diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 61a0c6a29..ae872e960 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,7 +1,7 @@ default_stages: [commit] repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.0.1 + rev: v4.4.0 hooks: - id: no-commit-to-branch args: [--branch, main, --pattern, 1_.*_X] @@ -12,6 +12,8 @@ repos: - id: check-yaml exclude: '.clang-format' - id: check-json + - id: pretty-format-json + args: ['--no-sort-keys'] - id: check-symlinks - id: check-xml - id: end-of-file-fixer @@ -23,12 +25,12 @@ repos: - id: mixed-line-ending args: [--fix=lf] - repo: https://github.com/codespell-project/codespell - rev: v2.1.0 + rev: v2.2.2 hooks: - id: codespell args: ['--config', './contrib/codespell.cfg', --write-changes] - repo: https://github.com/ambv/black - rev: 22.3.0 + rev: 22.12.0 hooks: - id: black - repo: local @@ -78,7 +80,7 @@ repos: language: script entry: ./contrib/ci/check-license.py - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.27.1 + rev: v0.33.0 hooks: - id: markdownlint args: ['--fix', '--ignore', '.github'] diff --git a/contrib/vscode/launch.json b/contrib/vscode/launch.json index ebb755596..b88cae766 100644 --- a/contrib/vscode/launch.json +++ b/contrib/vscode/launch.json @@ -1,65 +1,65 @@ { - "version": "0.2.0", - "configurations": [ - { - "name": "gdbserver (fwupdtool)", - "type": "cppdbg", - "request": "launch", - "program": "${workspaceFolder}/dist/libexec/fwupd/fwupdtool", - "args": [], - "stopAtEntry": false, - "cwd": "${workspaceFolder}", - "environment": [], - "miDebuggerServerAddress": "localhost:9091", - "externalConsole": false, - "MIMode": "gdb", - "setupCommands": [ - { - "description": "Enable pretty-printing for gdb", - "text": "-enable-pretty-printing", - "ignoreFailures": true - } - ] - }, - { - "name": "gdbserver (fwupd)", - "type": "cppdbg", - "request": "launch", - "program": "${workspaceFolder}/dist/libexec/fwupd/fwupd", - "args": [], - "stopAtEntry": false, - "cwd": "${workspaceFolder}", - "environment": [], - "miDebuggerServerAddress": "localhost:9091", - "externalConsole": false, - "MIMode": "gdb", - "setupCommands": [ - { - "description": "Enable pretty-printing for gdb", - "text": "-enable-pretty-printing", - "ignoreFailures": true - } - ] - }, - { - "name": "gdbserver (fwupdmgr)", - "type": "cppdbg", - "request": "launch", - "program": "${workspaceFolder}/dist/bin/fwupdmgr", - "args": [], - "stopAtEntry": false, - "cwd": "${workspaceFolder}", - "environment": [], - "miDebuggerServerAddress": "localhost:9091", - "externalConsole": false, - "MIMode": "gdb", - "setupCommands": [ - { - "description": "Enable pretty-printing for gdb", - "text": "-enable-pretty-printing", - "ignoreFailures": true - } - ] - } - ] + "version": "0.2.0", + "configurations": [ + { + "name": "gdbserver (fwupdtool)", + "type": "cppdbg", + "request": "launch", + "program": "${workspaceFolder}/dist/libexec/fwupd/fwupdtool", + "args": [], + "stopAtEntry": false, + "cwd": "${workspaceFolder}", + "environment": [], + "miDebuggerServerAddress": "localhost:9091", + "externalConsole": false, + "MIMode": "gdb", + "setupCommands": [ + { + "description": "Enable pretty-printing for gdb", + "text": "-enable-pretty-printing", + "ignoreFailures": true + } + ] + }, + { + "name": "gdbserver (fwupd)", + "type": "cppdbg", + "request": "launch", + "program": "${workspaceFolder}/dist/libexec/fwupd/fwupd", + "args": [], + "stopAtEntry": false, + "cwd": "${workspaceFolder}", + "environment": [], + "miDebuggerServerAddress": "localhost:9091", + "externalConsole": false, + "MIMode": "gdb", + "setupCommands": [ + { + "description": "Enable pretty-printing for gdb", + "text": "-enable-pretty-printing", + "ignoreFailures": true + } + ] + }, + { + "name": "gdbserver (fwupdmgr)", + "type": "cppdbg", + "request": "launch", + "program": "${workspaceFolder}/dist/bin/fwupdmgr", + "args": [], + "stopAtEntry": false, + "cwd": "${workspaceFolder}", + "environment": [], + "miDebuggerServerAddress": "localhost:9091", + "externalConsole": false, + "MIMode": "gdb", + "setupCommands": [ + { + "description": "Enable pretty-printing for gdb", + "text": "-enable-pretty-printing", + "ignoreFailures": true + } + ] + } + ] } diff --git a/contrib/vscode/settings.json b/contrib/vscode/settings.json index 2d7962155..3736fbeb6 100644 --- a/contrib/vscode/settings.json +++ b/contrib/vscode/settings.json @@ -1,4 +1,4 @@ { - "editor.tabSize": 8, - "mesonbuild.buildFolder": "build" + "editor.tabSize": 8, + "mesonbuild.buildFolder": "build" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Amd.PlatformRollbackProtection.json b/docs/hsi-tests.d/org.fwupd.hsi.Amd.PlatformRollbackProtection.json index 737da8e98..db0b4e7b7 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.Amd.PlatformRollbackProtection.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.Amd.PlatformRollbackProtection.json @@ -1,30 +1,29 @@ { - "id": "org.fwupd.hsi.Amd.PlatformRollbackProtection", - "name": "AMD Secure Processor Rollback protection", - "description": [ - "AMD SOCs include the ability to prevent a rollback attack by a rollback protection feature on the secure processor.", - "This feature prevents an attacker from loading an older firmware onto the part after a security vulnerability has been fixed." - ], - "more-information": [ - "This particular check is not for the Microsoft Pluton Security processor which is present on some chips.", - "End users are not able to directly modify rollback protection, this is controlled by the manufacturer.", - "On Lenovo systems it has been reported that if this is disabled it may potentially be enabled by loading 'OS Optimized Defaults' in BIOS setup." - ], - "failure-impact": [ - "SOCs without this feature may be attacked by an attacker installing an older firmware that takes advantage of a well-known vulnerability." - ], - "failure-results": { - "not-enabled": "rollback protection disabled" - }, - "success-results": { - "enabled": "rollback protection enabled" - }, - "hsi-level": 4, - "references": { - "https://www.psacertified.org/blog/anti-rollback-explained/": "Rollback protection", - "https://www.amd.com/en/technologies/pro-security": "AMD Secure Processor", - "https://forums.lenovo.com/t5/Fedora/AMD-Rollback-protection-not-detected-by-fwupd-on-T14-G3-AMD/m-p/5182708?page=1#5810366": - "Loading OS Optimized Defaults on Lenovo systems" - }, - "fwupd-version": "1.8.0" + "id": "org.fwupd.hsi.Amd.PlatformRollbackProtection", + "name": "AMD Secure Processor Rollback protection", + "description": [ + "AMD SOCs include the ability to prevent a rollback attack by a rollback protection feature on the secure processor.", + "This feature prevents an attacker from loading an older firmware onto the part after a security vulnerability has been fixed." + ], + "more-information": [ + "This particular check is not for the Microsoft Pluton Security processor which is present on some chips.", + "End users are not able to directly modify rollback protection, this is controlled by the manufacturer.", + "On Lenovo systems it has been reported that if this is disabled it may potentially be enabled by loading 'OS Optimized Defaults' in BIOS setup." + ], + "failure-impact": [ + "SOCs without this feature may be attacked by an attacker installing an older firmware that takes advantage of a well-known vulnerability." + ], + "failure-results": { + "not-enabled": "rollback protection disabled" + }, + "success-results": { + "enabled": "rollback protection enabled" + }, + "hsi-level": 4, + "references": { + "https://www.psacertified.org/blog/anti-rollback-explained/": "Rollback protection", + "https://www.amd.com/en/technologies/pro-security": "AMD Secure Processor", + "https://forums.lenovo.com/t5/Fedora/AMD-Rollback-protection-not-detected-by-fwupd-on-T14-G3-AMD/m-p/5182708?page=1#5810366": "Loading OS Optimized Defaults on Lenovo systems" + }, + "fwupd-version": "1.8.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Amd.SpiReplayProtection.json b/docs/hsi-tests.d/org.fwupd.hsi.Amd.SpiReplayProtection.json index e3e04c53e..c9685fee1 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.Amd.SpiReplayProtection.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.Amd.SpiReplayProtection.json @@ -1,18 +1,18 @@ { - "id" : "org.fwupd.hsi.Amd.SpiReplayProtection", - "name" : "AMD SPI Write protections", - "description" : [ + "id": "org.fwupd.hsi.Amd.SpiReplayProtection", + "name": "AMD SPI Write protections", + "description": [ "SOCs may enforce control of the SPI bus to prevent writes other than by verified entities." ], - "failure-impact" : [ + "failure-impact": [ "SOCs without this feature may be attacked by an attacker modifying the SPI." ], - "failure-results" : { - "not-enabled" : "SPI protections disabled" + "failure-results": { + "not-enabled": "SPI protections disabled" }, - "success-results" : { - "enabled" : "SPI protections enabled" + "success-results": { + "enabled": "SPI protections enabled" }, - "hsi-level" : 2, - "fwupd-version" : "1.8.0" + "hsi-level": 2, + "fwupd-version": "1.8.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Amd.SpiWriteProtection.json b/docs/hsi-tests.d/org.fwupd.hsi.Amd.SpiWriteProtection.json index 7b51877ea..52b95f71a 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.Amd.SpiWriteProtection.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.Amd.SpiWriteProtection.json @@ -1,18 +1,18 @@ { - "id" : "org.fwupd.hsi.Amd.SpiWriteProtection", - "name" : "AMD SPI Replay protections", - "description" : [ + "id": "org.fwupd.hsi.Amd.SpiWriteProtection", + "name": "AMD SPI Replay protections", + "description": [ "SOCs may include support for replay-protected monotonic counters to prevent replay attacks." ], - "failure-impact" : [ + "failure-impact": [ "SOCs without this feature may be attacked by an attacker modifying the SPI." ], - "failure-results" : { - "not-enabled" : "SPI protections disabled" + "failure-results": { + "not-enabled": "SPI protections disabled" }, - "success-results" : { - "enabled" : "SPI protections enabled" + "success-results": { + "enabled": "SPI protections enabled" }, - "hsi-level" : 3, - "fwupd-version" : "1.8.0" + "hsi-level": 3, + "fwupd-version": "1.8.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Bios.RollbackProtection.json b/docs/hsi-tests.d/org.fwupd.hsi.Bios.RollbackProtection.json index b01cf10e2..cc3de7ca9 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.Bios.RollbackProtection.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.Bios.RollbackProtection.json @@ -1,21 +1,21 @@ { - "id": "org.fwupd.hsi.Bios.RollbackProtection", - "name": "BIOS Firmware Rollback protection", - "description": [ - "Some OEMs include an optional firmware protection feature in their BIOS that would prevent installation of older firmware that may have security vulnerabilities." - ], - "failure-impact": [ - "Firmware without this feature enabled may be attacked by an attacker installing an older firmware that takes advantage of a well-known vulnerability." - ], - "failure-results": { - "not-enabled": "rollback protection disabled" - }, - "success-results": { - "enabled": "rollback protection enabled" - }, - "hsi-level": 2, - "references": { - "https://www.psacertified.org/blog/anti-rollback-explained/": "Rollback protection" - }, - "fwupd-version": "1.8.8" + "id": "org.fwupd.hsi.Bios.RollbackProtection", + "name": "BIOS Firmware Rollback protection", + "description": [ + "Some OEMs include an optional firmware protection feature in their BIOS that would prevent installation of older firmware that may have security vulnerabilities." + ], + "failure-impact": [ + "Firmware without this feature enabled may be attacked by an attacker installing an older firmware that takes advantage of a well-known vulnerability." + ], + "failure-results": { + "not-enabled": "rollback protection disabled" + }, + "success-results": { + "enabled": "rollback protection enabled" + }, + "hsi-level": 2, + "references": { + "https://www.psacertified.org/blog/anti-rollback-explained/": "Rollback protection" + }, + "fwupd-version": "1.8.8" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.EncryptedRam.json b/docs/hsi-tests.d/org.fwupd.hsi.EncryptedRam.json index d0688621f..ca64ce80a 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.EncryptedRam.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.EncryptedRam.json @@ -1,25 +1,25 @@ { - "id" : "org.fwupd.hsi.EncryptedRam", - "name" : "DRAM memory encryption", - "description" : [ + "id": "org.fwupd.hsi.EncryptedRam", + "name": "DRAM memory encryption", + "description": [ "TME (Intel) or SME (AMD) is used by the hardware on supported SOCs to encrypt all data on external memory buses.", "It mitigates against an attacker being able to capture memory data while the system is running or to capture memory by removing a DRAM chip.", "This encryption may be activated by either transparently via firmware configuration or by code running in the Linux kernel." ], - "failure-impact" : [ + "failure-impact": [ "A local attacker can either extract unencrypted content by attaching debug probes on the DIMM modules, or by removing them and inserting them into a computer with a modified DRAM controller." ], - "failure-results" : { - "not-encrypted" : "detected but disabled", - "not-supported" : "not available" + "failure-results": { + "not-encrypted": "detected but disabled", + "not-supported": "not available" }, - "success-results" : { - "encrypted" : "detected and enabled" + "success-results": { + "encrypted": "detected and enabled" }, - "hsi-level" : 4, - "references" : { - "https://software.intel.com/content/www/us/en/develop/blogs/intel-releases-new-technology-specification-for-memory-encryption.html" : "Intel TME Press Release", - "https://en.wikichip.org/wiki/x86/sme" : "WikiChip SME Overview" + "hsi-level": 4, + "references": { + "https://software.intel.com/content/www/us/en/develop/blogs/intel-releases-new-technology-specification-for-memory-encryption.html": "Intel TME Press Release", + "https://en.wikichip.org/wiki/x86/sme": "WikiChip SME Overview" }, - "fwupd-version" : "1.5.0" + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Acm.json b/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Acm.json index af8d86890..54d98d127 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Acm.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Acm.json @@ -1,19 +1,19 @@ { - "id" : "org.fwupd.hsi.IntelBootguard.Acm", - "name" : "Intel BootGuard: ACM", - "description" : [ + "id": "org.fwupd.hsi.IntelBootguard.Acm", + "name": "Intel BootGuard: ACM", + "description": [ "BootGuard is a processor feature that prevents the machine from running firmware images not released by the system manufacturer.", "It forms a root-of-trust by fusing in cryptographic keys into the processor itself that are used to verify the Authenticated Code Modules found in the SPI flash." ], - "failure-impact" : [ + "failure-impact": [ "When BootGuard is not set up correctly then the chain-of-trust between the CPU and the bootloader can not be verified." ], - "failure-results" : { - "not-valid" : "boot is not verified" + "failure-results": { + "not-valid": "boot is not verified" }, - "success-results" : { - "valid" : "ACM protected" + "success-results": { + "valid": "ACM protected" }, - "hsi-level" : 2, - "fwupd-version" : "1.5.0" + "hsi-level": 2, + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Enabled.json b/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Enabled.json index 09d35e365..55e4fcadd 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Enabled.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Enabled.json @@ -1,26 +1,26 @@ { - "id" : "org.fwupd.hsi.IntelBootguard.Enabled", - "deprecated-ids" : [ + "id": "org.fwupd.hsi.IntelBootguard.Enabled", + "deprecated-ids": [ "org.fwupd.hsi.Kernel.IntelBootguard" ], - "name" : "Intel BootGuard: Enabled", - "description" : [ + "name": "Intel BootGuard: Enabled", + "description": [ "BootGuard is a processor feature that prevents the machine from running firmware images not released by the system manufacturer.", "It forms a root-of-trust by fusing in cryptographic keys into the processor itself that are used to verify the Authenticated Code Modules found in the SPI flash." ], - "failure-impact" : [ + "failure-impact": [ "When BootGuard is not set up correctly then the chain-of-trust between the CPU and the bootloader can not be verified.", "This would allow subverting the Secure Boot protection which gives the attacker full access to your hardware." ], - "failure-results" : { - "not-enabled" : "not detected, or detected but not enabled" + "failure-results": { + "not-enabled": "not detected, or detected but not enabled" }, - "success-results" : { - "enabled" : "detected and enabled" + "success-results": { + "enabled": "detected and enabled" }, - "hsi-level" : 2, - "references" : { - "https://github.com/coreboot/coreboot/blob/master/src/soc/intel/jasperlake/include/soc/me.h" : "Coreboot documentation" + "hsi-level": 2, + "references": { + "https://github.com/coreboot/coreboot/blob/master/src/soc/intel/jasperlake/include/soc/me.h": "Coreboot documentation" }, - "fwupd-version" : "1.5.0" + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Otp.json b/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Otp.json index b49553878..8da0b35b5 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Otp.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Otp.json @@ -1,20 +1,20 @@ { - "id" : "org.fwupd.hsi.IntelBootguard.Otp", - "name" : "Intel BootGuard: OTP", - "description" : [ + "id": "org.fwupd.hsi.IntelBootguard.Otp", + "name": "Intel BootGuard: OTP", + "description": [ "BootGuard is a processor feature that prevents the machine from running firmware images not released by the system manufacturer.", "It forms a root-of-trust by fusing in cryptographic keys into the processor itself that are used to verify the Authenticated Code Modules found in the SPI flash." ], - "failure-impact" : [ + "failure-impact": [ "When BootGuard is not set up correctly then the chain-of-trust between the CPU and the bootloader can not be verified.", "This would allow subverting the Secure Boot protection which gives the attacker full access to your hardware." ], - "failure-results" : { - "not-valid" : "SOC is not locked" + "failure-results": { + "not-valid": "SOC is not locked" }, - "success-results" : { - "valid" : "SOC is locked" + "success-results": { + "valid": "SOC is locked" }, - "hsi-level" : 2, - "fwupd-version" : "1.5.0" + "hsi-level": 2, + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Policy.json b/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Policy.json index 05dcd8b46..eb4cf3dab 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Policy.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Policy.json @@ -1,19 +1,19 @@ { - "id" : "org.fwupd.hsi.IntelBootguard.Policy", - "name" : "Intel BootGuard: Policy", - "description" : [ + "id": "org.fwupd.hsi.IntelBootguard.Policy", + "name": "Intel BootGuard: Policy", + "description": [ "BootGuard is a processor feature that prevents the machine from running firmware images not released by the system manufacturer.", "It forms a root-of-trust by fusing in cryptographic keys into the processor itself that are used to verify the Authenticated Code Modules found in the SPI flash." ], - "failure-impact" : [ + "failure-impact": [ "The attacker can invalidate the chain of trust (subverting Secure Boot), and the user would get just a console warning and then continue to boot." ], - "failure-results" : { - "not-valid" : "policy is invalid" + "failure-results": { + "not-valid": "policy is invalid" }, - "success-results" : { - "valid" : "error enforce policy is set to shutdown" + "success-results": { + "valid": "error enforce policy is set to shutdown" }, - "hsi-level" : 3, - "fwupd-version" : "1.5.0" + "hsi-level": 3, + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Verified.json b/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Verified.json index 77a8a5286..de1bbc59c 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Verified.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Verified.json @@ -1,20 +1,20 @@ { - "id" : "org.fwupd.hsi.IntelBootguard.Verified", - "name" : "Intel BootGuard: Verified", - "description" : [ + "id": "org.fwupd.hsi.IntelBootguard.Verified", + "name": "Intel BootGuard: Verified", + "description": [ "BootGuard is a processor feature that prevents the machine from running firmware images not released by the system manufacturer.", "It forms a root-of-trust by fusing in cryptographic keys into the processor itself that are used to verify the Authenticated Code Modules found in the SPI flash." ], - "failure-impact" : [ + "failure-impact": [ "When BootGuard is not set up correctly then the chain-of-trust between the CPU and the bootloader can not be verified.", "This would allow subverting the Secure Boot protection which gives the attacker full access to your hardware." ], - "failure-results" : { - "not-valid" : "boot is not verified" + "failure-results": { + "not-valid": "boot is not verified" }, - "success-results" : { - "success" : "verified boot chain" + "success-results": { + "success": "verified boot chain" }, - "hsi-level" : 2, - "fwupd-version" : "1.5.0" + "hsi-level": 2, + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.IntelCet.Active.json b/docs/hsi-tests.d/org.fwupd.hsi.IntelCet.Active.json index 5dfd5cba8..bb5697f31 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.IntelCet.Active.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.IntelCet.Active.json @@ -1,21 +1,21 @@ { - "id" : "org.fwupd.hsi.IntelCet.Active", - "name" : "Intel CET: Active", - "description" : [ + "id": "org.fwupd.hsi.IntelCet.Active", + "name": "Intel CET: Active", + "description": [ "Control enforcement technology is available on new Intel platforms and prevents exploits from hijacking the control-flow transfer instructions for both forward-edge (indirect call/jmp) and back-edge transfer (ret)." ], - "failure-impact" : [ + "failure-impact": [ "A local or physical attacker with an existing unrelated vulnerability can use a ROP gadget to run arbitrary code." ], - "failure-results" : { - "not-supported" : "CET not being used by the host" + "failure-results": { + "not-supported": "CET not being used by the host" }, - "success-results" : { - "supported" : "CET being used" + "success-results": { + "supported": "CET being used" }, - "hsi-level" : 3, - "references" : { - "https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf" : "Intel CET Technology Preview" + "hsi-level": 3, + "references": { + "https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf": "Intel CET Technology Preview" }, - "fwupd-version" : "1.5.0" + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.IntelCet.Enabled.json b/docs/hsi-tests.d/org.fwupd.hsi.IntelCet.Enabled.json index 260d021a3..d1fff8fd2 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.IntelCet.Enabled.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.IntelCet.Enabled.json @@ -1,21 +1,21 @@ { - "id" : "org.fwupd.hsi.IntelCet.Enabled", - "name" : "Intel CET: Available", - "description" : [ + "id": "org.fwupd.hsi.IntelCet.Enabled", + "name": "Intel CET: Available", + "description": [ "Control enforcement technology is available on new Intel platforms and prevents exploits from hijacking the control-flow transfer instructions for both forward-edge (indirect call/jmp) and back-edge transfer (ret)." ], - "failure-impact" : [ + "failure-impact": [ "A local or physical attacker with an existing unrelated vulnerability can use a reliable and well-known method to run arbitrary code." ], - "failure-results" : { - "not-supported" : "CET not supported" + "failure-results": { + "not-supported": "CET not supported" }, - "success-results" : { - "enabled" : "CET feature enabled by the platform" + "success-results": { + "enabled": "CET feature enabled by the platform" }, - "hsi-level" : 3, - "references" : { - "https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf" : "Intel CET Technology Preview" + "hsi-level": 3, + "references": { + "https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf": "Intel CET Technology Preview" }, - "fwupd-version" : "1.5.0" + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.IntelSmap.json b/docs/hsi-tests.d/org.fwupd.hsi.IntelSmap.json index 088b714af..9ce010479 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.IntelSmap.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.IntelSmap.json @@ -1,22 +1,22 @@ { - "id" : "org.fwupd.hsi.IntelSmap", - "name" : "Intel SMAP", - "description" : [ + "id": "org.fwupd.hsi.IntelSmap", + "name": "Intel SMAP", + "description": [ "Without Supervisor Mode Access Prevention, the supervisor code usually has full read and write access to user-space memory mappings.", "This can make exploits easier to write, as it allows the kernel to access user-space memory when it did not intend to." ], - "failure-impact" : [ + "failure-impact": [ "A local or remote attacker can use a simple exploit to modify the contents of kernel memory which can lead to privilege escalation." ], - "failure-results" : { - "not-supported" : "SMAP not enabled" + "failure-results": { + "not-supported": "SMAP not enabled" }, - "success-results" : { - "enabled" : "SMAP features are detected and enabled" + "success-results": { + "enabled": "SMAP features are detected and enabled" }, - "hsi-level" : 4, - "references" : { - "https://en.wikipedia.org/wiki/Supervisor_Mode_Access_Prevention" : "SMAP Wikipedia Page" + "hsi-level": 4, + "references": { + "https://en.wikipedia.org/wiki/Supervisor_Mode_Access_Prevention": "SMAP Wikipedia Page" }, - "fwupd-version" : "1.5.0" + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Iommu.json b/docs/hsi-tests.d/org.fwupd.hsi.Iommu.json index e0da86719..cf724da6e 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.Iommu.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.Iommu.json @@ -1,24 +1,24 @@ { - "id" : "org.fwupd.hsi.Iommu", - "name" : "DMA protection", - "description" : [ + "id": "org.fwupd.hsi.Iommu", + "name": "DMA protection", + "description": [ "The IOMMU on modern systems is used to mitigate against DMA attacks.", "All I/O for devices capable of DMA is mapped into a private virtual memory region.", "Common implementations are Intel VT-d and AMD-Vi." ], - "failure-impact" : [ + "failure-impact": [ "An attacker with inexpensive PCIe development hardware can write to system RAM from the ThunderBolt or Firewire ports which can lead to privilege escalation." ], - "failure-results" : { - "not-found" : "IOMMU hardware was not detected" + "failure-results": { + "not-found": "IOMMU hardware was not detected" }, - "success-results" : { - "enabled" : "IOMMU hardware detected and enabled" + "success-results": { + "enabled": "IOMMU hardware detected and enabled" }, - "hsi-level" : 2, - "resolution" : "If available, turn on IOMMU in the system BIOS. You may also have to use additional kernel boot parameters, for example `iommu=force`.", - "references" : { - "https://en.wikipedia.org/wiki/Input%E2%80%93output_memory_management_unit" : "IOMMU Wikipedia Page" + "hsi-level": 2, + "resolution": "If available, turn on IOMMU in the system BIOS. You may also have to use additional kernel boot parameters, for example `iommu=force`.", + "references": { + "https://en.wikipedia.org/wiki/Input%E2%80%93output_memory_management_unit": "IOMMU Wikipedia Page" }, - "fwupd-version" : "1.5.0" + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Kernel.Lockdown.json b/docs/hsi-tests.d/org.fwupd.hsi.Kernel.Lockdown.json index c8d278344..669dc7d71 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.Kernel.Lockdown.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.Kernel.Lockdown.json @@ -1,19 +1,19 @@ { - "id" : "org.fwupd.hsi.Kernel.Lockdown", - "name" : "Kernel Lockdown", - "description" : [ + "id": "org.fwupd.hsi.Kernel.Lockdown", + "name": "Kernel Lockdown", + "description": [ "Kernel lockdown is an important mechanism to limit what hardware actions userspace programs can perform.", "Turning on this feature means that often-used mechanisms like /dev/mem used to raise privileges or exfiltrate data are no longer available." ], - "failure-impact" : [ + "failure-impact": [ "An unlocked kernel can be easily abused by a malicious userspace program running as root, which can include replacing system firmware." ], - "failure-results" : { - "not-valid" : "could not read lockdown status, perhaps from an old kernel", - "not-enabled" : "lockdown is set to `none`" + "failure-results": { + "not-valid": "could not read lockdown status, perhaps from an old kernel", + "not-enabled": "lockdown is set to `none`" }, - "success-results" : { - "enabled" : "lockdown is set to either `integrity` or `confidentiality`." + "success-results": { + "enabled": "lockdown is set to either `integrity` or `confidentiality`." }, - "fwupd-version" : "1.5.0" + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Kernel.Tainted.json b/docs/hsi-tests.d/org.fwupd.hsi.Kernel.Tainted.json index 0c666b7cc..12787312b 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.Kernel.Tainted.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.Kernel.Tainted.json @@ -1,19 +1,19 @@ { - "id" : "org.fwupd.hsi.Kernel.Tainted", - "name" : "Kernel Tainted", - "description" : [ + "id": "org.fwupd.hsi.Kernel.Tainted", + "name": "Kernel Tainted", + "description": [ "When calculating the HSI value fwupd has to ask the Linux Kernel for information.", "If the kernel has been tainted by overriding a firmware table or by loading a proprietary module then we cannot trust the data it reports." ], - "failure-impact" : [ + "failure-impact": [ "Using a tainted kernel means that values obtained from the kernel cannot be trusted." ], - "failure-results" : { - "not-valid" : "could not detect kernel taint status", - "tainted" : "the kernel is untrusted, perhaps because a proprietary module was loaded" + "failure-results": { + "not-valid": "could not detect kernel taint status", + "tainted": "the kernel is untrusted, perhaps because a proprietary module was loaded" }, - "success-results" : { - "not-tainted" : "the kernel is trusted" + "success-results": { + "not-tainted": "the kernel is trusted" }, - "fwupd-version" : "1.5.0" + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Mei.KeyManifest.json b/docs/hsi-tests.d/org.fwupd.hsi.Mei.KeyManifest.json index 18e21a826..22e0bc8a0 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.Mei.KeyManifest.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.Mei.KeyManifest.json @@ -1,25 +1,25 @@ { - "id" : "org.fwupd.hsi.Mei.KeyManifest", - "name" : "ME BootGuard Platform Key", - "description" : [ + "id": "org.fwupd.hsi.Mei.KeyManifest", + "name": "ME BootGuard Platform Key", + "description": [ "The BootGuard Platform Key is fused into the CPU PCH during manufacturing by the OEM.", "At bootup, an authenticated code module computes a hash of the Platform Key and compares it with the one stored in field-programmable fuses.", "If the key matches the ACM will pass control to the firmware, otherwise the boot process will stop.", "In 2022 a number of Platform **secret** Keys were leaked by Lenovo and confirmed by Intel." ], - "failure-impact" : [ + "failure-impact": [ "A custom system firmware can be signed using the leaked private key to completely disable UEFI Secure Boot and allow complete persistent compromise of the affected machine." ], - "failure-results" : { - "not-valid" : "device uses a key that is compromised" + "failure-results": { + "not-valid": "device uses a key that is compromised" }, - "success-results" : { - "valid" : "device uses a BootGuard Platform Key that is not known to be compromised" + "success-results": { + "valid": "device uses a BootGuard Platform Key that is not known to be compromised" }, - "hsi-level" : 1, - "references" : { - "https://github.com/phretor/intel-leak-checker/" : "Intel leak checker", - "https://www.tomshardware.com/news/intel-confirms-6gb-alder-lake-bios-source-code-leak-new-details-emerge" : "Tom's Hardware Article" + "hsi-level": 1, + "references": { + "https://github.com/phretor/intel-leak-checker/": "Intel leak checker", + "https://www.tomshardware.com/news/intel-confirms-6gb-alder-lake-bios-source-code-leak-new-details-emerge": "Tom's Hardware Article" }, - "fwupd-version" : "1.8.7" + "fwupd-version": "1.8.7" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Mei.ManufacturingMode.json b/docs/hsi-tests.d/org.fwupd.hsi.Mei.ManufacturingMode.json index 9846b479d..9a75cdd39 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.Mei.ManufacturingMode.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.Mei.ManufacturingMode.json @@ -1,24 +1,24 @@ { - "id" : "org.fwupd.hsi.Mei.ManufacturingMode", - "name" : "ME not in manufacturing mode", - "description" : [ + "id": "org.fwupd.hsi.Mei.ManufacturingMode", + "name": "ME not in manufacturing mode", + "description": [ "There have been some unfortunate cases of the ME being distributed in manufacturing mode.", "In manufacturing mode many features from the ME can be interacted with that decrease the platform's security." ], - "failure-impact" : [ + "failure-impact": [ "If the ME is in manufacturing mode then any user with root access can provision the ME engine with new keys.", "This gives them full access to the system even when the system is powered off." ], - "failure-results" : { - "not-locked" : "device is in manufacturing mode" + "failure-results": { + "not-locked": "device is in manufacturing mode" }, - "success-results" : { - "locked" : "device has had manufacturing mode disabled" + "success-results": { + "locked": "device has had manufacturing mode disabled" }, - "hsi-level" : 1, - "references" : { - "https://malware.news/t/intel-me-manufacturing-mode-obscured-dangers-and-their-relationship-to-apple-macbook-vulnerability-cve-2018-4251/23214" : "ME Manufacturing Mode: obscured dangers", - "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00086.html" : "Intel security advisory SA-00086" + "hsi-level": 1, + "references": { + "https://malware.news/t/intel-me-manufacturing-mode-obscured-dangers-and-their-relationship-to-apple-macbook-vulnerability-cve-2018-4251/23214": "ME Manufacturing Mode: obscured dangers", + "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00086.html": "Intel security advisory SA-00086" }, - "fwupd-version" : "1.5.0" + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Mei.OverrideStrap.json b/docs/hsi-tests.d/org.fwupd.hsi.Mei.OverrideStrap.json index b2b2094d5..46338ef26 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.Mei.OverrideStrap.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.Mei.OverrideStrap.json @@ -1,22 +1,22 @@ { - "id" : "org.fwupd.hsi.Mei.OverrideStrap", - "name" : "ME Flash Descriptor Override", - "description" : [ + "id": "org.fwupd.hsi.Mei.OverrideStrap", + "name": "ME Flash Descriptor Override", + "description": [ "The Flash Descriptor Security Override Strap is not accessible to end users on consumer boards and Intel stresses that this is for debugging only." ], - "failure-impact" : [ + "failure-impact": [ "The system firmware can be written from userspace by changing the protected region.", "This gives any attacker with root access a method to write persistent executable code to the firmware, which survives even a full disk wipe and OS reinstall." ], - "failure-results" : { - "not-locked" : "device is in debugging mode" + "failure-results": { + "not-locked": "device is in debugging mode" }, - "success-results" : { - "locked" : "device in in normal runtime mode" + "success-results": { + "locked": "device in in normal runtime mode" }, - "hsi-level" : 1, - "references" : { - "https://chromium.googlesource.com/chromiumos/third_party/flashrom/+/master/Documentation/mysteries_intel.txt" : "Chromium documentation for Intel ME" + "hsi-level": 1, + "references": { + "https://chromium.googlesource.com/chromiumos/third_party/flashrom/+/master/Documentation/mysteries_intel.txt": "Chromium documentation for Intel ME" }, - "fwupd-version" : "1.5.0" + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Mei.Version.json b/docs/hsi-tests.d/org.fwupd.hsi.Mei.Version.json index 66bcde6f9..2db3c8b72 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.Mei.Version.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.Mei.Version.json @@ -1,26 +1,26 @@ { - "id" : "org.fwupd.hsi.Mei.Version", - "name" : "CSME Version", - "description" : [ + "id": "org.fwupd.hsi.Mei.Version", + "name": "CSME Version", + "description": [ "Converged Security and Manageability Engine is a standalone management module that can manage and control some local devices without the host CPU involvement.", "The CSME lives in the PCH and can only be updated by the OEM vendor.", "The version of the CSME module can be checked to detect the most common and serious vulnerabilities." ], - "failure-impact" : [ + "failure-impact": [ "Using any one of the critical vulnerabilities, a remote attacker can take full control of the system and all connected devices, even when the system is powered off." ], - "failure-results" : { - "not-valid" : "affected by one of the critical CVEs" + "failure-results": { + "not-valid": "affected by one of the critical CVEs" }, - "success-results" : { - "valid" : "is not affected by the most critical CVEs" + "success-results": { + "valid": "is not affected by the most critical CVEs" }, - "hsi-level" : 1, - "resolution" : "Update your Management Engine firmware", - "references" : { - "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00086.html" : "Intel CSME Security Review Cumulative Update" + "hsi-level": 1, + "resolution": "Update your Management Engine firmware", + "references": { + "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00086.html": "Intel CSME Security Review Cumulative Update" }, - "issues" : [ + "issues": [ "CVE-2017-5705", "CVE-2017-5706", "CVE-2017-5707", @@ -30,5 +30,5 @@ "CVE-2017-5711", "CVE-2017-5712" ], - "fwupd-version" : "1.5.0" + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.PlatformDebugEnabled.json b/docs/hsi-tests.d/org.fwupd.hsi.PlatformDebugEnabled.json index 06ea87625..aa930e6c8 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.PlatformDebugEnabled.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.PlatformDebugEnabled.json @@ -1,30 +1,30 @@ { - "id" : "org.fwupd.hsi.PlatformDebugEnabled", - "deprecated-ids" : [ + "id": "org.fwupd.hsi.PlatformDebugEnabled", + "deprecated-ids": [ "org.fwupd.hsi.IntelDci.Enabled" ], - "name" : "Intel DCI", - "description" : [ + "name": "Intel DCI", + "description": [ "Newer Intel CPUs support debugging over USB3 via a proprietary Direct Connection Interface (DCI) with the use of off-the-shelf hardware." ], - "failure-impact" : [ + "failure-impact": [ "Using DCI an attacker with physical access to the computer has full access to all registers and memory in the system, and is able to make changes.", "This makes privilege escalation from user to root possible, and also modifying SMM makes it possible to write to system firmware for a persistent backdoor." ], - "failure-results" : { - "enabled" : "debugging is currently enabled" + "failure-results": { + "enabled": "debugging is currently enabled" }, - "success-results" : { - "not-enabled" : "debugging is not currently enabled" + "success-results": { + "not-enabled": "debugging is not currently enabled" }, - "hsi-level" : 1, - "references" : { - "https://www.intel.co.uk/content/www/uk/en/support/articles/000029393/processors.html" : "Intel Direct Connect Interface", - "https://github.com/chipsec/chipsec/blob/master/chipsec/cfg/8086/pch_4xxlp.xml#L270" : "Chipsec 4xxlp register definitions", - "https://github.com/riscv/riscv-edk2-platforms/blob/85a50de1b459d1d6644a402081120770aa6dd8c7/Silicon/Intel/CoffeelakeSiliconPkg/Pch/Include/Register/PchRegsDci.h" : "RISC-V EDK PCH register definitions" + "hsi-level": 1, + "references": { + "https://www.intel.co.uk/content/www/uk/en/support/articles/000029393/processors.html": "Intel Direct Connect Interface", + "https://github.com/chipsec/chipsec/blob/master/chipsec/cfg/8086/pch_4xxlp.xml#L270": "Chipsec 4xxlp register definitions", + "https://github.com/riscv/riscv-edk2-platforms/blob/85a50de1b459d1d6644a402081120770aa6dd8c7/Silicon/Intel/CoffeelakeSiliconPkg/Pch/Include/Register/PchRegsDci.h": "RISC-V EDK PCH register definitions" }, - "more-information" : [ + "more-information": [ "This attribute was previously known as `org.fwupd.hsi.IntelDci.Enabled` in 1.5.0, but was renamed in 1.8.0 to support other vendors." ], - "fwupd-version" : "1.5.0" + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.PlatformDebugLocked.json b/docs/hsi-tests.d/org.fwupd.hsi.PlatformDebugLocked.json index cf2ab7ef2..8e4a9e40b 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.PlatformDebugLocked.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.PlatformDebugLocked.json @@ -1,25 +1,25 @@ { - "id" : "org.fwupd.hsi.PlatformDebugLocked", - "deprecated-ids" : [ + "id": "org.fwupd.hsi.PlatformDebugLocked", + "deprecated-ids": [ "org.fwupd.hsi.IntelDci.Locked" ], - "name" : "Part is debug locked", - "description" : [ + "name": "Part is debug locked", + "description": [ "Some devices support a concept of whether a part has been unlocked for debugging using proprietary hardware. Such parts allow access to registers that are typically restricted when parts are fused.", "On Intel systems access to this interface is done via a proprietary Direct Connection Interface (DCI)." ], - "failure-impact" : [ + "failure-impact": [ "If using a debug unlocked part, the platform's overall security will be decreased as an attacker may have elevated access to registers and memory within the system and can potentially enable persistent backdoors." ], - "failure-results" : { - "not-locked" : "device is not locked" + "failure-results": { + "not-locked": "device is not locked" }, - "success-results" : { - "locked" : "device is locked" + "success-results": { + "locked": "device is locked" }, - "hsi-level" : 2, - "references" : { - "https://www.intel.co.uk/content/www/uk/en/support/articles/000029393/processors.html" : "Intel Direct Connect Interface" + "hsi-level": 2, + "references": { + "https://www.intel.co.uk/content/www/uk/en/support/articles/000029393/processors.html": "Intel Direct Connect Interface" }, - "fwupd-version" : "1.8.0" + "fwupd-version": "1.8.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.PlatformFused.json b/docs/hsi-tests.d/org.fwupd.hsi.PlatformFused.json index a2ad18d99..7fb600ac7 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.PlatformFused.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.PlatformFused.json @@ -1,18 +1,18 @@ { - "id" : "org.fwupd.hsi.PlatformFused", - "name" : "Part is fused", - "description" : [ + "id": "org.fwupd.hsi.PlatformFused", + "name": "Part is fused", + "description": [ "When fuses are blown in parts from some manufacturers the hardware will enforce protections against tampering or accessing of certain registers." ], - "failure-impact" : [ + "failure-impact": [ "If using an unfused part, the platform's overall security will be decreased." ], - "failure-results" : { - "not-locked" : "device is not fused" + "failure-results": { + "not-locked": "device is not fused" }, - "success-results" : { - "locked" : "device is fused" + "success-results": { + "locked": "device is fused" }, - "hsi-level" : 1, - "fwupd-version" : "1.8.0" + "hsi-level": 1, + "fwupd-version": "1.8.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.PrebootDma.json b/docs/hsi-tests.d/org.fwupd.hsi.PrebootDma.json index cba520b7e..6621aaada 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.PrebootDma.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.PrebootDma.json @@ -1,33 +1,33 @@ { - "id" : "org.fwupd.hsi.PrebootDma", - "deprecated-ids" : [ + "id": "org.fwupd.hsi.PrebootDma", + "deprecated-ids": [ "org.fwupd.hsi.AcpiDmar" ], - "name" : "Pre-boot DMA protection", - "description" : [ + "name": "Pre-boot DMA protection", + "description": [ "The IOMMU on modern systems is used to mitigate against DMA attacks.", "All I/O for devices capable of DMA is mapped into a private virtual memory region.", "On Intel systems the ACPI DMAR table indicated the system is configured with pre-boot DMA protection which eliminates some firmware attacks.", "On AMD systems the ACPI IVRS table indicates the same." ], - "failure-impact" : [ + "failure-impact": [ "An attacker could connect a malicious peripheral using ThunderBolt and reboot the machine, which would allow the attacker to modify the system memory.", "This would allow subverting the Secure Boot protection, and also invalidate any system attestation." ], - "failure-results" : { - "not-valid" : "could not determine state", - "not-enabled" : "was not enabled" + "failure-results": { + "not-valid": "could not determine state", + "not-enabled": "was not enabled" }, - "success-results" : { - "enabled" : "detected correctly" + "success-results": { + "enabled": "detected correctly" }, - "hsi-level" : 3, - "references" : { - "https://en.wikipedia.org/wiki/Input%E2%80%93output_memory_management_unit" : "IOMMU Wikipedia Page", - "https://www.amd.com/system/files/TechDocs/48882_IOMMU.pdf" : "AMD IVRS Specification" + "hsi-level": 3, + "references": { + "https://en.wikipedia.org/wiki/Input%E2%80%93output_memory_management_unit": "IOMMU Wikipedia Page", + "https://www.amd.com/system/files/TechDocs/48882_IOMMU.pdf": "AMD IVRS Specification" }, - "more-information" : [ + "more-information": [ "This attribute was previously known as `org.fwupd.hsi.AcpiDmar` in 1.5.0, but was renamed in 1.8.0 to support other vendors." ], - "fwupd-version" : "1.8.0" + "fwupd-version": "1.8.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Spi.Bioswe.json b/docs/hsi-tests.d/org.fwupd.hsi.Spi.Bioswe.json index 0e640b5d1..eac8d2dc8 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.Spi.Bioswe.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.Spi.Bioswe.json @@ -1,24 +1,24 @@ { - "id" : "org.fwupd.hsi.Spi.Bioswe", - "name" : "BIOS Write Enable (BWE)", - "description" : [ + "id": "org.fwupd.hsi.Spi.Bioswe", + "name": "BIOS Write Enable (BWE)", + "description": [ "Intel hardware provides this mechanism to protect the SPI ROM chip located on the motherboard from being overwritten by the operating system.", "The `BIOSWE` bit must be unset otherwise userspace can write to the SPI chip." ], - "failure-impact" : [ + "failure-impact": [ "The system firmware can be written from userspace.", "This gives any attacker with root access a method to write persistent executable code to the firmware, which survives even a full disk wipe and OS reinstall." ], - "failure-results" : { - "not-found" : "the SPI device was not found", - "enabled" : "write enable is enabled" + "failure-results": { + "not-found": "the SPI device was not found", + "enabled": "write enable is enabled" }, - "success-results" : { - "not-enabled" : "write enable is disabled" + "success-results": { + "not-enabled": "write enable is disabled" }, - "hsi-level" : 1, - "references" : { - "https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/6-chipset-c200-chipset-datasheet.pdf" : "Intel C200 Datasheet" + "hsi-level": 1, + "references": { + "https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/6-chipset-c200-chipset-datasheet.pdf": "Intel C200 Datasheet" }, - "fwupd-version" : "1.5.0" + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Spi.Ble.json b/docs/hsi-tests.d/org.fwupd.hsi.Spi.Ble.json index 61b6819ed..47cd34039 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.Spi.Ble.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.Spi.Ble.json @@ -1,23 +1,23 @@ { - "id" : "org.fwupd.hsi.Spi.Ble", - "name" : "BIOS Lock Enable (BLE)", - "description" : [ + "id": "org.fwupd.hsi.Spi.Ble", + "name": "BIOS Lock Enable (BLE)", + "description": [ "If the lock bit is set then System Management Interrupts (SMIs) are raised when setting BIOS Write Enable.", "The `BLE` bit must be enabled in the PCH otherwise `BIOSWE` can easily be unset." ], - "failure-impact" : [ + "failure-impact": [ "The system firmware can be written from userspace.", "This gives any attacker with root access a method to write persistent executable code to the firmware, which survives even a full disk wipe and OS reinstall." ], - "failure-results" : { - "not-enabled" : "the register is not locked" + "failure-results": { + "not-enabled": "the register is not locked" }, - "success-results" : { - "enabled" : "the register is locked" + "success-results": { + "enabled": "the register is locked" }, - "hsi-level" : 1, - "references" : { - "https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/6-chipset-c200-chipset-datasheet.pdf" : "Intel C200 Datasheet" + "hsi-level": 1, + "references": { + "https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/6-chipset-c200-chipset-datasheet.pdf": "Intel C200 Datasheet" }, - "fwupd-version" : "1.5.0" + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Spi.Descriptor.json b/docs/hsi-tests.d/org.fwupd.hsi.Spi.Descriptor.json index d8bea4e4d..a068a555e 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.Spi.Descriptor.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.Spi.Descriptor.json @@ -1,21 +1,21 @@ { - "id" : "org.fwupd.hsi.Spi.Descriptor", - "name" : "Read-only SPI Descriptor", - "description" : [ + "id": "org.fwupd.hsi.Spi.Descriptor", + "name": "Read-only SPI Descriptor", + "description": [ "The SPI descriptor must always be read only from all other regions.", "Additionally on Intel architectures the FLOCKDN register must be set to prevent configuration registers in the SPI BAR from being changed." ], - "failure-impact" : [ + "failure-impact": [ "The system firmware can be written from userspace by changing the protected region.", "This gives any attacker with root access a method to write persistent executable code to the firmware, which survives even a full disk wipe and OS reinstall." ], - "failure-results" : { - "not-valid" : "any region can write to the flash descriptor", - "not-locked" : "the SPI BAR is not locked" + "failure-results": { + "not-valid": "any region can write to the flash descriptor", + "not-locked": "the SPI BAR is not locked" }, - "success-results" : { - "locked" : "the SPI BAR is locked and read only from all regions" + "success-results": { + "locked": "the SPI BAR is locked and read only from all regions" }, - "hsi-level" : 1, - "fwupd-version" : "1.6.0" + "hsi-level": 1, + "fwupd-version": "1.6.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Spi.SmmBwp.json b/docs/hsi-tests.d/org.fwupd.hsi.Spi.SmmBwp.json index ea1e3e935..b9a59d3ab 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.Spi.SmmBwp.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.Spi.SmmBwp.json @@ -1,23 +1,23 @@ { - "id" : "org.fwupd.hsi.Spi.SmmBwp", - "name" : "SMM Bios Write Protect (SMM_BWP)", - "description" : [ + "id": "org.fwupd.hsi.Spi.SmmBwp", + "name": "SMM Bios Write Protect (SMM_BWP)", + "description": [ "This bit set defines when the BIOS region can be written by the host.", "The `SMM_BWP` bit must be set to make the BIOS region non-writable unless all processors are in system management mode." ], - "failure-impact" : [ + "failure-impact": [ "The system firmware can be written from userspace by exploiting a race condition in checking `BLE`.", "This gives any attacker with root access a method to write persistent executable code to the firmware, which survives even a full disk wipe and OS reinstall." ], - "failure-results" : { - "not-locked" : "the region is not locked" + "failure-results": { + "not-locked": "the region is not locked" }, - "success-results" : { - "locked" : "the region is locked" + "success-results": { + "locked": "the region is locked" }, - "hsi-level" : 1, - "references" : { - "https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/6-chipset-c200-chipset-datasheet.pdf" : "Intel C200 Datasheet" + "hsi-level": 1, + "references": { + "https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/6-chipset-c200-chipset-datasheet.pdf": "Intel C200 Datasheet" }, - "fwupd-version" : "1.5.0" + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.SupportedCpu.json b/docs/hsi-tests.d/org.fwupd.hsi.SupportedCpu.json index ae464979c..bdfdbd5b7 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.SupportedCpu.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.SupportedCpu.json @@ -1,19 +1,19 @@ { - "id" : "org.fwupd.hsi.SupportedCpu", - "name" : "Supported CPU", - "description" : [ + "id": "org.fwupd.hsi.SupportedCpu", + "name": "Supported CPU", + "description": [ "Most platform checks are specific to the CPU vendor.", "To avoid giving a very high HSI result for a platform we do not know how to verify, we include this attribute to ensure that the result is meaningful." ], - "failure-impact" : [ + "failure-impact": [ "If using an unsupported CPU then fwupd is unable to verify the platform security.", "You should contact your platform vendor and ask them to contribute HSI tests for this CPU type." ], - "failure-results" : { - "unknown" : "platform security is unknown" + "failure-results": { + "unknown": "platform security is unknown" }, - "success-results" : { - "valid" : "the CPU platform is supported and has HSI tests" + "success-results": { + "valid": "the CPU platform is supported and has HSI tests" }, "more-information": [ "On AMD APUs or CPUs this information is reported on kernel 5.19 or later via the `ccp` kernel module. ", @@ -21,6 +21,6 @@ "If the kernel module has loaded but you still don't have data this is NOT a fwupd bug. You will have to contact ", "your motherboard or system manufacturer to enable reporting this information." ], - "hsi-level" : 1, - "fwupd-version" : "1.8.0" + "hsi-level": 1, + "fwupd-version": "1.8.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.SuspendToIdle.json b/docs/hsi-tests.d/org.fwupd.hsi.SuspendToIdle.json index c98b7f825..452359203 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.SuspendToIdle.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.SuspendToIdle.json @@ -1,19 +1,19 @@ { - "id" : "org.fwupd.hsi.SuspendToIdle", - "name" : "Suspend-to-Idle", - "description" : [ + "id": "org.fwupd.hsi.SuspendToIdle", + "name": "Suspend-to-Idle", + "description": [ "The platform should be set up with Suspend-to-Idle as the default S3 sleep state." ], - "failure-impact" : [ + "failure-impact": [ "A local attacker could overwrite the S3 resume script to modify system RAM which can lead to privilege escalation." ], - "failure-results" : { - "enabled" : "deep sleep enabled", - "not-valid" : "could not determine the default" + "failure-results": { + "enabled": "deep sleep enabled", + "not-valid": "could not determine the default" }, - "success-results" : { - "not-enabled" : "suspend-to-idle being used" + "success-results": { + "not-enabled": "suspend-to-idle being used" }, - "hsi-level" : 3, - "fwupd-version" : "1.5.0" + "hsi-level": 3, + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.SuspendToRam.json b/docs/hsi-tests.d/org.fwupd.hsi.SuspendToRam.json index 3c359d66b..66cad933a 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.SuspendToRam.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.SuspendToRam.json @@ -1,24 +1,24 @@ { - "id" : "org.fwupd.hsi.SuspendToRam", - "name" : "Suspend to RAM disabled", - "description" : [ + "id": "org.fwupd.hsi.SuspendToRam", + "name": "Suspend to RAM disabled", + "description": [ "Suspend to Ram (S3) keeps the raw contents of the DRAM refreshed when the system is asleep.", "This means that the memory modules can be physically removed and the contents recovered, or a cold boot attack can be performed with a USB device.", "The firmware should be configured to prefer using suspend to idle instead of suspend to ram or to not offer suspend to RAM." ], - "failure-impact" : [ + "failure-impact": [ "An attacker with physical access to a system can obtain the un-encrypted contents of the RAM by suspending the machine, removing the DIMM and inserting it into another machine with modified DRAM controller before the memory contents decay." ], - "failure-results" : { - "enabled" : "sleep enabled", - "not-valid" : "could not determine the default" + "failure-results": { + "enabled": "sleep enabled", + "not-valid": "could not determine the default" }, - "success-results" : { - "not-enabled" : "suspend-to-ram being used" + "success-results": { + "not-enabled": "suspend-to-ram being used" }, - "hsi-level" : 3, - "references" : { - "https://en.wikipedia.org/wiki/Cold_boot_attack" : "Cold Boot Attack Wikipedia Page" + "hsi-level": 3, + "references": { + "https://en.wikipedia.org/wiki/Cold_boot_attack": "Cold Boot Attack Wikipedia Page" }, - "fwupd-version" : "1.5.0" + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Tpm.EmptyPcr.json b/docs/hsi-tests.d/org.fwupd.hsi.Tpm.EmptyPcr.json index 33744a96e..f3258c375 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.Tpm.EmptyPcr.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.Tpm.EmptyPcr.json @@ -1,27 +1,27 @@ { - "id" : "org.fwupd.hsi.Tpm.EmptyPcr", - "name" : "Empty PCR in TPM", - "description" : [ + "id": "org.fwupd.hsi.Tpm.EmptyPcr", + "name": "Empty PCR in TPM", + "description": [ "The system firmware is responsible for measuring values about its boot stage in PCRs 0 through 7.", "Some firmwares have bugs that prevent them from measuring some of those values, breaking the fundamental assumption of the Measured Boot chain-of-trust." ], - "failure-impact" : [ + "failure-impact": [ "A local attacker could measure fake values into the empty PCR, corresponding to a firmware and OS that do not match the ones actually loaded.", "This allows hiding a compromised boot chain or fooling a remote-attestation server into believing that a different kernel is running." ], - "failure-results" : { - "not-found" : "no TPM hardware could be found", - "not-valid" : "at least one empty checksum has been found" + "failure-results": { + "not-found": "no TPM hardware could be found", + "not-valid": "at least one empty checksum has been found" }, - "success-results" : { - "valid" : "all PCRs from 0 to 7 must have non-empty measurements" + "success-results": { + "valid": "all PCRs from 0 to 7 must have non-empty measurements" }, - "hsi-level" : 1, - "references" : { - "https://github.com/google/security-research/blob/master/pocs/bios/tpm-carte-blanche/writeup.md" : "TPM Carte Blanche" + "hsi-level": 1, + "references": { + "https://github.com/google/security-research/blob/master/pocs/bios/tpm-carte-blanche/writeup.md": "TPM Carte Blanche" }, - "issues" : [ + "issues": [ "CVE-2021-42299" ], - "fwupd-version" : "1.7.2" + "fwupd-version": "1.7.2" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Tpm.ReconstructionPcr0.json b/docs/hsi-tests.d/org.fwupd.hsi.Tpm.ReconstructionPcr0.json index 380837279..7332f824f 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.Tpm.ReconstructionPcr0.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.Tpm.ReconstructionPcr0.json @@ -1,27 +1,27 @@ { - "id" : "org.fwupd.hsi.Tpm.ReconstructionPcr0", - "name" : "PCR0 TPM Event Log Reconstruction", - "description" : [ + "id": "org.fwupd.hsi.Tpm.ReconstructionPcr0", + "name": "PCR0 TPM Event Log Reconstruction", + "description": [ "The TPM event log records which events are registered for the PCR0 hash.", "When reconstructed the event log values should always match the TPM PCR0.", "If extra events are included in the event log, or some are missing, the reconstitution will fail." ], - "failure-impact" : [ + "failure-impact": [ "This is not a vulnerability per-se, but it shows that the system firmware checksum cannot be verified as the PCR result has been calculated incorrectly." ], - "more-information" : [ + "more-information": [ "Additional information about specific bugs and debugging steps are available here https://github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-reconstruction" ], - "failure-results" : { - "not-valid" : "could not reconstitute the hash value", - "not-found" : "no TPM hardware could be found" + "failure-results": { + "not-valid": "could not reconstitute the hash value", + "not-found": "no TPM hardware could be found" }, - "success-results" : { - "valid" : "all correct" + "success-results": { + "valid": "all correct" }, - "hsi-level" : 2, - "references" : { - "https://www.kernel.org/doc/html/latest/security/tpm/tpm_event_log.html" : "Linux Kernel TPM Documentation" + "hsi-level": 2, + "references": { + "https://www.kernel.org/doc/html/latest/security/tpm/tpm_event_log.html": "Linux Kernel TPM Documentation" }, - "fwupd-version" : "1.5.0" + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Tpm.Version20.json b/docs/hsi-tests.d/org.fwupd.hsi.Tpm.Version20.json index 2418257f5..457559fb3 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.Tpm.Version20.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.Tpm.Version20.json @@ -1,23 +1,23 @@ { - "id" : "org.fwupd.hsi.Tpm.Version20", - "name" : "TPM 2.0 Present", - "description" : [ + "id": "org.fwupd.hsi.Tpm.Version20", + "name": "TPM 2.0 Present", + "description": [ "A TPM securely stores platform specific secrets that can only be divulged to trusted consumers in a secure environment." ], - "failure-impact" : [ + "failure-impact": [ "The PCR registers will not be available for use by the bootloader and kernel.", "This means userspace cannot either encrypt disks to the specific machine, and also can't know if the system firmware was externally modified." ], - "failure-results" : { - "not-found" : "no TPM device found", - "not-enabled" : "TPM not in v2 mode" + "failure-results": { + "not-found": "no TPM device found", + "not-enabled": "TPM not in v2 mode" }, - "success-results" : { - "found" : "TPM device found in v2 mode" + "success-results": { + "found": "TPM device found in v2 mode" }, - "hsi-level" : 1, - "references" : { - "https://en.wikipedia.org/wiki/Trusted_Platform_Module" : "TPM Wikipedia Page" + "hsi-level": 1, + "references": { + "https://en.wikipedia.org/wiki/Trusted_Platform_Module": "TPM Wikipedia Page" }, - "fwupd-version" : "1.5.0" + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Uefi.Pk.json b/docs/hsi-tests.d/org.fwupd.hsi.Uefi.Pk.json index 6be122e61..cf0ffb2b6 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.Uefi.Pk.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.Uefi.Pk.json @@ -1,23 +1,23 @@ { - "id" : "org.fwupd.hsi.Uefi.Pk", - "name" : "UEFI PK", - "description" : [ + "id": "org.fwupd.hsi.Uefi.Pk", + "name": "UEFI PK", + "description": [ "UEFI defines a platform key for the system.", "This should not be a test key, e.g. `DO NOT TRUST - AMI Test PK`" ], - "failure-impact" : [ + "failure-impact": [ "It is possible to sign an EFI binary with the test platform key, which invalidates the Secure Boot trust chain.", "It effectively gives the local attacker full access to your hardware." ], - "failure-results" : { - "not-valid" : "an invalid key has been enrolled" + "failure-results": { + "not-valid": "an invalid key has been enrolled" }, - "success-results" : { - "valid" : "valid key" + "success-results": { + "valid": "valid key" }, - "hsi-level" : 1, - "references" : { - "https://wiki.ubuntu.com/UEFI/SecureBoot/Testing" : "Ubuntu SecureBoot Wiki Page" + "hsi-level": 1, + "references": { + "https://wiki.ubuntu.com/UEFI/SecureBoot/Testing": "Ubuntu SecureBoot Wiki Page" }, - "fwupd-version" : "1.5.0" + "fwupd-version": "1.5.0" } diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Uefi.SecureBoot.json b/docs/hsi-tests.d/org.fwupd.hsi.Uefi.SecureBoot.json index 7760b3960..b4bf0fc05 100644 --- a/docs/hsi-tests.d/org.fwupd.hsi.Uefi.SecureBoot.json +++ b/docs/hsi-tests.d/org.fwupd.hsi.Uefi.SecureBoot.json @@ -1,24 +1,24 @@ { - "id" : "org.fwupd.hsi.Uefi.SecureBoot", - "name" : "UEFI SecureBoot", - "description" : [ + "id": "org.fwupd.hsi.Uefi.SecureBoot", + "name": "UEFI SecureBoot", + "description": [ "UEFI Secure boot is a verification mechanism for ensuring that code launched by firmware is trusted.", "Secure Boot requires that each binary loaded at boot is validated against trusted certificates." ], - "failure-impact" : [ + "failure-impact": [ "When Secure Boot is not enabled any EFI binary can be run at startup, which gives the attacker full access to your hardware." ], - "failure-results" : { - "not-found" : "support has not been detected", - "not-enabled" : "detected, but has been turned off" + "failure-results": { + "not-found": "support has not been detected", + "not-enabled": "detected, but has been turned off" }, - "success-results" : { - "enabled" : "supported and enabled" + "success-results": { + "enabled": "supported and enabled" }, - "hsi-level" : 1, - "resolution" : "Turn off CSM boot and enable Secure Boot in the BIOS setup.", - "references" : { - "https://wiki.ubuntu.com/UEFI/SecureBoot" : "Ubuntu SecureBoot Wiki Page" + "hsi-level": 1, + "resolution": "Turn off CSM boot and enable Secure Boot in the BIOS setup.", + "references": { + "https://wiki.ubuntu.com/UEFI/SecureBoot": "Ubuntu SecureBoot Wiki Page" }, - "fwupd-version" : "1.5.0" + "fwupd-version": "1.5.0" } diff --git a/src/tests/host-emulate/thinkpad-p1-iommu.json b/src/tests/host-emulate/thinkpad-p1-iommu.json index bc9683243..ebce38398 100644 --- a/src/tests/host-emulate/thinkpad-p1-iommu.json +++ b/src/tests/host-emulate/thinkpad-p1-iommu.json @@ -1,714 +1,713 @@ { - "SecurityAttributes": [ - { - "AppstreamId": "org.fwupd.hsi.Kernel.Tainted", - "HsiResult": "not-tainted", - "Plugin": "linux_tainted", - "Flags": [ - "success", - "runtime-issue" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.Kernel.Lockdown", - "HsiResult": "enabled", - "Plugin": "linux_lockdown", - "Flags": [ - "success", - "runtime-issue" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.Kernel.Swap", - "HsiResult": "encrypted", - "Plugin": "linux_swap", - "Flags": [ - "success", - "runtime-issue" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.Uefi.SecureBoot", - "HsiResult": "enabled", - "Plugin": "uefi_capsule", - "Flags": [ - "success" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.Fwupd.Plugins", - "HsiResult": "not-tainted", - "Plugin": "core", - "Flags": [ - "success", - "runtime-issue" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.Mei.ManufacturingMode", - "HsiResult": "locked", - "Plugin": "pci_mei", - "Flags": [ - "success" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.Mei.OverrideStrap", - "HsiResult": "locked", - "Plugin": "pci_mei", - "Flags": [ - "success" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.Mei.Version", - "HsiResult": "valid", - "Plugin": "pci_mei", - "Flags": [ - "success" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.PlatformDebugEnabled", - "HsiResult": "not-enabled", - "Plugin": "msr", - "Flags": [ - "success" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.Spi.SmmBwp", - "HsiResult": "locked", - "Plugin": "pci_bcr", - "Flags": [ - "success" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.Spi.Ble", - "HsiResult": "enabled", - "Plugin": "pci_bcr", - "Flags": [ - "success" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.Spi.Bioswe", - "HsiResult": "not-enabled", - "Plugin": "pci_bcr", - "Flags": [ - "success" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.SupportedCpu", - "HsiResult": "valid", - "Plugin": "cpu", - "Flags": [ - "success" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.Tpm.EmptyPcr", - "HsiResult": "valid", - "Plugin": "tpm", - "Flags": [ - "success" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.Tpm.Version20", - "HsiResult": "found", - "Plugin": "tpm", - "Flags": [ - "success" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.Uefi.Pk", - "HsiResult": "valid", - "Plugin": "uefi_pk", - "Flags": [ - "success" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.IntelBootguard.Enabled", - "HsiResult": "enabled", - "Plugin": "pci_mei", - "Flags": [ - "success" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.IntelBootguard.Acm", - "HsiResult": "valid", - "Plugin": "pci_mei", - "Flags": [ - "success" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.IntelBootguard.Otp", - "HsiResult": "valid", - "Plugin": "pci_mei", - "Flags": [ - "success" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.IntelBootguard.Verified", - "HsiResult": "valid", - "Plugin": "pci_mei", - "Flags": [ - "success" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.PlatformDebugLocked", - "HsiResult": "locked", - "Plugin": "msr", - "Flags": [ - "success" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.Tpm.ReconstructionPcr0", - "HsiResult": "valid", - "Plugin": "tpm", - "Flags": [ - "success" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.Iommu", - "HsiResult": "found", - "Plugin": "iommu", - "Flags": [ - "success" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.IntelBootguard.Policy", - "HsiResult": "valid", - "Plugin": "pci_mei", - "Flags": [ - "success" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.IntelCet.Enabled", - "HsiResult": "not-supported", - "Plugin": "cpu" - }, - { - "AppstreamId": "org.fwupd.hsi.PrebootDma", - "HsiResult": "not-enabled", - "Plugin": "acpi_dmar", - "Flags": [ - "action-contact-oem", - "action-config-fw" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.SuspendToIdle", - "HsiResult": "not-enabled", - "Plugin": "acpi_facp", - "Flags": [ - "action-config-fw", - "action-config-os" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.SuspendToRam", - "HsiResult": "enabled", - "Plugin": "linux_sleep", - "Flags": [ - "action-config-fw", - "action-config-os" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.IntelSmap", - "HsiResult": "enabled", - "Plugin": "cpu", - "Flags": [ - "success" - ] - }, - { - "AppstreamId": "org.fwupd.hsi.EncryptedRam", - "HsiResult": "not-supported", - "Plugin": "cpu" - } - ], - "Devices": [ - { - "DeviceId": "4a4907dbb1b96c6a1177dfd1b95eb41c781d1265", - "InstanceIds": [ - "GPIO\\ID_INT3450:00" - ], - "Guid": [ - "1199a818-4c52-5137-b536-d59e2e2cada9" - ], - "Flags": [ - "registered" - ] - }, - { - "Name": "AMT [unprovisioned]", - "DeviceId": "5fed1486be004d67ea79838d2e83aaa11bb72645", - "ParentDeviceId": "a45df35ac0e948ee180fe216a5f703f32dda163f", - "CompositeId": "a45df35ac0e948ee180fe216a5f703f32dda163f", - "InstanceIds": [ - "MEI\\VEN_8086&DEV_06E0", - "MEI\\VEN_8086&DEV_06E0&REV_00", - "MEI\\VEN_8086&DEV_06E0&SUBSYS_17AA22C2", - "MEI\\VEN_8086&DEV_06E0&SUBSYS_17AA22C2&REV_00" - ], - "Guid": [ - "2800f812-b7b4-2d4b-aca8-46e0ff65814c", - "15c7ef4d-12fc-5e25-aba6-49b30f5ab130", - "a65d125e-0c76-5876-bad3-6956a2f25e5e", - "a8f5ca2d-e46c-5c9b-819b-d64c73c9e48d", - "45bcbef5-0630-5121-a4d9-881054b2916f" - ], - "Summary": - "Hardware and firmware technology for remote out-of-band management", - "Flags": [ - "internal", - "registered" - ], - "Vendor": "Intel Corporation", - "VendorId": "MEI:0x8086", - "Version": "14.1.53.1649", - "VersionBootloader": "14.1.53.1649", - "VersionFormat": "intel-me", - "Icons": [ - "computer" - ] - }, - { - "Name": "CometLake-H GT2 [UHD Graphics]", - "DeviceId": "5792b48846ce271fab11c4a545f7a3df0d36e00a", - "InstanceIds": [ - "PCI\\VEN_8086&DEV_9BC4", - "PCI\\VEN_8086&DEV_9BC4&REV_05", - "PCI\\VEN_8086&DEV_9BC4&SUBSYS_17AA22C2", - "PCI\\VEN_8086&DEV_9BC4&SUBSYS_17AA22C2&REV_05", - "PCI\\VEN_8086&DEV_9BC4&REV_00", - "PCI\\VEN_8086&DEV_9BC4&SUBSYS_17AA22C2&REV_00" - ], - "Guid": [ - "3777783a-3f83-56a5-95f4-533eb6a2bd19", - "6c3dbf6c-4e6f-5309-9954-c5ab7aca617e", - "5fde5d20-db24-5f21-afdd-247c1bf1efa1", - "07168636-0f3b-565c-8fe1-0f0a77d82cd8", - "7ffe1cb7-395a-52a9-a172-70ec6caaf310", - "b813dc18-ddf2-508d-a7eb-0e2fc8752b03" - ], - "Flags": [ - "internal", - "registered", - "can-verify", - "can-verify-image" - ], - "Vendor": "Intel Corporation", - "VendorId": "PCI:0x8086", - "Version": "05", - "VersionFormat": "plain" - }, - { - "Name": "Core\u2122 i7-10850H CPU @ 2.70GHz", - "DeviceId": "4bde70ba4e39b28f9eab1628f9dd6e6244c03027", - "InstanceIds": [ - "cpu", - "CPUID\\PRO_0&FAM_06", - "CPUID\\PRO_0&FAM_06&MOD_A5", - "CPUID\\PRO_0&FAM_06&MOD_A5&STP_2" - ], - "Guid": [ - "b9a2dd81-159e-5537-a7db-e7101d164d3f", - "30249f37-d140-5d3e-9319-186b1bd5cac3", - "a45b0522-5722-54bd-b802-86cd044262df", - "7b9b6e8c-226c-5db6-86cb-ea3187578013" - ], - "Flags": [ - "internal", - "registered" - ], - "Vendor": "Intel", - "Version": "0x000000f0", - "VersionFormat": "hex", - "VersionRaw": 240, - "Icons": [ - "computer" - ] - }, - { - "Name": "Embedded Controller", - "DeviceId": "2292ae5236790b47884e37cf162dcf23bfcd1c60", - "Guid": [ - "b616d3d6-cca9-40bd-964e-b86ffb62744d" - ], - "Summary": "UEFI ESRT device", - "Protocol": "org.uefi.capsule", - "Flags": [ - "internal", - "updatable", - "require-ac", - "supported", - "registered", - "needs-reboot", - "usable-during-update" - ], - "Vendor": "Lenovo", - "VendorId": "DMI:LENOVO", - "Version": "0.1.11", - "VersionLowest": "0.1.11", - "VersionFormat": "triplet", - "VersionRaw": 65547, - "VersionLowestRaw": 65547, - "UpdateState": 2 - }, - { - "Name": "Integrated Camera", - "DeviceId": "0fef0a0c55f6442bffaebd774ae771341c89571b", - "InstanceIds": [ - "USB\\VID_13D3&PID_5405", - "USB\\VID_13D3&PID_5405&REV_6004" - ], - "Guid": [ - "9284c551-0b4c-51ee-905a-168b8787290c", - "6f7c4f56-0085-5aa6-b443-823852a1cdbc" - ], - "Serial": "0000", - "Protocol": "org.usb.dfu", - "Flags": [ - "updatable", - "registered", - "add-counterpart-guids" - ], - "Vendor": "Azurewave", - "VendorId": "USB:0x13D3", - "Version": "60.4", - "VersionFormat": "bcd", - "Icons": [ - "camera-web" - ] - }, - { - "Name": "Intel Management Engine", - "DeviceId": "349bb341230b1a86e5effe7dfe4337e1590227bd", - "Guid": [ - "5695cc48-4f4f-4677-8ffb-9f496d3ad9d3" - ], - "Summary": "UEFI ESRT device", - "Protocol": "org.uefi.capsule", - "Flags": [ - "internal", - "updatable", - "require-ac", - "supported", - "registered", - "needs-reboot", - "usable-during-update" - ], - "Vendor": "Lenovo", - "VendorId": "DMI:LENOVO", - "Version": "225.53.1649", - "VersionLowest": "0.0.1", - "VersionFormat": "triplet", - "VersionRaw": 3778348657, - "VersionLowestRaw": 1, - "UpdateState": 2 - }, - { - "Name": "System Firmware", - "DeviceId": "a45df35ac0e948ee180fe216a5f703f32dda163f", - "InstanceIds": [ - "main-system-firmware" - ], - "Guid": [ - "6e58e73d-8061-44e4-8949-33b7f0d5c726", - "230c8b18-8d9b-53ec-838b-6cfc0383493a" - ], - "Summary": "UEFI ESRT device", - "Protocol": "org.uefi.capsule", - "Flags": [ - "internal", - "updatable", - "require-ac", - "supported", - "registered", - "needs-reboot", - "can-verify", - "usable-during-update" - ], - "Checksums": [ - "73319eae91b5838c5a587c54ffb625b58746238b", - "6d244e0fadc7cc866e902517b4fe24505e52d1023934d487b039641c726abc46" - ], - "Vendor": "Lenovo", - "VendorId": "DMI:LENOVO", - "Version": "0.1.23", - "VersionLowest": "0.1.11", - "VersionFormat": "triplet", - "VersionRaw": 65559, - "VersionLowestRaw": 65547, - "Icons": [ - "computer" - ], - "UpdateState": 2 - }, - { - "Name": "THNSN5512GPU7 TOSHIBA", - "DeviceId": "03281da317dccd2b18de2bd1cc70a782df40ed7e", - "InstanceIds": [ - "NVME\\VEN_1179&DEV_010F", - "NVME\\VEN_1179&DEV_010F&REV_01", - "NVME\\VEN_1179&DEV_010F&SUBSYS_11790001", - "NVME\\VEN_1179&DEV_010F&SUBSYS_11790001&REV_01", - "THNSN5512GPU7 TOSHIBA" - ], - "Guid": [ - "83991323-9951-5adf-b743-d93e882a41e1", - "e22c4520-43dc-5bb3-8245-5787fead9b63", - "87178ed9-f82b-5895-bcb0-09713abc842c", - "2060b01b-f6aa-5fea-9acd-804de1765920", - "e1409b09-50cf-5aef-8ad8-760b9022f88d" - ], - "Serial": "37RS11EATAHT", - "Summary": "NVM Express solid state drive", - "Protocol": "org.nvmexpress", - "Flags": [ - "internal", - "updatable", - "require-ac", - "registered", - "needs-reboot", - "usable-during-update", - "signed-payload" - ], - "Vendor": "Toshiba Corporation", - "VendorId": "NVME:0x1179", - "Version": "410557LA", - "VersionFormat": "plain", - "Icons": [ - "drive-harddisk" - ] - }, - { - "Name": "TPM", - "DeviceId": "c6a80ac3a22083423992a3cb15018989f37834d6", - "InstanceIds": [ - "system-tpm", - "TPM\\VEN_STM&DEV_0001", - "TPM\\VEN_STM&MOD_", - "TPM\\VEN_STM&DEV_0001&VER_2.0", - "TPM\\VEN_STM&MOD_&VER_2.0" - ], - "Guid": [ - "ff71992e-52f7-5eea-94ef-883e56e034c6", - "84df3581-f896-54d2-bd1a-372602f04c32", - "bfaed10a-bbc1-525b-a329-35da2f63e918", - "70b7b833-7e1a-550a-a291-b94a12d0f319", - "06f005e9-cb62-5d1a-82d9-13c534c53c48" - ], - "Flags": [ - "internal", - "registered" - ], - "Vendor": "ST Microelectronics", - "VendorId": "TPM:STM", - "Version": "1.258.0.0", - "VersionFormat": "quad", - "VersionRaw": 282583078273024, - "Icons": [ - "computer" - ] - }, - { - "Name": "Thunderbolt host controller", - "DeviceId": "2cff15412fb2877637de2c23a10f841bca114e03", - "InstanceIds": [ - "THUNDERBOLT\\VEN_0109&DEV_1913", - "THUNDERBOLT\\VEN_0109&DEV_1913&REV_00", - "TBT-01091913-native", - "TBT-01091913-native-controller0-0" - ], - "Guid": [ - "b510dc43-dc5d-5449-9ccc-5edd80338954", - "b595a681-7c5b-5842-bba7-1d448c261a6e", - "10216d57-c796-5f3c-83d3-21baf70bfc54", - "f8543f13-e164-5332-8681-4d5ef3ffbff0" - ], - "Summary": "Unmatched performance for high-speed I/O", - "Protocol": "com.intel.thunderbolt", - "Flags": [ - "internal", - "updatable", - "require-ac", - "registered", - "dual-image", - "signed-payload" - ], - "Vendor": "Lenovo", - "VendorId": "THUNDERBOLT:0x0109|TBT:0x0109", - "VendorIds": [ - "THUNDERBOLT:0x0109", - "TBT:0x0109" - ], - "Version": "62.00", - "VersionFormat": "pair", - "Icons": [ - "thunderbolt" - ] - }, - { - "Name": "UEFI Device Firmware", - "DeviceId": "f95c9218acd12697af946874bfe4239587209232", - "Guid": [ - "439d54f4-5548-4698-a8b0-46a047c0e66e" - ], - "Summary": "UEFI ESRT device", - "Protocol": "org.uefi.capsule", - "Flags": [ - "internal", - "updatable", - "require-ac", - "registered", - "needs-reboot", - "usable-during-update" - ], - "VendorId": "DMI:LENOVO", - "Version": "16842759", - "VersionLowest": "1", - "VersionFormat": "number", - "VersionRaw": 16842759, - "VersionLowestRaw": 1, - "UpdateState": 2 - }, - { - "Name": "UEFI Device Firmware", - "DeviceId": "d96de5c124b60ed6241ebcb6bb2c839cb5580786", - "Guid": [ - "3fb9a55d-d7f1-4d1b-b216-74e328e28f51" - ], - "Summary": "UEFI ESRT device", - "Protocol": "org.uefi.capsule", - "Flags": [ - "internal", - "updatable", - "require-ac", - "registered", - "needs-reboot", - "usable-during-update" - ], - "VendorId": "DMI:LENOVO", - "Version": "65794", - "VersionLowest": "65794", - "VersionFormat": "number", - "VersionRaw": 65794, - "VersionLowestRaw": 65794, - "UpdateState": 2 - }, - { - "Name": "UEFI Device Firmware", - "DeviceId": "f37fb01122dd62c773f4e84ec89737e059712d59", - "Guid": [ - "33967546-da89-4c51-9c95-5242bcb854e8" - ], - "Summary": "UEFI ESRT device", - "Protocol": "org.uefi.capsule", - "Flags": [ - "internal", - "updatable", - "require-ac", - "registered", - "needs-reboot", - "usable-during-update" - ], - "VendorId": "DMI:LENOVO", - "Version": "24580", - "VersionLowest": "1", - "VersionFormat": "number", - "VersionRaw": 24580, - "VersionLowestRaw": 1, - "UpdateState": 2 - }, - { - "Name": "UEFI dbx", - "DeviceId": "362301da643102b9f38477387e2193e57abaa590", - "ParentDeviceId": "a45df35ac0e948ee180fe216a5f703f32dda163f", - "CompositeId": "a45df35ac0e948ee180fe216a5f703f32dda163f", - "InstanceIds": [ - "UEFI\\CRT_A9087D1044AD18F7A94916D284CBC01827CF23CD8F60B79072C9CAA1FEF4D649", - "UEFI\\CRT_A9087D1044AD18F7A94916D284CBC01827CF23CD8F60B79072C9CAA1FEF4D649&ARCH_X64", - "UEFI\\CRT_A1117F516A32CEFCBA3F2D1ACE10A87972FD6BBE8FE0D0B996E09E65D802A503", - "UEFI\\CRT_A1117F516A32CEFCBA3F2D1ACE10A87972FD6BBE8FE0D0B996E09E65D802A503&ARCH_X64" - ], - "Guid": [ - "14503b3d-73ce-5d06-8137-77c68972a341", - "5971a208-da00-5fce-b5f5-1234342f9cf7", - "c6682ade-b5ec-57c4-b687-676351208742", - "f8ba2887-9411-5c36-9cee-88995bb39731" - ], - "Summary": "UEFI revocation database", - "Protocol": "org.uefi.dbx", - "Flags": [ - "internal", - "updatable", - "registered", - "needs-reboot", - "only-version-upgrade", - "signed-payload" - ], - "VendorId": "UEFI:Linux Foundation", - "Version": "238", - "VersionLowest": "238", - "VersionFormat": "number", - "Icons": [ - "computer" - ], - "InstallDuration": 1 - }, - { - "Name": "WDC PC SN720 SDAQNTW-256G-1001", - "DeviceId": "08e1798bf5d9cb56a0290b552cab6c1a371b5089", - "InstanceIds": [ - "NVME\\VEN_15B7&DEV_5002", - "NVME\\VEN_15B7&DEV_5002&REV_00", - "NVME\\VEN_15B7&DEV_5002&SUBSYS_15B75002", - "NVME\\VEN_15B7&DEV_5002&SUBSYS_15B75002&REV_00", - "WDC PC SN720 SDAQNTW-256G-1001" - ], - "Guid": [ - "ff2112dc-038c-596d-90ca-d43c5077c6ec", - "137520ce-3603-53e6-9165-56694ed744e7", - "c528df4b-7972-5880-8cb1-330415e2dc6a", - "06a6f1f7-4ce0-57ef-8154-0705d936e4a6", - "237776ee-0bcd-5fe9-8dc8-6984a2d36ba0" - ], - "Serial": "183985804591", - "Summary": "NVM Express solid state drive", - "Protocol": "org.nvmexpress", - "Flags": [ - "internal", - "updatable", - "require-ac", - "supported", - "registered", - "needs-reboot", - "usable-during-update" - ], - "Vendor": "Sandisk Corp", - "VendorId": "NVME:0x15B7", - "Version": "10190101", - "VersionFormat": "plain", - "Icons": [ - "drive-harddisk" - ] - } - ] + "SecurityAttributes": [ + { + "AppstreamId": "org.fwupd.hsi.Kernel.Tainted", + "HsiResult": "not-tainted", + "Plugin": "linux_tainted", + "Flags": [ + "success", + "runtime-issue" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.Kernel.Lockdown", + "HsiResult": "enabled", + "Plugin": "linux_lockdown", + "Flags": [ + "success", + "runtime-issue" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.Kernel.Swap", + "HsiResult": "encrypted", + "Plugin": "linux_swap", + "Flags": [ + "success", + "runtime-issue" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.Uefi.SecureBoot", + "HsiResult": "enabled", + "Plugin": "uefi_capsule", + "Flags": [ + "success" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.Fwupd.Plugins", + "HsiResult": "not-tainted", + "Plugin": "core", + "Flags": [ + "success", + "runtime-issue" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.Mei.ManufacturingMode", + "HsiResult": "locked", + "Plugin": "pci_mei", + "Flags": [ + "success" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.Mei.OverrideStrap", + "HsiResult": "locked", + "Plugin": "pci_mei", + "Flags": [ + "success" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.Mei.Version", + "HsiResult": "valid", + "Plugin": "pci_mei", + "Flags": [ + "success" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.PlatformDebugEnabled", + "HsiResult": "not-enabled", + "Plugin": "msr", + "Flags": [ + "success" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.Spi.SmmBwp", + "HsiResult": "locked", + "Plugin": "pci_bcr", + "Flags": [ + "success" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.Spi.Ble", + "HsiResult": "enabled", + "Plugin": "pci_bcr", + "Flags": [ + "success" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.Spi.Bioswe", + "HsiResult": "not-enabled", + "Plugin": "pci_bcr", + "Flags": [ + "success" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.SupportedCpu", + "HsiResult": "valid", + "Plugin": "cpu", + "Flags": [ + "success" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.Tpm.EmptyPcr", + "HsiResult": "valid", + "Plugin": "tpm", + "Flags": [ + "success" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.Tpm.Version20", + "HsiResult": "found", + "Plugin": "tpm", + "Flags": [ + "success" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.Uefi.Pk", + "HsiResult": "valid", + "Plugin": "uefi_pk", + "Flags": [ + "success" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.IntelBootguard.Enabled", + "HsiResult": "enabled", + "Plugin": "pci_mei", + "Flags": [ + "success" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.IntelBootguard.Acm", + "HsiResult": "valid", + "Plugin": "pci_mei", + "Flags": [ + "success" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.IntelBootguard.Otp", + "HsiResult": "valid", + "Plugin": "pci_mei", + "Flags": [ + "success" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.IntelBootguard.Verified", + "HsiResult": "valid", + "Plugin": "pci_mei", + "Flags": [ + "success" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.PlatformDebugLocked", + "HsiResult": "locked", + "Plugin": "msr", + "Flags": [ + "success" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.Tpm.ReconstructionPcr0", + "HsiResult": "valid", + "Plugin": "tpm", + "Flags": [ + "success" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.Iommu", + "HsiResult": "found", + "Plugin": "iommu", + "Flags": [ + "success" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.IntelBootguard.Policy", + "HsiResult": "valid", + "Plugin": "pci_mei", + "Flags": [ + "success" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.IntelCet.Enabled", + "HsiResult": "not-supported", + "Plugin": "cpu" + }, + { + "AppstreamId": "org.fwupd.hsi.PrebootDma", + "HsiResult": "not-enabled", + "Plugin": "acpi_dmar", + "Flags": [ + "action-contact-oem", + "action-config-fw" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.SuspendToIdle", + "HsiResult": "not-enabled", + "Plugin": "acpi_facp", + "Flags": [ + "action-config-fw", + "action-config-os" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.SuspendToRam", + "HsiResult": "enabled", + "Plugin": "linux_sleep", + "Flags": [ + "action-config-fw", + "action-config-os" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.IntelSmap", + "HsiResult": "enabled", + "Plugin": "cpu", + "Flags": [ + "success" + ] + }, + { + "AppstreamId": "org.fwupd.hsi.EncryptedRam", + "HsiResult": "not-supported", + "Plugin": "cpu" + } + ], + "Devices": [ + { + "DeviceId": "4a4907dbb1b96c6a1177dfd1b95eb41c781d1265", + "InstanceIds": [ + "GPIO\\ID_INT3450:00" + ], + "Guid": [ + "1199a818-4c52-5137-b536-d59e2e2cada9" + ], + "Flags": [ + "registered" + ] + }, + { + "Name": "AMT [unprovisioned]", + "DeviceId": "5fed1486be004d67ea79838d2e83aaa11bb72645", + "ParentDeviceId": "a45df35ac0e948ee180fe216a5f703f32dda163f", + "CompositeId": "a45df35ac0e948ee180fe216a5f703f32dda163f", + "InstanceIds": [ + "MEI\\VEN_8086&DEV_06E0", + "MEI\\VEN_8086&DEV_06E0&REV_00", + "MEI\\VEN_8086&DEV_06E0&SUBSYS_17AA22C2", + "MEI\\VEN_8086&DEV_06E0&SUBSYS_17AA22C2&REV_00" + ], + "Guid": [ + "2800f812-b7b4-2d4b-aca8-46e0ff65814c", + "15c7ef4d-12fc-5e25-aba6-49b30f5ab130", + "a65d125e-0c76-5876-bad3-6956a2f25e5e", + "a8f5ca2d-e46c-5c9b-819b-d64c73c9e48d", + "45bcbef5-0630-5121-a4d9-881054b2916f" + ], + "Summary": "Hardware and firmware technology for remote out-of-band management", + "Flags": [ + "internal", + "registered" + ], + "Vendor": "Intel Corporation", + "VendorId": "MEI:0x8086", + "Version": "14.1.53.1649", + "VersionBootloader": "14.1.53.1649", + "VersionFormat": "intel-me", + "Icons": [ + "computer" + ] + }, + { + "Name": "CometLake-H GT2 [UHD Graphics]", + "DeviceId": "5792b48846ce271fab11c4a545f7a3df0d36e00a", + "InstanceIds": [ + "PCI\\VEN_8086&DEV_9BC4", + "PCI\\VEN_8086&DEV_9BC4&REV_05", + "PCI\\VEN_8086&DEV_9BC4&SUBSYS_17AA22C2", + "PCI\\VEN_8086&DEV_9BC4&SUBSYS_17AA22C2&REV_05", + "PCI\\VEN_8086&DEV_9BC4&REV_00", + "PCI\\VEN_8086&DEV_9BC4&SUBSYS_17AA22C2&REV_00" + ], + "Guid": [ + "3777783a-3f83-56a5-95f4-533eb6a2bd19", + "6c3dbf6c-4e6f-5309-9954-c5ab7aca617e", + "5fde5d20-db24-5f21-afdd-247c1bf1efa1", + "07168636-0f3b-565c-8fe1-0f0a77d82cd8", + "7ffe1cb7-395a-52a9-a172-70ec6caaf310", + "b813dc18-ddf2-508d-a7eb-0e2fc8752b03" + ], + "Flags": [ + "internal", + "registered", + "can-verify", + "can-verify-image" + ], + "Vendor": "Intel Corporation", + "VendorId": "PCI:0x8086", + "Version": "05", + "VersionFormat": "plain" + }, + { + "Name": "Core\u2122 i7-10850H CPU @ 2.70GHz", + "DeviceId": "4bde70ba4e39b28f9eab1628f9dd6e6244c03027", + "InstanceIds": [ + "cpu", + "CPUID\\PRO_0&FAM_06", + "CPUID\\PRO_0&FAM_06&MOD_A5", + "CPUID\\PRO_0&FAM_06&MOD_A5&STP_2" + ], + "Guid": [ + "b9a2dd81-159e-5537-a7db-e7101d164d3f", + "30249f37-d140-5d3e-9319-186b1bd5cac3", + "a45b0522-5722-54bd-b802-86cd044262df", + "7b9b6e8c-226c-5db6-86cb-ea3187578013" + ], + "Flags": [ + "internal", + "registered" + ], + "Vendor": "Intel", + "Version": "0x000000f0", + "VersionFormat": "hex", + "VersionRaw": 240, + "Icons": [ + "computer" + ] + }, + { + "Name": "Embedded Controller", + "DeviceId": "2292ae5236790b47884e37cf162dcf23bfcd1c60", + "Guid": [ + "b616d3d6-cca9-40bd-964e-b86ffb62744d" + ], + "Summary": "UEFI ESRT device", + "Protocol": "org.uefi.capsule", + "Flags": [ + "internal", + "updatable", + "require-ac", + "supported", + "registered", + "needs-reboot", + "usable-during-update" + ], + "Vendor": "Lenovo", + "VendorId": "DMI:LENOVO", + "Version": "0.1.11", + "VersionLowest": "0.1.11", + "VersionFormat": "triplet", + "VersionRaw": 65547, + "VersionLowestRaw": 65547, + "UpdateState": 2 + }, + { + "Name": "Integrated Camera", + "DeviceId": "0fef0a0c55f6442bffaebd774ae771341c89571b", + "InstanceIds": [ + "USB\\VID_13D3&PID_5405", + "USB\\VID_13D3&PID_5405&REV_6004" + ], + "Guid": [ + "9284c551-0b4c-51ee-905a-168b8787290c", + "6f7c4f56-0085-5aa6-b443-823852a1cdbc" + ], + "Serial": "0000", + "Protocol": "org.usb.dfu", + "Flags": [ + "updatable", + "registered", + "add-counterpart-guids" + ], + "Vendor": "Azurewave", + "VendorId": "USB:0x13D3", + "Version": "60.4", + "VersionFormat": "bcd", + "Icons": [ + "camera-web" + ] + }, + { + "Name": "Intel Management Engine", + "DeviceId": "349bb341230b1a86e5effe7dfe4337e1590227bd", + "Guid": [ + "5695cc48-4f4f-4677-8ffb-9f496d3ad9d3" + ], + "Summary": "UEFI ESRT device", + "Protocol": "org.uefi.capsule", + "Flags": [ + "internal", + "updatable", + "require-ac", + "supported", + "registered", + "needs-reboot", + "usable-during-update" + ], + "Vendor": "Lenovo", + "VendorId": "DMI:LENOVO", + "Version": "225.53.1649", + "VersionLowest": "0.0.1", + "VersionFormat": "triplet", + "VersionRaw": 3778348657, + "VersionLowestRaw": 1, + "UpdateState": 2 + }, + { + "Name": "System Firmware", + "DeviceId": "a45df35ac0e948ee180fe216a5f703f32dda163f", + "InstanceIds": [ + "main-system-firmware" + ], + "Guid": [ + "6e58e73d-8061-44e4-8949-33b7f0d5c726", + "230c8b18-8d9b-53ec-838b-6cfc0383493a" + ], + "Summary": "UEFI ESRT device", + "Protocol": "org.uefi.capsule", + "Flags": [ + "internal", + "updatable", + "require-ac", + "supported", + "registered", + "needs-reboot", + "can-verify", + "usable-during-update" + ], + "Checksums": [ + "73319eae91b5838c5a587c54ffb625b58746238b", + "6d244e0fadc7cc866e902517b4fe24505e52d1023934d487b039641c726abc46" + ], + "Vendor": "Lenovo", + "VendorId": "DMI:LENOVO", + "Version": "0.1.23", + "VersionLowest": "0.1.11", + "VersionFormat": "triplet", + "VersionRaw": 65559, + "VersionLowestRaw": 65547, + "Icons": [ + "computer" + ], + "UpdateState": 2 + }, + { + "Name": "THNSN5512GPU7 TOSHIBA", + "DeviceId": "03281da317dccd2b18de2bd1cc70a782df40ed7e", + "InstanceIds": [ + "NVME\\VEN_1179&DEV_010F", + "NVME\\VEN_1179&DEV_010F&REV_01", + "NVME\\VEN_1179&DEV_010F&SUBSYS_11790001", + "NVME\\VEN_1179&DEV_010F&SUBSYS_11790001&REV_01", + "THNSN5512GPU7 TOSHIBA" + ], + "Guid": [ + "83991323-9951-5adf-b743-d93e882a41e1", + "e22c4520-43dc-5bb3-8245-5787fead9b63", + "87178ed9-f82b-5895-bcb0-09713abc842c", + "2060b01b-f6aa-5fea-9acd-804de1765920", + "e1409b09-50cf-5aef-8ad8-760b9022f88d" + ], + "Serial": "37RS11EATAHT", + "Summary": "NVM Express solid state drive", + "Protocol": "org.nvmexpress", + "Flags": [ + "internal", + "updatable", + "require-ac", + "registered", + "needs-reboot", + "usable-during-update", + "signed-payload" + ], + "Vendor": "Toshiba Corporation", + "VendorId": "NVME:0x1179", + "Version": "410557LA", + "VersionFormat": "plain", + "Icons": [ + "drive-harddisk" + ] + }, + { + "Name": "TPM", + "DeviceId": "c6a80ac3a22083423992a3cb15018989f37834d6", + "InstanceIds": [ + "system-tpm", + "TPM\\VEN_STM&DEV_0001", + "TPM\\VEN_STM&MOD_", + "TPM\\VEN_STM&DEV_0001&VER_2.0", + "TPM\\VEN_STM&MOD_&VER_2.0" + ], + "Guid": [ + "ff71992e-52f7-5eea-94ef-883e56e034c6", + "84df3581-f896-54d2-bd1a-372602f04c32", + "bfaed10a-bbc1-525b-a329-35da2f63e918", + "70b7b833-7e1a-550a-a291-b94a12d0f319", + "06f005e9-cb62-5d1a-82d9-13c534c53c48" + ], + "Flags": [ + "internal", + "registered" + ], + "Vendor": "ST Microelectronics", + "VendorId": "TPM:STM", + "Version": "1.258.0.0", + "VersionFormat": "quad", + "VersionRaw": 282583078273024, + "Icons": [ + "computer" + ] + }, + { + "Name": "Thunderbolt host controller", + "DeviceId": "2cff15412fb2877637de2c23a10f841bca114e03", + "InstanceIds": [ + "THUNDERBOLT\\VEN_0109&DEV_1913", + "THUNDERBOLT\\VEN_0109&DEV_1913&REV_00", + "TBT-01091913-native", + "TBT-01091913-native-controller0-0" + ], + "Guid": [ + "b510dc43-dc5d-5449-9ccc-5edd80338954", + "b595a681-7c5b-5842-bba7-1d448c261a6e", + "10216d57-c796-5f3c-83d3-21baf70bfc54", + "f8543f13-e164-5332-8681-4d5ef3ffbff0" + ], + "Summary": "Unmatched performance for high-speed I/O", + "Protocol": "com.intel.thunderbolt", + "Flags": [ + "internal", + "updatable", + "require-ac", + "registered", + "dual-image", + "signed-payload" + ], + "Vendor": "Lenovo", + "VendorId": "THUNDERBOLT:0x0109|TBT:0x0109", + "VendorIds": [ + "THUNDERBOLT:0x0109", + "TBT:0x0109" + ], + "Version": "62.00", + "VersionFormat": "pair", + "Icons": [ + "thunderbolt" + ] + }, + { + "Name": "UEFI Device Firmware", + "DeviceId": "f95c9218acd12697af946874bfe4239587209232", + "Guid": [ + "439d54f4-5548-4698-a8b0-46a047c0e66e" + ], + "Summary": "UEFI ESRT device", + "Protocol": "org.uefi.capsule", + "Flags": [ + "internal", + "updatable", + "require-ac", + "registered", + "needs-reboot", + "usable-during-update" + ], + "VendorId": "DMI:LENOVO", + "Version": "16842759", + "VersionLowest": "1", + "VersionFormat": "number", + "VersionRaw": 16842759, + "VersionLowestRaw": 1, + "UpdateState": 2 + }, + { + "Name": "UEFI Device Firmware", + "DeviceId": "d96de5c124b60ed6241ebcb6bb2c839cb5580786", + "Guid": [ + "3fb9a55d-d7f1-4d1b-b216-74e328e28f51" + ], + "Summary": "UEFI ESRT device", + "Protocol": "org.uefi.capsule", + "Flags": [ + "internal", + "updatable", + "require-ac", + "registered", + "needs-reboot", + "usable-during-update" + ], + "VendorId": "DMI:LENOVO", + "Version": "65794", + "VersionLowest": "65794", + "VersionFormat": "number", + "VersionRaw": 65794, + "VersionLowestRaw": 65794, + "UpdateState": 2 + }, + { + "Name": "UEFI Device Firmware", + "DeviceId": "f37fb01122dd62c773f4e84ec89737e059712d59", + "Guid": [ + "33967546-da89-4c51-9c95-5242bcb854e8" + ], + "Summary": "UEFI ESRT device", + "Protocol": "org.uefi.capsule", + "Flags": [ + "internal", + "updatable", + "require-ac", + "registered", + "needs-reboot", + "usable-during-update" + ], + "VendorId": "DMI:LENOVO", + "Version": "24580", + "VersionLowest": "1", + "VersionFormat": "number", + "VersionRaw": 24580, + "VersionLowestRaw": 1, + "UpdateState": 2 + }, + { + "Name": "UEFI dbx", + "DeviceId": "362301da643102b9f38477387e2193e57abaa590", + "ParentDeviceId": "a45df35ac0e948ee180fe216a5f703f32dda163f", + "CompositeId": "a45df35ac0e948ee180fe216a5f703f32dda163f", + "InstanceIds": [ + "UEFI\\CRT_A9087D1044AD18F7A94916D284CBC01827CF23CD8F60B79072C9CAA1FEF4D649", + "UEFI\\CRT_A9087D1044AD18F7A94916D284CBC01827CF23CD8F60B79072C9CAA1FEF4D649&ARCH_X64", + "UEFI\\CRT_A1117F516A32CEFCBA3F2D1ACE10A87972FD6BBE8FE0D0B996E09E65D802A503", + "UEFI\\CRT_A1117F516A32CEFCBA3F2D1ACE10A87972FD6BBE8FE0D0B996E09E65D802A503&ARCH_X64" + ], + "Guid": [ + "14503b3d-73ce-5d06-8137-77c68972a341", + "5971a208-da00-5fce-b5f5-1234342f9cf7", + "c6682ade-b5ec-57c4-b687-676351208742", + "f8ba2887-9411-5c36-9cee-88995bb39731" + ], + "Summary": "UEFI revocation database", + "Protocol": "org.uefi.dbx", + "Flags": [ + "internal", + "updatable", + "registered", + "needs-reboot", + "only-version-upgrade", + "signed-payload" + ], + "VendorId": "UEFI:Linux Foundation", + "Version": "238", + "VersionLowest": "238", + "VersionFormat": "number", + "Icons": [ + "computer" + ], + "InstallDuration": 1 + }, + { + "Name": "WDC PC SN720 SDAQNTW-256G-1001", + "DeviceId": "08e1798bf5d9cb56a0290b552cab6c1a371b5089", + "InstanceIds": [ + "NVME\\VEN_15B7&DEV_5002", + "NVME\\VEN_15B7&DEV_5002&REV_00", + "NVME\\VEN_15B7&DEV_5002&SUBSYS_15B75002", + "NVME\\VEN_15B7&DEV_5002&SUBSYS_15B75002&REV_00", + "WDC PC SN720 SDAQNTW-256G-1001" + ], + "Guid": [ + "ff2112dc-038c-596d-90ca-d43c5077c6ec", + "137520ce-3603-53e6-9165-56694ed744e7", + "c528df4b-7972-5880-8cb1-330415e2dc6a", + "06a6f1f7-4ce0-57ef-8154-0705d936e4a6", + "237776ee-0bcd-5fe9-8dc8-6984a2d36ba0" + ], + "Serial": "183985804591", + "Summary": "NVM Express solid state drive", + "Protocol": "org.nvmexpress", + "Flags": [ + "internal", + "updatable", + "require-ac", + "supported", + "registered", + "needs-reboot", + "usable-during-update" + ], + "Vendor": "Sandisk Corp", + "VendorId": "NVME:0x15B7", + "Version": "10190101", + "VersionFormat": "plain", + "Icons": [ + "drive-harddisk" + ] + } + ] } diff --git a/src/tests/usb-devices-bootloader.json b/src/tests/usb-devices-bootloader.json index 9288704ce..603da4193 100644 --- a/src/tests/usb-devices-bootloader.json +++ b/src/tests/usb-devices-bootloader.json @@ -1,9 +1,9 @@ { - "UsbDevices": [ - { - "PlatformId": "usb:01:00:06", - "IdVendor": 999, - "IdProduct": 999 - } - ] + "UsbDevices": [ + { + "PlatformId": "usb:01:00:06", + "IdVendor": 999, + "IdProduct": 999 + } + ] } diff --git a/src/tests/usb-devices-invalid.json b/src/tests/usb-devices-invalid.json index 23f524493..cb5f9d386 100644 --- a/src/tests/usb-devices-invalid.json +++ b/src/tests/usb-devices-invalid.json @@ -1,49 +1,46 @@ { - "UsbDevices": [ - { - "PlatformId": "usb:00", - "IdVendor": 10047, - "IdProduct": 4100, - "Device": 2, - "USB": 512, - "Manufacturer": 1, - "Product": 2, - "UsbBosDescriptors": [ - { - "Comment": "version invalid", - "DevCapabilityType": 5, - "ExtraData": "AGPsCgF09c1SndooUlUNlPAKAAAAIAAqAA==" - }, - { - "Comment": "UUID invalid", - "DevCapabilityType": 5, - "ExtraData": "AAAAAAAAAAAAAAAAAAAAAAAFCAEAIAAqAA==" - }, - { - "Comment": "plugin invalid", - "DevCapabilityType": 5, - "ExtraData": "AGPsCgF09c1SndooUlUNlPAFCAEAIAArAA==" - } - ], - "UsbEvents": [ - { - "Id": "GetStringDescriptor:DescIndex=0x02", - "Data": - "Q29sb3JIdWcyAEcAAAAAAACwA4pgfwAAAN+Vneb9GHkAAAAAAAAAAEA42QAAAAAAwHVdKPx/AAAAAAAAAAAAAJiCXSj8fwAAR9bLiWB/AADAdV0o/H8AAOrE/IlgfwAAgHW/AAAAAAAQw9UAAAAAAJiCXSj8fwAAytnLiQEAAAA=" - }, - { - "Comment": "Plugin=dfu\nIcon=computer\n", - "Id": - "ControlTransfer:Direction=0x00,RequestType=0x02,Recipient=0x00,Request=0x2a,Value=0x0000,Idx=0x0007,Data=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=,Length=0x20", - "Data": "UGx1Z2luPWRmdQpJY29uPWNvbXB1dGVyCgAAAAAAAAA=" - }, - { - "Comment": "Plugin=XXX", - "Id": - "ControlTransfer:Direction=0x00,RequestType=0x02,Recipient=0x00,Request=0x2b,Value=0x0000,Idx=0x0007,Data=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=,Length=0x20", - "Data": "UGx1Z2luPVhYWAoAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" - } - ] - } - ] + "UsbDevices": [ + { + "PlatformId": "usb:00", + "IdVendor": 10047, + "IdProduct": 4100, + "Device": 2, + "USB": 512, + "Manufacturer": 1, + "Product": 2, + "UsbBosDescriptors": [ + { + "Comment": "version invalid", + "DevCapabilityType": 5, + "ExtraData": "AGPsCgF09c1SndooUlUNlPAKAAAAIAAqAA==" + }, + { + "Comment": "UUID invalid", + "DevCapabilityType": 5, + "ExtraData": "AAAAAAAAAAAAAAAAAAAAAAAFCAEAIAAqAA==" + }, + { + "Comment": "plugin invalid", + "DevCapabilityType": 5, + "ExtraData": "AGPsCgF09c1SndooUlUNlPAFCAEAIAArAA==" + } + ], + "UsbEvents": [ + { + "Id": "GetStringDescriptor:DescIndex=0x02", + "Data": "Q29sb3JIdWcyAEcAAAAAAACwA4pgfwAAAN+Vneb9GHkAAAAAAAAAAEA42QAAAAAAwHVdKPx/AAAAAAAAAAAAAJiCXSj8fwAAR9bLiWB/AADAdV0o/H8AAOrE/IlgfwAAgHW/AAAAAAAQw9UAAAAAAJiCXSj8fwAAytnLiQEAAAA=" + }, + { + "Comment": "Plugin=dfu\nIcon=computer\n", + "Id": "ControlTransfer:Direction=0x00,RequestType=0x02,Recipient=0x00,Request=0x2a,Value=0x0000,Idx=0x0007,Data=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=,Length=0x20", + "Data": "UGx1Z2luPWRmdQpJY29uPWNvbXB1dGVyCgAAAAAAAAA=" + }, + { + "Comment": "Plugin=XXX", + "Id": "ControlTransfer:Direction=0x00,RequestType=0x02,Recipient=0x00,Request=0x2b,Value=0x0000,Idx=0x0007,Data=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=,Length=0x20", + "Data": "UGx1Z2luPVhYWAoAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" + } + ] + } + ] } diff --git a/src/tests/usb-devices-replace.json b/src/tests/usb-devices-replace.json index 378afbcd0..785c52f70 100644 --- a/src/tests/usb-devices-replace.json +++ b/src/tests/usb-devices-replace.json @@ -1,9 +1,9 @@ { - "UsbDevices": [ - { - "PlatformId": "usb:01:00:06", - "IdVendor": 10047, - "IdProduct": 4100 - } - ] + "UsbDevices": [ + { + "PlatformId": "usb:01:00:06", + "IdVendor": 10047, + "IdProduct": 4100 + } + ] } diff --git a/src/tests/usb-devices.json b/src/tests/usb-devices.json index 671591f82..08656ba03 100644 --- a/src/tests/usb-devices.json +++ b/src/tests/usb-devices.json @@ -1,110 +1,101 @@ { - "UsbDevices": [ - { - "PlatformId": "usb:01:00:06", - "IdVendor": 10047, - "IdProduct": 4100, - "Device": 2, - "USB": 512, - "Manufacturer": 1, - "Product": 2, - "UsbBosDescriptors": [ - { - "DevCapabilityType": 5, - "ExtraData": "AN9g3diJRcdMnNJlnZ5kip8AAAMG4AQVAA==" - }, - { - "DevCapabilityType": 5, - "ExtraData": "AGPsCgF09c1SndooUlUNlPAFCAEAIAAqAA==" - }, - { - "DevCapabilityType": 17, - "ExtraData": "AQMAAAA=" - } - ], - "UsbInterfaces": [ - { - "Length": 9, - "DescriptorType": 4, - "InterfaceNumber": 1, - "InterfaceClass": 255, - "InterfaceSubClass": 70, - "InterfaceProtocol": 87, - "Interface": 3 - }, - { - "Length": 9, - "DescriptorType": 4, - "InterfaceNumber": 2, - "InterfaceClass": 255, - "InterfaceSubClass": 71, - "InterfaceProtocol": 85, - "Interface": 4 - }, - { - "Length": 9, - "DescriptorType": 4, - "InterfaceClass": 3, - "UsbEndpoints": [ - { - "DescriptorType": 5, - "EndpointAddress": 129, - "Interval": 1, - "MaxPacketSize": 64 - }, - { - "DescriptorType": 5, - "EndpointAddress": 1, - "Interval": 1, - "MaxPacketSize": 64 - } - ], - "ExtraData": "CSERAQABIh0A" - } - ], - "UsbEvents": [ - { - "Id": "GetStringDescriptor:DescIndex=0x01", - "Data": - "SHVnaHNraSBMdGQuAAAAAAAAAAAAAAAAIFjfAAAAAAAAAAAAAAAAAEA42QAAAAAAwHVdKPx/AAAAAAAAAAAAAJiCXSj8fwAAR9bLiWB/AADAdV0o/H8AAOrE/IlgfwAAgHW/AAAAAAAQw9UAAAAAAJiCXSj8fwAAytnLiQEAAAA=" - }, - { - "Id": "GetStringDescriptor:DescIndex=0x02", - "Data": - "Q29sb3JIdWcyAEcAAAAAAACwA4pgfwAAAN+Vneb9GHkAAAAAAAAAAEA42QAAAAAAwHVdKPx/AAAAAAAAAAAAAJiCXSj8fwAAR9bLiWB/AADAdV0o/H8AAOrE/IlgfwAAgHW/AAAAAAAQw9UAAAAAAJiCXSj8fwAAytnLiQEAAAA=" - }, - { - "Id": - "GetCustomIndex:ClassId=0xff,SubclassId=0x46,ProtocolId=0x57", - "Data": "Aw==" - }, - { - "Id": "GetStringDescriptor:DescIndex=0x03", - "Data": - "Mi4wLjcAAAAD0WmJYH8AAP8AAAAAAAAAA9FpiWB/AACQRNkAAAAAAGCj2wAAAAAAUHZdKPx/AACNC7qJYH8AAAMAAAAAAAAANougiWB/AACYgl0o/H8AAAAAAAAAAAAA/wAAAPx/V0Zgo9sAAAAAAEh5XSj8fwAAEMPVAAAAAAM=" - }, - { - "Id": - "GetCustomIndex:ClassId=0xff,SubclassId=0x47,ProtocolId=0x55", - "Data": "BA==" - }, - { - "Id": - "ControlTransfer:Direction=0x00,RequestType=0x02,Recipient=0x00,Request=0x15,Value=0x0000,Idx=0x0007,Data=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,Length=0x4e0", - "Data": - "CgAAAAAAAwbgBAgAAQAAANYECAACAAAAkgGAAAQAAQAoAFUAVgBDAC0ARgBTAFMAZQBuAHMAbwByAEcAcgBvAHUAcABJAEQAAABOAHsARgA2ADYARgBBADYANwA0AC0ARgAyAEIARQAtADQARAAxADkALQA5ADgAQwA1AC0ARAAxADMAMgAzADIAOQBDADYANAAyAEYAfQAAAF4ABAABACwAVQBWAEMALQBGAFMAUwBlAG4AcwBvAHIARwByAG8AdQBwAE4AYQBtAGUAAAAoAEwAZQBuAG8AdgBvACAAQwBhAG0AZQByAGEAIABHAHIAbwB1AHAAAAA8AAQABAAuAFUAVgBDAC0ARQBuAGEAYgBsAGUAUABsAGEAdABmAG8AcgBtAEQAbQBmAHQAAAAEAAEAAAA+AAQABAAwAEUAbgBhAGIAbABlAEQAcwBoAG8AdwBSAGUAZABpAHIAZQBjAHQAaQBvAG4AAAAAAAQAAQAAADIABAAEACQAVQBWAEMALQBDAFAAVgAyAEYAYQBjAGUAQQB1AHQAaAAAAAAABAD//wAACAACAAIAwAGAAAQAAQAoAFUAVgBDAC0ARgBTAFMAZQBuAHMAbwByAEcAcgBvAHUAcABJAEQAAABOAHsARgA2ADYARgBBADYANwA0AC0ARgAyAEIARQAtADQARAAxADkALQA5ADgAQwA1AC0ARAAxADMAMgAzADIAOQBDADYANAAyAEYAfQAAAF4ABAABACwAVQBWAEMALQBGAFMAUwBlAG4AcwBvAHIARwByAG8AdQBwAE4AYQBtAGUAAAAoAEwAZQBuAG8AdgBvACAAQwBhAG0AZQByAGEAIABHAHIAbwB1AHAAAAAwAAQABAAiAFMAZQBuAHMAbwByAEMAYQBtAGUAcgBhAE0AbwBkAGUAAAAEAAEAAAA6AAQABAAsAFMAawBpAHAAQwBhAG0AZQByAGEARQBuAHUAbQBlAHIAYQB0AGkAbwBuAAAABAABAAAAPgAEAAQAMABFAG4AYQBiAGwAZQBEAHMAaABvAHcAUgBlAGQAaQByAGUAYwB0AGkAbwBuAAAAAAAEAAEAAAAyAAQABAAkAFUAVgBDAC0AQwBQAFYAMgBGAGEAYwBlAEEAdQB0AGgAAAAAAAQAAAD//wgAAgAEAHwBMgAEAAQAJABEAGUAdgBpAGMAZQBJAGQAbABlAEUAbgBhAGIAbABlAGQAAAAEAAEAAAAyAAQABAAkAEQAZQBmAGEAdQBsAHQASQBkAGwAZQBTAHQAYQB0AGUAAAAAAAQAAQAAADYABAAEACgARABlAGYAYQB1AGwAdABJAGQAbABlAFQAaQBtAGUAbwB1AHQAAAAAAAQAiBMAAEYABAAEADgARABlAHYAaQBjAGUASQBkAGwAZQBJAGcAbgBvAHIAZQBXAGEAawBlAEUAbgBhAGIAbABlAAAAAAAEAAEAAAAUAAMAV0lOVVNCAAAAAAAAAAAAAIAABAABACgARABlAHYAaQBjAGUASQBuAHQAZQByAGYAYQBjAGUARwBVAEkARAAAAE4AewBlAGMAYwBlAGYAZgAzADUALQAxADQANgAzAC0ANABmAGYAMwAtAGEAYwBkADkALQA4AGYAOQA5ADIAZAAwADkAYQBjAGQAZAB9AAAA" - }, - { - "Id": - "ControlTransfer:Direction=0x00,RequestType=0x02,Recipient=0x00,Request=0x2a,Value=0x0000,Idx=0x0007,Data=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=,Length=0x20", - "Data": "UGx1Z2luPWRmdQpJY29uPWNvbXB1dGVyCgAAAAAAAAA=" - }, - { - "Id": "GetStringDescriptor:DescIndex=0x04", - "Data": - "MjA4MmI1ZTAtN2E2NC00NzhhLWIxYjItZTM0MDRmYWI2ZGFkAAAAAICg2QAAAAAAUHZdKPx/AACNC7qJYH8AAAQAAAAAAAAANougiWB/AAAAsAOKYH8AAAAAAAAAAAAA/wAAAAAAVUeAoNkAAAAAAFB2XSj8fwAAsKPbAAAAAAQ=" - } - ] - } - ] + "UsbDevices": [ + { + "PlatformId": "usb:01:00:06", + "IdVendor": 10047, + "IdProduct": 4100, + "Device": 2, + "USB": 512, + "Manufacturer": 1, + "Product": 2, + "UsbBosDescriptors": [ + { + "DevCapabilityType": 5, + "ExtraData": "AN9g3diJRcdMnNJlnZ5kip8AAAMG4AQVAA==" + }, + { + "DevCapabilityType": 5, + "ExtraData": "AGPsCgF09c1SndooUlUNlPAFCAEAIAAqAA==" + }, + { + "DevCapabilityType": 17, + "ExtraData": "AQMAAAA=" + } + ], + "UsbInterfaces": [ + { + "Length": 9, + "DescriptorType": 4, + "InterfaceNumber": 1, + "InterfaceClass": 255, + "InterfaceSubClass": 70, + "InterfaceProtocol": 87, + "Interface": 3 + }, + { + "Length": 9, + "DescriptorType": 4, + "InterfaceNumber": 2, + "InterfaceClass": 255, + "InterfaceSubClass": 71, + "InterfaceProtocol": 85, + "Interface": 4 + }, + { + "Length": 9, + "DescriptorType": 4, + "InterfaceClass": 3, + "UsbEndpoints": [ + { + "DescriptorType": 5, + "EndpointAddress": 129, + "Interval": 1, + "MaxPacketSize": 64 + }, + { + "DescriptorType": 5, + "EndpointAddress": 1, + "Interval": 1, + "MaxPacketSize": 64 + } + ], + "ExtraData": "CSERAQABIh0A" + } + ], + "UsbEvents": [ + { + "Id": "GetStringDescriptor:DescIndex=0x01", + "Data": "SHVnaHNraSBMdGQuAAAAAAAAAAAAAAAAIFjfAAAAAAAAAAAAAAAAAEA42QAAAAAAwHVdKPx/AAAAAAAAAAAAAJiCXSj8fwAAR9bLiWB/AADAdV0o/H8AAOrE/IlgfwAAgHW/AAAAAAAQw9UAAAAAAJiCXSj8fwAAytnLiQEAAAA=" + }, + { + "Id": "GetStringDescriptor:DescIndex=0x02", + "Data": "Q29sb3JIdWcyAEcAAAAAAACwA4pgfwAAAN+Vneb9GHkAAAAAAAAAAEA42QAAAAAAwHVdKPx/AAAAAAAAAAAAAJiCXSj8fwAAR9bLiWB/AADAdV0o/H8AAOrE/IlgfwAAgHW/AAAAAAAQw9UAAAAAAJiCXSj8fwAAytnLiQEAAAA=" + }, + { + "Id": "GetCustomIndex:ClassId=0xff,SubclassId=0x46,ProtocolId=0x57", + "Data": "Aw==" + }, + { + "Id": "GetStringDescriptor:DescIndex=0x03", + "Data": "Mi4wLjcAAAAD0WmJYH8AAP8AAAAAAAAAA9FpiWB/AACQRNkAAAAAAGCj2wAAAAAAUHZdKPx/AACNC7qJYH8AAAMAAAAAAAAANougiWB/AACYgl0o/H8AAAAAAAAAAAAA/wAAAPx/V0Zgo9sAAAAAAEh5XSj8fwAAEMPVAAAAAAM=" + }, + { + "Id": "GetCustomIndex:ClassId=0xff,SubclassId=0x47,ProtocolId=0x55", + "Data": "BA==" + }, + { + "Id": "ControlTransfer:Direction=0x00,RequestType=0x02,Recipient=0x00,Request=0x15,Value=0x0000,Idx=0x0007,Data=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,Length=0x4e0", + "Data": "CgAAAAAAAwbgBAgAAQAAANYECAACAAAAkgGAAAQAAQAoAFUAVgBDAC0ARgBTAFMAZQBuAHMAbwByAEcAcgBvAHUAcABJAEQAAABOAHsARgA2ADYARgBBADYANwA0AC0ARgAyAEIARQAtADQARAAxADkALQA5ADgAQwA1AC0ARAAxADMAMgAzADIAOQBDADYANAAyAEYAfQAAAF4ABAABACwAVQBWAEMALQBGAFMAUwBlAG4AcwBvAHIARwByAG8AdQBwAE4AYQBtAGUAAAAoAEwAZQBuAG8AdgBvACAAQwBhAG0AZQByAGEAIABHAHIAbwB1AHAAAAA8AAQABAAuAFUAVgBDAC0ARQBuAGEAYgBsAGUAUABsAGEAdABmAG8AcgBtAEQAbQBmAHQAAAAEAAEAAAA+AAQABAAwAEUAbgBhAGIAbABlAEQAcwBoAG8AdwBSAGUAZABpAHIAZQBjAHQAaQBvAG4AAAAAAAQAAQAAADIABAAEACQAVQBWAEMALQBDAFAAVgAyAEYAYQBjAGUAQQB1AHQAaAAAAAAABAD//wAACAACAAIAwAGAAAQAAQAoAFUAVgBDAC0ARgBTAFMAZQBuAHMAbwByAEcAcgBvAHUAcABJAEQAAABOAHsARgA2ADYARgBBADYANwA0AC0ARgAyAEIARQAtADQARAAxADkALQA5ADgAQwA1AC0ARAAxADMAMgAzADIAOQBDADYANAAyAEYAfQAAAF4ABAABACwAVQBWAEMALQBGAFMAUwBlAG4AcwBvAHIARwByAG8AdQBwAE4AYQBtAGUAAAAoAEwAZQBuAG8AdgBvACAAQwBhAG0AZQByAGEAIABHAHIAbwB1AHAAAAAwAAQABAAiAFMAZQBuAHMAbwByAEMAYQBtAGUAcgBhAE0AbwBkAGUAAAAEAAEAAAA6AAQABAAsAFMAawBpAHAAQwBhAG0AZQByAGEARQBuAHUAbQBlAHIAYQB0AGkAbwBuAAAABAABAAAAPgAEAAQAMABFAG4AYQBiAGwAZQBEAHMAaABvAHcAUgBlAGQAaQByAGUAYwB0AGkAbwBuAAAAAAAEAAEAAAAyAAQABAAkAFUAVgBDAC0AQwBQAFYAMgBGAGEAYwBlAEEAdQB0AGgAAAAAAAQAAAD//wgAAgAEAHwBMgAEAAQAJABEAGUAdgBpAGMAZQBJAGQAbABlAEUAbgBhAGIAbABlAGQAAAAEAAEAAAAyAAQABAAkAEQAZQBmAGEAdQBsAHQASQBkAGwAZQBTAHQAYQB0AGUAAAAAAAQAAQAAADYABAAEACgARABlAGYAYQB1AGwAdABJAGQAbABlAFQAaQBtAGUAbwB1AHQAAAAAAAQAiBMAAEYABAAEADgARABlAHYAaQBjAGUASQBkAGwAZQBJAGcAbgBvAHIAZQBXAGEAawBlAEUAbgBhAGIAbABlAAAAAAAEAAEAAAAUAAMAV0lOVVNCAAAAAAAAAAAAAIAABAABACgARABlAHYAaQBjAGUASQBuAHQAZQByAGYAYQBjAGUARwBVAEkARAAAAE4AewBlAGMAYwBlAGYAZgAzADUALQAxADQANgAzAC0ANABmAGYAMwAtAGEAYwBkADkALQA4AGYAOQA5ADIAZAAwADkAYQBjAGQAZAB9AAAA" + }, + { + "Id": "ControlTransfer:Direction=0x00,RequestType=0x02,Recipient=0x00,Request=0x2a,Value=0x0000,Idx=0x0007,Data=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=,Length=0x20", + "Data": "UGx1Z2luPWRmdQpJY29uPWNvbXB1dGVyCgAAAAAAAAA=" + }, + { + "Id": "GetStringDescriptor:DescIndex=0x04", + "Data": "MjA4MmI1ZTAtN2E2NC00NzhhLWIxYjItZTM0MDRmYWI2ZGFkAAAAAICg2QAAAAAAUHZdKPx/AACNC7qJYH8AAAQAAAAAAAAANougiWB/AAAAsAOKYH8AAAAAAAAAAAAA/wAAAAAAVUeAoNkAAAAAAFB2XSj8fwAAsKPbAAAAAAQ=" + } + ] + } + ] }