diff --git a/docs/fwupd-docs.xml b/docs/fwupd-docs.xml
index 15f6b4a35..ce95c036c 100644
--- a/docs/fwupd-docs.xml
+++ b/docs/fwupd-docs.xml
@@ -53,6 +53,8 @@
+
+
diff --git a/plugins/uefi-dbx/fu-efi-signature-list.c b/libfwupdplugin/fu-efi-signature-list.c
similarity index 95%
rename from plugins/uefi-dbx/fu-efi-signature-list.c
rename to libfwupdplugin/fu-efi-signature-list.c
index 3eeedddce..ad5698deb 100644
--- a/plugins/uefi-dbx/fu-efi-signature-list.c
+++ b/libfwupdplugin/fu-efi-signature-list.c
@@ -9,9 +9,18 @@
#include
#include "fu-common.h"
-#include "fu-efi-signature.h"
+#include "fu-efi-signature-private.h"
#include "fu-efi-signature-list.h"
+/**
+ * SECTION:fu-efi-signature-list
+ * @short_description: Parser for EFI_SIGNATURE_LIST
+ *
+ * An object that represents a UEFI SignatureList.
+ *
+ * See also: #FuFirmware
+ */
+
struct _FuEfiSignatureList {
FuFirmware parent_instance;
};
@@ -239,6 +248,13 @@ fu_efi_signature_list_write (FuFirmware *firmware, GError **error)
return g_byte_array_free_to_bytes (buf);
}
+/**
+ * fu_efi_signature_list_new:
+ *
+ * Creates a new #FuFirmware that can parse an EFI_SIGNATURE_LIST
+ *
+ * Since: 1.5.5
+ **/
FuFirmware *
fu_efi_signature_list_new (void)
{
diff --git a/plugins/uefi-dbx/fu-efi-signature-list.h b/libfwupdplugin/fu-efi-signature-list.h
similarity index 100%
rename from plugins/uefi-dbx/fu-efi-signature-list.h
rename to libfwupdplugin/fu-efi-signature-list.h
diff --git a/libfwupdplugin/fu-efi-signature-private.h b/libfwupdplugin/fu-efi-signature-private.h
new file mode 100644
index 000000000..a6d73bcac
--- /dev/null
+++ b/libfwupdplugin/fu-efi-signature-private.h
@@ -0,0 +1,12 @@
+/*
+ * Copyright (C) 2020 Richard Hughes
+ *
+ * SPDX-License-Identifier: LGPL-2.1+
+ */
+
+#pragma once
+
+#include "fu-efi-signature.h"
+
+FuEfiSignature *fu_efi_signature_new (FuEfiSignatureKind kind,
+ const gchar *owner);
diff --git a/plugins/uefi-dbx/fu-efi-signature.c b/libfwupdplugin/fu-efi-signature.c
similarity index 67%
rename from plugins/uefi-dbx/fu-efi-signature.c
rename to libfwupdplugin/fu-efi-signature.c
index 4be72c722..9dd714d29 100644
--- a/plugins/uefi-dbx/fu-efi-signature.c
+++ b/libfwupdplugin/fu-efi-signature.c
@@ -6,7 +6,16 @@
#include "config.h"
-#include "fu-efi-signature.h"
+#include "fu-efi-signature-private.h"
+
+/**
+ * SECTION:fu-efi-signature
+ * @short_description: Parser for EFI_SIGNATURE
+ *
+ * An object that represents a UEFI Signature.
+ *
+ * See also: #FuFirmware
+ */
struct _FuEfiSignature {
FuFirmwareImage parent_instance;
@@ -16,6 +25,16 @@ struct _FuEfiSignature {
G_DEFINE_TYPE (FuEfiSignature, fu_efi_signature, FU_TYPE_FIRMWARE_IMAGE)
+/**
+ * fu_efi_signature_kind_to_string:
+ * @kind: A #FuEfiSignatureKind, e.g. %FU_EFI_SIGNATURE_KIND_X509
+ *
+ * Converts the signature kind to a text representation.
+ *
+ * Returns: text, e.g. `x509_cert`
+ *
+ * Since: 1.5.5
+ **/
const gchar *
fu_efi_signature_kind_to_string (FuEfiSignatureKind kind)
{
@@ -26,18 +45,17 @@ fu_efi_signature_kind_to_string (FuEfiSignatureKind kind)
return "unknown";
}
-const gchar *
-fu_efi_signature_guid_to_string (const gchar *guid)
-{
- if (g_strcmp0 (guid, FU_EFI_SIGNATURE_GUID_ZERO) == 0)
- return "zero";
- if (g_strcmp0 (guid, FU_EFI_SIGNATURE_GUID_MICROSOFT) == 0)
- return "microsoft";
- if (g_strcmp0 (guid, FU_EFI_SIGNATURE_GUID_OVMF) == 0)
- return "ovmf";
- return guid;
-}
-
+/**
+ * fu_efi_signature_new: (skip):
+ * @kind: A #FuEfiSignatureKind
+ * @owner: A GUID, e.g. %FU_EFI_SIGNATURE_GUID_MICROSOFT
+ *
+ * Creates a new EFI_SIGNATURE.
+ *
+ * Returns: (transfer full): signature
+ *
+ * Since: 1.5.5
+ **/
FuEfiSignature *
fu_efi_signature_new (FuEfiSignatureKind kind, const gchar *owner)
{
@@ -47,13 +65,33 @@ fu_efi_signature_new (FuEfiSignatureKind kind, const gchar *owner)
return g_steal_pointer (&self);
}
+/**
+ * fu_efi_signature_get_kind:
+ * @self: A #FuEfiSignature
+ *
+ * Returns the signature kind.
+ *
+ * Returns: #FuEfiSignatureKind, e.g. %FU_EFI_SIGNATURE_KIND_SHA256
+ *
+ * Since: 1.5.5
+ **/
FuEfiSignatureKind
fu_efi_signature_get_kind (FuEfiSignature *self)
{
- g_return_val_if_fail (FU_IS_EFI_SIGNATURE (self), 0);
+ g_return_val_if_fail (FU_IS_EFI_SIGNATURE (self), FU_EFI_SIGNATURE_KIND_UNKNOWN);
return self->kind;
}
+/**
+ * fu_efi_signature_get_owner:
+ * @self: A #FuEfiSignature
+ *
+ * Returns the GUID of the signature owner.
+ *
+ * Returns: GUID owner, perhaps %FU_EFI_SIGNATURE_GUID_MICROSOFT
+ *
+ * Since: 1.5.5
+ **/
const gchar *
fu_efi_signature_get_owner (FuEfiSignature *self)
{
diff --git a/plugins/uefi-dbx/fu-efi-signature.h b/libfwupdplugin/fu-efi-signature.h
similarity index 72%
rename from plugins/uefi-dbx/fu-efi-signature.h
rename to libfwupdplugin/fu-efi-signature.h
index 83f36b026..5c7b43ea1 100644
--- a/plugins/uefi-dbx/fu-efi-signature.h
+++ b/libfwupdplugin/fu-efi-signature.h
@@ -17,6 +17,7 @@ typedef enum {
FU_EFI_SIGNATURE_KIND_UNKNOWN,
FU_EFI_SIGNATURE_KIND_SHA256,
FU_EFI_SIGNATURE_KIND_X509,
+ /*< private >*/
FU_EFI_SIGNATURE_KIND_LAST
} FuEfiSignatureKind;
@@ -24,10 +25,7 @@ typedef enum {
#define FU_EFI_SIGNATURE_GUID_MICROSOFT "77fa9abd-0359-4d32-bd60-28f4e78f784b"
#define FU_EFI_SIGNATURE_GUID_OVMF "a0baa8a3-041d-48a8-bc87-c36d121b5e3d"
-const gchar *fu_efi_signature_kind_to_string (FuEfiSignatureKind kind);
-const gchar *fu_efi_signature_guid_to_string (const gchar *guid);
+const gchar *fu_efi_signature_kind_to_string (FuEfiSignatureKind kind);
-FuEfiSignature *fu_efi_signature_new (FuEfiSignatureKind kind,
- const gchar *owner);
-FuEfiSignatureKind fu_efi_signature_get_kind (FuEfiSignature *self);
-const gchar *fu_efi_signature_get_owner (FuEfiSignature *self);
+FuEfiSignatureKind fu_efi_signature_get_kind (FuEfiSignature *self);
+const gchar *fu_efi_signature_get_owner (FuEfiSignature *self);
diff --git a/libfwupdplugin/fwupdplugin.h b/libfwupdplugin/fwupdplugin.h
index 41be7e17c..8c1cb8317 100644
--- a/libfwupdplugin/fwupdplugin.h
+++ b/libfwupdplugin/fwupdplugin.h
@@ -35,6 +35,8 @@
#include
#include
#include
+#include
+#include
#include
#include
#include
diff --git a/libfwupdplugin/fwupdplugin.map b/libfwupdplugin/fwupdplugin.map
index 66eb5523f..025ec2687 100644
--- a/libfwupdplugin/fwupdplugin.map
+++ b/libfwupdplugin/fwupdplugin.map
@@ -704,6 +704,12 @@ LIBFWUPDPLUGIN_1.5.5 {
global:
fu_common_strsafe;
fu_device_retry_full;
+ fu_efi_signature_get_kind;
+ fu_efi_signature_get_owner;
+ fu_efi_signature_get_type;
+ fu_efi_signature_kind_to_string;
+ fu_efi_signature_list_get_type;
+ fu_efi_signature_list_new;
fu_firmware_get_image_by_checksum;
fu_firmware_image_get_checksum;
local: *;
diff --git a/libfwupdplugin/meson.build b/libfwupdplugin/meson.build
index a5dca850c..c41464eb4 100644
--- a/libfwupdplugin/meson.build
+++ b/libfwupdplugin/meson.build
@@ -22,6 +22,8 @@ fwupdplugin_src = [
'fu-security-attrs.c',
'fu-smbios.c',
'fu-srec-firmware.c',
+ 'fu-efi-signature.c',
+ 'fu-efi-signature-list.c',
'fu-efivar.c',
'fu-udev-device.c',
'fu-usb-device.c',
@@ -53,6 +55,8 @@ fwupdplugin_headers = [
'fu-security-attrs.h',
'fu-smbios.h',
'fu-srec-firmware.h',
+ 'fu-efi-signature.h',
+ 'fu-efi-signature-list.h',
'fu-efivar.h',
'fu-udev-device.h',
'fu-usb-device.h',
diff --git a/plugins/uefi-dbx/fu-dbxtool.c b/plugins/uefi-dbx/fu-dbxtool.c
index 3111f1a94..73d9ec029 100644
--- a/plugins/uefi-dbx/fu-dbxtool.c
+++ b/plugins/uefi-dbx/fu-dbxtool.c
@@ -17,7 +17,6 @@
#include "fu-common.h"
#include "fu-efivar.h"
#include "fu-uefi-dbx-common.h"
-#include "fu-efi-signature-common.h"
#include "fu-efi-signature.h"
/* custom return code */
@@ -55,6 +54,37 @@ fu_dbxtool_get_siglist_local (const gchar *filename, GError **error)
return g_steal_pointer (&siglist);
}
+static gboolean
+fu_dbxtool_siglist_inclusive (FuFirmware *outer, FuFirmware *inner)
+{
+ g_autoptr(GPtrArray) sigs = fu_firmware_get_images (inner);
+ for (guint i = 0; i < sigs->len; i++) {
+ FuEfiSignature *sig = g_ptr_array_index (sigs, i);
+ g_autofree gchar *checksum = NULL;
+ g_autoptr(FuFirmwareImage) img = NULL;
+ checksum = fu_firmware_image_get_checksum (FU_FIRMWARE_IMAGE (sig),
+ G_CHECKSUM_SHA256, NULL);
+ if (checksum == NULL)
+ continue;
+ img = fu_firmware_get_image_by_checksum (outer, checksum, NULL);
+ if (img == NULL)
+ return FALSE;
+ }
+ return TRUE;
+}
+
+static const gchar *
+fu_dbxtool_guid_to_string (const gchar *guid)
+{
+ if (g_strcmp0 (guid, FU_EFI_SIGNATURE_GUID_ZERO) == 0)
+ return "zero";
+ if (g_strcmp0 (guid, FU_EFI_SIGNATURE_GUID_MICROSOFT) == 0)
+ return "microsoft";
+ if (g_strcmp0 (guid, FU_EFI_SIGNATURE_GUID_OVMF) == 0)
+ return "ovmf";
+ return guid;
+}
+
int
main (int argc, char *argv[])
{
@@ -155,7 +185,7 @@ main (int argc, char *argv[])
NULL);
g_print ("%4u: {%s} {%s} %s\n",
cnt++,
- fu_efi_signature_guid_to_string (fu_efi_signature_get_owner (sig)),
+ fu_dbxtool_guid_to_string (fu_efi_signature_get_owner (sig)),
fu_efi_signature_kind_to_string (fu_efi_signature_get_kind (sig)),
checksum);
}
@@ -206,7 +236,7 @@ main (int argc, char *argv[])
}
/* check this is a newer dbx update */
- if (!force && fu_efi_signature_list_inclusive (FU_EFI_SIGNATURE_LIST (dbx_system), FU_EFI_SIGNATURE_LIST (dbx_update))) {
+ if (!force && fu_dbxtool_siglist_inclusive (dbx_system, dbx_update)) {
/* TRANSLATORS: same or newer update already applied */
g_printerr ("%s\n", _("Cannot apply as dbx update has already been applied."));
return EXIT_FAILURE;
diff --git a/plugins/uefi-dbx/fu-efi-signature-common.c b/plugins/uefi-dbx/fu-efi-signature-common.c
deleted file mode 100644
index 89c5f75b8..000000000
--- a/plugins/uefi-dbx/fu-efi-signature-common.c
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright (C) 2020 Richard Hughes
- *
- * SPDX-License-Identifier: LGPL-2.1+
- */
-
-#include "config.h"
-
-#include "fu-efi-signature-common.h"
-#include "fu-efi-signature-list.h"
-#include "fu-efi-signature.h"
-
-gboolean
-fu_efi_signature_list_has_checksum (FuEfiSignatureList *siglist, const gchar *checksum)
-{
- g_autoptr(FuFirmwareImage) img = NULL;
- img = fu_firmware_get_image_by_checksum (FU_FIRMWARE (siglist), checksum, NULL);
- return img != NULL;
-}
-
-gboolean
-fu_efi_signature_list_inclusive (FuEfiSignatureList *outer, FuEfiSignatureList *inner)
-{
- g_autoptr(GPtrArray) sigs = fu_firmware_get_images (FU_FIRMWARE (inner));
- for (guint i = 0; i < sigs->len; i++) {
- FuEfiSignature *sig = g_ptr_array_index (sigs, i);
- g_autofree gchar *checksum = NULL;
- checksum = fu_firmware_image_get_checksum (FU_FIRMWARE_IMAGE (sig),
- G_CHECKSUM_SHA256, NULL);
- if (checksum == NULL)
- continue;
- if (!fu_efi_signature_list_has_checksum (outer, checksum))
- return FALSE;
- }
- return TRUE;
-}
diff --git a/plugins/uefi-dbx/fu-efi-signature-common.h b/plugins/uefi-dbx/fu-efi-signature-common.h
deleted file mode 100644
index 09b7cb53e..000000000
--- a/plugins/uefi-dbx/fu-efi-signature-common.h
+++ /dev/null
@@ -1,14 +0,0 @@
-/*
- * Copyright (C) 2020 Richard Hughes
- *
- * SPDX-License-Identifier: LGPL-2.1+
- */
-
-#pragma once
-
-#include "fu-efi-signature-list.h"
-
-gboolean fu_efi_signature_list_inclusive (FuEfiSignatureList *outer,
- FuEfiSignatureList *inner);
-gboolean fu_efi_signature_list_has_checksum (FuEfiSignatureList *siglist,
- const gchar *checksum);
diff --git a/plugins/uefi-dbx/fu-uefi-dbx-common.c b/plugins/uefi-dbx/fu-uefi-dbx-common.c
index 9c67d9951..bd8fc4f0e 100644
--- a/plugins/uefi-dbx/fu-uefi-dbx-common.c
+++ b/plugins/uefi-dbx/fu-uefi-dbx-common.c
@@ -10,7 +10,6 @@
#include "fu-common.h"
#include "fu-efi-image.h"
-#include "fu-efi-signature-common.h"
#include "fu-volume.h"
#include "fu-uefi-dbx-common.h"
@@ -53,6 +52,7 @@ fu_uefi_dbx_signature_list_validate_volume (FuEfiSignatureList *siglist, FuVolum
for (guint i = 0; i < files->len; i++) {
const gchar *fn = g_ptr_array_index (files, i);
g_autofree gchar *checksum = NULL;
+ g_autoptr(FuFirmwareImage) img = NULL;
g_autoptr(GError) error_local = NULL;
/* get checksum of file */
@@ -64,7 +64,8 @@ fu_uefi_dbx_signature_list_validate_volume (FuEfiSignatureList *siglist, FuVolum
/* Authenticode signature is present in dbx! */
g_debug ("fn=%s, checksum=%s", fn, checksum);
- if (fu_efi_signature_list_has_checksum (siglist, checksum)) {
+ img = fu_firmware_get_image_by_checksum (FU_FIRMWARE (siglist), checksum, NULL);
+ if (img != NULL) {
g_set_error (error,
FWUPD_ERROR,
FWUPD_ERROR_NEEDS_USER_ACTION,
diff --git a/plugins/uefi-dbx/fu-uefi-dbx-device.c b/plugins/uefi-dbx/fu-uefi-dbx-device.c
index 20c2f726a..86ce9a795 100644
--- a/plugins/uefi-dbx/fu-uefi-dbx-device.c
+++ b/plugins/uefi-dbx/fu-uefi-dbx-device.c
@@ -8,7 +8,6 @@
#include "fu-efivar.h"
-#include "fu-efi-signature-common.h"
#include "fu-efi-signature.h"
#include "fu-uefi-dbx-common.h"
#include "fu-uefi-dbx-device.h"
diff --git a/plugins/uefi-dbx/meson.build b/plugins/uefi-dbx/meson.build
index b10b43c63..ac960a9b4 100644
--- a/plugins/uefi-dbx/meson.build
+++ b/plugins/uefi-dbx/meson.build
@@ -7,9 +7,6 @@ shared_module('fu_plugin_uefi_dbx',
'fu-uefi-dbx-common.c',
'fu-uefi-dbx-device.c',
'fu-efi-image.c',
- 'fu-efi-signature.c',
- 'fu-efi-signature-common.c',
- 'fu-efi-signature-list.c',
],
include_directories : [
root_incdir,
@@ -39,9 +36,6 @@ if get_option('tests')
'fu-self-test.c',
'fu-uefi-dbx-common.c',
'fu-efi-image.c',
- 'fu-efi-signature.c',
- 'fu-efi-signature-common.c',
- 'fu-efi-signature-list.c',
],
include_directories : [
root_incdir,
@@ -68,9 +62,6 @@ dbxtool = executable(
'fu-dbxtool.c',
'fu-uefi-dbx-common.c',
'fu-efi-image.c',
- 'fu-efi-signature.c',
- 'fu-efi-signature-common.c',
- 'fu-efi-signature-list.c',
],
include_directories : [
root_incdir,