Unverified Commit 07b93b74 authored by Mark Pearson's avatar Mark Pearson Committed by Ilpo Järvinen
Browse files

platform/x86: think-lmi: Certificate support for ThinkCenter 



ThinkCenter platforms use a different set of GUIDs along with some
differences in implementation details for their support of
certificate based authentication.

Update the think-lmi driver to work correctly on these platforms.

Tested on M75q Gen 5.

Signed-off-by: default avatarKean Ren <kean0048@gmail.com>
Signed-off-by: default avatarMark Pearson <mpearson-lenovo@squebb.ca>
Link: https://lore.kernel.org/r/20250903173824.1472244-3-mpearson-lenovo@squebb.ca


Reviewed-by: default avatarIlpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: default avatarIlpo Järvinen <ilpo.jarvinen@linux.intel.com>
parent c778f7ac

drivers/platform/x86/lenovo/think-lmi.c

+49 −7
Original line number Diff line number Diff line
@@ -119,6 +119,7 @@ MODULE_PARM_DESC(debug_support, "Enable debug command support"); 
 * You must reboot the computer before the changes will take effect.

 */

#define LENOVO_SET_BIOS_CERT_GUID    "26861C9F-47E9-44C4-BD8B-DFE7FA2610FE"

#define LENOVO_TC_SET_BIOS_CERT_GUID "955aaf7d-8bc4-4f04-90aa-97469512f167"



/*

 * Name: UpdateBiosCert
@@ -128,6 +129,7 @@ MODULE_PARM_DESC(debug_support, "Enable debug command support"); 
 * You must reboot the computer before the changes will take effect.

 */

#define LENOVO_UPDATE_BIOS_CERT_GUID "9AA3180A-9750-41F7-B9F7-D5D3B1BAC3CE"

#define LENOVO_TC_UPDATE_BIOS_CERT_GUID "5f5bbbb2-c72f-4fb8-8129-228eef4fdbed"



/*

 * Name: ClearBiosCert
@@ -137,6 +139,8 @@ MODULE_PARM_DESC(debug_support, "Enable debug command support"); 
 * You must reboot the computer before the changes will take effect.

 */

#define LENOVO_CLEAR_BIOS_CERT_GUID  "B2BC39A7-78DD-4D71-B059-A510DEC44890"

#define LENOVO_TC_CLEAR_BIOS_CERT_GUID  "97849cb6-cb44-42d1-a750-26a596a9eec4"



/*

 * Name: CertToPassword

 * Description: Switch from certificate to password authentication.
@@ -145,6 +149,7 @@ MODULE_PARM_DESC(debug_support, "Enable debug command support"); 
 * You must reboot the computer before the changes will take effect.

 */

#define LENOVO_CERT_TO_PASSWORD_GUID "0DE8590D-5510-4044-9621-77C227F5A70D"

#define LENOVO_TC_CERT_TO_PASSWORD_GUID "ef65480d-38c9-420d-b700-ab3d6c8ebaca"



/*

 * Name: SetBiosSettingCert
@@ -153,6 +158,7 @@ MODULE_PARM_DESC(debug_support, "Enable debug command support"); 
 * Format: "Item,Value,Signature"

 */

#define LENOVO_SET_BIOS_SETTING_CERT_GUID  "34A008CC-D205-4B62-9E67-31DFA8B90003"

#define LENOVO_TC_SET_BIOS_SETTING_CERT_GUID  "19ecba3b-b318-4192-a89b-43d94bc60cea"



/*

 * Name: SaveBiosSettingCert
@@ -161,6 +167,7 @@ MODULE_PARM_DESC(debug_support, "Enable debug command support"); 
 * Format: "Signature"

 */

#define LENOVO_SAVE_BIOS_SETTING_CERT_GUID "C050FB9D-DF5F-4606-B066-9EFC401B2551"

#define LENOVO_TC_SAVE_BIOS_SETTING_CERT_GUID "0afaf46f-7cca-450a-b455-a826a0bf1af5"



/*

 * Name: CertThumbprint
@@ -187,6 +194,16 @@ static const struct tlmi_cert_guids thinkpad_cert_guid = { 
	.set_bios_cert = LENOVO_SET_BIOS_CERT_GUID,

};



static const struct tlmi_cert_guids thinkcenter_cert_guid = {

	.thumbprint = NULL,

	.set_bios_setting = LENOVO_TC_SET_BIOS_SETTING_CERT_GUID,

	.save_bios_setting = LENOVO_TC_SAVE_BIOS_SETTING_CERT_GUID,

	.cert_to_password = LENOVO_TC_CERT_TO_PASSWORD_GUID,

	.clear_bios_cert = LENOVO_TC_CLEAR_BIOS_CERT_GUID,

	.update_bios_cert = LENOVO_TC_UPDATE_BIOS_CERT_GUID,

	.set_bios_cert = LENOVO_TC_SET_BIOS_CERT_GUID,

};



static const struct tlmi_err_codes tlmi_errs[] = {

	{"Success", 0},

	{"Not Supported", -EOPNOTSUPP},
@@ -678,6 +695,9 @@ static ssize_t cert_thumbprint(char *buf, const char *arg, int count) 
	const union acpi_object *obj;

	acpi_status status;



	if (!tlmi_priv.cert_guid->thumbprint)

		return -EOPNOTSUPP;



	status = wmi_evaluate_method(tlmi_priv.cert_guid->thumbprint, 0, 0, &input, &output);

	if (ACPI_FAILURE(status)) {

		kfree(output.pointer);
@@ -856,9 +876,17 @@ static ssize_t certificate_store(struct kobject *kobj, 
			return -EACCES;

		}

		guid = tlmi_priv.cert_guid->set_bios_cert;

		if (tlmi_priv.thinkcenter_mode) {

			/* Format: 'Certificate, password, encoding, kbdlang' */

			auth_str = kasprintf(GFP_KERNEL, "%s,%s,%s,%s", new_cert,

					     setting->password,

					     encoding_options[setting->encoding],

					     setting->kbdlang);

		} else {

			/* Format: 'Certificate, password' */

			auth_str = cert_command(setting, new_cert, setting->password);

		}

	}

	kfree(new_cert);

	if (!auth_str)

		return -ENOMEM;
@@ -1593,6 +1621,15 @@ static int tlmi_analyze(struct wmi_device *wdev) 
		wmi_has_guid(LENOVO_SAVE_BIOS_SETTING_CERT_GUID))

		tlmi_priv.certificate_support = true;



	/* ThinkCenter uses different GUIDs for certificate support */

	if (wmi_has_guid(LENOVO_TC_SET_BIOS_CERT_GUID) &&

	    wmi_has_guid(LENOVO_TC_SET_BIOS_SETTING_CERT_GUID) &&

	    wmi_has_guid(LENOVO_TC_SAVE_BIOS_SETTING_CERT_GUID)) {

		tlmi_priv.certificate_support = true;

		tlmi_priv.thinkcenter_mode = true;

		pr_info("ThinkCenter modified support being used\n");

	}



	/*

	 * Try to find the number of valid settings of this machine

	 * and use it to create sysfs attributes.
@@ -1738,12 +1775,17 @@ static int tlmi_analyze(struct wmi_device *wdev) 
	}



	if (tlmi_priv.certificate_support) {

		if (tlmi_priv.thinkcenter_mode) {

			tlmi_priv.cert_guid = &thinkcenter_cert_guid;

			tlmi_priv.pwd_admin->cert_installed = tlmi_priv.pwdcfg.core.password_mode;

		} else {

			tlmi_priv.cert_guid = &thinkpad_cert_guid;

			tlmi_priv.pwd_admin->cert_installed =

				tlmi_priv.pwdcfg.core.password_state & TLMI_CERT_SVC;

			tlmi_priv.pwd_system->cert_installed =

				tlmi_priv.pwdcfg.core.password_state & TLMI_CERT_SMC;

		}

	}

	return 0;



fail_clear_attr:

drivers/platform/x86/lenovo/think-lmi.h

+1 −0
Original line number Diff line number Diff line
@@ -120,6 +120,7 @@ struct think_lmi { 
	enum save_mode save_mode;

	bool save_required;

	bool reboot_required;

	bool thinkcenter_mode;



	struct tlmi_attr_setting *setting[TLMI_SETTINGS_COUNT];

	struct device *class_dev;