mirror of
https://git.proxmox.com/git/fwupd
synced 2025-08-02 12:54:52 +00:00
Use a more compact JSON format using precommit
This commit is contained in:
parent
c1ffebae48
commit
00e8aaefc6
@ -1,7 +1,7 @@
|
||||
default_stages: [commit]
|
||||
repos:
|
||||
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||
rev: v4.0.1
|
||||
rev: v4.4.0
|
||||
hooks:
|
||||
- id: no-commit-to-branch
|
||||
args: [--branch, main, --pattern, 1_.*_X]
|
||||
@ -12,6 +12,8 @@ repos:
|
||||
- id: check-yaml
|
||||
exclude: '.clang-format'
|
||||
- id: check-json
|
||||
- id: pretty-format-json
|
||||
args: ['--no-sort-keys']
|
||||
- id: check-symlinks
|
||||
- id: check-xml
|
||||
- id: end-of-file-fixer
|
||||
@ -23,12 +25,12 @@ repos:
|
||||
- id: mixed-line-ending
|
||||
args: [--fix=lf]
|
||||
- repo: https://github.com/codespell-project/codespell
|
||||
rev: v2.1.0
|
||||
rev: v2.2.2
|
||||
hooks:
|
||||
- id: codespell
|
||||
args: ['--config', './contrib/codespell.cfg', --write-changes]
|
||||
- repo: https://github.com/ambv/black
|
||||
rev: 22.3.0
|
||||
rev: 22.12.0
|
||||
hooks:
|
||||
- id: black
|
||||
- repo: local
|
||||
@ -78,7 +80,7 @@ repos:
|
||||
language: script
|
||||
entry: ./contrib/ci/check-license.py
|
||||
- repo: https://github.com/igorshubovych/markdownlint-cli
|
||||
rev: v0.27.1
|
||||
rev: v0.33.0
|
||||
hooks:
|
||||
- id: markdownlint
|
||||
args: ['--fix', '--ignore', '.github']
|
||||
|
@ -1,65 +1,65 @@
|
||||
{
|
||||
"version": "0.2.0",
|
||||
"configurations": [
|
||||
{
|
||||
"name": "gdbserver (fwupdtool)",
|
||||
"type": "cppdbg",
|
||||
"request": "launch",
|
||||
"program": "${workspaceFolder}/dist/libexec/fwupd/fwupdtool",
|
||||
"args": [],
|
||||
"stopAtEntry": false,
|
||||
"cwd": "${workspaceFolder}",
|
||||
"environment": [],
|
||||
"miDebuggerServerAddress": "localhost:9091",
|
||||
"externalConsole": false,
|
||||
"MIMode": "gdb",
|
||||
"setupCommands": [
|
||||
{
|
||||
"description": "Enable pretty-printing for gdb",
|
||||
"text": "-enable-pretty-printing",
|
||||
"ignoreFailures": true
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "gdbserver (fwupd)",
|
||||
"type": "cppdbg",
|
||||
"request": "launch",
|
||||
"program": "${workspaceFolder}/dist/libexec/fwupd/fwupd",
|
||||
"args": [],
|
||||
"stopAtEntry": false,
|
||||
"cwd": "${workspaceFolder}",
|
||||
"environment": [],
|
||||
"miDebuggerServerAddress": "localhost:9091",
|
||||
"externalConsole": false,
|
||||
"MIMode": "gdb",
|
||||
"setupCommands": [
|
||||
{
|
||||
"description": "Enable pretty-printing for gdb",
|
||||
"text": "-enable-pretty-printing",
|
||||
"ignoreFailures": true
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "gdbserver (fwupdmgr)",
|
||||
"type": "cppdbg",
|
||||
"request": "launch",
|
||||
"program": "${workspaceFolder}/dist/bin/fwupdmgr",
|
||||
"args": [],
|
||||
"stopAtEntry": false,
|
||||
"cwd": "${workspaceFolder}",
|
||||
"environment": [],
|
||||
"miDebuggerServerAddress": "localhost:9091",
|
||||
"externalConsole": false,
|
||||
"MIMode": "gdb",
|
||||
"setupCommands": [
|
||||
{
|
||||
"description": "Enable pretty-printing for gdb",
|
||||
"text": "-enable-pretty-printing",
|
||||
"ignoreFailures": true
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
"version": "0.2.0",
|
||||
"configurations": [
|
||||
{
|
||||
"name": "gdbserver (fwupdtool)",
|
||||
"type": "cppdbg",
|
||||
"request": "launch",
|
||||
"program": "${workspaceFolder}/dist/libexec/fwupd/fwupdtool",
|
||||
"args": [],
|
||||
"stopAtEntry": false,
|
||||
"cwd": "${workspaceFolder}",
|
||||
"environment": [],
|
||||
"miDebuggerServerAddress": "localhost:9091",
|
||||
"externalConsole": false,
|
||||
"MIMode": "gdb",
|
||||
"setupCommands": [
|
||||
{
|
||||
"description": "Enable pretty-printing for gdb",
|
||||
"text": "-enable-pretty-printing",
|
||||
"ignoreFailures": true
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "gdbserver (fwupd)",
|
||||
"type": "cppdbg",
|
||||
"request": "launch",
|
||||
"program": "${workspaceFolder}/dist/libexec/fwupd/fwupd",
|
||||
"args": [],
|
||||
"stopAtEntry": false,
|
||||
"cwd": "${workspaceFolder}",
|
||||
"environment": [],
|
||||
"miDebuggerServerAddress": "localhost:9091",
|
||||
"externalConsole": false,
|
||||
"MIMode": "gdb",
|
||||
"setupCommands": [
|
||||
{
|
||||
"description": "Enable pretty-printing for gdb",
|
||||
"text": "-enable-pretty-printing",
|
||||
"ignoreFailures": true
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "gdbserver (fwupdmgr)",
|
||||
"type": "cppdbg",
|
||||
"request": "launch",
|
||||
"program": "${workspaceFolder}/dist/bin/fwupdmgr",
|
||||
"args": [],
|
||||
"stopAtEntry": false,
|
||||
"cwd": "${workspaceFolder}",
|
||||
"environment": [],
|
||||
"miDebuggerServerAddress": "localhost:9091",
|
||||
"externalConsole": false,
|
||||
"MIMode": "gdb",
|
||||
"setupCommands": [
|
||||
{
|
||||
"description": "Enable pretty-printing for gdb",
|
||||
"text": "-enable-pretty-printing",
|
||||
"ignoreFailures": true
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
{
|
||||
"editor.tabSize": 8,
|
||||
"mesonbuild.buildFolder": "build"
|
||||
"editor.tabSize": 8,
|
||||
"mesonbuild.buildFolder": "build"
|
||||
}
|
||||
|
@ -1,30 +1,29 @@
|
||||
{
|
||||
"id": "org.fwupd.hsi.Amd.PlatformRollbackProtection",
|
||||
"name": "AMD Secure Processor Rollback protection",
|
||||
"description": [
|
||||
"AMD SOCs include the ability to prevent a rollback attack by a rollback protection feature on the secure processor.",
|
||||
"This feature prevents an attacker from loading an older firmware onto the part after a security vulnerability has been fixed."
|
||||
],
|
||||
"more-information": [
|
||||
"This particular check is not for the Microsoft Pluton Security processor which is present on some chips.",
|
||||
"End users are not able to directly modify rollback protection, this is controlled by the manufacturer.",
|
||||
"On Lenovo systems it has been reported that if this is disabled it may potentially be enabled by loading 'OS Optimized Defaults' in BIOS setup."
|
||||
],
|
||||
"failure-impact": [
|
||||
"SOCs without this feature may be attacked by an attacker installing an older firmware that takes advantage of a well-known vulnerability."
|
||||
],
|
||||
"failure-results": {
|
||||
"not-enabled": "rollback protection disabled"
|
||||
},
|
||||
"success-results": {
|
||||
"enabled": "rollback protection enabled"
|
||||
},
|
||||
"hsi-level": 4,
|
||||
"references": {
|
||||
"https://www.psacertified.org/blog/anti-rollback-explained/": "Rollback protection",
|
||||
"https://www.amd.com/en/technologies/pro-security": "AMD Secure Processor",
|
||||
"https://forums.lenovo.com/t5/Fedora/AMD-Rollback-protection-not-detected-by-fwupd-on-T14-G3-AMD/m-p/5182708?page=1#5810366":
|
||||
"Loading OS Optimized Defaults on Lenovo systems"
|
||||
},
|
||||
"fwupd-version": "1.8.0"
|
||||
"id": "org.fwupd.hsi.Amd.PlatformRollbackProtection",
|
||||
"name": "AMD Secure Processor Rollback protection",
|
||||
"description": [
|
||||
"AMD SOCs include the ability to prevent a rollback attack by a rollback protection feature on the secure processor.",
|
||||
"This feature prevents an attacker from loading an older firmware onto the part after a security vulnerability has been fixed."
|
||||
],
|
||||
"more-information": [
|
||||
"This particular check is not for the Microsoft Pluton Security processor which is present on some chips.",
|
||||
"End users are not able to directly modify rollback protection, this is controlled by the manufacturer.",
|
||||
"On Lenovo systems it has been reported that if this is disabled it may potentially be enabled by loading 'OS Optimized Defaults' in BIOS setup."
|
||||
],
|
||||
"failure-impact": [
|
||||
"SOCs without this feature may be attacked by an attacker installing an older firmware that takes advantage of a well-known vulnerability."
|
||||
],
|
||||
"failure-results": {
|
||||
"not-enabled": "rollback protection disabled"
|
||||
},
|
||||
"success-results": {
|
||||
"enabled": "rollback protection enabled"
|
||||
},
|
||||
"hsi-level": 4,
|
||||
"references": {
|
||||
"https://www.psacertified.org/blog/anti-rollback-explained/": "Rollback protection",
|
||||
"https://www.amd.com/en/technologies/pro-security": "AMD Secure Processor",
|
||||
"https://forums.lenovo.com/t5/Fedora/AMD-Rollback-protection-not-detected-by-fwupd-on-T14-G3-AMD/m-p/5182708?page=1#5810366": "Loading OS Optimized Defaults on Lenovo systems"
|
||||
},
|
||||
"fwupd-version": "1.8.0"
|
||||
}
|
||||
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.Amd.SpiReplayProtection",
|
||||
"name" : "AMD SPI Write protections",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.Amd.SpiReplayProtection",
|
||||
"name": "AMD SPI Write protections",
|
||||
"description": [
|
||||
"SOCs may enforce control of the SPI bus to prevent writes other than by verified entities."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"SOCs without this feature may be attacked by an attacker modifying the SPI."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-enabled" : "SPI protections disabled"
|
||||
"failure-results": {
|
||||
"not-enabled": "SPI protections disabled"
|
||||
},
|
||||
"success-results" : {
|
||||
"enabled" : "SPI protections enabled"
|
||||
"success-results": {
|
||||
"enabled": "SPI protections enabled"
|
||||
},
|
||||
"hsi-level" : 2,
|
||||
"fwupd-version" : "1.8.0"
|
||||
"hsi-level": 2,
|
||||
"fwupd-version": "1.8.0"
|
||||
}
|
||||
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.Amd.SpiWriteProtection",
|
||||
"name" : "AMD SPI Replay protections",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.Amd.SpiWriteProtection",
|
||||
"name": "AMD SPI Replay protections",
|
||||
"description": [
|
||||
"SOCs may include support for replay-protected monotonic counters to prevent replay attacks."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"SOCs without this feature may be attacked by an attacker modifying the SPI."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-enabled" : "SPI protections disabled"
|
||||
"failure-results": {
|
||||
"not-enabled": "SPI protections disabled"
|
||||
},
|
||||
"success-results" : {
|
||||
"enabled" : "SPI protections enabled"
|
||||
"success-results": {
|
||||
"enabled": "SPI protections enabled"
|
||||
},
|
||||
"hsi-level" : 3,
|
||||
"fwupd-version" : "1.8.0"
|
||||
"hsi-level": 3,
|
||||
"fwupd-version": "1.8.0"
|
||||
}
|
||||
|
@ -1,21 +1,21 @@
|
||||
{
|
||||
"id": "org.fwupd.hsi.Bios.RollbackProtection",
|
||||
"name": "BIOS Firmware Rollback protection",
|
||||
"description": [
|
||||
"Some OEMs include an optional firmware protection feature in their BIOS that would prevent installation of older firmware that may have security vulnerabilities."
|
||||
],
|
||||
"failure-impact": [
|
||||
"Firmware without this feature enabled may be attacked by an attacker installing an older firmware that takes advantage of a well-known vulnerability."
|
||||
],
|
||||
"failure-results": {
|
||||
"not-enabled": "rollback protection disabled"
|
||||
},
|
||||
"success-results": {
|
||||
"enabled": "rollback protection enabled"
|
||||
},
|
||||
"hsi-level": 2,
|
||||
"references": {
|
||||
"https://www.psacertified.org/blog/anti-rollback-explained/": "Rollback protection"
|
||||
},
|
||||
"fwupd-version": "1.8.8"
|
||||
"id": "org.fwupd.hsi.Bios.RollbackProtection",
|
||||
"name": "BIOS Firmware Rollback protection",
|
||||
"description": [
|
||||
"Some OEMs include an optional firmware protection feature in their BIOS that would prevent installation of older firmware that may have security vulnerabilities."
|
||||
],
|
||||
"failure-impact": [
|
||||
"Firmware without this feature enabled may be attacked by an attacker installing an older firmware that takes advantage of a well-known vulnerability."
|
||||
],
|
||||
"failure-results": {
|
||||
"not-enabled": "rollback protection disabled"
|
||||
},
|
||||
"success-results": {
|
||||
"enabled": "rollback protection enabled"
|
||||
},
|
||||
"hsi-level": 2,
|
||||
"references": {
|
||||
"https://www.psacertified.org/blog/anti-rollback-explained/": "Rollback protection"
|
||||
},
|
||||
"fwupd-version": "1.8.8"
|
||||
}
|
||||
|
@ -1,25 +1,25 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.EncryptedRam",
|
||||
"name" : "DRAM memory encryption",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.EncryptedRam",
|
||||
"name": "DRAM memory encryption",
|
||||
"description": [
|
||||
"TME (Intel) or SME (AMD) is used by the hardware on supported SOCs to encrypt all data on external memory buses.",
|
||||
"It mitigates against an attacker being able to capture memory data while the system is running or to capture memory by removing a DRAM chip.",
|
||||
"This encryption may be activated by either transparently via firmware configuration or by code running in the Linux kernel."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"A local attacker can either extract unencrypted content by attaching debug probes on the DIMM modules, or by removing them and inserting them into a computer with a modified DRAM controller."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-encrypted" : "detected but disabled",
|
||||
"not-supported" : "not available"
|
||||
"failure-results": {
|
||||
"not-encrypted": "detected but disabled",
|
||||
"not-supported": "not available"
|
||||
},
|
||||
"success-results" : {
|
||||
"encrypted" : "detected and enabled"
|
||||
"success-results": {
|
||||
"encrypted": "detected and enabled"
|
||||
},
|
||||
"hsi-level" : 4,
|
||||
"references" : {
|
||||
"https://software.intel.com/content/www/us/en/develop/blogs/intel-releases-new-technology-specification-for-memory-encryption.html" : "Intel TME Press Release",
|
||||
"https://en.wikichip.org/wiki/x86/sme" : "WikiChip SME Overview"
|
||||
"hsi-level": 4,
|
||||
"references": {
|
||||
"https://software.intel.com/content/www/us/en/develop/blogs/intel-releases-new-technology-specification-for-memory-encryption.html": "Intel TME Press Release",
|
||||
"https://en.wikichip.org/wiki/x86/sme": "WikiChip SME Overview"
|
||||
},
|
||||
"fwupd-version" : "1.5.0"
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,19 +1,19 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.IntelBootguard.Acm",
|
||||
"name" : "Intel BootGuard: ACM",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.IntelBootguard.Acm",
|
||||
"name": "Intel BootGuard: ACM",
|
||||
"description": [
|
||||
"BootGuard is a processor feature that prevents the machine from running firmware images not released by the system manufacturer.",
|
||||
"It forms a root-of-trust by fusing in cryptographic keys into the processor itself that are used to verify the Authenticated Code Modules found in the SPI flash."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"When BootGuard is not set up correctly then the chain-of-trust between the CPU and the bootloader can not be verified."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-valid" : "boot is not verified"
|
||||
"failure-results": {
|
||||
"not-valid": "boot is not verified"
|
||||
},
|
||||
"success-results" : {
|
||||
"valid" : "ACM protected"
|
||||
"success-results": {
|
||||
"valid": "ACM protected"
|
||||
},
|
||||
"hsi-level" : 2,
|
||||
"fwupd-version" : "1.5.0"
|
||||
"hsi-level": 2,
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,26 +1,26 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.IntelBootguard.Enabled",
|
||||
"deprecated-ids" : [
|
||||
"id": "org.fwupd.hsi.IntelBootguard.Enabled",
|
||||
"deprecated-ids": [
|
||||
"org.fwupd.hsi.Kernel.IntelBootguard"
|
||||
],
|
||||
"name" : "Intel BootGuard: Enabled",
|
||||
"description" : [
|
||||
"name": "Intel BootGuard: Enabled",
|
||||
"description": [
|
||||
"BootGuard is a processor feature that prevents the machine from running firmware images not released by the system manufacturer.",
|
||||
"It forms a root-of-trust by fusing in cryptographic keys into the processor itself that are used to verify the Authenticated Code Modules found in the SPI flash."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"When BootGuard is not set up correctly then the chain-of-trust between the CPU and the bootloader can not be verified.",
|
||||
"This would allow subverting the Secure Boot protection which gives the attacker full access to your hardware."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-enabled" : "not detected, or detected but not enabled"
|
||||
"failure-results": {
|
||||
"not-enabled": "not detected, or detected but not enabled"
|
||||
},
|
||||
"success-results" : {
|
||||
"enabled" : "detected and enabled"
|
||||
"success-results": {
|
||||
"enabled": "detected and enabled"
|
||||
},
|
||||
"hsi-level" : 2,
|
||||
"references" : {
|
||||
"https://github.com/coreboot/coreboot/blob/master/src/soc/intel/jasperlake/include/soc/me.h" : "Coreboot documentation"
|
||||
"hsi-level": 2,
|
||||
"references": {
|
||||
"https://github.com/coreboot/coreboot/blob/master/src/soc/intel/jasperlake/include/soc/me.h": "Coreboot documentation"
|
||||
},
|
||||
"fwupd-version" : "1.5.0"
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,20 +1,20 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.IntelBootguard.Otp",
|
||||
"name" : "Intel BootGuard: OTP",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.IntelBootguard.Otp",
|
||||
"name": "Intel BootGuard: OTP",
|
||||
"description": [
|
||||
"BootGuard is a processor feature that prevents the machine from running firmware images not released by the system manufacturer.",
|
||||
"It forms a root-of-trust by fusing in cryptographic keys into the processor itself that are used to verify the Authenticated Code Modules found in the SPI flash."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"When BootGuard is not set up correctly then the chain-of-trust between the CPU and the bootloader can not be verified.",
|
||||
"This would allow subverting the Secure Boot protection which gives the attacker full access to your hardware."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-valid" : "SOC is not locked"
|
||||
"failure-results": {
|
||||
"not-valid": "SOC is not locked"
|
||||
},
|
||||
"success-results" : {
|
||||
"valid" : "SOC is locked"
|
||||
"success-results": {
|
||||
"valid": "SOC is locked"
|
||||
},
|
||||
"hsi-level" : 2,
|
||||
"fwupd-version" : "1.5.0"
|
||||
"hsi-level": 2,
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,19 +1,19 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.IntelBootguard.Policy",
|
||||
"name" : "Intel BootGuard: Policy",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.IntelBootguard.Policy",
|
||||
"name": "Intel BootGuard: Policy",
|
||||
"description": [
|
||||
"BootGuard is a processor feature that prevents the machine from running firmware images not released by the system manufacturer.",
|
||||
"It forms a root-of-trust by fusing in cryptographic keys into the processor itself that are used to verify the Authenticated Code Modules found in the SPI flash."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"The attacker can invalidate the chain of trust (subverting Secure Boot), and the user would get just a console warning and then continue to boot."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-valid" : "policy is invalid"
|
||||
"failure-results": {
|
||||
"not-valid": "policy is invalid"
|
||||
},
|
||||
"success-results" : {
|
||||
"valid" : "error enforce policy is set to shutdown"
|
||||
"success-results": {
|
||||
"valid": "error enforce policy is set to shutdown"
|
||||
},
|
||||
"hsi-level" : 3,
|
||||
"fwupd-version" : "1.5.0"
|
||||
"hsi-level": 3,
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,20 +1,20 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.IntelBootguard.Verified",
|
||||
"name" : "Intel BootGuard: Verified",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.IntelBootguard.Verified",
|
||||
"name": "Intel BootGuard: Verified",
|
||||
"description": [
|
||||
"BootGuard is a processor feature that prevents the machine from running firmware images not released by the system manufacturer.",
|
||||
"It forms a root-of-trust by fusing in cryptographic keys into the processor itself that are used to verify the Authenticated Code Modules found in the SPI flash."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"When BootGuard is not set up correctly then the chain-of-trust between the CPU and the bootloader can not be verified.",
|
||||
"This would allow subverting the Secure Boot protection which gives the attacker full access to your hardware."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-valid" : "boot is not verified"
|
||||
"failure-results": {
|
||||
"not-valid": "boot is not verified"
|
||||
},
|
||||
"success-results" : {
|
||||
"success" : "verified boot chain"
|
||||
"success-results": {
|
||||
"success": "verified boot chain"
|
||||
},
|
||||
"hsi-level" : 2,
|
||||
"fwupd-version" : "1.5.0"
|
||||
"hsi-level": 2,
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,21 +1,21 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.IntelCet.Active",
|
||||
"name" : "Intel CET: Active",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.IntelCet.Active",
|
||||
"name": "Intel CET: Active",
|
||||
"description": [
|
||||
"Control enforcement technology is available on new Intel platforms and prevents exploits from hijacking the control-flow transfer instructions for both forward-edge (indirect call/jmp) and back-edge transfer (ret)."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"A local or physical attacker with an existing unrelated vulnerability can use a ROP gadget to run arbitrary code."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-supported" : "CET not being used by the host"
|
||||
"failure-results": {
|
||||
"not-supported": "CET not being used by the host"
|
||||
},
|
||||
"success-results" : {
|
||||
"supported" : "CET being used"
|
||||
"success-results": {
|
||||
"supported": "CET being used"
|
||||
},
|
||||
"hsi-level" : 3,
|
||||
"references" : {
|
||||
"https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf" : "Intel CET Technology Preview"
|
||||
"hsi-level": 3,
|
||||
"references": {
|
||||
"https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf": "Intel CET Technology Preview"
|
||||
},
|
||||
"fwupd-version" : "1.5.0"
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,21 +1,21 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.IntelCet.Enabled",
|
||||
"name" : "Intel CET: Available",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.IntelCet.Enabled",
|
||||
"name": "Intel CET: Available",
|
||||
"description": [
|
||||
"Control enforcement technology is available on new Intel platforms and prevents exploits from hijacking the control-flow transfer instructions for both forward-edge (indirect call/jmp) and back-edge transfer (ret)."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"A local or physical attacker with an existing unrelated vulnerability can use a reliable and well-known method to run arbitrary code."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-supported" : "CET not supported"
|
||||
"failure-results": {
|
||||
"not-supported": "CET not supported"
|
||||
},
|
||||
"success-results" : {
|
||||
"enabled" : "CET feature enabled by the platform"
|
||||
"success-results": {
|
||||
"enabled": "CET feature enabled by the platform"
|
||||
},
|
||||
"hsi-level" : 3,
|
||||
"references" : {
|
||||
"https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf" : "Intel CET Technology Preview"
|
||||
"hsi-level": 3,
|
||||
"references": {
|
||||
"https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf": "Intel CET Technology Preview"
|
||||
},
|
||||
"fwupd-version" : "1.5.0"
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,22 +1,22 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.IntelSmap",
|
||||
"name" : "Intel SMAP",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.IntelSmap",
|
||||
"name": "Intel SMAP",
|
||||
"description": [
|
||||
"Without Supervisor Mode Access Prevention, the supervisor code usually has full read and write access to user-space memory mappings.",
|
||||
"This can make exploits easier to write, as it allows the kernel to access user-space memory when it did not intend to."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"A local or remote attacker can use a simple exploit to modify the contents of kernel memory which can lead to privilege escalation."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-supported" : "SMAP not enabled"
|
||||
"failure-results": {
|
||||
"not-supported": "SMAP not enabled"
|
||||
},
|
||||
"success-results" : {
|
||||
"enabled" : "SMAP features are detected and enabled"
|
||||
"success-results": {
|
||||
"enabled": "SMAP features are detected and enabled"
|
||||
},
|
||||
"hsi-level" : 4,
|
||||
"references" : {
|
||||
"https://en.wikipedia.org/wiki/Supervisor_Mode_Access_Prevention" : "SMAP Wikipedia Page"
|
||||
"hsi-level": 4,
|
||||
"references": {
|
||||
"https://en.wikipedia.org/wiki/Supervisor_Mode_Access_Prevention": "SMAP Wikipedia Page"
|
||||
},
|
||||
"fwupd-version" : "1.5.0"
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,24 +1,24 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.Iommu",
|
||||
"name" : "DMA protection",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.Iommu",
|
||||
"name": "DMA protection",
|
||||
"description": [
|
||||
"The IOMMU on modern systems is used to mitigate against DMA attacks.",
|
||||
"All I/O for devices capable of DMA is mapped into a private virtual memory region.",
|
||||
"Common implementations are Intel VT-d and AMD-Vi."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"An attacker with inexpensive PCIe development hardware can write to system RAM from the ThunderBolt or Firewire ports which can lead to privilege escalation."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-found" : "IOMMU hardware was not detected"
|
||||
"failure-results": {
|
||||
"not-found": "IOMMU hardware was not detected"
|
||||
},
|
||||
"success-results" : {
|
||||
"enabled" : "IOMMU hardware detected and enabled"
|
||||
"success-results": {
|
||||
"enabled": "IOMMU hardware detected and enabled"
|
||||
},
|
||||
"hsi-level" : 2,
|
||||
"resolution" : "If available, turn on IOMMU in the system BIOS. You may also have to use additional kernel boot parameters, for example `iommu=force`.",
|
||||
"references" : {
|
||||
"https://en.wikipedia.org/wiki/Input%E2%80%93output_memory_management_unit" : "IOMMU Wikipedia Page"
|
||||
"hsi-level": 2,
|
||||
"resolution": "If available, turn on IOMMU in the system BIOS. You may also have to use additional kernel boot parameters, for example `iommu=force`.",
|
||||
"references": {
|
||||
"https://en.wikipedia.org/wiki/Input%E2%80%93output_memory_management_unit": "IOMMU Wikipedia Page"
|
||||
},
|
||||
"fwupd-version" : "1.5.0"
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,19 +1,19 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.Kernel.Lockdown",
|
||||
"name" : "Kernel Lockdown",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.Kernel.Lockdown",
|
||||
"name": "Kernel Lockdown",
|
||||
"description": [
|
||||
"Kernel lockdown is an important mechanism to limit what hardware actions userspace programs can perform.",
|
||||
"Turning on this feature means that often-used mechanisms like /dev/mem used to raise privileges or exfiltrate data are no longer available."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"An unlocked kernel can be easily abused by a malicious userspace program running as root, which can include replacing system firmware."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-valid" : "could not read lockdown status, perhaps from an old kernel",
|
||||
"not-enabled" : "lockdown is set to `none`"
|
||||
"failure-results": {
|
||||
"not-valid": "could not read lockdown status, perhaps from an old kernel",
|
||||
"not-enabled": "lockdown is set to `none`"
|
||||
},
|
||||
"success-results" : {
|
||||
"enabled" : "lockdown is set to either `integrity` or `confidentiality`."
|
||||
"success-results": {
|
||||
"enabled": "lockdown is set to either `integrity` or `confidentiality`."
|
||||
},
|
||||
"fwupd-version" : "1.5.0"
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,19 +1,19 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.Kernel.Tainted",
|
||||
"name" : "Kernel Tainted",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.Kernel.Tainted",
|
||||
"name": "Kernel Tainted",
|
||||
"description": [
|
||||
"When calculating the HSI value fwupd has to ask the Linux Kernel for information.",
|
||||
"If the kernel has been tainted by overriding a firmware table or by loading a proprietary module then we cannot trust the data it reports."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"Using a tainted kernel means that values obtained from the kernel cannot be trusted."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-valid" : "could not detect kernel taint status",
|
||||
"tainted" : "the kernel is untrusted, perhaps because a proprietary module was loaded"
|
||||
"failure-results": {
|
||||
"not-valid": "could not detect kernel taint status",
|
||||
"tainted": "the kernel is untrusted, perhaps because a proprietary module was loaded"
|
||||
},
|
||||
"success-results" : {
|
||||
"not-tainted" : "the kernel is trusted"
|
||||
"success-results": {
|
||||
"not-tainted": "the kernel is trusted"
|
||||
},
|
||||
"fwupd-version" : "1.5.0"
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,25 +1,25 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.Mei.KeyManifest",
|
||||
"name" : "ME BootGuard Platform Key",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.Mei.KeyManifest",
|
||||
"name": "ME BootGuard Platform Key",
|
||||
"description": [
|
||||
"The BootGuard Platform Key is fused into the CPU PCH during manufacturing by the OEM.",
|
||||
"At bootup, an authenticated code module computes a hash of the Platform Key and compares it with the one stored in field-programmable fuses.",
|
||||
"If the key matches the ACM will pass control to the firmware, otherwise the boot process will stop.",
|
||||
"In 2022 a number of Platform **secret** Keys were leaked by Lenovo and confirmed by Intel."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"A custom system firmware can be signed using the leaked private key to completely disable UEFI Secure Boot and allow complete persistent compromise of the affected machine."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-valid" : "device uses a key that is compromised"
|
||||
"failure-results": {
|
||||
"not-valid": "device uses a key that is compromised"
|
||||
},
|
||||
"success-results" : {
|
||||
"valid" : "device uses a BootGuard Platform Key that is not known to be compromised"
|
||||
"success-results": {
|
||||
"valid": "device uses a BootGuard Platform Key that is not known to be compromised"
|
||||
},
|
||||
"hsi-level" : 1,
|
||||
"references" : {
|
||||
"https://github.com/phretor/intel-leak-checker/" : "Intel leak checker",
|
||||
"https://www.tomshardware.com/news/intel-confirms-6gb-alder-lake-bios-source-code-leak-new-details-emerge" : "Tom's Hardware Article"
|
||||
"hsi-level": 1,
|
||||
"references": {
|
||||
"https://github.com/phretor/intel-leak-checker/": "Intel leak checker",
|
||||
"https://www.tomshardware.com/news/intel-confirms-6gb-alder-lake-bios-source-code-leak-new-details-emerge": "Tom's Hardware Article"
|
||||
},
|
||||
"fwupd-version" : "1.8.7"
|
||||
"fwupd-version": "1.8.7"
|
||||
}
|
||||
|
@ -1,24 +1,24 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.Mei.ManufacturingMode",
|
||||
"name" : "ME not in manufacturing mode",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.Mei.ManufacturingMode",
|
||||
"name": "ME not in manufacturing mode",
|
||||
"description": [
|
||||
"There have been some unfortunate cases of the ME being distributed in manufacturing mode.",
|
||||
"In manufacturing mode many features from the ME can be interacted with that decrease the platform's security."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"If the ME is in manufacturing mode then any user with root access can provision the ME engine with new keys.",
|
||||
"This gives them full access to the system even when the system is powered off."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-locked" : "device is in manufacturing mode"
|
||||
"failure-results": {
|
||||
"not-locked": "device is in manufacturing mode"
|
||||
},
|
||||
"success-results" : {
|
||||
"locked" : "device has had manufacturing mode disabled"
|
||||
"success-results": {
|
||||
"locked": "device has had manufacturing mode disabled"
|
||||
},
|
||||
"hsi-level" : 1,
|
||||
"references" : {
|
||||
"https://malware.news/t/intel-me-manufacturing-mode-obscured-dangers-and-their-relationship-to-apple-macbook-vulnerability-cve-2018-4251/23214" : "ME Manufacturing Mode: obscured dangers",
|
||||
"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00086.html" : "Intel security advisory SA-00086"
|
||||
"hsi-level": 1,
|
||||
"references": {
|
||||
"https://malware.news/t/intel-me-manufacturing-mode-obscured-dangers-and-their-relationship-to-apple-macbook-vulnerability-cve-2018-4251/23214": "ME Manufacturing Mode: obscured dangers",
|
||||
"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00086.html": "Intel security advisory SA-00086"
|
||||
},
|
||||
"fwupd-version" : "1.5.0"
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,22 +1,22 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.Mei.OverrideStrap",
|
||||
"name" : "ME Flash Descriptor Override",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.Mei.OverrideStrap",
|
||||
"name": "ME Flash Descriptor Override",
|
||||
"description": [
|
||||
"The Flash Descriptor Security Override Strap is not accessible to end users on consumer boards and Intel stresses that this is for debugging only."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"The system firmware can be written from userspace by changing the protected region.",
|
||||
"This gives any attacker with root access a method to write persistent executable code to the firmware, which survives even a full disk wipe and OS reinstall."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-locked" : "device is in debugging mode"
|
||||
"failure-results": {
|
||||
"not-locked": "device is in debugging mode"
|
||||
},
|
||||
"success-results" : {
|
||||
"locked" : "device in in normal runtime mode"
|
||||
"success-results": {
|
||||
"locked": "device in in normal runtime mode"
|
||||
},
|
||||
"hsi-level" : 1,
|
||||
"references" : {
|
||||
"https://chromium.googlesource.com/chromiumos/third_party/flashrom/+/master/Documentation/mysteries_intel.txt" : "Chromium documentation for Intel ME"
|
||||
"hsi-level": 1,
|
||||
"references": {
|
||||
"https://chromium.googlesource.com/chromiumos/third_party/flashrom/+/master/Documentation/mysteries_intel.txt": "Chromium documentation for Intel ME"
|
||||
},
|
||||
"fwupd-version" : "1.5.0"
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,26 +1,26 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.Mei.Version",
|
||||
"name" : "CSME Version",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.Mei.Version",
|
||||
"name": "CSME Version",
|
||||
"description": [
|
||||
"Converged Security and Manageability Engine is a standalone management module that can manage and control some local devices without the host CPU involvement.",
|
||||
"The CSME lives in the PCH and can only be updated by the OEM vendor.",
|
||||
"The version of the CSME module can be checked to detect the most common and serious vulnerabilities."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"Using any one of the critical vulnerabilities, a remote attacker can take full control of the system and all connected devices, even when the system is powered off."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-valid" : "affected by one of the critical CVEs"
|
||||
"failure-results": {
|
||||
"not-valid": "affected by one of the critical CVEs"
|
||||
},
|
||||
"success-results" : {
|
||||
"valid" : "is not affected by the most critical CVEs"
|
||||
"success-results": {
|
||||
"valid": "is not affected by the most critical CVEs"
|
||||
},
|
||||
"hsi-level" : 1,
|
||||
"resolution" : "Update your Management Engine firmware",
|
||||
"references" : {
|
||||
"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00086.html" : "Intel CSME Security Review Cumulative Update"
|
||||
"hsi-level": 1,
|
||||
"resolution": "Update your Management Engine firmware",
|
||||
"references": {
|
||||
"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00086.html": "Intel CSME Security Review Cumulative Update"
|
||||
},
|
||||
"issues" : [
|
||||
"issues": [
|
||||
"CVE-2017-5705",
|
||||
"CVE-2017-5706",
|
||||
"CVE-2017-5707",
|
||||
@ -30,5 +30,5 @@
|
||||
"CVE-2017-5711",
|
||||
"CVE-2017-5712"
|
||||
],
|
||||
"fwupd-version" : "1.5.0"
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,30 +1,30 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.PlatformDebugEnabled",
|
||||
"deprecated-ids" : [
|
||||
"id": "org.fwupd.hsi.PlatformDebugEnabled",
|
||||
"deprecated-ids": [
|
||||
"org.fwupd.hsi.IntelDci.Enabled"
|
||||
],
|
||||
"name" : "Intel DCI",
|
||||
"description" : [
|
||||
"name": "Intel DCI",
|
||||
"description": [
|
||||
"Newer Intel CPUs support debugging over USB3 via a proprietary Direct Connection Interface (DCI) with the use of off-the-shelf hardware."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"Using DCI an attacker with physical access to the computer has full access to all registers and memory in the system, and is able to make changes.",
|
||||
"This makes privilege escalation from user to root possible, and also modifying SMM makes it possible to write to system firmware for a persistent backdoor."
|
||||
],
|
||||
"failure-results" : {
|
||||
"enabled" : "debugging is currently enabled"
|
||||
"failure-results": {
|
||||
"enabled": "debugging is currently enabled"
|
||||
},
|
||||
"success-results" : {
|
||||
"not-enabled" : "debugging is not currently enabled"
|
||||
"success-results": {
|
||||
"not-enabled": "debugging is not currently enabled"
|
||||
},
|
||||
"hsi-level" : 1,
|
||||
"references" : {
|
||||
"https://www.intel.co.uk/content/www/uk/en/support/articles/000029393/processors.html" : "Intel Direct Connect Interface",
|
||||
"https://github.com/chipsec/chipsec/blob/master/chipsec/cfg/8086/pch_4xxlp.xml#L270" : "Chipsec 4xxlp register definitions",
|
||||
"https://github.com/riscv/riscv-edk2-platforms/blob/85a50de1b459d1d6644a402081120770aa6dd8c7/Silicon/Intel/CoffeelakeSiliconPkg/Pch/Include/Register/PchRegsDci.h" : "RISC-V EDK PCH register definitions"
|
||||
"hsi-level": 1,
|
||||
"references": {
|
||||
"https://www.intel.co.uk/content/www/uk/en/support/articles/000029393/processors.html": "Intel Direct Connect Interface",
|
||||
"https://github.com/chipsec/chipsec/blob/master/chipsec/cfg/8086/pch_4xxlp.xml#L270": "Chipsec 4xxlp register definitions",
|
||||
"https://github.com/riscv/riscv-edk2-platforms/blob/85a50de1b459d1d6644a402081120770aa6dd8c7/Silicon/Intel/CoffeelakeSiliconPkg/Pch/Include/Register/PchRegsDci.h": "RISC-V EDK PCH register definitions"
|
||||
},
|
||||
"more-information" : [
|
||||
"more-information": [
|
||||
"This attribute was previously known as `org.fwupd.hsi.IntelDci.Enabled` in 1.5.0, but was renamed in 1.8.0 to support other vendors."
|
||||
],
|
||||
"fwupd-version" : "1.5.0"
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,25 +1,25 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.PlatformDebugLocked",
|
||||
"deprecated-ids" : [
|
||||
"id": "org.fwupd.hsi.PlatformDebugLocked",
|
||||
"deprecated-ids": [
|
||||
"org.fwupd.hsi.IntelDci.Locked"
|
||||
],
|
||||
"name" : "Part is debug locked",
|
||||
"description" : [
|
||||
"name": "Part is debug locked",
|
||||
"description": [
|
||||
"Some devices support a concept of whether a part has been unlocked for debugging using proprietary hardware. Such parts allow access to registers that are typically restricted when parts are fused.",
|
||||
"On Intel systems access to this interface is done via a proprietary Direct Connection Interface (DCI)."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"If using a debug unlocked part, the platform's overall security will be decreased as an attacker may have elevated access to registers and memory within the system and can potentially enable persistent backdoors."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-locked" : "device is not locked"
|
||||
"failure-results": {
|
||||
"not-locked": "device is not locked"
|
||||
},
|
||||
"success-results" : {
|
||||
"locked" : "device is locked"
|
||||
"success-results": {
|
||||
"locked": "device is locked"
|
||||
},
|
||||
"hsi-level" : 2,
|
||||
"references" : {
|
||||
"https://www.intel.co.uk/content/www/uk/en/support/articles/000029393/processors.html" : "Intel Direct Connect Interface"
|
||||
"hsi-level": 2,
|
||||
"references": {
|
||||
"https://www.intel.co.uk/content/www/uk/en/support/articles/000029393/processors.html": "Intel Direct Connect Interface"
|
||||
},
|
||||
"fwupd-version" : "1.8.0"
|
||||
"fwupd-version": "1.8.0"
|
||||
}
|
||||
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.PlatformFused",
|
||||
"name" : "Part is fused",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.PlatformFused",
|
||||
"name": "Part is fused",
|
||||
"description": [
|
||||
"When fuses are blown in parts from some manufacturers the hardware will enforce protections against tampering or accessing of certain registers."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"If using an unfused part, the platform's overall security will be decreased."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-locked" : "device is not fused"
|
||||
"failure-results": {
|
||||
"not-locked": "device is not fused"
|
||||
},
|
||||
"success-results" : {
|
||||
"locked" : "device is fused"
|
||||
"success-results": {
|
||||
"locked": "device is fused"
|
||||
},
|
||||
"hsi-level" : 1,
|
||||
"fwupd-version" : "1.8.0"
|
||||
"hsi-level": 1,
|
||||
"fwupd-version": "1.8.0"
|
||||
}
|
||||
|
@ -1,33 +1,33 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.PrebootDma",
|
||||
"deprecated-ids" : [
|
||||
"id": "org.fwupd.hsi.PrebootDma",
|
||||
"deprecated-ids": [
|
||||
"org.fwupd.hsi.AcpiDmar"
|
||||
],
|
||||
"name" : "Pre-boot DMA protection",
|
||||
"description" : [
|
||||
"name": "Pre-boot DMA protection",
|
||||
"description": [
|
||||
"The IOMMU on modern systems is used to mitigate against DMA attacks.",
|
||||
"All I/O for devices capable of DMA is mapped into a private virtual memory region.",
|
||||
"On Intel systems the ACPI DMAR table indicated the system is configured with pre-boot DMA protection which eliminates some firmware attacks.",
|
||||
"On AMD systems the ACPI IVRS table indicates the same."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"An attacker could connect a malicious peripheral using ThunderBolt and reboot the machine, which would allow the attacker to modify the system memory.",
|
||||
"This would allow subverting the Secure Boot protection, and also invalidate any system attestation."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-valid" : "could not determine state",
|
||||
"not-enabled" : "was not enabled"
|
||||
"failure-results": {
|
||||
"not-valid": "could not determine state",
|
||||
"not-enabled": "was not enabled"
|
||||
},
|
||||
"success-results" : {
|
||||
"enabled" : "detected correctly"
|
||||
"success-results": {
|
||||
"enabled": "detected correctly"
|
||||
},
|
||||
"hsi-level" : 3,
|
||||
"references" : {
|
||||
"https://en.wikipedia.org/wiki/Input%E2%80%93output_memory_management_unit" : "IOMMU Wikipedia Page",
|
||||
"https://www.amd.com/system/files/TechDocs/48882_IOMMU.pdf" : "AMD IVRS Specification"
|
||||
"hsi-level": 3,
|
||||
"references": {
|
||||
"https://en.wikipedia.org/wiki/Input%E2%80%93output_memory_management_unit": "IOMMU Wikipedia Page",
|
||||
"https://www.amd.com/system/files/TechDocs/48882_IOMMU.pdf": "AMD IVRS Specification"
|
||||
},
|
||||
"more-information" : [
|
||||
"more-information": [
|
||||
"This attribute was previously known as `org.fwupd.hsi.AcpiDmar` in 1.5.0, but was renamed in 1.8.0 to support other vendors."
|
||||
],
|
||||
"fwupd-version" : "1.8.0"
|
||||
"fwupd-version": "1.8.0"
|
||||
}
|
||||
|
@ -1,24 +1,24 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.Spi.Bioswe",
|
||||
"name" : "BIOS Write Enable (BWE)",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.Spi.Bioswe",
|
||||
"name": "BIOS Write Enable (BWE)",
|
||||
"description": [
|
||||
"Intel hardware provides this mechanism to protect the SPI ROM chip located on the motherboard from being overwritten by the operating system.",
|
||||
"The `BIOSWE` bit must be unset otherwise userspace can write to the SPI chip."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"The system firmware can be written from userspace.",
|
||||
"This gives any attacker with root access a method to write persistent executable code to the firmware, which survives even a full disk wipe and OS reinstall."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-found" : "the SPI device was not found",
|
||||
"enabled" : "write enable is enabled"
|
||||
"failure-results": {
|
||||
"not-found": "the SPI device was not found",
|
||||
"enabled": "write enable is enabled"
|
||||
},
|
||||
"success-results" : {
|
||||
"not-enabled" : "write enable is disabled"
|
||||
"success-results": {
|
||||
"not-enabled": "write enable is disabled"
|
||||
},
|
||||
"hsi-level" : 1,
|
||||
"references" : {
|
||||
"https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/6-chipset-c200-chipset-datasheet.pdf" : "Intel C200 Datasheet"
|
||||
"hsi-level": 1,
|
||||
"references": {
|
||||
"https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/6-chipset-c200-chipset-datasheet.pdf": "Intel C200 Datasheet"
|
||||
},
|
||||
"fwupd-version" : "1.5.0"
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,23 +1,23 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.Spi.Ble",
|
||||
"name" : "BIOS Lock Enable (BLE)",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.Spi.Ble",
|
||||
"name": "BIOS Lock Enable (BLE)",
|
||||
"description": [
|
||||
"If the lock bit is set then System Management Interrupts (SMIs) are raised when setting BIOS Write Enable.",
|
||||
"The `BLE` bit must be enabled in the PCH otherwise `BIOSWE` can easily be unset."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"The system firmware can be written from userspace.",
|
||||
"This gives any attacker with root access a method to write persistent executable code to the firmware, which survives even a full disk wipe and OS reinstall."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-enabled" : "the register is not locked"
|
||||
"failure-results": {
|
||||
"not-enabled": "the register is not locked"
|
||||
},
|
||||
"success-results" : {
|
||||
"enabled" : "the register is locked"
|
||||
"success-results": {
|
||||
"enabled": "the register is locked"
|
||||
},
|
||||
"hsi-level" : 1,
|
||||
"references" : {
|
||||
"https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/6-chipset-c200-chipset-datasheet.pdf" : "Intel C200 Datasheet"
|
||||
"hsi-level": 1,
|
||||
"references": {
|
||||
"https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/6-chipset-c200-chipset-datasheet.pdf": "Intel C200 Datasheet"
|
||||
},
|
||||
"fwupd-version" : "1.5.0"
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,21 +1,21 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.Spi.Descriptor",
|
||||
"name" : "Read-only SPI Descriptor",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.Spi.Descriptor",
|
||||
"name": "Read-only SPI Descriptor",
|
||||
"description": [
|
||||
"The SPI descriptor must always be read only from all other regions.",
|
||||
"Additionally on Intel architectures the FLOCKDN register must be set to prevent configuration registers in the SPI BAR from being changed."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"The system firmware can be written from userspace by changing the protected region.",
|
||||
"This gives any attacker with root access a method to write persistent executable code to the firmware, which survives even a full disk wipe and OS reinstall."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-valid" : "any region can write to the flash descriptor",
|
||||
"not-locked" : "the SPI BAR is not locked"
|
||||
"failure-results": {
|
||||
"not-valid": "any region can write to the flash descriptor",
|
||||
"not-locked": "the SPI BAR is not locked"
|
||||
},
|
||||
"success-results" : {
|
||||
"locked" : "the SPI BAR is locked and read only from all regions"
|
||||
"success-results": {
|
||||
"locked": "the SPI BAR is locked and read only from all regions"
|
||||
},
|
||||
"hsi-level" : 1,
|
||||
"fwupd-version" : "1.6.0"
|
||||
"hsi-level": 1,
|
||||
"fwupd-version": "1.6.0"
|
||||
}
|
||||
|
@ -1,23 +1,23 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.Spi.SmmBwp",
|
||||
"name" : "SMM Bios Write Protect (SMM_BWP)",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.Spi.SmmBwp",
|
||||
"name": "SMM Bios Write Protect (SMM_BWP)",
|
||||
"description": [
|
||||
"This bit set defines when the BIOS region can be written by the host.",
|
||||
"The `SMM_BWP` bit must be set to make the BIOS region non-writable unless all processors are in system management mode."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"The system firmware can be written from userspace by exploiting a race condition in checking `BLE`.",
|
||||
"This gives any attacker with root access a method to write persistent executable code to the firmware, which survives even a full disk wipe and OS reinstall."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-locked" : "the region is not locked"
|
||||
"failure-results": {
|
||||
"not-locked": "the region is not locked"
|
||||
},
|
||||
"success-results" : {
|
||||
"locked" : "the region is locked"
|
||||
"success-results": {
|
||||
"locked": "the region is locked"
|
||||
},
|
||||
"hsi-level" : 1,
|
||||
"references" : {
|
||||
"https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/6-chipset-c200-chipset-datasheet.pdf" : "Intel C200 Datasheet"
|
||||
"hsi-level": 1,
|
||||
"references": {
|
||||
"https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/6-chipset-c200-chipset-datasheet.pdf": "Intel C200 Datasheet"
|
||||
},
|
||||
"fwupd-version" : "1.5.0"
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,19 +1,19 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.SupportedCpu",
|
||||
"name" : "Supported CPU",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.SupportedCpu",
|
||||
"name": "Supported CPU",
|
||||
"description": [
|
||||
"Most platform checks are specific to the CPU vendor.",
|
||||
"To avoid giving a very high HSI result for a platform we do not know how to verify, we include this attribute to ensure that the result is meaningful."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"If using an unsupported CPU then fwupd is unable to verify the platform security.",
|
||||
"You should contact your platform vendor and ask them to contribute HSI tests for this CPU type."
|
||||
],
|
||||
"failure-results" : {
|
||||
"unknown" : "platform security is unknown"
|
||||
"failure-results": {
|
||||
"unknown": "platform security is unknown"
|
||||
},
|
||||
"success-results" : {
|
||||
"valid" : "the CPU platform is supported and has HSI tests"
|
||||
"success-results": {
|
||||
"valid": "the CPU platform is supported and has HSI tests"
|
||||
},
|
||||
"more-information": [
|
||||
"On AMD APUs or CPUs this information is reported on kernel 5.19 or later via the `ccp` kernel module. ",
|
||||
@ -21,6 +21,6 @@
|
||||
"If the kernel module has loaded but you still don't have data this is NOT a fwupd bug. You will have to contact ",
|
||||
"your motherboard or system manufacturer to enable reporting this information."
|
||||
],
|
||||
"hsi-level" : 1,
|
||||
"fwupd-version" : "1.8.0"
|
||||
"hsi-level": 1,
|
||||
"fwupd-version": "1.8.0"
|
||||
}
|
||||
|
@ -1,19 +1,19 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.SuspendToIdle",
|
||||
"name" : "Suspend-to-Idle",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.SuspendToIdle",
|
||||
"name": "Suspend-to-Idle",
|
||||
"description": [
|
||||
"The platform should be set up with Suspend-to-Idle as the default S3 sleep state."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"A local attacker could overwrite the S3 resume script to modify system RAM which can lead to privilege escalation."
|
||||
],
|
||||
"failure-results" : {
|
||||
"enabled" : "deep sleep enabled",
|
||||
"not-valid" : "could not determine the default"
|
||||
"failure-results": {
|
||||
"enabled": "deep sleep enabled",
|
||||
"not-valid": "could not determine the default"
|
||||
},
|
||||
"success-results" : {
|
||||
"not-enabled" : "suspend-to-idle being used"
|
||||
"success-results": {
|
||||
"not-enabled": "suspend-to-idle being used"
|
||||
},
|
||||
"hsi-level" : 3,
|
||||
"fwupd-version" : "1.5.0"
|
||||
"hsi-level": 3,
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,24 +1,24 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.SuspendToRam",
|
||||
"name" : "Suspend to RAM disabled",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.SuspendToRam",
|
||||
"name": "Suspend to RAM disabled",
|
||||
"description": [
|
||||
"Suspend to Ram (S3) keeps the raw contents of the DRAM refreshed when the system is asleep.",
|
||||
"This means that the memory modules can be physically removed and the contents recovered, or a cold boot attack can be performed with a USB device.",
|
||||
"The firmware should be configured to prefer using suspend to idle instead of suspend to ram or to not offer suspend to RAM."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"An attacker with physical access to a system can obtain the un-encrypted contents of the RAM by suspending the machine, removing the DIMM and inserting it into another machine with modified DRAM controller before the memory contents decay."
|
||||
],
|
||||
"failure-results" : {
|
||||
"enabled" : "sleep enabled",
|
||||
"not-valid" : "could not determine the default"
|
||||
"failure-results": {
|
||||
"enabled": "sleep enabled",
|
||||
"not-valid": "could not determine the default"
|
||||
},
|
||||
"success-results" : {
|
||||
"not-enabled" : "suspend-to-ram being used"
|
||||
"success-results": {
|
||||
"not-enabled": "suspend-to-ram being used"
|
||||
},
|
||||
"hsi-level" : 3,
|
||||
"references" : {
|
||||
"https://en.wikipedia.org/wiki/Cold_boot_attack" : "Cold Boot Attack Wikipedia Page"
|
||||
"hsi-level": 3,
|
||||
"references": {
|
||||
"https://en.wikipedia.org/wiki/Cold_boot_attack": "Cold Boot Attack Wikipedia Page"
|
||||
},
|
||||
"fwupd-version" : "1.5.0"
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,27 +1,27 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.Tpm.EmptyPcr",
|
||||
"name" : "Empty PCR in TPM",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.Tpm.EmptyPcr",
|
||||
"name": "Empty PCR in TPM",
|
||||
"description": [
|
||||
"The system firmware is responsible for measuring values about its boot stage in PCRs 0 through 7.",
|
||||
"Some firmwares have bugs that prevent them from measuring some of those values, breaking the fundamental assumption of the Measured Boot chain-of-trust."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"A local attacker could measure fake values into the empty PCR, corresponding to a firmware and OS that do not match the ones actually loaded.",
|
||||
"This allows hiding a compromised boot chain or fooling a remote-attestation server into believing that a different kernel is running."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-found" : "no TPM hardware could be found",
|
||||
"not-valid" : "at least one empty checksum has been found"
|
||||
"failure-results": {
|
||||
"not-found": "no TPM hardware could be found",
|
||||
"not-valid": "at least one empty checksum has been found"
|
||||
},
|
||||
"success-results" : {
|
||||
"valid" : "all PCRs from 0 to 7 must have non-empty measurements"
|
||||
"success-results": {
|
||||
"valid": "all PCRs from 0 to 7 must have non-empty measurements"
|
||||
},
|
||||
"hsi-level" : 1,
|
||||
"references" : {
|
||||
"https://github.com/google/security-research/blob/master/pocs/bios/tpm-carte-blanche/writeup.md" : "TPM Carte Blanche"
|
||||
"hsi-level": 1,
|
||||
"references": {
|
||||
"https://github.com/google/security-research/blob/master/pocs/bios/tpm-carte-blanche/writeup.md": "TPM Carte Blanche"
|
||||
},
|
||||
"issues" : [
|
||||
"issues": [
|
||||
"CVE-2021-42299"
|
||||
],
|
||||
"fwupd-version" : "1.7.2"
|
||||
"fwupd-version": "1.7.2"
|
||||
}
|
||||
|
@ -1,27 +1,27 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.Tpm.ReconstructionPcr0",
|
||||
"name" : "PCR0 TPM Event Log Reconstruction",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.Tpm.ReconstructionPcr0",
|
||||
"name": "PCR0 TPM Event Log Reconstruction",
|
||||
"description": [
|
||||
"The TPM event log records which events are registered for the PCR0 hash.",
|
||||
"When reconstructed the event log values should always match the TPM PCR0.",
|
||||
"If extra events are included in the event log, or some are missing, the reconstitution will fail."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"This is not a vulnerability per-se, but it shows that the system firmware checksum cannot be verified as the PCR result has been calculated incorrectly."
|
||||
],
|
||||
"more-information" : [
|
||||
"more-information": [
|
||||
"Additional information about specific bugs and debugging steps are available here https://github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-reconstruction"
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-valid" : "could not reconstitute the hash value",
|
||||
"not-found" : "no TPM hardware could be found"
|
||||
"failure-results": {
|
||||
"not-valid": "could not reconstitute the hash value",
|
||||
"not-found": "no TPM hardware could be found"
|
||||
},
|
||||
"success-results" : {
|
||||
"valid" : "all correct"
|
||||
"success-results": {
|
||||
"valid": "all correct"
|
||||
},
|
||||
"hsi-level" : 2,
|
||||
"references" : {
|
||||
"https://www.kernel.org/doc/html/latest/security/tpm/tpm_event_log.html" : "Linux Kernel TPM Documentation"
|
||||
"hsi-level": 2,
|
||||
"references": {
|
||||
"https://www.kernel.org/doc/html/latest/security/tpm/tpm_event_log.html": "Linux Kernel TPM Documentation"
|
||||
},
|
||||
"fwupd-version" : "1.5.0"
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,23 +1,23 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.Tpm.Version20",
|
||||
"name" : "TPM 2.0 Present",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.Tpm.Version20",
|
||||
"name": "TPM 2.0 Present",
|
||||
"description": [
|
||||
"A TPM securely stores platform specific secrets that can only be divulged to trusted consumers in a secure environment."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"The PCR registers will not be available for use by the bootloader and kernel.",
|
||||
"This means userspace cannot either encrypt disks to the specific machine, and also can't know if the system firmware was externally modified."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-found" : "no TPM device found",
|
||||
"not-enabled" : "TPM not in v2 mode"
|
||||
"failure-results": {
|
||||
"not-found": "no TPM device found",
|
||||
"not-enabled": "TPM not in v2 mode"
|
||||
},
|
||||
"success-results" : {
|
||||
"found" : "TPM device found in v2 mode"
|
||||
"success-results": {
|
||||
"found": "TPM device found in v2 mode"
|
||||
},
|
||||
"hsi-level" : 1,
|
||||
"references" : {
|
||||
"https://en.wikipedia.org/wiki/Trusted_Platform_Module" : "TPM Wikipedia Page"
|
||||
"hsi-level": 1,
|
||||
"references": {
|
||||
"https://en.wikipedia.org/wiki/Trusted_Platform_Module": "TPM Wikipedia Page"
|
||||
},
|
||||
"fwupd-version" : "1.5.0"
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,23 +1,23 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.Uefi.Pk",
|
||||
"name" : "UEFI PK",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.Uefi.Pk",
|
||||
"name": "UEFI PK",
|
||||
"description": [
|
||||
"UEFI defines a platform key for the system.",
|
||||
"This should not be a test key, e.g. `DO NOT TRUST - AMI Test PK`"
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"It is possible to sign an EFI binary with the test platform key, which invalidates the Secure Boot trust chain.",
|
||||
"It effectively gives the local attacker full access to your hardware."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-valid" : "an invalid key has been enrolled"
|
||||
"failure-results": {
|
||||
"not-valid": "an invalid key has been enrolled"
|
||||
},
|
||||
"success-results" : {
|
||||
"valid" : "valid key"
|
||||
"success-results": {
|
||||
"valid": "valid key"
|
||||
},
|
||||
"hsi-level" : 1,
|
||||
"references" : {
|
||||
"https://wiki.ubuntu.com/UEFI/SecureBoot/Testing" : "Ubuntu SecureBoot Wiki Page"
|
||||
"hsi-level": 1,
|
||||
"references": {
|
||||
"https://wiki.ubuntu.com/UEFI/SecureBoot/Testing": "Ubuntu SecureBoot Wiki Page"
|
||||
},
|
||||
"fwupd-version" : "1.5.0"
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
@ -1,24 +1,24 @@
|
||||
{
|
||||
"id" : "org.fwupd.hsi.Uefi.SecureBoot",
|
||||
"name" : "UEFI SecureBoot",
|
||||
"description" : [
|
||||
"id": "org.fwupd.hsi.Uefi.SecureBoot",
|
||||
"name": "UEFI SecureBoot",
|
||||
"description": [
|
||||
"UEFI Secure boot is a verification mechanism for ensuring that code launched by firmware is trusted.",
|
||||
"Secure Boot requires that each binary loaded at boot is validated against trusted certificates."
|
||||
],
|
||||
"failure-impact" : [
|
||||
"failure-impact": [
|
||||
"When Secure Boot is not enabled any EFI binary can be run at startup, which gives the attacker full access to your hardware."
|
||||
],
|
||||
"failure-results" : {
|
||||
"not-found" : "support has not been detected",
|
||||
"not-enabled" : "detected, but has been turned off"
|
||||
"failure-results": {
|
||||
"not-found": "support has not been detected",
|
||||
"not-enabled": "detected, but has been turned off"
|
||||
},
|
||||
"success-results" : {
|
||||
"enabled" : "supported and enabled"
|
||||
"success-results": {
|
||||
"enabled": "supported and enabled"
|
||||
},
|
||||
"hsi-level" : 1,
|
||||
"resolution" : "Turn off CSM boot and enable Secure Boot in the BIOS setup.",
|
||||
"references" : {
|
||||
"https://wiki.ubuntu.com/UEFI/SecureBoot" : "Ubuntu SecureBoot Wiki Page"
|
||||
"hsi-level": 1,
|
||||
"resolution": "Turn off CSM boot and enable Secure Boot in the BIOS setup.",
|
||||
"references": {
|
||||
"https://wiki.ubuntu.com/UEFI/SecureBoot": "Ubuntu SecureBoot Wiki Page"
|
||||
},
|
||||
"fwupd-version" : "1.5.0"
|
||||
"fwupd-version": "1.5.0"
|
||||
}
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,9 +1,9 @@
|
||||
{
|
||||
"UsbDevices": [
|
||||
{
|
||||
"PlatformId": "usb:01:00:06",
|
||||
"IdVendor": 999,
|
||||
"IdProduct": 999
|
||||
}
|
||||
]
|
||||
"UsbDevices": [
|
||||
{
|
||||
"PlatformId": "usb:01:00:06",
|
||||
"IdVendor": 999,
|
||||
"IdProduct": 999
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,49 +1,46 @@
|
||||
{
|
||||
"UsbDevices": [
|
||||
{
|
||||
"PlatformId": "usb:00",
|
||||
"IdVendor": 10047,
|
||||
"IdProduct": 4100,
|
||||
"Device": 2,
|
||||
"USB": 512,
|
||||
"Manufacturer": 1,
|
||||
"Product": 2,
|
||||
"UsbBosDescriptors": [
|
||||
{
|
||||
"Comment": "version invalid",
|
||||
"DevCapabilityType": 5,
|
||||
"ExtraData": "AGPsCgF09c1SndooUlUNlPAKAAAAIAAqAA=="
|
||||
},
|
||||
{
|
||||
"Comment": "UUID invalid",
|
||||
"DevCapabilityType": 5,
|
||||
"ExtraData": "AAAAAAAAAAAAAAAAAAAAAAAFCAEAIAAqAA=="
|
||||
},
|
||||
{
|
||||
"Comment": "plugin invalid",
|
||||
"DevCapabilityType": 5,
|
||||
"ExtraData": "AGPsCgF09c1SndooUlUNlPAFCAEAIAArAA=="
|
||||
}
|
||||
],
|
||||
"UsbEvents": [
|
||||
{
|
||||
"Id": "GetStringDescriptor:DescIndex=0x02",
|
||||
"Data":
|
||||
"Q29sb3JIdWcyAEcAAAAAAACwA4pgfwAAAN+Vneb9GHkAAAAAAAAAAEA42QAAAAAAwHVdKPx/AAAAAAAAAAAAAJiCXSj8fwAAR9bLiWB/AADAdV0o/H8AAOrE/IlgfwAAgHW/AAAAAAAQw9UAAAAAAJiCXSj8fwAAytnLiQEAAAA="
|
||||
},
|
||||
{
|
||||
"Comment": "Plugin=dfu\nIcon=computer\n",
|
||||
"Id":
|
||||
"ControlTransfer:Direction=0x00,RequestType=0x02,Recipient=0x00,Request=0x2a,Value=0x0000,Idx=0x0007,Data=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=,Length=0x20",
|
||||
"Data": "UGx1Z2luPWRmdQpJY29uPWNvbXB1dGVyCgAAAAAAAAA="
|
||||
},
|
||||
{
|
||||
"Comment": "Plugin=XXX",
|
||||
"Id":
|
||||
"ControlTransfer:Direction=0x00,RequestType=0x02,Recipient=0x00,Request=0x2b,Value=0x0000,Idx=0x0007,Data=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=,Length=0x20",
|
||||
"Data": "UGx1Z2luPVhYWAoAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
"UsbDevices": [
|
||||
{
|
||||
"PlatformId": "usb:00",
|
||||
"IdVendor": 10047,
|
||||
"IdProduct": 4100,
|
||||
"Device": 2,
|
||||
"USB": 512,
|
||||
"Manufacturer": 1,
|
||||
"Product": 2,
|
||||
"UsbBosDescriptors": [
|
||||
{
|
||||
"Comment": "version invalid",
|
||||
"DevCapabilityType": 5,
|
||||
"ExtraData": "AGPsCgF09c1SndooUlUNlPAKAAAAIAAqAA=="
|
||||
},
|
||||
{
|
||||
"Comment": "UUID invalid",
|
||||
"DevCapabilityType": 5,
|
||||
"ExtraData": "AAAAAAAAAAAAAAAAAAAAAAAFCAEAIAAqAA=="
|
||||
},
|
||||
{
|
||||
"Comment": "plugin invalid",
|
||||
"DevCapabilityType": 5,
|
||||
"ExtraData": "AGPsCgF09c1SndooUlUNlPAFCAEAIAArAA=="
|
||||
}
|
||||
],
|
||||
"UsbEvents": [
|
||||
{
|
||||
"Id": "GetStringDescriptor:DescIndex=0x02",
|
||||
"Data": "Q29sb3JIdWcyAEcAAAAAAACwA4pgfwAAAN+Vneb9GHkAAAAAAAAAAEA42QAAAAAAwHVdKPx/AAAAAAAAAAAAAJiCXSj8fwAAR9bLiWB/AADAdV0o/H8AAOrE/IlgfwAAgHW/AAAAAAAQw9UAAAAAAJiCXSj8fwAAytnLiQEAAAA="
|
||||
},
|
||||
{
|
||||
"Comment": "Plugin=dfu\nIcon=computer\n",
|
||||
"Id": "ControlTransfer:Direction=0x00,RequestType=0x02,Recipient=0x00,Request=0x2a,Value=0x0000,Idx=0x0007,Data=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=,Length=0x20",
|
||||
"Data": "UGx1Z2luPWRmdQpJY29uPWNvbXB1dGVyCgAAAAAAAAA="
|
||||
},
|
||||
{
|
||||
"Comment": "Plugin=XXX",
|
||||
"Id": "ControlTransfer:Direction=0x00,RequestType=0x02,Recipient=0x00,Request=0x2b,Value=0x0000,Idx=0x0007,Data=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=,Length=0x20",
|
||||
"Data": "UGx1Z2luPVhYWAoAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,9 +1,9 @@
|
||||
{
|
||||
"UsbDevices": [
|
||||
{
|
||||
"PlatformId": "usb:01:00:06",
|
||||
"IdVendor": 10047,
|
||||
"IdProduct": 4100
|
||||
}
|
||||
]
|
||||
"UsbDevices": [
|
||||
{
|
||||
"PlatformId": "usb:01:00:06",
|
||||
"IdVendor": 10047,
|
||||
"IdProduct": 4100
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,110 +1,101 @@
|
||||
{
|
||||
"UsbDevices": [
|
||||
{
|
||||
"PlatformId": "usb:01:00:06",
|
||||
"IdVendor": 10047,
|
||||
"IdProduct": 4100,
|
||||
"Device": 2,
|
||||
"USB": 512,
|
||||
"Manufacturer": 1,
|
||||
"Product": 2,
|
||||
"UsbBosDescriptors": [
|
||||
{
|
||||
"DevCapabilityType": 5,
|
||||
"ExtraData": "AN9g3diJRcdMnNJlnZ5kip8AAAMG4AQVAA=="
|
||||
},
|
||||
{
|
||||
"DevCapabilityType": 5,
|
||||
"ExtraData": "AGPsCgF09c1SndooUlUNlPAFCAEAIAAqAA=="
|
||||
},
|
||||
{
|
||||
"DevCapabilityType": 17,
|
||||
"ExtraData": "AQMAAAA="
|
||||
}
|
||||
],
|
||||
"UsbInterfaces": [
|
||||
{
|
||||
"Length": 9,
|
||||
"DescriptorType": 4,
|
||||
"InterfaceNumber": 1,
|
||||
"InterfaceClass": 255,
|
||||
"InterfaceSubClass": 70,
|
||||
"InterfaceProtocol": 87,
|
||||
"Interface": 3
|
||||
},
|
||||
{
|
||||
"Length": 9,
|
||||
"DescriptorType": 4,
|
||||
"InterfaceNumber": 2,
|
||||
"InterfaceClass": 255,
|
||||
"InterfaceSubClass": 71,
|
||||
"InterfaceProtocol": 85,
|
||||
"Interface": 4
|
||||
},
|
||||
{
|
||||
"Length": 9,
|
||||
"DescriptorType": 4,
|
||||
"InterfaceClass": 3,
|
||||
"UsbEndpoints": [
|
||||
{
|
||||
"DescriptorType": 5,
|
||||
"EndpointAddress": 129,
|
||||
"Interval": 1,
|
||||
"MaxPacketSize": 64
|
||||
},
|
||||
{
|
||||
"DescriptorType": 5,
|
||||
"EndpointAddress": 1,
|
||||
"Interval": 1,
|
||||
"MaxPacketSize": 64
|
||||
}
|
||||
],
|
||||
"ExtraData": "CSERAQABIh0A"
|
||||
}
|
||||
],
|
||||
"UsbEvents": [
|
||||
{
|
||||
"Id": "GetStringDescriptor:DescIndex=0x01",
|
||||
"Data":
|
||||
"SHVnaHNraSBMdGQuAAAAAAAAAAAAAAAAIFjfAAAAAAAAAAAAAAAAAEA42QAAAAAAwHVdKPx/AAAAAAAAAAAAAJiCXSj8fwAAR9bLiWB/AADAdV0o/H8AAOrE/IlgfwAAgHW/AAAAAAAQw9UAAAAAAJiCXSj8fwAAytnLiQEAAAA="
|
||||
},
|
||||
{
|
||||
"Id": "GetStringDescriptor:DescIndex=0x02",
|
||||
"Data":
|
||||
"Q29sb3JIdWcyAEcAAAAAAACwA4pgfwAAAN+Vneb9GHkAAAAAAAAAAEA42QAAAAAAwHVdKPx/AAAAAAAAAAAAAJiCXSj8fwAAR9bLiWB/AADAdV0o/H8AAOrE/IlgfwAAgHW/AAAAAAAQw9UAAAAAAJiCXSj8fwAAytnLiQEAAAA="
|
||||
},
|
||||
{
|
||||
"Id":
|
||||
"GetCustomIndex:ClassId=0xff,SubclassId=0x46,ProtocolId=0x57",
|
||||
"Data": "Aw=="
|
||||
},
|
||||
{
|
||||
"Id": "GetStringDescriptor:DescIndex=0x03",
|
||||
"Data":
|
||||
"Mi4wLjcAAAAD0WmJYH8AAP8AAAAAAAAAA9FpiWB/AACQRNkAAAAAAGCj2wAAAAAAUHZdKPx/AACNC7qJYH8AAAMAAAAAAAAANougiWB/AACYgl0o/H8AAAAAAAAAAAAA/wAAAPx/V0Zgo9sAAAAAAEh5XSj8fwAAEMPVAAAAAAM="
|
||||
},
|
||||
{
|
||||
"Id":
|
||||
"GetCustomIndex:ClassId=0xff,SubclassId=0x47,ProtocolId=0x55",
|
||||
"Data": "BA=="
|
||||
},
|
||||
{
|
||||
"Id":
|
||||
"ControlTransfer:Direction=0x00,RequestType=0x02,Recipient=0x00,Request=0x15,Value=0x0000,Idx=0x0007,Data=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,Length=0x4e0",
|
||||
"Data":
|
||||
"CgAAAAAAAwbgBAgAAQAAANYECAACAAAAkgGAAAQAAQAoAFUAVgBDAC0ARgBTAFMAZQBuAHMAbwByAEcAcgBvAHUAcABJAEQAAABOAHsARgA2ADYARgBBADYANwA0AC0ARgAyAEIARQAtADQARAAxADkALQA5ADgAQwA1AC0ARAAxADMAMgAzADIAOQBDADYANAAyAEYAfQAAAF4ABAABACwAVQBWAEMALQBGAFMAUwBlAG4AcwBvAHIARwByAG8AdQBwAE4AYQBtAGUAAAAoAEwAZQBuAG8AdgBvACAAQwBhAG0AZQByAGEAIABHAHIAbwB1AHAAAAA8AAQABAAuAFUAVgBDAC0ARQBuAGEAYgBsAGUAUABsAGEAdABmAG8AcgBtAEQAbQBmAHQAAAAEAAEAAAA+AAQABAAwAEUAbgBhAGIAbABlAEQAcwBoAG8AdwBSAGUAZABpAHIAZQBjAHQAaQBvAG4AAAAAAAQAAQAAADIABAAEACQAVQBWAEMALQBDAFAAVgAyAEYAYQBjAGUAQQB1AHQAaAAAAAAABAD//wAACAACAAIAwAGAAAQAAQAoAFUAVgBDAC0ARgBTAFMAZQBuAHMAbwByAEcAcgBvAHUAcABJAEQAAABOAHsARgA2ADYARgBBADYANwA0AC0ARgAyAEIARQAtADQARAAxADkALQA5ADgAQwA1AC0ARAAxADMAMgAzADIAOQBDADYANAAyAEYAfQAAAF4ABAABACwAVQBWAEMALQBGAFMAUwBlAG4AcwBvAHIARwByAG8AdQBwAE4AYQBtAGUAAAAoAEwAZQBuAG8AdgBvACAAQwBhAG0AZQByAGEAIABHAHIAbwB1AHAAAAAwAAQABAAiAFMAZQBuAHMAbwByAEMAYQBtAGUAcgBhAE0AbwBkAGUAAAAEAAEAAAA6AAQABAAsAFMAawBpAHAAQwBhAG0AZQByAGEARQBuAHUAbQBlAHIAYQB0AGkAbwBuAAAABAABAAAAPgAEAAQAMABFAG4AYQBiAGwAZQBEAHMAaABvAHcAUgBlAGQAaQByAGUAYwB0AGkAbwBuAAAAAAAEAAEAAAAyAAQABAAkAFUAVgBDAC0AQwBQAFYAMgBGAGEAYwBlAEEAdQB0AGgAAAAAAAQAAAD//wgAAgAEAHwBMgAEAAQAJABEAGUAdgBpAGMAZQBJAGQAbABlAEUAbgBhAGIAbABlAGQAAAAEAAEAAAAyAAQABAAkAEQAZQBmAGEAdQBsAHQASQBkAGwAZQBTAHQAYQB0AGUAAAAAAAQAAQAAADYABAAEACgARABlAGYAYQB1AGwAdABJAGQAbABlAFQAaQBtAGUAbwB1AHQAAAAAAAQAiBMAAEYABAAEADgARABlAHYAaQBjAGUASQBkAGwAZQBJAGcAbgBvAHIAZQBXAGEAawBlAEUAbgBhAGIAbABlAAAAAAAEAAEAAAAUAAMAV0lOVVNCAAAAAAAAAAAAAIAABAABACgARABlAHYAaQBjAGUASQBuAHQAZQByAGYAYQBjAGUARwBVAEkARAAAAE4AewBlAGMAYwBlAGYAZgAzADUALQAxADQANgAzAC0ANABmAGYAMwAtAGEAYwBkADkALQA4AGYAOQA5ADIAZAAwADkAYQBjAGQAZAB9AAAA"
|
||||
},
|
||||
{
|
||||
"Id":
|
||||
"ControlTransfer:Direction=0x00,RequestType=0x02,Recipient=0x00,Request=0x2a,Value=0x0000,Idx=0x0007,Data=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=,Length=0x20",
|
||||
"Data": "UGx1Z2luPWRmdQpJY29uPWNvbXB1dGVyCgAAAAAAAAA="
|
||||
},
|
||||
{
|
||||
"Id": "GetStringDescriptor:DescIndex=0x04",
|
||||
"Data":
|
||||
"MjA4MmI1ZTAtN2E2NC00NzhhLWIxYjItZTM0MDRmYWI2ZGFkAAAAAICg2QAAAAAAUHZdKPx/AACNC7qJYH8AAAQAAAAAAAAANougiWB/AAAAsAOKYH8AAAAAAAAAAAAA/wAAAAAAVUeAoNkAAAAAAFB2XSj8fwAAsKPbAAAAAAQ="
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
"UsbDevices": [
|
||||
{
|
||||
"PlatformId": "usb:01:00:06",
|
||||
"IdVendor": 10047,
|
||||
"IdProduct": 4100,
|
||||
"Device": 2,
|
||||
"USB": 512,
|
||||
"Manufacturer": 1,
|
||||
"Product": 2,
|
||||
"UsbBosDescriptors": [
|
||||
{
|
||||
"DevCapabilityType": 5,
|
||||
"ExtraData": "AN9g3diJRcdMnNJlnZ5kip8AAAMG4AQVAA=="
|
||||
},
|
||||
{
|
||||
"DevCapabilityType": 5,
|
||||
"ExtraData": "AGPsCgF09c1SndooUlUNlPAFCAEAIAAqAA=="
|
||||
},
|
||||
{
|
||||
"DevCapabilityType": 17,
|
||||
"ExtraData": "AQMAAAA="
|
||||
}
|
||||
],
|
||||
"UsbInterfaces": [
|
||||
{
|
||||
"Length": 9,
|
||||
"DescriptorType": 4,
|
||||
"InterfaceNumber": 1,
|
||||
"InterfaceClass": 255,
|
||||
"InterfaceSubClass": 70,
|
||||
"InterfaceProtocol": 87,
|
||||
"Interface": 3
|
||||
},
|
||||
{
|
||||
"Length": 9,
|
||||
"DescriptorType": 4,
|
||||
"InterfaceNumber": 2,
|
||||
"InterfaceClass": 255,
|
||||
"InterfaceSubClass": 71,
|
||||
"InterfaceProtocol": 85,
|
||||
"Interface": 4
|
||||
},
|
||||
{
|
||||
"Length": 9,
|
||||
"DescriptorType": 4,
|
||||
"InterfaceClass": 3,
|
||||
"UsbEndpoints": [
|
||||
{
|
||||
"DescriptorType": 5,
|
||||
"EndpointAddress": 129,
|
||||
"Interval": 1,
|
||||
"MaxPacketSize": 64
|
||||
},
|
||||
{
|
||||
"DescriptorType": 5,
|
||||
"EndpointAddress": 1,
|
||||
"Interval": 1,
|
||||
"MaxPacketSize": 64
|
||||
}
|
||||
],
|
||||
"ExtraData": "CSERAQABIh0A"
|
||||
}
|
||||
],
|
||||
"UsbEvents": [
|
||||
{
|
||||
"Id": "GetStringDescriptor:DescIndex=0x01",
|
||||
"Data": "SHVnaHNraSBMdGQuAAAAAAAAAAAAAAAAIFjfAAAAAAAAAAAAAAAAAEA42QAAAAAAwHVdKPx/AAAAAAAAAAAAAJiCXSj8fwAAR9bLiWB/AADAdV0o/H8AAOrE/IlgfwAAgHW/AAAAAAAQw9UAAAAAAJiCXSj8fwAAytnLiQEAAAA="
|
||||
},
|
||||
{
|
||||
"Id": "GetStringDescriptor:DescIndex=0x02",
|
||||
"Data": "Q29sb3JIdWcyAEcAAAAAAACwA4pgfwAAAN+Vneb9GHkAAAAAAAAAAEA42QAAAAAAwHVdKPx/AAAAAAAAAAAAAJiCXSj8fwAAR9bLiWB/AADAdV0o/H8AAOrE/IlgfwAAgHW/AAAAAAAQw9UAAAAAAJiCXSj8fwAAytnLiQEAAAA="
|
||||
},
|
||||
{
|
||||
"Id": "GetCustomIndex:ClassId=0xff,SubclassId=0x46,ProtocolId=0x57",
|
||||
"Data": "Aw=="
|
||||
},
|
||||
{
|
||||
"Id": "GetStringDescriptor:DescIndex=0x03",
|
||||
"Data": "Mi4wLjcAAAAD0WmJYH8AAP8AAAAAAAAAA9FpiWB/AACQRNkAAAAAAGCj2wAAAAAAUHZdKPx/AACNC7qJYH8AAAMAAAAAAAAANougiWB/AACYgl0o/H8AAAAAAAAAAAAA/wAAAPx/V0Zgo9sAAAAAAEh5XSj8fwAAEMPVAAAAAAM="
|
||||
},
|
||||
{
|
||||
"Id": "GetCustomIndex:ClassId=0xff,SubclassId=0x47,ProtocolId=0x55",
|
||||
"Data": "BA=="
|
||||
},
|
||||
{
|
||||
"Id": "ControlTransfer:Direction=0x00,RequestType=0x02,Recipient=0x00,Request=0x15,Value=0x0000,Idx=0x0007,Data=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,Length=0x4e0",
|
||||
"Data": "CgAAAAAAAwbgBAgAAQAAANYECAACAAAAkgGAAAQAAQAoAFUAVgBDAC0ARgBTAFMAZQBuAHMAbwByAEcAcgBvAHUAcABJAEQAAABOAHsARgA2ADYARgBBADYANwA0AC0ARgAyAEIARQAtADQARAAxADkALQA5ADgAQwA1AC0ARAAxADMAMgAzADIAOQBDADYANAAyAEYAfQAAAF4ABAABACwAVQBWAEMALQBGAFMAUwBlAG4AcwBvAHIARwByAG8AdQBwAE4AYQBtAGUAAAAoAEwAZQBuAG8AdgBvACAAQwBhAG0AZQByAGEAIABHAHIAbwB1AHAAAAA8AAQABAAuAFUAVgBDAC0ARQBuAGEAYgBsAGUAUABsAGEAdABmAG8AcgBtAEQAbQBmAHQAAAAEAAEAAAA+AAQABAAwAEUAbgBhAGIAbABlAEQAcwBoAG8AdwBSAGUAZABpAHIAZQBjAHQAaQBvAG4AAAAAAAQAAQAAADIABAAEACQAVQBWAEMALQBDAFAAVgAyAEYAYQBjAGUAQQB1AHQAaAAAAAAABAD//wAACAACAAIAwAGAAAQAAQAoAFUAVgBDAC0ARgBTAFMAZQBuAHMAbwByAEcAcgBvAHUAcABJAEQAAABOAHsARgA2ADYARgBBADYANwA0AC0ARgAyAEIARQAtADQARAAxADkALQA5ADgAQwA1AC0ARAAxADMAMgAzADIAOQBDADYANAAyAEYAfQAAAF4ABAABACwAVQBWAEMALQBGAFMAUwBlAG4AcwBvAHIARwByAG8AdQBwAE4AYQBtAGUAAAAoAEwAZQBuAG8AdgBvACAAQwBhAG0AZQByAGEAIABHAHIAbwB1AHAAAAAwAAQABAAiAFMAZQBuAHMAbwByAEMAYQBtAGUAcgBhAE0AbwBkAGUAAAAEAAEAAAA6AAQABAAsAFMAawBpAHAAQwBhAG0AZQByAGEARQBuAHUAbQBlAHIAYQB0AGkAbwBuAAAABAABAAAAPgAEAAQAMABFAG4AYQBiAGwAZQBEAHMAaABvAHcAUgBlAGQAaQByAGUAYwB0AGkAbwBuAAAAAAAEAAEAAAAyAAQABAAkAFUAVgBDAC0AQwBQAFYAMgBGAGEAYwBlAEEAdQB0AGgAAAAAAAQAAAD//wgAAgAEAHwBMgAEAAQAJABEAGUAdgBpAGMAZQBJAGQAbABlAEUAbgBhAGIAbABlAGQAAAAEAAEAAAAyAAQABAAkAEQAZQBmAGEAdQBsAHQASQBkAGwAZQBTAHQAYQB0AGUAAAAAAAQAAQAAADYABAAEACgARABlAGYAYQB1AGwAdABJAGQAbABlAFQAaQBtAGUAbwB1AHQAAAAAAAQAiBMAAEYABAAEADgARABlAHYAaQBjAGUASQBkAGwAZQBJAGcAbgBvAHIAZQBXAGEAawBlAEUAbgBhAGIAbABlAAAAAAAEAAEAAAAUAAMAV0lOVVNCAAAAAAAAAAAAAIAABAABACgARABlAHYAaQBjAGUASQBuAHQAZQByAGYAYQBjAGUARwBVAEkARAAAAE4AewBlAGMAYwBlAGYAZgAzADUALQAxADQANgAzAC0ANABmAGYAMwAtAGEAYwBkADkALQA4AGYAOQA5ADIAZAAwADkAYQBjAGQAZAB9AAAA"
|
||||
},
|
||||
{
|
||||
"Id": "ControlTransfer:Direction=0x00,RequestType=0x02,Recipient=0x00,Request=0x2a,Value=0x0000,Idx=0x0007,Data=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=,Length=0x20",
|
||||
"Data": "UGx1Z2luPWRmdQpJY29uPWNvbXB1dGVyCgAAAAAAAAA="
|
||||
},
|
||||
{
|
||||
"Id": "GetStringDescriptor:DescIndex=0x04",
|
||||
"Data": "MjA4MmI1ZTAtN2E2NC00NzhhLWIxYjItZTM0MDRmYWI2ZGFkAAAAAICg2QAAAAAAUHZdKPx/AACNC7qJYH8AAAQAAAAAAAAANougiWB/AAAAsAOKYH8AAAAAAAAAAAAA/wAAAAAAVUeAoNkAAAAAAFB2XSj8fwAAsKPbAAAAAAQ="
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user