diff --git a/libfwupd/fwupd-enums.c b/libfwupd/fwupd-enums.c index c0ac0e6e3..c2f4ee33d 100644 --- a/libfwupd/fwupd-enums.c +++ b/libfwupd/fwupd-enums.c @@ -203,6 +203,10 @@ fwupd_device_flag_to_string(FwupdDeviceFlags device_flag) return "affects-fde"; if (device_flag == FWUPD_DEVICE_FLAG_END_OF_LIFE) return "end-of-life"; + if (device_flag == FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD) + return "signed-payload"; + if (device_flag == FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD) + return "unsigned-payload"; if (device_flag == FWUPD_DEVICE_FLAG_UNKNOWN) return "unknown"; return NULL; @@ -316,6 +320,10 @@ fwupd_device_flag_from_string(const gchar *device_flag) return FWUPD_DEVICE_FLAG_AFFECTS_FDE; if (g_strcmp0(device_flag, "end-of-life") == 0) return FWUPD_DEVICE_FLAG_END_OF_LIFE; + if (g_strcmp0(device_flag, "signed-payload") == 0) + return FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD; + if (g_strcmp0(device_flag, "unsigned-payload") == 0) + return FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD; return FWUPD_DEVICE_FLAG_UNKNOWN; } diff --git a/libfwupd/fwupd-enums.h b/libfwupd/fwupd-enums.h index fa3b0ab36..b9d322fd8 100644 --- a/libfwupd/fwupd-enums.h +++ b/libfwupd/fwupd-enums.h @@ -504,6 +504,25 @@ typedef enum { * Since: 1.7.5 */ #define FWUPD_DEVICE_FLAG_END_OF_LIFE (1llu << 46) +/** + * FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD: + * + * The firmware payload is verified on-device the payload using strong cryptography such + * as RSA, AES or ECC. + * + * It is usually not possible to modify or flash custom firmware not provided by the vendor. + * + * Since: 1.7.6 + */ +#define FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD (1llu << 47) +/** + * FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD: + * + * The firmware payload is unsigned and it is possible to modify and flash custom firmware. + * + * Since: 1.7.6 + */ +#define FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD (1llu << 48) /** * FWUPD_DEVICE_FLAG_UNKNOWN: * diff --git a/libfwupdplugin/fu-device.c b/libfwupdplugin/fu-device.c index 345692ec1..4987ca8c4 100644 --- a/libfwupdplugin/fu-device.c +++ b/libfwupdplugin/fu-device.c @@ -2967,6 +2967,12 @@ fu_device_add_flag(FuDevice *self, FwupdDeviceFlags flag) if (flag & FWUPD_DEVICE_FLAG_IS_BOOTLOADER) fu_device_remove_flag(self, FWUPD_DEVICE_FLAG_NEEDS_BOOTLOADER); + /* being both a signed and unsigned is invalid */ + if (flag & FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD) + fu_device_remove_flag(self, FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); + if (flag & FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD) + fu_device_remove_flag(self, FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD); + /* one implies the other */ if (flag & FWUPD_DEVICE_FLAG_CAN_VERIFY_IMAGE) flag |= FWUPD_DEVICE_FLAG_CAN_VERIFY; diff --git a/plugins/analogix/fu-analogix-device.c b/plugins/analogix/fu-analogix-device.c index 82b836461..d78f87da3 100644 --- a/plugins/analogix/fu-analogix-device.c +++ b/plugins/analogix/fu-analogix-device.c @@ -410,6 +410,7 @@ fu_analogix_device_init(FuAnalogixDevice *self) fu_device_add_protocol(FU_DEVICE(self), "com.analogix.bb"); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_USABLE_DURING_UPDATE); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_set_version_format(FU_DEVICE(self), FWUPD_VERSION_FORMAT_PAIR); fu_device_set_firmware_gtype(FU_DEVICE(self), FU_TYPE_ANALOGIX_FIRMWARE); } diff --git a/plugins/bcm57xx/fu-bcm57xx-device.c b/plugins/bcm57xx/fu-bcm57xx-device.c index a69239abb..e08925e31 100644 --- a/plugins/bcm57xx/fu-bcm57xx-device.c +++ b/plugins/bcm57xx/fu-bcm57xx-device.c @@ -661,6 +661,7 @@ fu_bcm57xx_device_set_progress(FuDevice *self, FuProgress *progress) static void fu_bcm57xx_device_init(FuBcm57xxDevice *self) { + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_add_protocol(FU_DEVICE(self), "com.broadcom.bcm57xx"); fu_device_add_icon(FU_DEVICE(self), "network-wired"); diff --git a/plugins/bcm57xx/fu-bcm57xx-recovery-device.c b/plugins/bcm57xx/fu-bcm57xx-recovery-device.c index d2da77948..9b035460e 100644 --- a/plugins/bcm57xx/fu-bcm57xx-recovery-device.c +++ b/plugins/bcm57xx/fu-bcm57xx-recovery-device.c @@ -858,6 +858,7 @@ fu_bcm57xx_recovery_device_init(FuBcm57xxRecoveryDevice *self) fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_NEEDS_REBOOT); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_BACKUP_BEFORE_INSTALL); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_IGNORE_VALIDATION); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_add_protocol(FU_DEVICE(self), "com.broadcom.bcm57xx"); fu_device_add_icon(FU_DEVICE(self), "network-wired"); fu_device_set_logical_id(FU_DEVICE(self), "recovery"); diff --git a/plugins/colorhug/fu-colorhug-device.c b/plugins/colorhug/fu-colorhug-device.c index d9d93608d..15f471bf0 100644 --- a/plugins/colorhug/fu-colorhug-device.c +++ b/plugins/colorhug/fu-colorhug-device.c @@ -560,6 +560,7 @@ fu_colorhug_device_init(FuColorhugDevice *self) fu_device_add_protocol(FU_DEVICE(self), "com.hughski.colorhug"); fu_device_set_remove_delay(FU_DEVICE(self), FU_DEVICE_REMOVE_DELAY_RE_ENUMERATE); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_ADD_COUNTERPART_GUIDS); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_add_internal_flag(FU_DEVICE(self), FU_DEVICE_INTERNAL_FLAG_REPLUG_MATCH_GUID); fu_device_register_private_flag(FU_DEVICE(self), FU_COLORHUG_DEVICE_FLAG_HALFSIZE, diff --git a/plugins/dell-dock/fu-dell-dock-hub.c b/plugins/dell-dock/fu-dell-dock-hub.c index b5017dc4f..fd5881d4b 100644 --- a/plugins/dell-dock/fu-dell-dock-hub.c +++ b/plugins/dell-dock/fu-dell-dock-hub.c @@ -198,6 +198,7 @@ static void fu_dell_dock_hub_init(FuDellDockHub *self) { fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD); fu_device_retry_set_delay(FU_DEVICE(self), 1000); fu_device_register_private_flag(FU_DEVICE(self), FU_DELL_DOCK_HUB_FLAG_HAS_BRIDGE, diff --git a/plugins/dell-dock/fu-dell-dock-i2c-ec.c b/plugins/dell-dock/fu-dell-dock-i2c-ec.c index cb482bf62..30f37df78 100644 --- a/plugins/dell-dock/fu-dell-dock-i2c-ec.c +++ b/plugins/dell-dock/fu-dell-dock-i2c-ec.c @@ -1014,6 +1014,7 @@ fu_dell_dock_ec_init(FuDellDockEc *self) self->raw_versions = g_new0(FuDellDockDockPackageFWVersion, 1); fu_device_add_protocol(FU_DEVICE(self), "com.dell.dock"); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD); fu_device_add_internal_flag(FU_DEVICE(self), FU_DEVICE_INTERNAL_FLAG_INHIBIT_CHILDREN); } diff --git a/plugins/dell-dock/fu-dell-dock-i2c-mst.c b/plugins/dell-dock/fu-dell-dock-i2c-mst.c index e205eefa2..4f9cd23cc 100644 --- a/plugins/dell-dock/fu-dell-dock-i2c-mst.c +++ b/plugins/dell-dock/fu-dell-dock-i2c-mst.c @@ -1172,12 +1172,14 @@ fu_dell_dock_mst_probe(FuDevice *device, GError **error) self->mst_rc_command_addr = CAYENNE_MST_RC_COMMAND_ADDR; self->mst_rc_data_addr = CAYENNE_MST_RC_DATA_ADDR; self->mst_core_mcu_bootloader_addr = CAYENNE_MST_CORE_MCU_BOOTLOADER_STS; + fu_device_add_flag(device, FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD); return TRUE; case Panamera_mst: self->mst_rc_trigger_addr = PANAMERA_MST_RC_TRIGGER_ADDR; self->mst_rc_command_addr = PANAMERA_MST_RC_COMMAND_ADDR; self->mst_rc_data_addr = PANAMERA_MST_RC_DATA_ADDR; self->mst_core_mcu_bootloader_addr = PANAMERA_MST_CORE_MCU_BOOTLOADER_STS; + fu_device_add_flag(device, FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); return TRUE; case Unknown: default: diff --git a/plugins/dell-dock/fu-dell-dock-i2c-tbt.c b/plugins/dell-dock/fu-dell-dock-i2c-tbt.c index d763988e8..5c54fca2c 100644 --- a/plugins/dell-dock/fu-dell-dock-i2c-tbt.c +++ b/plugins/dell-dock/fu-dell-dock-i2c-tbt.c @@ -274,6 +274,7 @@ fu_dell_dock_tbt_init(FuDellDockTbt *self) { fu_device_add_protocol(FU_DEVICE(self), "com.intel.thunderbolt"); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD); } static void diff --git a/plugins/dell-dock/fu-dell-dock-usb-usb4.c b/plugins/dell-dock/fu-dell-dock-usb-usb4.c index 299ea8d55..46629ddaf 100644 --- a/plugins/dell-dock/fu-dell-dock-usb-usb4.c +++ b/plugins/dell-dock/fu-dell-dock-usb-usb4.c @@ -590,6 +590,7 @@ fu_dell_dock_usb4_init(FuDellDockUsb4 *self) fu_device_add_protocol(FU_DEVICE(self), "com.intel.thunderbolt"); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_USABLE_DURING_UPDATE); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD); fu_device_add_internal_flag(FU_DEVICE(self), FU_DEVICE_INTERNAL_FLAG_INHERIT_ACTIVATION); } diff --git a/plugins/ebitdo/fu-ebitdo-device.c b/plugins/ebitdo/fu-ebitdo-device.c index d43d61da4..a5613db16 100644 --- a/plugins/ebitdo/fu-ebitdo-device.c +++ b/plugins/ebitdo/fu-ebitdo-device.c @@ -672,6 +672,7 @@ fu_ebitdo_device_init(FuEbitdoDevice *self) { fu_device_add_protocol(FU_DEVICE(self), "com.8bitdo"); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_ADD_COUNTERPART_GUIDS); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_add_internal_flag(FU_DEVICE(self), FU_DEVICE_INTERNAL_FLAG_REPLUG_MATCH_GUID); fu_device_set_firmware_gtype(FU_DEVICE(self), FU_TYPE_EBITDO_FIRMWARE); } diff --git a/plugins/elanfp/fu-elanfp-device.c b/plugins/elanfp/fu-elanfp-device.c index f587d0be2..6845b18ee 100644 --- a/plugins/elanfp/fu-elanfp-device.c +++ b/plugins/elanfp/fu-elanfp-device.c @@ -380,6 +380,7 @@ fu_elanfp_device_init(FuElanfpDevice *device) fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_SELF_RECOVERY); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_USE_RUNTIME_VERSION); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD); fu_device_set_version_format(FU_DEVICE(self), FWUPD_VERSION_FORMAT_PLAIN); fu_device_set_remove_delay(FU_DEVICE(self), 5000); fu_device_add_protocol(FU_DEVICE(self), "tw.com.emc.elanfp"); diff --git a/plugins/ep963x/fu-ep963x-device.c b/plugins/ep963x/fu-ep963x-device.c index c2ac77bc3..e9501e550 100644 --- a/plugins/ep963x/fu-ep963x-device.c +++ b/plugins/ep963x/fu-ep963x-device.c @@ -360,6 +360,7 @@ static void fu_ep963x_device_init(FuEp963xDevice *self) { fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_add_protocol(FU_DEVICE(self), "tw.com.exploretech.ep963x"); fu_device_set_version_format(FU_DEVICE(self), FWUPD_VERSION_FORMAT_NUMBER); fu_device_set_remove_delay(FU_DEVICE(self), FU_DEVICE_REMOVE_DELAY_RE_ENUMERATE); diff --git a/plugins/genesys/fu-genesys-scaler-device.c b/plugins/genesys/fu-genesys-scaler-device.c index 98fa96702..a1d79c3df 100644 --- a/plugins/genesys/fu-genesys-scaler-device.c +++ b/plugins/genesys/fu-genesys-scaler-device.c @@ -1784,6 +1784,7 @@ fu_genesys_scaler_device_init(FuGenesysScalerDevice *self) fu_device_add_protocol(FU_DEVICE(self), "com.mstarsemi.scaler"); fu_device_retry_set_delay(FU_DEVICE(self), 10); /* ms */ fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_DUAL_IMAGE); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_register_private_flag(FU_DEVICE(self), FU_SCALER_FLAG_PAUSE_R2_CPU, "pause-r2-cpu"); diff --git a/plugins/genesys/fu-genesys-usbhub-device.c b/plugins/genesys/fu-genesys-usbhub-device.c index 31c59b87a..13a964af9 100644 --- a/plugins/genesys/fu-genesys-usbhub-device.c +++ b/plugins/genesys/fu-genesys-usbhub-device.c @@ -1330,6 +1330,7 @@ static void fu_genesys_usbhub_device_init(FuGenesysUsbhubDevice *self) { fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_add_protocol(FU_DEVICE(self), "com.genesys.usbhub"); fu_device_retry_set_delay(FU_DEVICE(self), 30); /* ms */ fu_device_set_remove_delay(FU_DEVICE(self), 5000); /* ms */ diff --git a/plugins/hailuck/fu-hailuck-kbd-device.c b/plugins/hailuck/fu-hailuck-kbd-device.c index 66fb3bd15..265027533 100644 --- a/plugins/hailuck/fu-hailuck-kbd-device.c +++ b/plugins/hailuck/fu-hailuck-kbd-device.c @@ -79,6 +79,7 @@ fu_hailuck_kbd_device_init(FuHailuckKbdDevice *self) fu_device_add_protocol(FU_DEVICE(self), "com.hailuck.kbd"); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_INTERNAL); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_add_internal_flag(FU_DEVICE(self), FU_DEVICE_INTERNAL_FLAG_REPLUG_MATCH_GUID); fu_device_add_icon(FU_DEVICE(self), "input-keyboard"); fu_hid_device_set_interface(FU_HID_DEVICE(self), 0x1); diff --git a/plugins/hailuck/fu-hailuck-tp-device.c b/plugins/hailuck/fu-hailuck-tp-device.c index f188161cb..4c49c9c66 100644 --- a/plugins/hailuck/fu-hailuck-tp-device.c +++ b/plugins/hailuck/fu-hailuck-tp-device.c @@ -231,6 +231,7 @@ fu_hailuck_tp_device_init(FuHailuckTpDevice *self) fu_device_set_name(FU_DEVICE(self), "Touchpad"); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_INTERNAL); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_add_internal_flag(FU_DEVICE(self), FU_DEVICE_INTERNAL_FLAG_USE_PARENT_FOR_OPEN); fu_device_add_icon(FU_DEVICE(self), "input-touchpad"); fu_device_set_remove_delay(FU_DEVICE(self), FU_DEVICE_REMOVE_DELAY_RE_ENUMERATE); diff --git a/plugins/logitech-hidpp/fu-logitech-hidpp-device.c b/plugins/logitech-hidpp/fu-logitech-hidpp-device.c index 605b2d2a2..ddac4e074 100644 --- a/plugins/logitech-hidpp/fu-logitech-hidpp-device.c +++ b/plugins/logitech-hidpp/fu-logitech-hidpp-device.c @@ -833,6 +833,7 @@ fu_logitech_hidpp_device_setup(FuDevice *device, GError **error) } idx = fu_logitech_hidpp_device_feature_get_idx(self, HIDPP_FEATURE_DFU_CONTROL); if (idx != 0x00) { + fu_device_add_flag(FU_DEVICE(device), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_remove_flag(FU_DEVICE(device), FWUPD_DEVICE_FLAG_IS_BOOTLOADER); fu_device_add_protocol(FU_DEVICE(self), "com.logitech.unifying"); } @@ -858,6 +859,7 @@ fu_logitech_hidpp_device_setup(FuDevice *device, GError **error) fu_device_remove_flag(FU_DEVICE(device), FWUPD_DEVICE_FLAG_IS_BOOTLOADER); } fu_device_add_protocol(FU_DEVICE(device), "com.logitech.unifyingsigned"); + fu_device_add_flag(FU_DEVICE(device), FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD); } idx = fu_logitech_hidpp_device_feature_get_idx(self, HIDPP_FEATURE_DFU); if (idx != 0x00) { diff --git a/plugins/logitech-hidpp/fu-logitech-hidpp-runtime-unifying.c b/plugins/logitech-hidpp/fu-logitech-hidpp-runtime-unifying.c index 83602e63e..d3c5166c4 100644 --- a/plugins/logitech-hidpp/fu-logitech-hidpp-runtime-unifying.c +++ b/plugins/logitech-hidpp/fu-logitech-hidpp-runtime-unifying.c @@ -113,12 +113,14 @@ fu_logitech_hidpp_runtime_unifying_setup_internal(FuDevice *device, GError **err config[8] >= 0x04) || (fu_logitech_hidpp_runtime_get_version_bl_major(self) == 0x03 && config[8] >= 0x02)) { - fu_logitech_hidpp_runtime_set_signed_firmware(self, TRUE); + fu_device_add_flag(device, FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD); fu_device_add_protocol(device, "com.logitech.unifyingsigned"); } } - if (!fu_logitech_hidpp_runtime_get_signed_firmware(self)) + if (!fu_device_has_flag(device, FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD)) { + fu_device_add_flag(device, FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_add_protocol(device, "com.logitech.unifying"); + } /* enable HID++ notifications */ if (!fu_logitech_hidpp_runtime_enable_notifications(self, error)) { diff --git a/plugins/logitech-hidpp/fu-logitech-hidpp-runtime.c b/plugins/logitech-hidpp/fu-logitech-hidpp-runtime.c index b9e5e355c..d80f2f08c 100644 --- a/plugins/logitech-hidpp/fu-logitech-hidpp-runtime.c +++ b/plugins/logitech-hidpp/fu-logitech-hidpp-runtime.c @@ -14,7 +14,6 @@ typedef struct { guint8 version_bl_major; - gboolean signed_firmware; FuIOChannel *io_channel; } FuLogitechHidPpRuntimePrivate; @@ -22,25 +21,6 @@ G_DEFINE_TYPE_WITH_PRIVATE(FuLogitechHidPpRuntime, fu_logitech_hidpp_runtime, FU #define GET_PRIVATE(o) (fu_logitech_hidpp_runtime_get_instance_private(o)) -gboolean -fu_logitech_hidpp_runtime_get_signed_firmware(FuLogitechHidPpRuntime *self) -{ - FuLogitechHidPpRuntimePrivate *priv; - g_return_val_if_fail(FU_IS_HIDPP_RUNTIME(self), FALSE); - priv = GET_PRIVATE(self); - return priv->signed_firmware; -} - -void -fu_logitech_hidpp_runtime_set_signed_firmware(FuLogitechHidPpRuntime *self, - gboolean signed_firmware) -{ - FuLogitechHidPpRuntimePrivate *priv; - g_return_if_fail(FU_IS_HIDPP_RUNTIME(self)); - priv = GET_PRIVATE(self); - priv->signed_firmware = signed_firmware; -} - FuIOChannel * fu_logitech_hidpp_runtime_get_io_channel(FuLogitechHidPpRuntime *self) { @@ -81,11 +61,7 @@ fu_logitech_hidpp_runtime_set_version_bl_major(FuLogitechHidPpRuntime *self, static void fu_logitech_hidpp_runtime_to_string(FuDevice *device, guint idt, GString *str) { - FuLogitechHidPpRuntime *self = FU_HIDPP_RUNTIME(device); - FuLogitechHidPpRuntimePrivate *priv = GET_PRIVATE(self); - FU_DEVICE_CLASS(fu_logitech_hidpp_runtime_parent_class)->to_string(device, idt, str); - fu_common_string_append_kb(str, idt, "SignedFirmware", priv->signed_firmware); } gboolean diff --git a/plugins/logitech-hidpp/fu-logitech-hidpp-runtime.h b/plugins/logitech-hidpp/fu-logitech-hidpp-runtime.h index b23b33753..02a33246d 100644 --- a/plugins/logitech-hidpp/fu-logitech-hidpp-runtime.h +++ b/plugins/logitech-hidpp/fu-logitech-hidpp-runtime.h @@ -21,11 +21,6 @@ struct _FuLogitechHidPpRuntimeClass { gboolean fu_logitech_hidpp_runtime_enable_notifications(FuLogitechHidPpRuntime *self, GError **error); -gboolean -fu_logitech_hidpp_runtime_get_signed_firmware(FuLogitechHidPpRuntime *self); -void -fu_logitech_hidpp_runtime_set_signed_firmware(FuLogitechHidPpRuntime *self, - gboolean signed_firmware); FuIOChannel * fu_logitech_hidpp_runtime_get_io_channel(FuLogitechHidPpRuntime *self); void diff --git a/plugins/parade-lspcon/fu-parade-lspcon-device.c b/plugins/parade-lspcon/fu-parade-lspcon-device.c index a158d7f56..772dedac6 100644 --- a/plugins/parade-lspcon/fu-parade-lspcon-device.c +++ b/plugins/parade-lspcon/fu-parade-lspcon-device.c @@ -85,6 +85,7 @@ fu_parade_lspcon_device_init(FuParadeLspconDevice *self) fu_device_add_flag(device, FWUPD_DEVICE_FLAG_UPDATABLE); fu_device_add_flag(device, FWUPD_DEVICE_FLAG_DUAL_IMAGE); fu_device_add_flag(device, FWUPD_DEVICE_FLAG_CAN_VERIFY); + fu_device_add_flag(device, FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_set_firmware_size(device, 0x10000); fu_device_set_version_format(device, FWUPD_VERSION_FORMAT_PAIR); } diff --git a/plugins/pixart-rf/fu-pxi-ble-device.c b/plugins/pixart-rf/fu-pxi-ble-device.c index ecf5bb35c..3f3281e4a 100644 --- a/plugins/pixart-rf/fu-pxi-ble-device.c +++ b/plugins/pixart-rf/fu-pxi-ble-device.c @@ -893,6 +893,7 @@ static void fu_pxi_ble_device_init(FuPxiBleDevice *self) { fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_set_version_format(FU_DEVICE(self), FWUPD_VERSION_FORMAT_TRIPLET); fu_device_add_vendor_id(FU_DEVICE(self), "USB:0x093A"); fu_device_add_protocol(FU_DEVICE(self), "com.pixart.rf"); diff --git a/plugins/pixart-rf/fu-pxi-receiver-device.c b/plugins/pixart-rf/fu-pxi-receiver-device.c index e0a3fede4..cc6205dfc 100644 --- a/plugins/pixart-rf/fu-pxi-receiver-device.c +++ b/plugins/pixart-rf/fu-pxi-receiver-device.c @@ -859,6 +859,7 @@ static void fu_pxi_receiver_device_init(FuPxiReceiverDevice *self) { fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_set_version_format(FU_DEVICE(self), FWUPD_VERSION_FORMAT_TRIPLET); fu_device_add_vendor_id(FU_DEVICE(self), "USB:0x093A"); fu_device_add_protocol(FU_DEVICE(self), "com.pixart.rf"); diff --git a/plugins/pixart-rf/fu-pxi-wireless-device.c b/plugins/pixart-rf/fu-pxi-wireless-device.c index 53bf77c3a..ab043b617 100644 --- a/plugins/pixart-rf/fu-pxi-wireless-device.c +++ b/plugins/pixart-rf/fu-pxi-wireless-device.c @@ -643,6 +643,7 @@ static void fu_pxi_wireless_device_init(FuPxiWirelessDevice *self) { fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_add_internal_flag(FU_DEVICE(self), FU_DEVICE_INTERNAL_FLAG_USE_PARENT_FOR_OPEN); fu_device_set_version_format(FU_DEVICE(self), FWUPD_VERSION_FORMAT_TRIPLET); fu_device_add_vendor_id(FU_DEVICE(self), "USB:0x093A"); diff --git a/plugins/realtek-mst/fu-realtek-mst-device.c b/plugins/realtek-mst/fu-realtek-mst-device.c index eb139ed19..5c4185eac 100644 --- a/plugins/realtek-mst/fu-realtek-mst-device.c +++ b/plugins/realtek-mst/fu-realtek-mst-device.c @@ -945,6 +945,7 @@ fu_realtek_mst_device_init(FuRealtekMstDevice *self) fu_device_set_version_format(FU_DEVICE(self), FWUPD_VERSION_FORMAT_PAIR); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_CAN_VERIFY_IMAGE); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_add_protocol(FU_DEVICE(self), "com.realtek.rtd2142"); fu_device_set_vendor(FU_DEVICE(self), "Realtek"); fu_device_add_vendor_id(FU_DEVICE(self), "PCI:0x10EC"); diff --git a/plugins/superio/superio.quirk b/plugins/superio/superio.quirk index 00cc1a09a..e95a23a52 100644 --- a/plugins/superio/superio.quirk +++ b/plugins/superio/superio.quirk @@ -19,6 +19,7 @@ SuperioGType = FuSuperioIt89Device SuperioId = 0x8987 SuperioPort = 0x4e InstallDuration = 20 +Flags = unsigned-payload # Star LabTop Mk IV (HwId) [baf1d04e-fd16-5e6a-93cc-1c23d171f879] @@ -35,6 +36,7 @@ SuperioGType = FuSuperioIt89Device SuperioId = 0x5570 SuperioPort = 0x4e InstallDuration = 20 +Flags = signed-payload # Star Lite Mk II (HwId) [013b60e5-1023-5bee-8ae5-14cae21377b7] @@ -43,6 +45,7 @@ SuperioGType = FuSuperioIt89Device SuperioId = 0x8987 SuperioPort = 0x4e InstallDuration = 20 +Flags = unsigned-payload # Star Lite Mk III (HwId) [d5521faa-c50b-5d64-971d-8fd400030c51] @@ -51,6 +54,7 @@ SuperioGType = FuSuperioIt89Device SuperioId = 0x8987 SuperioPort = 0x4e InstallDuration = 20 +Flags = signed-payload # Tuxedo InifinityBook S14 Gen6 [6c80d85b-d0b6-5ee2-99d4-ec28dd32febd] diff --git a/plugins/synaptics-cape/fu-synaptics-cape-device.c b/plugins/synaptics-cape/fu-synaptics-cape-device.c index 5ce24921e..884aac15f 100644 --- a/plugins/synaptics-cape/fu-synaptics-cape-device.c +++ b/plugins/synaptics-cape/fu-synaptics-cape-device.c @@ -768,6 +768,7 @@ fu_synaptics_cape_device_init(FuSynapticsCapeDevice *self) { fu_device_add_icon(FU_DEVICE(self), "audio-card"); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_set_version_format(FU_DEVICE(self), FWUPD_VERSION_FORMAT_QUAD); fu_device_set_install_duration(FU_DEVICE(self), 3); /* seconds */ fu_device_add_protocol(FU_DEVICE(self), "com.synaptics.cape"); diff --git a/plugins/synaptics-cxaudio/fu-synaptics-cxaudio-device.c b/plugins/synaptics-cxaudio/fu-synaptics-cxaudio-device.c index 4e2b38f05..65ef797d1 100644 --- a/plugins/synaptics-cxaudio/fu-synaptics-cxaudio-device.c +++ b/plugins/synaptics-cxaudio/fu-synaptics-cxaudio-device.c @@ -856,6 +856,7 @@ fu_synaptics_cxaudio_device_init(FuSynapticsCxaudioDevice *self) self->sw_reset_supported = TRUE; fu_device_add_icon(FU_DEVICE(self), "audio-card"); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_set_version_format(FU_DEVICE(self), FWUPD_VERSION_FORMAT_PLAIN); fu_device_set_install_duration(FU_DEVICE(self), 3); /* seconds */ fu_device_add_protocol(FU_DEVICE(self), "com.synaptics.cxaudio"); diff --git a/plugins/synaptics-mst/fu-synaptics-mst-device.c b/plugins/synaptics-mst/fu-synaptics-mst-device.c index df04b08b8..232e6dad5 100644 --- a/plugins/synaptics-mst/fu-synaptics-mst-device.c +++ b/plugins/synaptics-mst/fu-synaptics-mst-device.c @@ -1351,6 +1351,22 @@ fu_synaptics_mst_device_rescan(FuDevice *device, GError **error) } self->family = fu_synaptics_mst_family_from_chip_id(self->chip_id); + /* VMM >= 6 use RSA2048 */ + switch (self->family) { + case FU_SYNAPTICS_MST_FAMILY_TESLA: + case FU_SYNAPTICS_MST_FAMILY_LEAF: + case FU_SYNAPTICS_MST_FAMILY_PANAMERA: + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); + break; + case FU_SYNAPTICS_MST_FAMILY_CAYENNE: + case FU_SYNAPTICS_MST_FAMILY_SPYDER: + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD); + break; + default: + g_warning("family 0x%02x does not indicate unsigned/signed payload", self->family); + break; + } + /* check the active bank for debugging */ if (self->family == FU_SYNAPTICS_MST_FAMILY_PANAMERA) { if (!fu_synaptics_mst_device_get_active_bank_panamera(self, error)) diff --git a/plugins/synaptics-prometheus/fu-synaprom-config.c b/plugins/synaptics-prometheus/fu-synaprom-config.c index 1af88c1e8..19fd3fb4b 100644 --- a/plugins/synaptics-prometheus/fu-synaprom-config.c +++ b/plugins/synaptics-prometheus/fu-synaprom-config.c @@ -241,6 +241,7 @@ fu_synaprom_config_init(FuSynapromConfig *self) fu_device_add_protocol(FU_DEVICE(self), "com.synaptics.prometheus.config"); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_ONLY_VERSION_UPGRADE); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD); fu_device_add_internal_flag(FU_DEVICE(self), FU_DEVICE_INTERNAL_FLAG_USE_PARENT_FOR_OPEN); fu_device_set_version_format(FU_DEVICE(self), FWUPD_VERSION_FORMAT_PLAIN); fu_device_set_logical_id(FU_DEVICE(self), "cfg"); diff --git a/plugins/synaptics-prometheus/fu-synaprom-device.c b/plugins/synaptics-prometheus/fu-synaprom-device.c index 4d2d795b0..ce0394629 100644 --- a/plugins/synaptics-prometheus/fu-synaprom-device.c +++ b/plugins/synaptics-prometheus/fu-synaprom-device.c @@ -508,6 +508,7 @@ fu_synaprom_device_init(FuSynapromDevice *self) { fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_CAN_VERIFY); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD); fu_device_add_internal_flag(FU_DEVICE(self), FU_DEVICE_INTERNAL_FLAG_RETRY_OPEN); fu_device_set_version_format(FU_DEVICE(self), FWUPD_VERSION_FORMAT_TRIPLET); fu_device_add_protocol(FU_DEVICE(self), "com.synaptics.prometheus"); diff --git a/plugins/synaptics-rmi/fu-synaptics-rmi-device.c b/plugins/synaptics-rmi/fu-synaptics-rmi-device.c index e6a8c23da..efbb16d26 100644 --- a/plugins/synaptics-rmi/fu-synaptics-rmi-device.c +++ b/plugins/synaptics-rmi/fu-synaptics-rmi-device.c @@ -853,6 +853,7 @@ fu_synaptics_rmi_device_init(FuSynapticsRmiDevice *self) FuSynapticsRmiDevicePrivate *priv = GET_PRIVATE(self); fu_device_add_protocol(FU_DEVICE(self), "com.synaptics.rmi"); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_set_version_format(FU_DEVICE(self), FWUPD_VERSION_FORMAT_TRIPLET); priv->current_page = 0xfe; priv->functions = g_ptr_array_new_with_free_func(g_free); diff --git a/plugins/synaptics-rmi/fu-synaptics-rmi-v5-device.c b/plugins/synaptics-rmi/fu-synaptics-rmi-v5-device.c index 60d713f89..1e67be8e3 100644 --- a/plugins/synaptics-rmi/fu-synaptics-rmi-v5-device.c +++ b/plugins/synaptics-rmi/fu-synaptics-rmi-v5-device.c @@ -522,6 +522,7 @@ fu_synaptics_rmi_v5_device_setup(FuSynapticsRmiDevice *self, GError **error) return FALSE; } fu_synaptics_rmi_device_set_sig_size(self, sig_size); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD); } else { fu_synaptics_rmi_device_set_sig_size(self, 0); } diff --git a/plugins/system76-launch/fu-system76-launch-device.c b/plugins/system76-launch/fu-system76-launch-device.c index dab570ae9..57fd4b7a4 100644 --- a/plugins/system76-launch/fu-system76-launch-device.c +++ b/plugins/system76-launch/fu-system76-launch-device.c @@ -188,6 +188,7 @@ fu_system76_launch_device_init(FuSystem76LaunchDevice *self) fu_device_set_remove_delay(FU_DEVICE(self), FU_DEVICE_REMOVE_DELAY_RE_ENUMERATE); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_ADD_COUNTERPART_GUIDS); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_add_internal_flag(FU_DEVICE(self), FU_DEVICE_INTERNAL_FLAG_REPLUG_MATCH_GUID); fu_device_set_version_format(FU_DEVICE(self), FWUPD_VERSION_FORMAT_PLAIN); fu_device_add_protocol(FU_DEVICE(self), "org.usb.dfu"); diff --git a/plugins/thelio-io/fu-thelio-io-device.c b/plugins/thelio-io/fu-thelio-io-device.c index a8f19422e..642fe54bf 100644 --- a/plugins/thelio-io/fu-thelio-io-device.c +++ b/plugins/thelio-io/fu-thelio-io-device.c @@ -112,6 +112,7 @@ static void fu_thelio_io_device_init(FuThelioIoDevice *self) { fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_add_internal_flag(FU_DEVICE(self), FU_DEVICE_INTERNAL_FLAG_REPLUG_MATCH_GUID); fu_device_set_remove_delay(FU_DEVICE(self), FU_DEVICE_REMOVE_DELAY_RE_ENUMERATE); fu_device_set_version_format(FU_DEVICE(self), FWUPD_VERSION_FORMAT_TRIPLET); diff --git a/plugins/thunderbolt/fu-thunderbolt-device.c b/plugins/thunderbolt/fu-thunderbolt-device.c index 03b6f36d5..2143b993b 100644 --- a/plugins/thunderbolt/fu-thunderbolt-device.c +++ b/plugins/thunderbolt/fu-thunderbolt-device.c @@ -444,6 +444,28 @@ fu_thunderbolt_device_write_firmware(FuDevice *device, return TRUE; } +static gboolean +fu_thunderbolt_device_probe(FuDevice *device, GError **error) +{ + g_autoptr(FuUdevDevice) udev_parent = NULL; + + /* FuUdevDevice->probe */ + if (!FU_DEVICE_CLASS(fu_thunderbolt_device_parent_class)->probe(device, error)) + return FALSE; + + /* if the PCI ID is Intel then it's signed, no idea otherwise */ + udev_parent = fu_udev_device_get_parent_with_subsystem(FU_UDEV_DEVICE(device), "pci"); + if (udev_parent != NULL) { + if (!fu_device_probe(FU_DEVICE(udev_parent), error)) + return FALSE; + if (fu_udev_device_get_vendor(udev_parent) == 0x8086) + fu_device_add_flag(device, FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD); + } + + /* success */ + return TRUE; +} + static void fu_thunderbolt_device_set_progress(FuDevice *self, FuProgress *progress) { @@ -471,6 +493,7 @@ fu_thunderbolt_device_class_init(FuThunderboltDeviceClass *klass) FuDeviceClass *klass_device = FU_DEVICE_CLASS(klass); klass_device->activate = fu_thunderbolt_device_activate; klass_device->to_string = fu_thunderbolt_device_to_string; + klass_device->probe = fu_thunderbolt_device_probe; klass_device->prepare_firmware = fu_thunderbolt_device_prepare_firmware; klass_device->write_firmware = fu_thunderbolt_device_write_firmware; klass_device->attach = fu_thunderbolt_device_attach; diff --git a/plugins/uefi-dbx/fu-uefi-dbx-device.c b/plugins/uefi-dbx/fu-uefi-dbx-device.c index 46fa7fe85..696466b28 100644 --- a/plugins/uefi-dbx/fu-uefi-dbx-device.c +++ b/plugins/uefi-dbx/fu-uefi-dbx-device.c @@ -154,6 +154,7 @@ fu_uefi_dbx_device_init(FuUefiDbxDevice *self) fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_INTERNAL); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_NEEDS_REBOOT); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_ONLY_VERSION_UPGRADE); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD); fu_device_add_parent_guid(FU_DEVICE(self), "main-system-firmware"); if (!fu_common_is_live_media()) fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); diff --git a/plugins/uf2/fu-uf2-device.c b/plugins/uf2/fu-uf2-device.c index b970f87dc..8605f3bef 100644 --- a/plugins/uf2/fu-uf2-device.c +++ b/plugins/uf2/fu-uf2-device.c @@ -406,6 +406,7 @@ static void fu_uf2_device_init(FuUf2Device *self) { fu_device_add_protocol(FU_DEVICE(self), "com.microsoft.uf2"); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); } static void diff --git a/plugins/vli/fu-vli-common.c b/plugins/vli/fu-vli-common.c index e6021fb44..648f145e8 100644 --- a/plugins/vli/fu-vli-common.c +++ b/plugins/vli/fu-vli-common.c @@ -76,6 +76,12 @@ fu_vli_common_device_kind_to_string(FuVliDeviceKind device_kind) return "PS186"; if (device_kind == FU_VLI_DEVICE_KIND_RTD21XX) return "RTD21XX"; + if (device_kind == FU_VLI_DEVICE_KIND_VL107) + return "VL107"; + if (device_kind == FU_VLI_DEVICE_KIND_VL650) + return "VL650"; + if (device_kind == FU_VLI_DEVICE_KIND_VL830) + return "VL830"; return NULL; } @@ -146,6 +152,12 @@ fu_vli_common_device_kind_from_string(const gchar *device_kind) return FU_VLI_DEVICE_KIND_PS186; if (g_strcmp0(device_kind, "RTD21XX") == 0) return FU_VLI_DEVICE_KIND_RTD21XX; + if (g_strcmp0(device_kind, "VL107") == 0) + return FU_VLI_DEVICE_KIND_VL107; + if (g_strcmp0(device_kind, "VL650") == 0) + return FU_VLI_DEVICE_KIND_VL650; + if (g_strcmp0(device_kind, "VL830") == 0) + return FU_VLI_DEVICE_KIND_VL830; return FU_VLI_DEVICE_KIND_UNKNOWN; } @@ -210,6 +222,12 @@ fu_vli_common_device_kind_get_size(FuVliDeviceKind device_kind) return 0x20000 * 2; if (device_kind == FU_VLI_DEVICE_KIND_PS186) return 0x40000; + if (device_kind == FU_VLI_DEVICE_KIND_VL107) + return 0x80000; + if (device_kind == FU_VLI_DEVICE_KIND_VL650) + return 0x40000; + if (device_kind == FU_VLI_DEVICE_KIND_VL830) + return 0x100000; return 0x0; } diff --git a/plugins/vli/fu-vli-common.h b/plugins/vli/fu-vli-common.h index 9b382e7c0..2cfa9d3e1 100644 --- a/plugins/vli/fu-vli-common.h +++ b/plugins/vli/fu-vli-common.h @@ -17,10 +17,12 @@ typedef enum { FU_VLI_DEVICE_KIND_VL103 = 0x0103, FU_VLI_DEVICE_KIND_VL104 = 0x0104, FU_VLI_DEVICE_KIND_VL105 = 0x0105, + FU_VLI_DEVICE_KIND_VL107 = 0x0107, FU_VLI_DEVICE_KIND_VL120 = 0x0120, FU_VLI_DEVICE_KIND_VL210 = 0x0210, FU_VLI_DEVICE_KIND_VL211 = 0x0211, FU_VLI_DEVICE_KIND_VL212 = 0x0212, + FU_VLI_DEVICE_KIND_VL650 = 0x0650, FU_VLI_DEVICE_KIND_VL810 = 0x0810, FU_VLI_DEVICE_KIND_VL811 = 0x0811, FU_VLI_DEVICE_KIND_VL811PB0 = 0x8110, @@ -40,6 +42,7 @@ typedef enum { FU_VLI_DEVICE_KIND_VL822Q5 = 0x0822, /* guessed */ FU_VLI_DEVICE_KIND_VL822Q7 = 0xa822, /* guessed */ FU_VLI_DEVICE_KIND_VL822Q8 = 0xb822, /* guessed */ + FU_VLI_DEVICE_KIND_VL830 = 0x0830, FU_VLI_DEVICE_KIND_MSP430 = 0xf430, /* guessed */ FU_VLI_DEVICE_KIND_PS186 = 0xf186, /* guessed */ FU_VLI_DEVICE_KIND_RTD21XX = 0xff00, /* guessed */ diff --git a/plugins/vli/fu-vli-device.c b/plugins/vli/fu-vli-device.c index 39aacf40c..c684b9416 100644 --- a/plugins/vli/fu-vli-device.c +++ b/plugins/vli/fu-vli-device.c @@ -426,6 +426,54 @@ fu_vli_device_set_kind(FuVliDevice *self, FuVliDeviceKind device_kind) g_object_notify(G_OBJECT(self), "kind"); } + /* newer chips use SHA-256 and ECDSA-256 */ + switch (device_kind) { + case FU_VLI_DEVICE_KIND_MSP430: + case FU_VLI_DEVICE_KIND_PS186: + case FU_VLI_DEVICE_KIND_RTD21XX: + case FU_VLI_DEVICE_KIND_VL100: + case FU_VLI_DEVICE_KIND_VL101: + case FU_VLI_DEVICE_KIND_VL102: + case FU_VLI_DEVICE_KIND_VL103: + case FU_VLI_DEVICE_KIND_VL104: + case FU_VLI_DEVICE_KIND_VL105: + case FU_VLI_DEVICE_KIND_VL120: + case FU_VLI_DEVICE_KIND_VL210: + case FU_VLI_DEVICE_KIND_VL211: + case FU_VLI_DEVICE_KIND_VL212: + case FU_VLI_DEVICE_KIND_VL810: + case FU_VLI_DEVICE_KIND_VL811: + case FU_VLI_DEVICE_KIND_VL811PB0: + case FU_VLI_DEVICE_KIND_VL811PB3: + case FU_VLI_DEVICE_KIND_VL812B0: + case FU_VLI_DEVICE_KIND_VL812B3: + case FU_VLI_DEVICE_KIND_VL812Q4S: + case FU_VLI_DEVICE_KIND_VL813: + case FU_VLI_DEVICE_KIND_VL815: + case FU_VLI_DEVICE_KIND_VL817: + case FU_VLI_DEVICE_KIND_VL819Q7: + case FU_VLI_DEVICE_KIND_VL819Q8: + case FU_VLI_DEVICE_KIND_VL820Q7: + case FU_VLI_DEVICE_KIND_VL820Q8: + case FU_VLI_DEVICE_KIND_VL821Q7: + case FU_VLI_DEVICE_KIND_VL821Q8: + case FU_VLI_DEVICE_KIND_VL822Q5: + case FU_VLI_DEVICE_KIND_VL822Q7: + case FU_VLI_DEVICE_KIND_VL822Q8: + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); + break; + case FU_VLI_DEVICE_KIND_VL107: + case FU_VLI_DEVICE_KIND_VL650: + case FU_VLI_DEVICE_KIND_VL830: + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD); + break; + default: + g_warning("device kind %s [0x%02x] does not indicate unsigned/signed payload", + fu_vli_common_device_kind_to_string(device_kind), + device_kind); + break; + } + /* set maximum firmware size */ sz = fu_vli_common_device_kind_get_size(device_kind); if (sz > 0x0) diff --git a/plugins/wacom-raw/fu-wacom-device.c b/plugins/wacom-raw/fu-wacom-device.c index 6e86b4e4d..ce54c70b2 100644 --- a/plugins/wacom-raw/fu-wacom-device.c +++ b/plugins/wacom-raw/fu-wacom-device.c @@ -356,6 +356,7 @@ fu_wacom_device_init(FuWacomDevice *self) fu_device_add_protocol(FU_DEVICE(self), "com.wacom.raw"); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_INTERNAL); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_add_internal_flag(FU_DEVICE(self), FU_DEVICE_INTERNAL_FLAG_REPLUG_MATCH_GUID); fu_device_set_version_format(FU_DEVICE(self), FWUPD_VERSION_FORMAT_PAIR); fu_device_set_firmware_gtype(FU_DEVICE(self), FU_TYPE_IHEX_FIRMWARE); diff --git a/plugins/wacom-usb/fu-wac-device.c b/plugins/wacom-usb/fu-wac-device.c index 1e7993d83..e163a372e 100644 --- a/plugins/wacom-usb/fu-wac-device.c +++ b/plugins/wacom-usb/fu-wac-device.c @@ -908,6 +908,7 @@ fu_wac_device_init(FuWacDevice *self) fu_device_add_protocol(FU_DEVICE(self), "com.wacom.usb"); fu_device_add_icon(FU_DEVICE(self), "input-tablet"); fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UPDATABLE); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_set_version_format(FU_DEVICE(self), FWUPD_VERSION_FORMAT_BCD); fu_device_set_install_duration(FU_DEVICE(self), 10); fu_device_set_remove_delay(FU_DEVICE(self), FU_DEVICE_REMOVE_DELAY_RE_ENUMERATE); diff --git a/plugins/wacom-usb/fu-wac-module.c b/plugins/wacom-usb/fu-wac-module.c index b98bc6931..11711e1e0 100644 --- a/plugins/wacom-usb/fu-wac-module.c +++ b/plugins/wacom-usb/fu-wac-module.c @@ -313,6 +313,7 @@ static void fu_wac_module_init(FuWacModule *self) { fu_device_add_protocol(FU_DEVICE(self), "com.wacom.usb"); + fu_device_add_flag(FU_DEVICE(self), FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); fu_device_set_version_format(FU_DEVICE(self), FWUPD_VERSION_FORMAT_BCD); fu_device_set_remove_delay(FU_DEVICE(self), FU_DEVICE_REMOVE_DELAY_RE_ENUMERATE); } diff --git a/src/fu-device-list.c b/src/fu-device-list.c index 2bb81c2b2..85e5ca994 100644 --- a/src/fu-device-list.c +++ b/src/fu-device-list.c @@ -657,6 +657,12 @@ fu_device_list_replace(FuDeviceList *self, FuDeviceItem *item, FuDevice *device) fu_device_add_flag(device, FWUPD_DEVICE_FLAG_ANOTHER_WRITE_REQUIRED); } + /* seems like a sane assumption if we've tagged the runtime mode as signed */ + if (fu_device_has_flag(item->device, FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD)) + fu_device_add_flag(device, FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD); + if (fu_device_has_flag(item->device, FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD)) + fu_device_add_flag(device, FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD); + /* device won't come back in right mode */ if (fu_device_has_flag(item->device, FWUPD_DEVICE_FLAG_WILL_DISAPPEAR)) { g_debug("copying will-disappear to new device"); diff --git a/src/fu-util-common.c b/src/fu-util-common.c index dcea77110..137be783c 100644 --- a/src/fu-util-common.c +++ b/src/fu-util-common.c @@ -1257,6 +1257,14 @@ fu_util_device_flag_to_string(guint64 device_flag) /* TRANSLATORS: the vendor is no longer supporting the device */ return _("End of life"); } + if (device_flag == FWUPD_DEVICE_FLAG_SIGNED_PAYLOAD) { + /* TRANSLATORS: firmware is verified on-device the payload using strong crypto */ + return _("Signed Payload"); + } + if (device_flag == FWUPD_DEVICE_FLAG_UNSIGNED_PAYLOAD) { + /* TRANSLATORS: firmware payload is unsigned and it is possible to modify it */ + return _("Unsigned Payload"); + } if (device_flag == FWUPD_DEVICE_FLAG_SKIPS_RESTART) { /* skip */ return NULL;