1. Patchew
  2. linux
  3. [PATCH v3 0/3] platform/x86: think-lmi: ThinkCenter certificate
  4. View patch

[PATCH v3 1/3] platform/x86: think-lmi: Add certificate GUID structure

Mark Pearson posted 3 patches 1 month, 1 week ago
There is a newer version of this series
[PATCH v3 1/3] platform/x86: think-lmi: Add certificate GUID structure
Posted by Mark Pearson 1 month, 1 week ago 
Add a certificate GUID structure to make it easier to add different
options for other platforms that need different GUIDs.

Suggested-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Mark Pearson <mpearson-lenovo@squebb.ca>
---
Changes in v2:
 - split patch up into series
Changes in v3:
 - add field details to thinkpad_cert_guid declare.
 - add missing comma
 - Move null thumbprint GUID check to later in series

 drivers/platform/x86/lenovo/think-lmi.c | 38 +++++++++++++++++++------
 1 file changed, 30 insertions(+), 8 deletions(-)

diff --git a/drivers/platform/x86/lenovo/think-lmi.c b/drivers/platform/x86/lenovo/think-lmi.c
index 0992b41b6221..a22d25f6d3c6 100644
--- a/drivers/platform/x86/lenovo/think-lmi.c
+++ b/drivers/platform/x86/lenovo/think-lmi.c
@@ -177,6 +177,28 @@ MODULE_PARM_DESC(debug_support, "Enable debug command support");
 #define TLMI_CERT_SVC BIT(7) /* Admin Certificate Based */
 #define TLMI_CERT_SMC BIT(8) /* System Certificate Based */
 
+struct tlmi_cert_guids {
+	char *thumbprint;
+	char *set_bios_setting;
+	char *save_bios_setting;
+	char *cert_to_password;
+	char *clear_bios_cert;
+	char *update_bios_cert;
+	char *set_bios_cert;
+};
+
+static struct tlmi_cert_guids thinkpad_cert_guid = {
+	.thumbprint = LENOVO_CERT_THUMBPRINT_GUID,
+	.set_bios_setting = LENOVO_SET_BIOS_SETTING_CERT_GUID,
+	.save_bios_setting = LENOVO_SAVE_BIOS_SETTING_CERT_GUID,
+	.cert_to_password = LENOVO_CERT_TO_PASSWORD_GUID,
+	.clear_bios_cert = LENOVO_CLEAR_BIOS_CERT_GUID,
+	.update_bios_cert = LENOVO_UPDATE_BIOS_CERT_GUID,
+	.set_bios_cert = LENOVO_SET_BIOS_CERT_GUID,
+};
+
+static struct tlmi_cert_guids *cert_guid = &thinkpad_cert_guid;
+
 static const struct tlmi_err_codes tlmi_errs[] = {
 	{"Success", 0},
 	{"Not Supported", -EOPNOTSUPP},
@@ -668,7 +690,7 @@ static ssize_t cert_thumbprint(char *buf, const char *arg, int count)
 	const union acpi_object *obj;
 	acpi_status status;
 
-	status = wmi_evaluate_method(LENOVO_CERT_THUMBPRINT_GUID, 0, 0, &input, &output);
+	status = wmi_evaluate_method(cert_guid->thumbprint, 0, 0, &input, &output);
 	if (ACPI_FAILURE(status)) {
 		kfree(output.pointer);
 		return -EIO;
@@ -751,7 +773,7 @@ static ssize_t cert_to_password_store(struct kobject *kobj,
 		kfree_sensitive(passwd);
 		return -ENOMEM;
 	}
-	ret = tlmi_simple_call(LENOVO_CERT_TO_PASSWORD_GUID, auth_str);
+	ret = tlmi_simple_call(cert_guid->cert_to_password, auth_str);
 	kfree(auth_str);
 	kfree_sensitive(passwd);
 
@@ -797,7 +819,7 @@ static ssize_t certificate_store(struct kobject *kobj,
 		if (!auth_str)
 			return -ENOMEM;
 
-		ret = tlmi_simple_call(LENOVO_CLEAR_BIOS_CERT_GUID, auth_str);
+		ret = tlmi_simple_call(cert_guid->clear_bios_cert, auth_str);
 		kfree(auth_str);
 
 		return ret ?: count;
@@ -834,7 +856,7 @@ static ssize_t certificate_store(struct kobject *kobj,
 			kfree(new_cert);
 			return -EACCES;
 		}
-		guid = LENOVO_UPDATE_BIOS_CERT_GUID;
+		guid = cert_guid->update_bios_cert;
 		/* Format: 'Certificate,Signature' */
 		auth_str = cert_command(setting, new_cert, signature);
 	} else {
@@ -845,7 +867,7 @@ static ssize_t certificate_store(struct kobject *kobj,
 			kfree(new_cert);
 			return -EACCES;
 		}
-		guid = LENOVO_SET_BIOS_CERT_GUID;
+		guid = cert_guid->set_bios_cert;
 		/* Format: 'Certificate, password' */
 		auth_str = cert_command(setting, new_cert, setting->password);
 	}
@@ -1071,13 +1093,13 @@ static ssize_t current_value_store(struct kobject *kobj,
 			goto out;
 		}
 
-		ret = tlmi_simple_call(LENOVO_SET_BIOS_SETTING_CERT_GUID, set_str);
+		ret = tlmi_simple_call(cert_guid->set_bios_setting, set_str);
 		if (ret)
 			goto out;
 		if (tlmi_priv.save_mode == TLMI_SAVE_BULK)
 			tlmi_priv.save_required = true;
 		else
-			ret = tlmi_simple_call(LENOVO_SAVE_BIOS_SETTING_CERT_GUID,
+			ret = tlmi_simple_call(cert_guid->save_bios_setting,
 					       tlmi_priv.pwd_admin->save_signature);
 	} else if (tlmi_priv.opcode_support) {
 		/*
@@ -1282,7 +1304,7 @@ static ssize_t save_settings_store(struct kobject *kobj, struct kobj_attribute *
 				ret = -EINVAL;
 				goto out;
 			}
-			ret = tlmi_simple_call(LENOVO_SAVE_BIOS_SETTING_CERT_GUID,
+			ret = tlmi_simple_call(cert_guid->save_bios_setting,
 					       tlmi_priv.pwd_admin->save_signature);
 			if (ret)
 				goto out;
-- 
2.43.0
Re: [PATCH v3 1/3] platform/x86: think-lmi: Add certificate GUID structure
Posted by Ilpo Järvinen 1 month ago 
On Mon, 25 Aug 2025, Mark Pearson wrote:

> Add a certificate GUID structure to make it easier to add different
> options for other platforms that need different GUIDs.
> 
> Suggested-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
> Signed-off-by: Mark Pearson <mpearson-lenovo@squebb.ca>
> ---
> Changes in v2:
>  - split patch up into series
> Changes in v3:
>  - add field details to thinkpad_cert_guid declare.
>  - add missing comma
>  - Move null thumbprint GUID check to later in series
> 
>  drivers/platform/x86/lenovo/think-lmi.c | 38 +++++++++++++++++++------
>  1 file changed, 30 insertions(+), 8 deletions(-)
> 
> diff --git a/drivers/platform/x86/lenovo/think-lmi.c b/drivers/platform/x86/lenovo/think-lmi.c
> index 0992b41b6221..a22d25f6d3c6 100644
> --- a/drivers/platform/x86/lenovo/think-lmi.c
> +++ b/drivers/platform/x86/lenovo/think-lmi.c
> @@ -177,6 +177,28 @@ MODULE_PARM_DESC(debug_support, "Enable debug command support");
>  #define TLMI_CERT_SVC BIT(7) /* Admin Certificate Based */
>  #define TLMI_CERT_SMC BIT(8) /* System Certificate Based */
>  
> +struct tlmi_cert_guids {
> +	char *thumbprint;
> +	char *set_bios_setting;
> +	char *save_bios_setting;
> +	char *cert_to_password;
> +	char *clear_bios_cert;
> +	char *update_bios_cert;
> +	char *set_bios_cert;

const char

> +};
> +
> +static struct tlmi_cert_guids thinkpad_cert_guid = {

These are not supposed to be altered, right? If so, this should be const 
then.

> +	.thumbprint = LENOVO_CERT_THUMBPRINT_GUID,
> +	.set_bios_setting = LENOVO_SET_BIOS_SETTING_CERT_GUID,
> +	.save_bios_setting = LENOVO_SAVE_BIOS_SETTING_CERT_GUID,
> +	.cert_to_password = LENOVO_CERT_TO_PASSWORD_GUID,
> +	.clear_bios_cert = LENOVO_CLEAR_BIOS_CERT_GUID,
> +	.update_bios_cert = LENOVO_UPDATE_BIOS_CERT_GUID,
> +	.set_bios_cert = LENOVO_SET_BIOS_CERT_GUID,
> +};
> +
> +static struct tlmi_cert_guids *cert_guid = &thinkpad_cert_guid;

const here as well. Please also note my comment on placement of this in 
patch 2.

-- 
 i.
Re: [PATCH v3 1/3] platform/x86: think-lmi: Add certificate GUID structure
Posted by Mark Pearson 1 month ago 

On Thu, Aug 28, 2025, at 6:50 AM, Ilpo Järvinen wrote:
> On Mon, 25 Aug 2025, Mark Pearson wrote:
>
>> Add a certificate GUID structure to make it easier to add different
>> options for other platforms that need different GUIDs.
>> 
>> Suggested-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
>> Signed-off-by: Mark Pearson <mpearson-lenovo@squebb.ca>
>> ---
>> Changes in v2:
>>  - split patch up into series
>> Changes in v3:
>>  - add field details to thinkpad_cert_guid declare.
>>  - add missing comma
>>  - Move null thumbprint GUID check to later in series
>> 
>>  drivers/platform/x86/lenovo/think-lmi.c | 38 +++++++++++++++++++------
>>  1 file changed, 30 insertions(+), 8 deletions(-)
>> 
>> diff --git a/drivers/platform/x86/lenovo/think-lmi.c b/drivers/platform/x86/lenovo/think-lmi.c
>> index 0992b41b6221..a22d25f6d3c6 100644
>> --- a/drivers/platform/x86/lenovo/think-lmi.c
>> +++ b/drivers/platform/x86/lenovo/think-lmi.c
>> @@ -177,6 +177,28 @@ MODULE_PARM_DESC(debug_support, "Enable debug command support");
>>  #define TLMI_CERT_SVC BIT(7) /* Admin Certificate Based */
>>  #define TLMI_CERT_SMC BIT(8) /* System Certificate Based */
>>  
>> +struct tlmi_cert_guids {
>> +	char *thumbprint;
>> +	char *set_bios_setting;
>> +	char *save_bios_setting;
>> +	char *cert_to_password;
>> +	char *clear_bios_cert;
>> +	char *update_bios_cert;
>> +	char *set_bios_cert;
>
> const char
>
yep.

>> +};
>> +
>> +static struct tlmi_cert_guids thinkpad_cert_guid = {
>
> These are not supposed to be altered, right? If so, this should be const 
> then.
>
Weird...I could have sworn I made it a const. I'll fix

>> +	.thumbprint = LENOVO_CERT_THUMBPRINT_GUID,
>> +	.set_bios_setting = LENOVO_SET_BIOS_SETTING_CERT_GUID,
>> +	.save_bios_setting = LENOVO_SAVE_BIOS_SETTING_CERT_GUID,
>> +	.cert_to_password = LENOVO_CERT_TO_PASSWORD_GUID,
>> +	.clear_bios_cert = LENOVO_CLEAR_BIOS_CERT_GUID,
>> +	.update_bios_cert = LENOVO_UPDATE_BIOS_CERT_GUID,
>> +	.set_bios_cert = LENOVO_SET_BIOS_CERT_GUID,
>> +};
>> +
>> +static struct tlmi_cert_guids *cert_guid = &thinkpad_cert_guid;
>
> const here as well. Please also note my comment on placement of this in 
> patch 2.

Ack.

Thanks for the review
Mark

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.