mirror of
https://git.proxmox.com/git/fwupd
synced 2025-08-05 21:30:48 +00:00
Add a new HSI attribute for AMD rollback protection
This will be used by an upcoming AMD plugin
This commit is contained in:
parent
035490d39e
commit
04efb0b0cb
20
docs/hsi.md
20
docs/hsi.md
@ -639,6 +639,26 @@ To meet HSI-4 on systems that run this test, the result must be `enabled`. *[v1.
|
||||
- [Intel TME Press Release](https://software.intel.com/content/www/us/en/develop/blogs/intel-releases-new-technology-specification-for-memory-encryption.html)
|
||||
- [WikiChip SME Overview](https://en.wikichip.org/wiki/x86/sme)
|
||||
|
||||
<a id="org.fwupd.hsi.Amd.PlatformRollbackProtection"></a>
|
||||
|
||||
### [AMD Rollback protection](#org.fwupd.hsi.Amd.RollbackProtection)
|
||||
|
||||
AMD SOCs include the ability to prevent a rollback attack by a rollback protection feature on the firmware. This feature prevents an attacker from loading an older
|
||||
firmware onto the part after a security vulnerability has been fixed.
|
||||
|
||||
**Impact:** SOCs without this feature may be attacked by an attacker installing an older firmware that takes advantage of a well-known vulnerability.
|
||||
|
||||
**Possible results:**
|
||||
|
||||
- `enabled`: rollback protection enabled
|
||||
- `not-enabled`: rollback protection disabled
|
||||
|
||||
To meet HSI-1 on AMD systems that run this test, the result must be `enabled`. *[v1.8.0]*
|
||||
|
||||
**References:**
|
||||
|
||||
- [Rollback protection](https://www.psacertified.org/blog/anti-rollback-explained/)
|
||||
|
||||
<a id="org.fwupd.hsi.IntelSmap"></a>
|
||||
|
||||
### [Supervisor Mode Access Prevention](#org.fwupd.hsi.IntelSmap)
|
||||
|
@ -287,6 +287,15 @@ G_BEGIN_DECLS
|
||||
* Since: 1.8.0
|
||||
**/
|
||||
#define FWUPD_SECURITY_ATTR_ID_SUPPORTED_CPU "org.fwupd.hsi.SupportedCpu"
|
||||
/**
|
||||
* FWUPD_SECURITY_ATTR_ID_AMD_ROLLBACK_PROTECTION
|
||||
*
|
||||
* Host Security ID attribute for Rollback protection of AMD platform
|
||||
* firmware
|
||||
*
|
||||
* Since: 1.8.0
|
||||
**/
|
||||
#define FWUPD_SECURITY_ATTR_ID_AMD_ROLLBACK_PROTECTION "org.fwupd.hsi.Amd.RollbackProtection"
|
||||
|
||||
GVariant *
|
||||
fwupd_security_attr_to_variant(FwupdSecurityAttr *self);
|
||||
|
@ -183,6 +183,10 @@ fu_security_attr_get_name(FwupdSecurityAttr *attr)
|
||||
/* TRANSLATORS: Title: if fwupd supports HSI on this chip */
|
||||
return g_strdup(_("Supported CPU"));
|
||||
}
|
||||
if (g_strcmp0(appstream_id, FWUPD_SECURITY_ATTR_ID_AMD_ROLLBACK_PROTECTION) == 0) {
|
||||
/* TRANSLATORS: Title: if firmware enforces rollback protection */
|
||||
return g_strdup(_("Rollback protection"));
|
||||
}
|
||||
|
||||
/* we should not get here */
|
||||
return g_strdup(fwupd_security_attr_get_name(attr));
|
||||
|
Loading…
Reference in New Issue
Block a user