct common_data {
> > +     u8 display_name[MAX_BUFF];
> > +     u8 path[MAX_BUFF];
> > +     u32 is_readonly;
> > +     u32 display_in_ui;
> > +     u32 requires_physical_presence;
> > +     u32 sequence;
> > +     u32 prerequisites_size;
> > +     u8 prerequisites[MAX_PREREQUISITES_SIZE][MAX_BUFF];
> > +     u32 security_level;
> > +     u8 display_name_language_code[MAX_BUFF];
> > +};
> > +
> > +struct string_data {
> > +     struct common_data common;
> > +     struct kobject *attr_name_kobj;
> > +     u8 current_value[MAX_BUFF];
> > +     u8 new_value[MAX_BUFF];
> > +     u32 min_length;
> > +     u32 max_length;
> > +};
> > +
> > +struct integer_data {
> > +     struct common_data common;
> > +     struct kobject *attr_name_kobj;
> > +     u32 current_value;
> > +     u32 new_value;
> > +     u32 lower_bound;
> > +     u32 upper_bound;
> > +     u32 scalar_increment;
> > +};
> > +
> > +struct enumeration_data {
> > +     struct common_data common;
> > +     struct kobject *attr_name_kobj;
> > +     u8 current_value[MAX_BUFF];
> > +     u8 new_value[MAX_BUFF];
> > +     u32 possible_values_size;
> > +     u8 possible_values[MAX_VALUES_SIZE][MAX_BUFF];
> > +};
> > +
> > +struct ordered_list_data {
> > +     struct common_data common;
> > +     struct kobject *attr_name_kobj;
> > +     u8 current_value[MAX_BUFF];
> > +     u8 new_value[MAX_BUFF];
> > +     u32 elements_size;
> > +     u8 elements[MAX_ELEMENTS_SIZE][MAX_BUFF];
> > +};
> > +
> > +struct password_data {
> > +     struct common_data common;
> > +     struct kobject *attr_name_kobj;
> > +     u8 current_password[MAX_PASSWD_SIZE];
> > +     u8 new_password[MAX_PASSWD_SIZE];
> > +     u32 min_password_length;
> > +     u32 max_password_length;
> > +     u32 encodings_size;
> > +     u8 encodings[MAX_ENCODINGS_SIZE][MAX_BUFF];
> > +     u32 is_enabled;
>
> If it is only being used as a boolean, bool is nicer.

Done!

>
> > +
> > +     // 'bios-admin' 'power-on'
> > +     u32 role;
>
> Are the comments about the possible values or the context in which this
> field will be used?
> This should be clear.

'role' is described in the documentation

role:
       The type of authentication used.
       This attribute is mandatory.

Known types:
       bios-admin:
                        Representing BIOS administrator password
       power-on:
                        Representing a password required to use
                        the system

I will add similar comments to the code.

> > +
> > +     //'password'
> > +     u32 mechanism;
> > +};
> > +
> > +struct secure_platform_data {
> > +     struct kobject *attr_name_kobj;
> > +     u8 attribute_name[MAX_BUFF];
> > +     u8 *endorsement_key;
> > +     u8 *signing_key;
> > +     u8 *auth_token;
> > +     u32 is_enabled;
>
> Also bool.

Done!
>
> > +     u32 mechanism;
> > +};
> > +
> > +struct bioscfg_priv {
> > +     struct wmi_device *bios_attr_wdev;
> > +     struct kset *authentication_dir_kset;
> > +     struct kset *main_dir_kset;
> > +     struct device *class_dev;
> > +     struct string_data *string_data;
> > +     u32 string_instances_count;
> > +     struct integer_data *integer_data;
> > +     u32 integer_instances_count;
> > +     struct enumeration_data *enumeration_data;
> > +     u32 enumeration_instances_count;
> > +     struct ordered_list_data *ordered_list_data;
> > +     u32 ordered_list_instances_count;
> > +     struct password_data *password_data;
> > +     u32 password_instances_count;
> > +
> > +     struct kobject *sure_start_attr_kobj;
> > +     struct secure_platform_data spm_data;
> > +
> > +     bool pending_reboot;
> > +     struct mutex mutex;
> > +};
> > +
> > +/* global structure used by multiple WMI interfaces */
> > +extern struct bioscfg_priv bioscfg_drv;
> > +
> > +enum hp_wmi_data_type {
> > +     HPWMI_STRING_TYPE               = 0x00,
> > +     HPWMI_INTEGER_TYPE              = 0x01,
> > +     HPWMI_ENUMERATION_TYPE          = 0x02,
> > +     HPWMI_ORDERED_LIST_TYPE         = 0x03,
> > +     HPWMI_PASSWORD_TYPE             = 0x04,
> > +     HPWMI_SECURE_PLATFORM_TYPE      = 0x05,
> > +     HPWMI_SURE_START_TYPE           = 0x06,
> > +};
>
> There is no need to explicitly specify enum values when they don't
> matter.
> This makes it clear if an enum represents values for an external ABI or
> if it is just for internal use.
>

I added them for my clarification, in the event enums added at a later
time do not have a sequential value.
This is not the case here so I will remove the value.
Done!


<snip>
> > +#define ATTRIBUTE_S_COMMON_PROPERTY_SHOW(name, type)         \
> > +     static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, \
> > +                                char *buf)                           \
> > +     {                                                               \
> > +             int i = get_##type##_instance_id(kobj);                 \
> > +             if (i >= 0)                                             \
> > +                     return sysfs_emit(buf, "%s\n", bioscfg_drv.type##_data[i].common.name); \
> > +             return -EIO;                                            \
> > +     }
> > +
> > +/*
> > + * Prototypes
> > + */
> > +union acpi_object *get_wmiobj_pointer(int instance_id, const char *guid_string);
>
> Weren't all non-static functions supposed to gain a common prefix?

I misunderstood an earlier comment and made only all functions with
current prefixes to have a common one.
I will add a prefix to all common functions.



>
> > +int get_instance_count(const char *guid_string);
> > +void update_attribute_permissions(u32 isreadonly, struct kobj_attribute *current_val);
>
> "bool readonly" should be enough.

Done!


>
> > +void friendly_user_name_update(char *path, const char *attr_name,
> > +                            char *attr_display, int attr_size);
> > +int hp_wmi_error_and_message(int error_code);
> > +
> > +/* String attributes */
> > +int populate_string_buffer_data(u8 *buffer_ptr, u32 *buffer_size,
> > +                             int instance_id,
> > +                             struct kobject *attr_name_kobj);
> > +
> > +int populate_string_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
> > +                                      int instance_id);
> > +int alloc_string_data(void);
> > +void exit_string_attributes(void);
> > +int populate_string_package_data(union acpi_object *str_obj,
> > +                              int instance_id,
> > +                              struct kobject *attr_name_kobj);
> > +int populate_string_elements_from_package(union acpi_object *str_obj,
> > +                                       int str_obj_count,
> > +                                       int instance_id);
> > +
> > +/* Integer attributes */
> > +int populate_integer_buffer_data(u8 *buffer_ptr, u32 *buffer_size,
> > +                              int instance_id,
> > +                              struct kobject *attr_name_kobj);
> > +int populate_integer_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
> > +                                       int instance_id);
> > +int alloc_integer_data(void);
> > +void exit_integer_attributes(void);
> > +int populate_integer_package_data(union acpi_object *integer_obj,
> > +                               int instance_id,
> > +                               struct kobject *attr_name_kobj);
> > +int populate_integer_elements_from_package(union acpi_object *integer_obj,
> > +                                        int integer_obj_count,
> > +                                        int instance_id);
> > +
> > +/* Enumeration attributes */
> > +int populate_enumeration_buffer_data(u8 *buffer_ptr, u32 *buffer_size,
> > +                                  int instance_id,
> > +                                  struct kobject *attr_name_kobj);
> > +int populate_enumeration_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
> > +                                           int instance_id);
> > +int alloc_enumeration_data(void);
> > +void exit_enumeration_attributes(void);
> > +int populate_enumeration_package_data(union acpi_object *enum_obj,
> > +                                   int instance_id,
> > +                                   struct kobject *attr_name_kobj);
> > +int populate_enumeration_elements_from_package(union acpi_object *enum_obj,
> > +                                            int enum_obj_count,
> > +                                            int instance_id);
> > +
> > +/* Ordered list */
> > +int populate_ordered_list_buffer_data(u8 *buffer_ptr,
> > +                                   u32 *buffer_size,
> > +                                   int instance_id,
> > +                                   struct kobject *attr_name_kobj);
> > +int populate_ordered_list_elements_from_buffer(u8 *buffer_ptr,
> > +                                            u32 *buffer_size,
> > +                                            int instance_id);
> > +int alloc_ordered_list_data(void);
> > +void exit_ordered_list_attributes(void);
> > +int populate_ordered_list_package_data(union acpi_object *order_obj,
> > +                                    int instance_id,
> > +                                    struct kobject *attr_name_kobj);
> > +int populate_ordered_list_elements_from_package(union acpi_object *order_obj,
> > +                                             int order_obj_count,
> > +                                             int instance_id);
> > +
> > +/* Password authentication attributes */
> > +int populate_password_buffer_data(u8 *buffer_ptr, u32 *buffer_size,
> > +                               int instance_id,
> > +                               struct kobject *attr_name_kobj);
> > +int populate_password_elements_from_buffer(u8 *buffer_ptr, u32 *buffer_size,
> > +                                        int instance_id);
> > +int populate_password_package_data(union acpi_object *password_obj,
> > +                                int instance_id,
> > +                                struct kobject *attr_name_kobj);
> > +int populate_password_elements_from_package(union acpi_object *password_obj,
> > +                                         int password_obj_count,
> > +                                         int instance_id);
> > +int alloc_password_data(void);
> > +int alloc_secure_platform_data(void);
> > +void exit_password_attributes(void);
> > +void exit_secure_platform_attributes(void);
> > +int populate_secure_platform_data(struct kobject *attr_name_kobj);
> > +int check_spm_is_enabled(void);
> > +int hp_wmi_set_bios_setting(u16 *input_buffer, u32 input_size);
> > +int hp_wmi_perform_query(int query, enum hp_wmi_command command,
> > +                      void *buffer, u32 insize, u32 outsize);
> > +int validate_password_input(int instance_id, const char *buf);
> > +
> > +/* Sure Start attributes */
> > +void exit_sure_start_attributes(void);
> > +int populate_sure_start_data(struct kobject *attr_name_kobj);
> > +
> > +int set_bios_defaults(u8 deftype);
>
> This seems not to actually exist.
>
> > +int get_password_instance_for_type(const char *name);
> > +int clear_all_credentials(void);
> > +int clear_passwords(const int instance);
> > +void exit_hp_attr_set_interface(void);
> > +int init_hp_attr_set_interface(void);
> > +size_t hp_calculate_string_buffer(const char *str);
> > +size_t calculate_security_buffer(const char *authentication);
> > +int populate_security_buffer(u16 *buffer, const char *authentication);
> > +int set_new_password(const char *password_type, const char *new_password);
> > +int init_hp_attr_pass_interface(void);
> > +void exit_hp_attr_pass_interface(void);
> > +void *hp_ascii_to_utf16_unicode(u16 *p, const u8 *str);
> > +int get_integer_from_buffer(u8 **buffer, u32 *buffer_size, u32 *integer);
> > +int get_string_from_buffer(u8 **buffer, u32 *buffer_size, char *dst, u32 dst_size);
> > +int convert_hexstr_to_str(const char *input, u32 input_len, char **str, int *len);
> > +int encode_outsize_for_pvsz(int outsize);
> > +int hp_set_attribute(const char *a_name, const char *a_value);
> > +int enforce_single_line_input(char *buf, size_t count);
> > +void set_reboot_and_signal_event(void);
> > +
> > +#endif
> > --
> > 2.34.1
> >

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ