git: 96f1dfc1be9c - main - acpi_sbl_wmi: add a driver to trigger SBL firmware updates

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Tue, 15 Oct 2024 14:29:31 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=96f1dfc1be9cf5525152941d06f07c6889e60071

commit 96f1dfc1be9cf5525152941d06f07c6889e60071
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-10-08 12:04:42 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-10-15 14:29:11 +0000

    acpi_sbl_wmi: add a driver to trigger SBL firmware updates
    
    Expose a sysctl knob to inform the SBL bootloader that a firmware update is
    available and should be applied on the next reboot.
    
    See also:       https://slimbootloader.github.io/security/firmware-update.html#triggering-firmware-update
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D47035
---
 sys/conf/files                         |   1 +
 sys/dev/acpi_support/acpi_sbl_wmi.c    | 193 +++++++++++++++++++++++++++++++++
 sys/modules/acpi/Makefile              |   4 +-
 sys/modules/acpi/acpi_sbl_wmi/Makefile |   7 ++
 sys/x86/conf/NOTES                     |   3 +
 5 files changed, 206 insertions(+), 2 deletions(-)

diff --git a/sys/conf/files b/sys/conf/files
index c554efa490fc..7c3392fc7320 100644
--- a/sys/conf/files
+++ b/sys/conf/files
@@ -758,6 +758,7 @@ dev/acpi_support/acpi_fujitsu.c	optional acpi_fujitsu acpi
 dev/acpi_support/acpi_hp.c	optional acpi_hp acpi
 dev/acpi_support/acpi_ibm.c	optional acpi_ibm acpi
 dev/acpi_support/acpi_panasonic.c optional acpi_panasonic acpi
+dev/acpi_support/acpi_sbl_wmi.c	optional acpi_sbl_wmi acpi
 dev/acpi_support/acpi_sony.c	optional acpi_sony acpi
 dev/acpi_support/acpi_toshiba.c	optional acpi_toshiba acpi
 dev/acpi_support/atk0110.c	optional aibs acpi
diff --git a/sys/dev/acpi_support/acpi_sbl_wmi.c b/sys/dev/acpi_support/acpi_sbl_wmi.c
new file mode 100644
index 000000000000..7f8bbeb88317
--- /dev/null
+++ b/sys/dev/acpi_support/acpi_sbl_wmi.c
@@ -0,0 +1,193 @@
+/*-
+ * Copyright (c) 2024 Rubicon Communications, LLC (Netgate)
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+#include "opt_acpi.h"
+#include <sys/param.h>
+#include <sys/conf.h>
+#include <sys/uio.h>
+#include <sys/proc.h>
+#include <sys/kernel.h>
+#include <sys/bus.h>
+#include <sys/sbuf.h>
+#include <sys/module.h>
+#include <sys/sysctl.h>
+
+#include <contrib/dev/acpica/include/acpi.h>
+#include <contrib/dev/acpica/include/accommon.h>
+#include <dev/acpica/acpivar.h>
+#include "acpi_wmi_if.h"
+
+#define _COMPONENT	ACPI_OEM
+ACPI_MODULE_NAME("SBL-FW-UPDATE-WMI")
+ACPI_SERIAL_DECL(sbl_wmi, "SBL WMI device");
+
+#define ACPI_SBL_FW_UPDATE_WMI_GUID	"44FADEB1-B204-40F2-8581-394BBDC1B651"
+
+struct acpi_sbl_wmi_softc {
+	device_t dev;
+	device_t wmi_dev;
+};
+
+static void
+acpi_sbl_wmi_identify(driver_t *driver, device_t parent)
+{
+	/* Don't do anything if driver is disabled. */
+	if (acpi_disabled("sbl_wmi"))
+		return;
+
+	/* Add only a single device instance. */
+	if (device_find_child(parent, "acpi_sbl_wmi", -1) != NULL)
+		return;
+
+	/* Check management GUID to see whether system is compatible. */
+	if (!ACPI_WMI_PROVIDES_GUID_STRING(parent,
+	    ACPI_SBL_FW_UPDATE_WMI_GUID))
+		return;
+
+	if (BUS_ADD_CHILD(parent, 0, "acpi_sbl_wmi", -1) == NULL)
+		device_printf(parent, "add acpi_sbl_wmi child failed\n");
+}
+
+static int
+acpi_sbl_wmi_probe(device_t dev)
+{
+	if (!ACPI_WMI_PROVIDES_GUID_STRING(device_get_parent(dev),
+	    ACPI_SBL_FW_UPDATE_WMI_GUID))
+		return (EINVAL);
+	device_set_desc(dev, "SBL Firmware Update WMI device");
+	return (0);
+}
+
+static int
+acpi_sbl_wmi_sysctl_get(struct acpi_sbl_wmi_softc *sc, int *val)
+{
+	ACPI_OBJECT	*obj;
+	ACPI_BUFFER	 out = { ACPI_ALLOCATE_BUFFER, NULL };
+	int		 error = 0;
+
+	if (ACPI_FAILURE(ACPI_WMI_GET_BLOCK(sc->wmi_dev,
+	    ACPI_SBL_FW_UPDATE_WMI_GUID, 0, &out))) {
+		error = EINVAL;
+		goto out;
+	}
+
+	obj = out.Pointer;
+	if (obj->Type != ACPI_TYPE_INTEGER) {
+		error = EINVAL;
+		goto out;
+	}
+
+	*val = obj->Integer.Value;
+
+out:
+	if (out.Pointer)
+		AcpiOsFree(out.Pointer);
+
+	return (error);
+}
+
+static int
+acpi_sbl_wmi_sysctl_set(struct acpi_sbl_wmi_softc *sc, int in)
+{
+	ACPI_BUFFER	 input = { ACPI_ALLOCATE_BUFFER, NULL };
+	uint32_t	 val;
+
+	val = in;
+	input.Length = sizeof(val);
+	input.Pointer = &val;
+
+	if (ACPI_FAILURE(ACPI_WMI_SET_BLOCK(sc->wmi_dev,
+	    ACPI_SBL_FW_UPDATE_WMI_GUID, 0, &input)))
+		return (ENODEV);
+
+	return (0);
+}
+
+static int
+acpi_sbl_wmi_fw_upgrade_sysctl(SYSCTL_HANDLER_ARGS)
+{
+	struct acpi_sbl_wmi_softc	*sc;
+	int				 arg;
+	int				 error = 0;
+
+	ACPI_SERIAL_BEGIN(sbl_wmi);
+
+	sc = (struct acpi_sbl_wmi_softc *)oidp->oid_arg1;
+	error = acpi_sbl_wmi_sysctl_get(sc, &arg);
+	if (error != 0)
+		goto out;
+
+	error = sysctl_handle_int(oidp, &arg, 0, req);
+	if (! error && req->newptr != NULL)
+		error = acpi_sbl_wmi_sysctl_set(sc, arg);
+
+out:
+	ACPI_SERIAL_END(sbl_wmi);
+
+	return (error);
+}
+
+static int
+acpi_sbl_wmi_attach(device_t dev)
+{
+	struct acpi_sbl_wmi_softc	*sc;
+	struct sysctl_ctx_list		*sysctl_ctx;
+	struct sysctl_oid		*sysctl_tree;
+
+	sc = device_get_softc(dev);
+	sc->dev = dev;
+	sc->wmi_dev = device_get_parent(dev);
+
+	sysctl_ctx = device_get_sysctl_ctx(dev);
+	sysctl_tree = device_get_sysctl_tree(dev);
+
+	SYSCTL_ADD_PROC(sysctl_ctx,
+	    SYSCTL_CHILDREN(sysctl_tree), OID_AUTO,
+	    "firmware_update_request",
+	    CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
+	    sc, 0, acpi_sbl_wmi_fw_upgrade_sysctl, "I",
+	    "Signal SBL that a firmware update is available");
+
+	return (0);
+}
+
+static device_method_t acpi_sbl_wmi_methods[] = {
+	DEVMETHOD(device_identify, acpi_sbl_wmi_identify),
+	DEVMETHOD(device_probe, acpi_sbl_wmi_probe),
+	DEVMETHOD(device_attach, acpi_sbl_wmi_attach),
+
+	DEVMETHOD_END
+};
+
+static driver_t	acpi_sbl_wmi_driver = {
+	"acpi_sbl_wmi",
+	acpi_sbl_wmi_methods,
+	sizeof(struct acpi_sbl_wmi_softc),
+};
+
+DRIVER_MODULE(acpi_sbl_wmi, acpi_wmi, acpi_sbl_wmi_driver, 0, 0);
+MODULE_DEPEND(acpi_sbl_wmi, acpi_wmi, 1, 1, 1);
+MODULE_DEPEND(acpi_sbl_wmi, acpi, 1, 1, 1);
diff --git a/sys/modules/acpi/Makefile b/sys/modules/acpi/Makefile
index 918f5128e5c4..f646589c9fa4 100644
--- a/sys/modules/acpi/Makefile
+++ b/sys/modules/acpi/Makefile
@@ -1,5 +1,5 @@
 SUBDIR=		acpi_asus acpi_asus_wmi acpi_dock acpi_fujitsu acpi_hp	\
-		acpi_ged acpi_ibm acpi_panasonic acpi_sony acpi_toshiba	\
-		acpi_video acpi_wmi aibs
+		acpi_ged acpi_ibm acpi_panasonic acpi_sbl_wmi acpi_sony	\
+		acpi_toshiba acpi_video acpi_wmi aibs
 
 .include <bsd.subdir.mk>
diff --git a/sys/modules/acpi/acpi_sbl_wmi/Makefile b/sys/modules/acpi/acpi_sbl_wmi/Makefile
new file mode 100644
index 000000000000..66fa87da3547
--- /dev/null
+++ b/sys/modules/acpi/acpi_sbl_wmi/Makefile
@@ -0,0 +1,7 @@
+.PATH:	${SRCTOP}/sys/dev/acpi_support
+
+KMOD=	acpi_sbl_wmi
+CFLAGS+=-I${SRCTOP}/sys/dev/acpi_support
+SRCS=	acpi_sbl_wmi.c opt_acpi.h acpi_if.h acpi_wmi_if.h device_if.h bus_if.h
+
+.include <bsd.kmod.mk>
diff --git a/sys/x86/conf/NOTES b/sys/x86/conf/NOTES
index 87a8f8924d12..ffd90c06b516 100644
--- a/sys/x86/conf/NOTES
+++ b/sys/x86/conf/NOTES
@@ -172,6 +172,9 @@ device		acpi_ibm
 # ACPI Panasonic Extras (LCD backlight/brightness, video output, etc.)
 device		acpi_panasonic
 
+# ACPI SBL Firmware Update
+device		acpi_sbl_wmi
+
 # ACPI Sony extra (LCD brightness)
 device		acpi_sony