Commit b49f72e7 authored by Mark Pearson's avatar Mark Pearson Committed by Hans de Goede

platform/x86: think-lmi: Certificate authentication support

Implementation of certificate authentication feature for Lenovo
platforms. This allows for signed updates of BIOS settings.

Functionality supported:
 - Cert support available check. At initialisation check if BIOS
   supports certification authentication and if a certificate is
   installed. Enable the sysfs nodes appropriately
 - certificate and signature authentication attributes to enable
   a user to install, update and delete a certificate using signed
   signatures
 - certificate_thumbprint to confirm installed certificate details
 - support to go from certificate to password based authentication
 - signature and save_signature attributes needed for setting BIOS
   attributes using certificate authentication.

Tested on X1 Carbon G10 and X1 Yoga G7. This feature is not
generally available yet but will be released later this year.

Note, I also cleaned up the formating of the GUIDs when I was adding
the new defines. Hope that's OK to combine in this commit.
Signed-off-by: default avatarMark Pearson <markpearson@lenovo.com>
Link: https://lore.kernel.org/r/20220317214008.3459-2-markpearson@lenovo.comReviewed-by: default avatarHans de Goede <hdegoede@redhat.com>
Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
parent 06384573
This diff is collapsed.
...@@ -62,6 +62,10 @@ struct tlmi_pwd_setting { ...@@ -62,6 +62,10 @@ struct tlmi_pwd_setting {
char kbdlang[TLMI_LANG_MAXLEN]; char kbdlang[TLMI_LANG_MAXLEN];
int index; /*Used for HDD and NVME auth */ int index; /*Used for HDD and NVME auth */
enum level_option level; enum level_option level;
bool cert_installed;
char *certificate;
char *signature;
char *save_signature;
}; };
/* Attribute setting details */ /* Attribute setting details */
...@@ -82,6 +86,7 @@ struct think_lmi { ...@@ -82,6 +86,7 @@ struct think_lmi {
bool pending_changes; bool pending_changes;
bool can_debug_cmd; bool can_debug_cmd;
bool opcode_support; bool opcode_support;
bool certificate_support;
struct tlmi_attr_setting *setting[TLMI_SETTINGS_COUNT]; struct tlmi_attr_setting *setting[TLMI_SETTINGS_COUNT];
struct device *class_dev; struct device *class_dev;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment