Set the target value on the security attribute

Semantically it is the desire of the security attribute, not the bios
attribute, i.e. you could imagine that a specific attribute would have
to be *foo or bar or baz* for HSI-1 and *only foo* for HSI-2

Also make it easier to add possible BIOS attribute target values in
plugin code.

libfwupd/fwupd-bios-attr.c

@@ -27,7 +27,6 @@ typedef struct {
 	gchar *description;
 	gchar *path;
 	gchar *current_value;
-	gchar *preferred_value;
 	guint64 lower_bound;
 	guint64 upper_bound;
 	guint64 scalar_increment;
@@ -451,47 +450,6 @@ fwupd_bios_attr_get_description(FwupdBiosAttr *self)
 	return priv->description;
 }
 
-/**
- * fwupd_bios_attr_get_preferred_value:
- * @self: a #FwupdBiosAttr
- *
- * Gets the value that when written to an attribute would activate it or satisfy
- * a security requirement.
- *
- * Returns: the preferred value of the attribute.
- *
- * Since: 1.8.4
- **/
-const gchar *
-fwupd_bios_attr_get_preferred_value(FwupdBiosAttr *self)
-{
-	FwupdBiosAttrPrivate *priv = GET_PRIVATE(self);
-	g_return_val_if_fail(FWUPD_IS_BIOS_ATTR(self), NULL);
-	return priv->preferred_value;
-}
-
-/**
- * fwupd_bios_attr_set_preferred_value:
- * @self: a #FwupdBiosAttr
- * @value: The string to set preferred value to
- *
- * Sets the string used for the preferred value of an attribute.
- *
- * Since: 1.8.4
- **/
-void
-fwupd_bios_attr_set_preferred_value(FwupdBiosAttr *self, const gchar *value)
-{
-	FwupdBiosAttrPrivate *priv = GET_PRIVATE(self);
-
-	/* not changed */
-	if (g_strcmp0(priv->preferred_value, value) == 0)
-		return;
-
-	g_free(priv->preferred_value);
-	priv->preferred_value = g_strdup(value);
-}
-
 /**
  * fwupd_bios_attr_get_current_value:
  * @self: a #FwupdBiosAttr
@@ -582,12 +540,6 @@ fwupd_bios_attr_to_variant(FwupdBiosAttr *self)
 				      FWUPD_RESULT_KEY_DESCRIPTION,
 				      g_variant_new_string(priv->description));
 	}
-	if (priv->preferred_value != NULL) {
-		g_variant_builder_add(&builder,
-				      "{sv}",
-				      FWUPD_RESULT_KEY_BIOS_ATTR_PREFERRED_VALUE,
-				      g_variant_new_string(priv->preferred_value));
-	}
 	g_variant_builder_add(&builder,
 			      "{sv}",
 			      FWUPD_RESULT_KEY_BIOS_ATTR_CURRENT_VALUE,
@@ -643,10 +595,6 @@ fwupd_bios_attr_from_key_value(FwupdBiosAttr *self, const gchar *key, GVariant *
 		fwupd_bios_attr_set_path(self, g_variant_get_string(value, NULL));
 		return;
 	}
-	if (g_strcmp0(key, FWUPD_RESULT_KEY_BIOS_ATTR_PREFERRED_VALUE) == 0) {
-		fwupd_bios_attr_set_preferred_value(self, g_variant_get_string(value, NULL));
-		return;
-	}
 	if (g_strcmp0(key, FWUPD_RESULT_KEY_BIOS_ATTR_CURRENT_VALUE) == 0) {
 		fwupd_bios_attr_set_current_value(self, g_variant_get_string(value, NULL));
 		return;
@@ -725,12 +673,6 @@ fwupd_bios_attr_from_json(FwupdBiosAttr *self, JsonNode *json_node, GError **err
 	    json_object_get_string_member_with_default(obj,
 						       FWUPD_RESULT_KEY_BIOS_ATTR_CURRENT_VALUE,
 						       NULL));
-	fwupd_bios_attr_set_preferred_value(
-	    self,
-	    json_object_get_string_member_with_default(obj,
-						       FWUPD_RESULT_KEY_BIOS_ATTR_PREFERRED_VALUE,
-						       NULL));
-
 	if (json_object_has_member(obj, FWUPD_RESULT_KEY_BIOS_ATTR_POSSIBLE_VALUES)) {
 		JsonArray *array =
 		    json_object_get_array_member(obj, FWUPD_RESULT_KEY_BIOS_ATTR_POSSIBLE_VALUES);
@@ -796,9 +738,6 @@ fwupd_bios_attr_to_json(FwupdBiosAttr *self, JsonBuilder *builder)
 	fwupd_common_json_add_string(builder,
 				     FWUPD_RESULT_KEY_BIOS_ATTR_CURRENT_VALUE,
 				     priv->current_value);
-	fwupd_common_json_add_string(builder,
-				     FWUPD_RESULT_KEY_BIOS_ATTR_PREFERRED_VALUE,
-				     priv->preferred_value);
 	if (priv->kind == FWUPD_BIOS_ATTR_KIND_ENUMERATION) {
 		if (priv->possible_values->len > 0) {
 			json_builder_set_member_name(builder,
@@ -852,7 +791,6 @@ fwupd_bios_attr_to_string(FwupdBiosAttr *self)
 	fwupd_pad_kv_str(str, FWUPD_RESULT_KEY_FILENAME, priv->path);
 	fwupd_pad_kv_int(str, FWUPD_RESULT_KEY_BIOS_ATTR_TYPE, priv->kind);
 	fwupd_pad_kv_str(str, FWUPD_RESULT_KEY_BIOS_ATTR_CURRENT_VALUE, priv->current_value);
-	fwupd_pad_kv_str(str, FWUPD_RESULT_KEY_BIOS_ATTR_PREFERRED_VALUE, priv->preferred_value);
 	fwupd_pad_kv_str(str,
 			 FWUPD_RESULT_KEY_BIOS_ATTR_READ_ONLY,
 			 priv->read_only ? "True" : "False");
@@ -897,7 +835,6 @@ fwupd_bios_attr_finalize(GObject *object)
 	FwupdBiosAttr *self = FWUPD_BIOS_ATTR(object);
 	FwupdBiosAttrPrivate *priv = GET_PRIVATE(self);
 
-	g_free(priv->preferred_value);
 	g_free(priv->current_value);
 	g_free(priv->id);
 	g_free(priv->name);

libfwupd/fwupd-bios-attr.h

@@ -113,8 +113,4 @@ fwupd_bios_attr_get_id(FwupdBiosAttr *self);
 void
 fwupd_bios_attr_set_id(FwupdBiosAttr *self, const gchar *id);
 
-const gchar *
-fwupd_bios_attr_get_preferred_value(FwupdBiosAttr *self);
-void
-fwupd_bios_attr_set_preferred_value(FwupdBiosAttr *self, const gchar *value);
 G_END_DECLS

libfwupd/fwupd-enums-private.h

@@ -517,13 +517,13 @@ G_BEGIN_DECLS
  **/
 #define FWUPD_RESULT_KEY_BIOS_ATTR_ID "BiosAttrId"
 /**
- * FWUPD_RESULT_KEY_BIOS_ATTR_PREFERRED_VALUE:
+ * FWUPD_RESULT_KEY_BIOS_ATTR_TARGET_VALUE:
  *
  * Result key to represent the value that would enable this attribute.
  *
  * The D-Bus type signature string is 's' i.e. a string.
  **/
-#define FWUPD_RESULT_KEY_BIOS_ATTR_PREFERRED_VALUE "BiosAttrPreferredValue"
+#define FWUPD_RESULT_KEY_BIOS_ATTR_TARGET_VALUE "BiosAttrTargetValue"
 /**
  * FWUPD_RESULT_KEY_BIOS_ATTR_CURRENT_VALUE:
  *

libfwupd/fwupd-security-attr.c

@@ -38,7 +38,8 @@ typedef struct {
 	FwupdSecurityAttrResult result;
 	FwupdSecurityAttrResult result_fallback;
 	FwupdSecurityAttrFlags flags;
-	gchar *bios_attr;
+	gchar *bios_attr_id;
+	gchar *bios_attr_value;
 } FwupdSecurityAttrPrivate;
 
 G_DEFINE_TYPE_WITH_PRIVATE(FwupdSecurityAttr, fwupd_security_attr, G_TYPE_OBJECT)
@@ -240,7 +241,7 @@ fwupd_security_attr_get_bios_attr_id(FwupdSecurityAttr *self)
 {
 	FwupdSecurityAttrPrivate *priv = GET_PRIVATE(self);
 	g_return_val_if_fail(FWUPD_IS_SECURITY_ATTR(self), NULL);
-	return priv->bios_attr;
+	return priv->bios_attr_id;
 }
 
 /**
@@ -258,10 +259,10 @@ fwupd_security_attr_set_bios_attr_id(FwupdSecurityAttr *self, const gchar *id)
 {
 	FwupdSecurityAttrPrivate *priv = GET_PRIVATE(self);
 	g_return_if_fail(FWUPD_IS_SECURITY_ATTR(self));
-	if (priv->bios_attr == id)
+	if (priv->bios_attr_id == id)
 		return;
-	g_free(priv->bios_attr);
-	priv->bios_attr = g_strdup(id);
+	g_free(priv->bios_attr_id);
+	priv->bios_attr_id = g_strdup(id);
 }
 
 /**
@@ -500,6 +501,47 @@ fwupd_security_attr_set_name(FwupdSecurityAttr *self, const gchar *name)
 	priv->name = g_strdup(name);
 }
 
+/**
+ * fwupd_security_attr_get_bios_attr_value:
+ * @self: a #FwupdSecurityAttr
+ *
+ * Gets the value that when written to an attribute would activate it or satisfy
+ * a security requirement.
+ *
+ * Returns: the target value of the attribute.
+ *
+ * Since: 1.8.4
+ **/
+const gchar *
+fwupd_security_attr_get_bios_attr_value(FwupdSecurityAttr *self)
+{
+	FwupdSecurityAttrPrivate *priv = GET_PRIVATE(self);
+	g_return_val_if_fail(FWUPD_IS_SECURITY_ATTR(self), NULL);
+	return priv->bios_attr_value;
+}
+
+/**
+ * fwupd_security_attr_set_bios_attr_value:
+ * @self: a #FwupdSecurityAttr
+ * @value: The string to set target value to
+ *
+ * Sets the string used for the target value of an attribute.
+ *
+ * Since: 1.8.4
+ **/
+void
+fwupd_security_attr_set_bios_attr_value(FwupdSecurityAttr *self, const gchar *value)
+{
+	FwupdSecurityAttrPrivate *priv = GET_PRIVATE(self);
+
+	/* not changed */
+	if (g_strcmp0(priv->bios_attr_value, value) == 0)
+		return;
+
+	g_free(priv->bios_attr_value);
+	priv->bios_attr_value = g_strdup(value);
+}
+
 /**
  * fwupd_security_attr_set_title:
  * @self: a #FwupdSecurityAttr
@@ -1013,11 +1055,17 @@ fwupd_security_attr_to_variant(FwupdSecurityAttr *self)
 				      FWUPD_RESULT_KEY_METADATA,
 				      fwupd_hash_kv_to_variant(priv->metadata));
 	}
-	if (priv->bios_attr != NULL) {
+	if (priv->bios_attr_id != NULL) {
 		g_variant_builder_add(&builder,
 				      "{sv}",
 				      FWUPD_RESULT_KEY_BIOS_ATTR_ID,
-				      g_variant_new_string(priv->bios_attr));
+				      g_variant_new_string(priv->bios_attr_id));
+	}
+	if (priv->bios_attr_value != NULL) {
+		g_variant_builder_add(&builder,
+				      "{sv}",
+				      FWUPD_RESULT_KEY_BIOS_ATTR_TARGET_VALUE,
+				      g_variant_new_string(priv->bios_attr_value));
 	}
 	return g_variant_new("a{sv}", &builder);
 }
@@ -1135,6 +1183,10 @@ fwupd_security_attr_from_key_value(FwupdSecurityAttr *self, const gchar *key, GV
 		fwupd_security_attr_set_bios_attr_id(self, g_variant_get_string(value, NULL));
 		return;
 	}
+	if (g_strcmp0(key, FWUPD_RESULT_KEY_BIOS_ATTR_TARGET_VALUE) == 0) {
+		fwupd_security_attr_set_bios_attr_value(self, g_variant_get_string(value, NULL));
+		return;
+	}
 }
 
 static void
@@ -1219,6 +1271,11 @@ fwupd_security_attr_from_json(FwupdSecurityAttr *self, JsonNode *json_node, GErr
 	fwupd_security_attr_set_bios_attr_id(
 	    self,
 	    json_object_get_string_member_with_default(obj, FWUPD_RESULT_KEY_BIOS_ATTR_ID, NULL));
+	fwupd_security_attr_set_bios_attr_value(
+	    self,
+	    json_object_get_string_member_with_default(obj,
+						       FWUPD_RESULT_KEY_BIOS_ATTR_TARGET_VALUE,
+						       NULL));
 
 	/* also optional */
 	if (json_object_has_member(obj, FWUPD_RESULT_KEY_HSI_RESULT)) {
@@ -1297,7 +1354,10 @@ fwupd_security_attr_to_json(FwupdSecurityAttr *self, JsonBuilder *builder)
 	fwupd_common_json_add_string(builder, FWUPD_RESULT_KEY_DESCRIPTION, priv->description);
 	fwupd_common_json_add_string(builder, FWUPD_RESULT_KEY_PLUGIN, priv->plugin);
 	fwupd_common_json_add_string(builder, FWUPD_RESULT_KEY_URI, priv->url);
-	fwupd_common_json_add_string(builder, FWUPD_RESULT_KEY_BIOS_ATTR_ID, priv->bios_attr);
+	fwupd_common_json_add_string(builder,
+				     FWUPD_RESULT_KEY_BIOS_ATTR_TARGET_VALUE,
+				     priv->bios_attr_value);
+	fwupd_common_json_add_string(builder, FWUPD_RESULT_KEY_BIOS_ATTR_ID, priv->bios_attr_id);
 
 	if (priv->flags != FWUPD_SECURITY_ATTR_FLAG_NONE) {
 		json_builder_set_member_name(builder, FWUPD_RESULT_KEY_FLAGS);
@@ -1366,7 +1426,8 @@ fwupd_security_attr_to_string(FwupdSecurityAttr *self)
 	fwupd_pad_kv_str(str, FWUPD_RESULT_KEY_DESCRIPTION, priv->description);
 	fwupd_pad_kv_str(str, FWUPD_RESULT_KEY_PLUGIN, priv->plugin);
 	fwupd_pad_kv_str(str, FWUPD_RESULT_KEY_URI, priv->url);
-	fwupd_pad_kv_str(str, FWUPD_RESULT_KEY_BIOS_ATTR_ID, priv->bios_attr);
+	fwupd_pad_kv_str(str, FWUPD_RESULT_KEY_BIOS_ATTR_ID, priv->bios_attr_id);
+	fwupd_pad_kv_str(str, FWUPD_RESULT_KEY_BIOS_ATTR_TARGET_VALUE, priv->bios_attr_value);
 
 	for (guint i = 0; i < priv->obsoletes->len; i++) {
 		const gchar *appstream_id = g_ptr_array_index(priv->obsoletes, i);
@@ -1413,7 +1474,8 @@ fwupd_security_attr_finalize(GObject *object)
 
 	if (priv->metadata != NULL)
 		g_hash_table_unref(priv->metadata);
-	g_free(priv->bios_attr);
+	g_free(priv->bios_attr_id);
+	g_free(priv->bios_attr_value);
 	g_free(priv->appstream_id);
 	g_free(priv->name);
 	g_free(priv->title);
@@ -1532,7 +1594,7 @@ fwupd_security_attr_copy(FwupdSecurityAttr *self)
 	fwupd_security_attr_set_flags(new, priv->flags);
 	fwupd_security_attr_set_result(new, priv->result);
 	fwupd_security_attr_set_created(new, priv->created);
-	fwupd_security_attr_set_bios_attr_id(new, priv->bios_attr);
+	fwupd_security_attr_set_bios_attr_id(new, priv->bios_attr_id);
 
 	for (guint i = 0; i < priv->guids->len; i++) {
 		const gchar *guid = g_ptr_array_index(priv->guids, i);
@@ -1561,6 +1623,9 @@ fwupd_security_attr_copy(FwupdSecurityAttr *self)
  *
  * Creates a new security attribute.
  *
+ * Plugins should not use this method, and should instead use `fu_plugin_security_attr_new()` or
+ * `fu_security_attr_new()`.
+ *
  * Returns: a new #FwupdSecurityAttr
  *
  * Since: 1.5.0

libfwupd/fwupd-security-attr.h

@@ -130,6 +130,10 @@ const gchar *
 fwupd_security_attr_get_bios_attr_id(FwupdSecurityAttr *self);
 void
 fwupd_security_attr_set_bios_attr_id(FwupdSecurityAttr *self, const gchar *id);
+const gchar *
+fwupd_security_attr_get_bios_attr_value(FwupdSecurityAttr *self);
+void
+fwupd_security_attr_set_bios_attr_value(FwupdSecurityAttr *self, const gchar *value);
 
 const gchar *
 fwupd_security_attr_get_appstream_id(FwupdSecurityAttr *self);

libfwupd/fwupd.map

@@ -815,7 +815,6 @@ LIBFWUPD_1.8.4 {
     fwupd_bios_attr_get_name;
     fwupd_bios_attr_get_path;
     fwupd_bios_attr_get_possible_values;
-    fwupd_bios_attr_get_preferred_value;
     fwupd_bios_attr_get_read_only;
     fwupd_bios_attr_get_scalar_increment;
     fwupd_bios_attr_get_type;
@@ -829,7 +828,6 @@ LIBFWUPD_1.8.4 {
     fwupd_bios_attr_set_lower_bound;
     fwupd_bios_attr_set_name;
     fwupd_bios_attr_set_path;
-    fwupd_bios_attr_set_preferred_value;
     fwupd_bios_attr_set_read_only;
     fwupd_bios_attr_set_scalar_increment;
     fwupd_bios_attr_set_upper_bound;
@@ -843,6 +841,8 @@ LIBFWUPD_1.8.4 {
     fwupd_client_modify_bios_attr_async;
     fwupd_client_modify_bios_attr_finish;
     fwupd_security_attr_get_bios_attr_id;
+    fwupd_security_attr_get_bios_attr_value;
     fwupd_security_attr_set_bios_attr_id;
+    fwupd_security_attr_set_bios_attr_value;
   local: *;
 } LIBFWUPD_1.8.3;

libfwupd/meson.build

@@ -48,7 +48,7 @@ libfwupd_src = [
   'fwupd-enums.c',          # fuzzing
   'fwupd-error.c',          # fuzzing
   'fwupd-bios-attr.c',      # fuzzing
-  'fwupd-security-attr.c',
+  'fwupd-security-attr.c',  # fuzzing
   'fwupd-release.c',        # fuzzing
   'fwupd-plugin.c',
   'fwupd-remote.c',

libfwupdplugin/fu-bios-attrs.c

@@ -279,34 +279,6 @@ fu_bios_attr_set_file_attributes(FwupdBiosAttr *attr, GError **error)
 	return TRUE;
 }
 
-/**
- * fu_bios_attr_set_preferred_value:
- * @attr: a #FwupdBiosAttr
- * @needle: The substring of a preferred value
- *
- * Checks all configured possible values of an enumeration attribute and
- * if any match @needle then set as the preferred value.
- *
- * Since: 1.8.4
- **/
-void
-fu_bios_attr_set_preferred_value(FwupdBiosAttr *attr, const gchar *needle)
-{
-	GPtrArray *values;
-
-	if (fwupd_bios_attr_get_kind(attr) != FWUPD_BIOS_ATTR_KIND_ENUMERATION)
-		return;
-	values = fwupd_bios_attr_get_possible_values(attr);
-	for (guint i = 0; i < values->len; i++) {
-		const gchar *possible = g_ptr_array_index(values, i);
-		g_autofree gchar *lower = g_utf8_strdown(possible, -1);
-		if (g_strrstr(lower, needle)) {
-			fwupd_bios_attr_set_preferred_value(attr, possible);
-			return;
-		}
-	}
-}
-
 static gboolean
 fu_bios_attrs_set_folder_attributes(FuBiosAttrs *self,
 				    FwupdBiosAttr *attr,

libfwupdplugin/fu-bios-attrs.h

@@ -19,5 +19,3 @@ gboolean
 fu_bios_attrs_get_pending_reboot(FuBiosAttrs *self, gboolean *result, GError **error);
 FwupdBiosAttr *
 fu_bios_attrs_get_attr(FuBiosAttrs *self, const gchar *val);
-void
-fu_bios_attr_set_preferred_value(FwupdBiosAttr *attr, const gchar *needle);

libfwupdplugin/fu-device.c

@@ -18,6 +18,7 @@
 #include "fu-device-private.h"
 #include "fu-mutex.h"
 #include "fu-quirks.h"
+#include "fu-security-attr.h"
 #include "fu-string.h"
 #include "fu-version-common.h"
 
@@ -5396,6 +5397,32 @@ fu_device_build_instance_id_quirk(FuDevice *self, GError **error, const gchar *s
 	return TRUE;
 }
 
+/**
+ * fu_device_security_attr_new:
+ * @self: a #FuDevice
+ * @appstream_id: (nullable): the AppStream component ID, e.g. `com.intel.BiosGuard`
+ *
+ * Creates a new #FwupdSecurityAttr for this specific device.
+ *
+ * Returns: (transfer full): a #FwupdSecurityAttr
+ *
+ * Since: 1.8.4
+ **/
+FwupdSecurityAttr *
+fu_device_security_attr_new(FuDevice *self, const gchar *appstream_id)
+{
+	FuDevicePrivate *priv = fu_device_get_instance_private(self);
+	g_autoptr(FwupdSecurityAttr) attr = NULL;
+
+	g_return_val_if_fail(FU_IS_DEVICE(self), NULL);
+	g_return_val_if_fail(appstream_id != NULL, NULL);
+
+	attr = fu_security_attr_new(priv->ctx, appstream_id);
+	fwupd_security_attr_set_plugin(attr, fu_device_get_plugin(FU_DEVICE(self)));
+	fwupd_security_attr_add_guids(attr, fu_device_get_guids(FU_DEVICE(self)));
+	return g_steal_pointer(&attr);
+}
+
 static void
 fu_device_class_init(FuDeviceClass *klass)
 {

libfwupdplugin/fu-device.h

@@ -726,6 +726,8 @@ gboolean
 fu_device_has_private_flag(FuDevice *self, guint64 flag);
 void
 fu_device_emit_request(FuDevice *self, FwupdRequest *request);
+FwupdSecurityAttr *
+fu_device_security_attr_new(FuDevice *self, const gchar *appstream_id);
 
 void
 fu_device_add_instance_str(FuDevice *self, const gchar *key, const gchar *value);

libfwupdplugin/fu-plugin.c

@@ -22,6 +22,7 @@
 #include "fu-mutex.h"
 #include "fu-path.h"
 #include "fu-plugin-private.h"
+#include "fu-security-attr.h"
 #include "fu-string.h"
 
 /**
@@ -2353,6 +2354,31 @@ fu_plugin_get_config_value(FuPlugin *self, const gchar *key)
 	return g_key_file_get_string(keyfile, fu_plugin_get_name(self), key, NULL);
 }
 
+/**
+ * fu_plugin_security_attr_new:
+ * @self: a #FuPlugin
+ * @appstream_id: (nullable): the AppStream component ID, e.g. `com.intel.BiosGuard`
+ *
+ * Creates a new #FwupdSecurityAttr for this specific plugin.
+ *
+ * Returns: (transfer full): a #FwupdSecurityAttr
+ *
+ * Since: 1.8.4
+ **/
+FwupdSecurityAttr *
+fu_plugin_security_attr_new(FuPlugin *self, const gchar *appstream_id)
+{
+	FuPluginPrivate *priv = fu_plugin_get_instance_private(self);
+	g_autoptr(FwupdSecurityAttr) attr = NULL;
+
+	g_return_val_if_fail(FU_IS_PLUGIN(self), NULL);
+	g_return_val_if_fail(appstream_id != NULL, NULL);
+
+	attr = fu_security_attr_new(priv->ctx, appstream_id);
+	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(self));
+	return g_steal_pointer(&attr);
+}
+
 /**
  * fu_plugin_set_config_value:
  * @self: a #FuPlugin

libfwupdplugin/fu-plugin.h

@@ -469,3 +469,5 @@ gboolean
 fu_plugin_get_config_value_boolean(FuPlugin *self, const gchar *key);
 gboolean
 fu_plugin_set_config_value(FuPlugin *self, const gchar *key, const gchar *value, GError **error);
+FwupdSecurityAttr *
+fu_plugin_security_attr_new(FuPlugin *self, const gchar *appstream_id);

libfwupdplugin/fu-security-attr.c

@@ -0,0 +1,103 @@
+/*
+ * Copyright (C) 2022 Richard Hughes <richard@hughsie.com>
+ *
+ * SPDX-License-Identifier: LGPL-2.1+
+ */
+
+#define G_LOG_DOMAIN "FwupdSecurityAttr"
+
+#include "config.h"
+
+#include "fu-security-attr.h"
+
+typedef struct {
+	FuContext *ctx;
+} FuSecurityAttrPrivate;
+
+G_DEFINE_TYPE_WITH_PRIVATE(FuSecurityAttr, fu_security_attr, FWUPD_TYPE_SECURITY_ATTR)
+
+#define GET_PRIVATE(o) (fu_security_attr_get_instance_private(o))
+
+/**
+ * fu_security_attr_add_bios_target_value:
+ * @ctx: a #FuContext
+ * @attr: a #FwupdSecurityAttr
+ * @id: a #FwupdBiosAttr ID or name
+ * @needle: The substring of a target value
+ *
+ * Checks all configured possible values of an enumeration attribute and
+ * if any match @needle then set as the target value.
+ *
+ * Since: 1.8.4
+ **/
+void
+fu_security_attr_add_bios_target_value(FwupdSecurityAttr *attr,
+				       const gchar *id,
+				       const gchar *needle)
+{
+	FuSecurityAttr *self = FU_SECURITY_ATTR(attr);
+	FuSecurityAttrPrivate *priv = GET_PRIVATE(self);
+	FwupdBiosAttr *bios_attr;
+	GPtrArray *values;
+
+	bios_attr = fu_context_get_bios_attr(priv->ctx, id);
+	if (bios_attr == NULL)
+		return;
+	fwupd_security_attr_set_bios_attr_id(attr, fwupd_bios_attr_get_id(bios_attr));
+	if (fwupd_bios_attr_get_kind(bios_attr) != FWUPD_BIOS_ATTR_KIND_ENUMERATION)
+		return;
+	values = fwupd_bios_attr_get_possible_values(bios_attr);
+	for (guint i = 0; i < values->len; i++) {
+		const gchar *possible = g_ptr_array_index(values, i);
+		g_autofree gchar *lower = g_utf8_strdown(possible, -1);
+		if (g_strrstr(lower, needle)) {
+			fwupd_security_attr_set_bios_attr_value(attr, possible);
+			return;
+		}
+	}
+}
+
+static void
+fu_security_attr_init(FuSecurityAttr *self)
+{
+}
+
+static void
+fu_security_attr_finalize(GObject *object)
+{
+	FuSecurityAttr *self = FU_SECURITY_ATTR(object);
+	FuSecurityAttrPrivate *priv = GET_PRIVATE(self);
+	if (priv->ctx != NULL)
+		g_object_unref(priv->ctx);
+	G_OBJECT_CLASS(fu_security_attr_parent_class)->finalize(object);
+}
+
+static void
+fu_security_attr_class_init(FuSecurityAttrClass *klass)
+{
+	GObjectClass *object_class = G_OBJECT_CLASS(klass);
+	object_class->finalize = fu_security_attr_finalize;
+}
+
+/**
+ * fu_security_attr_new:
+ * @ctx: a #FuContext
+ * @appstream_id: (nullable): the AppStream component ID, e.g. `com.intel.BiosGuard`
+ *
+ * Creates a new #FwupdSecurityAttr with context set.
+ *
+ * Returns: (transfer full): a #FwupdSecurityAttr
+ *
+ * Since: 1.8.4
+ **/
+FwupdSecurityAttr *
+fu_security_attr_new(FuContext *ctx, const gchar *appstream_id)
+{
+	g_autoptr(FuSecurityAttr) self = g_object_new(FU_TYPE_SECURITY_ATTR, NULL);
+	FuSecurityAttrPrivate *priv = GET_PRIVATE(self);
+	g_return_val_if_fail(FU_IS_CONTEXT(ctx), NULL);
+	if (appstream_id != NULL)
+		fwupd_security_attr_set_appstream_id(FWUPD_SECURITY_ATTR(self), appstream_id);
+	priv->ctx = g_object_ref(ctx);
+	return FWUPD_SECURITY_ATTR(g_steal_pointer(&self));
+}

libfwupdplugin/fu-security-attr.h

@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2022 Richard Hughes <richard@hughsie.com>
+ *
+ * SPDX-License-Identifier: LGPL-2.1+
+ */
+
+#pragma once
+
+#include <libfwupd/fwupd-security-attr.h>
+
+#include "fu-context.h"
+
+#define FU_TYPE_SECURITY_ATTR (fu_security_attr_get_type())
+G_DECLARE_DERIVABLE_TYPE(FuSecurityAttr, fu_security_attr, FU, SECURITY_ATTR, FwupdSecurityAttr)
+
+struct _FuSecurityAttrClass {
+	FwupdSecurityAttrClass parent_class;
+};
+
+FwupdSecurityAttr *
+fu_security_attr_new(FuContext *ctx, const gchar *appstream_id);
+void
+fu_security_attr_add_bios_target_value(FwupdSecurityAttr *attr,
+				       const gchar *id,
+				       const gchar *needle);

libfwupdplugin/fwupdplugin.h

@@ -62,6 +62,7 @@
 #include <libfwupdplugin/fu-plugin-vfuncs.h>
 #include <libfwupdplugin/fu-plugin.h>
 #include <libfwupdplugin/fu-progress.h>
+#include <libfwupdplugin/fu-security-attr.h>
 #include <libfwupdplugin/fu-security-attrs.h>
 #include <libfwupdplugin/fu-srec-firmware.h>
 #include <libfwupdplugin/fu-string.h>

libfwupdplugin/fwupdplugin.map

@@ -1071,7 +1071,6 @@ LIBFWUPDPLUGIN_1.8.3 {
 LIBFWUPDPLUGIN_1.8.4 {
   global:
     fu_backend_add_string;
-    fu_bios_attr_set_preferred_value;
     fu_bios_attrs_get_all;
     fu_bios_attrs_get_attr;
     fu_bios_attrs_get_pending_reboot;
@@ -1083,7 +1082,12 @@ LIBFWUPDPLUGIN_1.8.4 {
     fu_context_get_bios_attr_pending_reboot;
     fu_context_get_bios_attrs;
     fu_context_reload_bios_attrs;
+    fu_device_security_attr_new;
     fu_plugin_add_string;
+    fu_plugin_security_attr_new;
     fu_plugin_to_string;
+    fu_security_attr_add_bios_target_value;
+    fu_security_attr_get_type;
+    fu_security_attr_new;
   local: *;
 } LIBFWUPDPLUGIN_1.8.3;

libfwupdplugin/meson.build

@@ -51,6 +51,7 @@ fwupdplugin_src = [
   'fu-plugin.c',
   'fu-quirks.c',            # fuzzing
   'fu-progress.c',          # fuzzing
+  'fu-security-attr.c',     # fuzzing
   'fu-security-attrs.c',
   'fu-smbios.c',            # fuzzing
   'fu-srec-firmware.c',     # fuzzing
@@ -153,6 +154,7 @@ fwupdplugin_headers = [
   'fu-io-channel.h',
   'fu-plugin.h',
   'fu-quirks.h',
+  'fu-security-attr.h',
   'fu-security-attrs.h',
   'fu-progress.h',
   'fu-smbios.h',

plugins/acpi-dmar/fu-plugin-acpi-dmar.c

@@ -25,8 +25,7 @@ fu_plugin_acpi_dmar_add_security_attrs(FuPlugin *plugin, FuSecurityAttrs *attrs)
 		return;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_PREBOOT_DMA_PROTECTION);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_PREBOOT_DMA_PROTECTION);
 	fu_security_attrs_append(attrs, attr);
 
 	/* load DMAR table */

plugins/acpi-facp/fu-plugin-acpi-facp.c

@@ -13,7 +13,6 @@
 static void
 fu_plugin_acpi_facp_add_security_attrs(FuPlugin *plugin, FuSecurityAttrs *attrs)
 {
-	FwupdBiosAttr *bios_attr;
 	g_autofree gchar *fn = NULL;
 	g_autofree gchar *path = NULL;
 	g_autoptr(FuAcpiFacp) facp = NULL;
@@ -22,8 +21,7 @@ fu_plugin_acpi_facp_add_security_attrs(FuPlugin *plugin, FuSecurityAttrs *attrs)
 	g_autoptr(GError) error_local = NULL;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_SUSPEND_TO_IDLE);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_SUSPEND_TO_IDLE);
 	fu_security_attrs_append(attrs, attr);
 
 	/* load FACP table */
@@ -42,14 +40,8 @@ fu_plugin_acpi_facp_add_security_attrs(FuPlugin *plugin, FuSecurityAttrs *attrs)
 		return;
 	}
 
-	/* BIOS knob used on Lenovo systems */
-	bios_attr =
-	    fu_context_get_bios_attr(fu_plugin_get_context(plugin), "com.thinklmi.SleepState");
-	if (bios_attr != NULL) {
-		fwupd_security_attr_set_bios_attr_id(attr, fwupd_bios_attr_get_id(bios_attr));
-		/* options are usually "Linux" (S3) or "Windows" (s2idle) */
-		fu_bios_attr_set_preferred_value(bios_attr, "windows");
-	}
+	/* options are usually "Linux" (S3) or "Windows" (s2idle) */
+	fu_security_attr_add_bios_target_value(attr, "com.thinklmi.SleepState", "windows");
 
 	if (!fu_acpi_facp_get_s2i(facp)) {
 		fwupd_security_attr_set_result(attr, FWUPD_SECURITY_ATTR_RESULT_NOT_ENABLED);

plugins/acpi-ivrs/fu-plugin-acpi-ivrs.c

@@ -26,8 +26,7 @@ fu_plugin_acpi_ivrs_add_security_attrs(FuPlugin *plugin, FuSecurityAttrs *attrs)
 		return;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_PREBOOT_DMA_PROTECTION);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_PREBOOT_DMA_PROTECTION);
 	fu_security_attrs_append(attrs, attr);
 
 	/* load IVRS table */

plugins/bios/fu-plugin-bios.c

@@ -62,8 +62,7 @@ fu_plugin_bios_add_security_attrs(FuPlugin *plugin, FuSecurityAttrs *attrs)
 		return;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_UEFI_SECUREBOOT);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_UEFI_SECUREBOOT);
 	fu_security_attrs_append(attrs, attr);
 
 	fwupd_security_attr_add_flag(attr, FWUPD_SECURITY_ATTR_FLAG_RUNTIME_ISSUE);

plugins/cpu/fu-cpu-device.c

@@ -298,9 +298,8 @@ fu_cpu_device_add_security_attrs_intel_cet_enabled(FuCpuDevice *self, FuSecurity
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_INTEL_CET_ENABLED);
-	fwupd_security_attr_set_plugin(attr, fu_device_get_plugin(FU_DEVICE(self)));
-	fwupd_security_attr_add_guids(attr, fu_device_get_guids(FU_DEVICE(self)));
+	attr =
+	    fu_device_security_attr_new(FU_DEVICE(self), FWUPD_SECURITY_ATTR_ID_INTEL_CET_ENABLED);
 	fu_security_attrs_append(attrs, attr);
 
 	/* check for CET */
@@ -329,9 +328,8 @@ fu_cpu_device_add_security_attrs_intel_cet_active(FuCpuDevice *self, FuSecurityA
 		return;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_INTEL_CET_ACTIVE);
-	fwupd_security_attr_set_plugin(attr, fu_device_get_plugin(FU_DEVICE(self)));
-	fwupd_security_attr_add_guids(attr, fu_device_get_guids(FU_DEVICE(self)));
+	attr =
+	    fu_device_security_attr_new(FU_DEVICE(self), FWUPD_SECURITY_ATTR_ID_INTEL_CET_ACTIVE);
 	fwupd_security_attr_add_flag(attr, FWUPD_SECURITY_ATTR_FLAG_RUNTIME_ISSUE);
 	fu_security_attrs_append(attrs, attr);
 
@@ -361,9 +359,7 @@ fu_cpu_device_add_security_attrs_intel_tme(FuCpuDevice *self, FuSecurityAttrs *a
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_ENCRYPTED_RAM);
-	fwupd_security_attr_set_plugin(attr, fu_device_get_plugin(FU_DEVICE(self)));
-	fwupd_security_attr_add_guids(attr, fu_device_get_guids(FU_DEVICE(self)));
+	attr = fu_device_security_attr_new(FU_DEVICE(self), FWUPD_SECURITY_ATTR_ID_ENCRYPTED_RAM);
 	fu_security_attrs_append(attrs, attr);
 
 	/* check for TME */
@@ -383,9 +379,7 @@ fu_cpu_device_add_security_attrs_intel_smap(FuCpuDevice *self, FuSecurityAttrs *
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_INTEL_SMAP);
-	fwupd_security_attr_set_plugin(attr, fu_device_get_plugin(FU_DEVICE(self)));
-	fwupd_security_attr_add_guids(attr, fu_device_get_guids(FU_DEVICE(self)));
+	attr = fu_device_security_attr_new(FU_DEVICE(self), FWUPD_SECURITY_ATTR_ID_INTEL_SMAP);
 	fu_security_attrs_append(attrs, attr);
 
 	/* check for SMEP and SMAP */
@@ -404,10 +398,7 @@ fu_cpu_device_add_supported_cpu_attribute(FuCpuDevice *self, FuSecurityAttrs *at
 {
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_SUPPORTED_CPU);
-	fwupd_security_attr_set_plugin(attr, fu_device_get_plugin(FU_DEVICE(self)));
-	fwupd_security_attr_add_guids(attr, fu_device_get_guids(FU_DEVICE(self)));
-
+	attr = fu_device_security_attr_new(FU_DEVICE(self), FWUPD_SECURITY_ATTR_ID_SUPPORTED_CPU);
 	switch (fu_cpu_get_vendor()) {
 	case FU_CPU_VENDOR_INTEL:
 	case FU_CPU_VENDOR_AMD:

plugins/intel-spi/fu-intel-spi-device.c

@@ -214,9 +214,7 @@ fu_intel_spi_device_add_security_attrs(FuDevice *device, FuSecurityAttrs *attrs)
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_SPI_DESCRIPTOR);
-	fwupd_security_attr_set_plugin(attr, fu_device_get_plugin(FU_DEVICE(self)));
-	fwupd_security_attr_add_guids(attr, fu_device_get_guids(device));
+	attr = fu_device_security_attr_new(device, FWUPD_SECURITY_ATTR_ID_SPI_DESCRIPTOR);
 	fu_security_attrs_append(attrs, attr);
 
 	/* check for read access from other regions */

plugins/iommu/fu-plugin-iommu.c

@@ -45,12 +45,10 @@ static void
 fu_plugin_iommu_add_security_attrs(FuPlugin *plugin, FuSecurityAttrs *attrs)
 {
 	FuPluginData *priv = fu_plugin_get_data(plugin);
-	const gchar *iommu_attributes[] = {"AmdVt", "IOMMU", "VtForDirectIo", NULL};
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_IOMMU);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_IOMMU);
 	fu_security_attrs_append(attrs, attr);
 
 	if (priv == NULL) {
@@ -58,16 +56,10 @@ fu_plugin_iommu_add_security_attrs(FuPlugin *plugin, FuSecurityAttrs *attrs)
 		return;
 	}
 
-	for (guint i = 0; iommu_attributes[i] != NULL; i++) {
-		FwupdBiosAttr *bios_attr =
-		    fu_context_get_bios_attr(fu_plugin_get_context(plugin), iommu_attributes[i]);
-		if (bios_attr != NULL) {
-			fwupd_security_attr_set_bios_attr_id(attr,
-							     fwupd_bios_attr_get_id(bios_attr));
-			fu_bios_attr_set_preferred_value(bios_attr, "enable");
-			break;
-		}
-	}
+	fu_security_attr_add_bios_target_value(attr, "AmdVt", "enable");
+	fu_security_attr_add_bios_target_value(attr, "IOMMU", "enable");
+	fu_security_attr_add_bios_target_value(attr, "VtForDirectIo", "enable");
+
 	if (!priv->has_iommu) {
 		fwupd_security_attr_set_result(attr, FWUPD_SECURITY_ATTR_RESULT_NOT_FOUND);
 		fwupd_security_attr_add_flag(attr, FWUPD_SECURITY_ATTR_FLAG_ACTION_CONTACT_OEM);

plugins/linux-lockdown/fu-plugin-linux-lockdown.c

@@ -128,8 +128,7 @@ fu_plugin_linux_lockdown_add_security_attrs(FuPlugin *plugin, FuSecurityAttrs *a
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_KERNEL_LOCKDOWN);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_KERNEL_LOCKDOWN);
 	fwupd_security_attr_add_flag(attr, FWUPD_SECURITY_ATTR_FLAG_RUNTIME_ISSUE);
 	fu_security_attrs_append(attrs, attr);
 

plugins/linux-sleep/fu-plugin-linux-sleep.c

@@ -18,8 +18,7 @@ fu_plugin_linux_sleep_add_security_attrs(FuPlugin *plugin, FuSecurityAttrs *attr
 	g_autoptr(GFile) file = g_file_new_for_path("/sys/power/mem_sleep");
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_SUSPEND_TO_RAM);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_SUSPEND_TO_RAM);
 	fu_security_attrs_append(attrs, attr);
 
 	/* load file */

plugins/linux-swap/fu-plugin-linux-swap.c

@@ -86,8 +86,7 @@ fu_plugin_linux_swap_add_security_attrs(FuPlugin *plugin, FuSecurityAttrs *attrs
 		return;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_KERNEL_SWAP);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_KERNEL_SWAP);
 	fwupd_security_attr_add_flag(attr, FWUPD_SECURITY_ATTR_FLAG_RUNTIME_ISSUE);
 	fu_security_attrs_append(attrs, attr);
 

plugins/linux-tainted/fu-plugin-linux-tainted.c

@@ -73,8 +73,7 @@ fu_plugin_linux_tainted_add_security_attrs(FuPlugin *plugin, FuSecurityAttrs *at
 	g_autoptr(GError) error_local = NULL;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_KERNEL_TAINTED);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_KERNEL_TAINTED);
 	fwupd_security_attr_add_flag(attr, FWUPD_SECURITY_ATTR_FLAG_RUNTIME_ISSUE);
 	fu_security_attrs_append(attrs, attr);
 

plugins/msr/fu-plugin-msr.c

@@ -313,8 +313,7 @@ fu_plugin_add_security_attr_dci_enabled(FuPlugin *plugin, FuSecurityAttrs *attrs
 		return;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_PLATFORM_DEBUG_ENABLED);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_PLATFORM_DEBUG_ENABLED);
 	if (device != NULL)
 		fwupd_security_attr_add_guids(attr, fu_device_get_guids(device));
 	fu_security_attrs_append(attrs, attr);
@@ -355,8 +354,7 @@ fu_plugin_add_security_attr_intel_tme_enabled(FuPlugin *plugin, FuSecurityAttrs
 	/* create attr (which should already have been created in the cpu plugin) */
 	attr = fu_security_attrs_get_by_appstream_id(attrs, FWUPD_SECURITY_ATTR_ID_ENCRYPTED_RAM);
 	if (attr == NULL) {
-		attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_ENCRYPTED_RAM);
-		fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+		attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_ENCRYPTED_RAM);
 		fu_security_attrs_append(attrs, attr);
 	}
 
@@ -403,8 +401,7 @@ fu_plugin_add_security_attr_dci_locked(FuPlugin *plugin, FuSecurityAttrs *attrs)
 		return;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_PLATFORM_DEBUG_LOCKED);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_PLATFORM_DEBUG_LOCKED);
 	if (device != NULL)
 		fwupd_security_attr_add_guids(attr, fu_device_get_guids(device));
 	fu_security_attrs_append(attrs, attr);
@@ -479,8 +476,7 @@ fu_plugin_add_security_attr_amd_sme_enabled(FuPlugin *plugin, FuSecurityAttrs *a
 		return;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_ENCRYPTED_RAM);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_ENCRYPTED_RAM);
 	if (device != NULL)
 		fwupd_security_attr_add_guids(attr, fu_device_get_guids(device));
 	fu_security_attrs_append(attrs, attr);

plugins/pci-bcr/fu-plugin-pci-bcr.c

@@ -85,8 +85,7 @@ fu_plugin_add_security_attr_bioswe(FuPlugin *plugin, FuSecurityAttrs *attrs)
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_SPI_BIOSWE);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_SPI_BIOSWE);
 	if (msf_device != NULL)
 		fwupd_security_attr_add_guids(attr, fu_device_get_guids(msf_device));
 	fu_security_attrs_append(attrs, attr);
@@ -123,8 +122,7 @@ fu_plugin_add_security_attr_ble(FuPlugin *plugin, FuSecurityAttrs *attrs)
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_SPI_BLE);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_SPI_BLE);
 	if (msf_device != NULL)
 		fwupd_security_attr_add_guids(attr, fu_device_get_guids(msf_device));
 	fu_security_attrs_append(attrs, attr);
@@ -160,8 +158,7 @@ fu_plugin_add_security_attr_smm_bwp(FuPlugin *plugin, FuSecurityAttrs *attrs)
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_SPI_SMM_BWP);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_SPI_SMM_BWP);
 	if (msf_device != NULL)
 		fwupd_security_attr_add_guids(attr, fu_device_get_guids(msf_device));
 	fu_security_attrs_append(attrs, attr);

plugins/pci-mei/fu-plugin-pci-mei.c

@@ -243,8 +243,7 @@ fu_plugin_add_security_attrs_manufacturing_mode(FuPlugin *plugin, FuSecurityAttr
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_MEI_MANUFACTURING_MODE);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_MEI_MANUFACTURING_MODE);
 	fu_security_attrs_append(attrs, attr);
 
 	/* not enabled */
@@ -281,8 +280,7 @@ fu_plugin_add_security_attrs_override_strap(FuPlugin *plugin, FuSecurityAttrs *a
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_MEI_OVERRIDE_STRAP);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_MEI_OVERRIDE_STRAP);
 	fu_security_attrs_append(attrs, attr);
 
 	/* not enabled */
@@ -319,8 +317,7 @@ fu_plugin_add_security_attrs_bootguard_enabled(FuPlugin *plugin, FuSecurityAttrs
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_ENABLED);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_ENABLED);
 	fu_security_attrs_append(attrs, attr);
 
 	/* not enabled */
@@ -360,8 +357,7 @@ fu_plugin_add_security_attrs_bootguard_verified(FuPlugin *plugin, FuSecurityAttr
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_VERIFIED);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_VERIFIED);
 	fu_security_attrs_append(attrs, attr);
 
 	/* not enabled */
@@ -407,8 +403,7 @@ fu_plugin_add_security_attrs_bootguard_acm(FuPlugin *plugin, FuSecurityAttrs *at
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_ACM);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_ACM);
 	fu_security_attrs_append(attrs, attr);
 
 	/* not enabled */
@@ -454,8 +449,7 @@ fu_plugin_add_security_attrs_bootguard_policy(FuPlugin *plugin, FuSecurityAttrs
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_POLICY);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_POLICY);
 	fu_security_attrs_append(attrs, attr);
 
 	/* not enabled */
@@ -501,8 +495,7 @@ fu_plugin_add_security_attrs_bootguard_otp(FuPlugin *plugin, FuSecurityAttrs *at
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_OTP);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_OTP);
 	fu_security_attrs_append(attrs, attr);
 
 	/* not enabled */
@@ -559,8 +552,7 @@ fu_plugin_add_security_attrs_mei_version(FuPlugin *plugin, FuSecurityAttrs *attr
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_MEI_VERSION);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_MEI_VERSION);
 	fu_security_attrs_append(attrs, attr);
 
 	/* not enabled */

plugins/pci-psp/fu-plugin-pci-psp.c

@@ -54,13 +54,11 @@ fu_plugin_pci_psp_get_attr(FwupdSecurityAttr *attr,
 static void
 fu_plugin_add_security_attrs_tsme(FuPlugin *plugin, const gchar *path, FuSecurityAttrs *attrs)
 {
-	FwupdBiosAttr *bios_attr;
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 	g_autoptr(GError) error_local = NULL;
 	gboolean val;
 
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_ENCRYPTED_RAM);
-	fwupd_security_attr_set_plugin(attr, "pci_psp");
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_ENCRYPTED_RAM);
 	fu_security_attrs_append(attrs, attr);
 
 	if (!fu_plugin_pci_psp_get_attr(attr, path, "tsme_status", &val, &error_local)) {
@@ -69,11 +67,7 @@ fu_plugin_add_security_attrs_tsme(FuPlugin *plugin, const gchar *path, FuSecurit
 	}
 
 	/* BIOS knob used on Lenovo systems */
-	bios_attr = fu_context_get_bios_attr(fu_plugin_get_context(plugin), "com.thinklmi.TSME");
-	if (bios_attr != NULL) {
-		fwupd_security_attr_set_bios_attr_id(attr, fwupd_bios_attr_get_id(bios_attr));
-		fu_bios_attr_set_preferred_value(bios_attr, "enable");
-	}
+	fu_security_attr_add_bios_target_value(attr, "com.thinklmi.TSME", "enable");
 
 	if (!val) {
 		fwupd_security_attr_set_result(attr, FWUPD_SECURITY_ATTR_RESULT_NOT_ENCRYPTED);
@@ -87,14 +81,13 @@ fu_plugin_add_security_attrs_tsme(FuPlugin *plugin, const gchar *path, FuSecurit
 }
 
 static void
-fu_plugin_add_security_attrs_fused_part(const gchar *path, FuSecurityAttrs *attrs)
+fu_plugin_add_security_attrs_fused_part(FuPlugin *plugin, const gchar *path, FuSecurityAttrs *attrs)
 {
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 	g_autoptr(GError) error_local = NULL;
 	gboolean val;
 
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_PLATFORM_FUSED);
-	fwupd_security_attr_set_plugin(attr, "pci_psp");
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_PLATFORM_FUSED);
 	fu_security_attrs_append(attrs, attr);
 
 	if (!fu_plugin_pci_psp_get_attr(attr, path, "fused_part", &val, &error_local)) {
@@ -115,14 +108,15 @@ fu_plugin_add_security_attrs_fused_part(const gchar *path, FuSecurityAttrs *attr
 }
 
 static void
-fu_plugin_add_security_attrs_debug_locked_part(const gchar *path, FuSecurityAttrs *attrs)
+fu_plugin_add_security_attrs_debug_locked_part(FuPlugin *plugin,
+					       const gchar *path,
+					       FuSecurityAttrs *attrs)
 {
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 	g_autoptr(GError) error_local = NULL;
 	gboolean val;
 
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_PLATFORM_DEBUG_LOCKED);
-	fwupd_security_attr_set_plugin(attr, "pci_psp");
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_PLATFORM_DEBUG_LOCKED);
 	fu_security_attrs_append(attrs, attr);
 
 	if (!fu_plugin_pci_psp_get_attr(attr, path, "debug_lock_on", &val, &error_local)) {
@@ -143,14 +137,15 @@ fu_plugin_add_security_attrs_debug_locked_part(const gchar *path, FuSecurityAttr
 }
 
 static void
-fu_plugin_add_security_attrs_rollback_protection(const gchar *path, FuSecurityAttrs *attrs)
+fu_plugin_add_security_attrs_rollback_protection(FuPlugin *plugin,
+						 const gchar *path,
+						 FuSecurityAttrs *attrs)
 {
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 	g_autoptr(GError) error_local = NULL;
 	gboolean val;
 
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_AMD_ROLLBACK_PROTECTION);
-	fwupd_security_attr_set_plugin(attr, "pci_psp");
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_AMD_ROLLBACK_PROTECTION);
 	fu_security_attrs_append(attrs, attr);
 
 	if (!fu_plugin_pci_psp_get_attr(attr, path, "anti_rollback_status", &val, &error_local)) {
@@ -170,15 +165,14 @@ fu_plugin_add_security_attrs_rollback_protection(const gchar *path, FuSecurityAt
 }
 
 static void
-fu_plugin_add_security_attrs_rom_armor(const gchar *path, FuSecurityAttrs *attrs)
+fu_plugin_add_security_attrs_rom_armor(FuPlugin *plugin, const gchar *path, FuSecurityAttrs *attrs)
 {
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 	g_autoptr(GError) error_local = NULL;
 	gboolean val;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_AMD_SPI_WRITE_PROTECTION);
-	fwupd_security_attr_set_plugin(attr, "pci_psp");
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_AMD_SPI_WRITE_PROTECTION);
 	fu_security_attrs_append(attrs, attr);
 
 	if (!fu_plugin_pci_psp_get_attr(attr, path, "rom_armor_enforced", &val, &error_local)) {
@@ -199,15 +193,15 @@ fu_plugin_add_security_attrs_rom_armor(const gchar *path, FuSecurityAttrs *attrs
 }
 
 static void
-fu_plugin_add_security_attrs_rpmc(const gchar *path, FuSecurityAttrs *attrs)
+fu_plugin_add_security_attrs_rpmc(FuPlugin *plugin, const gchar *path, FuSecurityAttrs *attrs)
 {
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 	g_autoptr(GError) error_local = NULL;
 	gboolean val;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_AMD_SPI_REPLAY_PROTECTION);
-	fwupd_security_attr_set_plugin(attr, "pci_psp");
+	attr =
+	    fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_AMD_SPI_REPLAY_PROTECTION);
 	fu_security_attrs_append(attrs, attr);
 
 	if (!fu_plugin_pci_psp_get_attr(attr, path, "rpmc_spirom_available", &val, &error_local)) {
@@ -242,12 +236,11 @@ fu_plugin_add_security_attrs_rpmc(const gchar *path, FuSecurityAttrs *attrs)
 }
 
 static void
-fu_plugin_pci_psp_set_missing_data(FuSecurityAttrs *attrs)
+fu_plugin_pci_psp_set_missing_data(FuPlugin *plugin, FuSecurityAttrs *attrs)
 {
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_SUPPORTED_CPU);
-	fwupd_security_attr_set_plugin(attr, "pci_psp");
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_SUPPORTED_CPU);
 	fwupd_security_attr_add_obsolete(attr, "cpu");
 	fwupd_security_attr_add_flag(attr, FWUPD_SECURITY_ATTR_FLAG_MISSING_DATA);
 	fwupd_security_attr_add_flag(attr, FWUPD_SECURITY_ATTR_FLAG_ACTION_CONTACT_OEM);
@@ -271,16 +264,16 @@ fu_plugin_pci_psp_add_security_attrs(FuPlugin *plugin, FuSecurityAttrs *attrs)
 		test_file = g_build_filename(sysfs_path, "tsme_status", NULL);
 	}
 	if (sysfs_path == NULL || !g_file_test(test_file, G_FILE_TEST_EXISTS)) {
-		fu_plugin_pci_psp_set_missing_data(attrs);
+		fu_plugin_pci_psp_set_missing_data(plugin, attrs);
 		return;
 	}
 
 	fu_plugin_add_security_attrs_tsme(plugin, sysfs_path, attrs);
-	fu_plugin_add_security_attrs_fused_part(sysfs_path, attrs);
-	fu_plugin_add_security_attrs_debug_locked_part(sysfs_path, attrs);
-	fu_plugin_add_security_attrs_rollback_protection(sysfs_path, attrs);
-	fu_plugin_add_security_attrs_rpmc(sysfs_path, attrs);
-	fu_plugin_add_security_attrs_rom_armor(sysfs_path, attrs);
+	fu_plugin_add_security_attrs_fused_part(plugin, sysfs_path, attrs);
+	fu_plugin_add_security_attrs_debug_locked_part(plugin, sysfs_path, attrs);
+	fu_plugin_add_security_attrs_rollback_protection(plugin, sysfs_path, attrs);
+	fu_plugin_add_security_attrs_rpmc(plugin, sysfs_path, attrs);
+	fu_plugin_add_security_attrs_rom_armor(plugin, sysfs_path, attrs);
 }
 
 void

plugins/tpm/fu-plugin-tpm.c

@@ -119,8 +119,7 @@ fu_plugin_tpm_add_security_attr_version(FuPlugin *plugin, FuSecurityAttrs *attrs
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_TPM_VERSION_20);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_TPM_VERSION_20);
 	fu_security_attrs_append(attrs, attr);
 
 	/* check exists, and in v2.0 mode */
@@ -155,8 +154,7 @@ fu_plugin_tpm_add_security_attr_eventlog(FuPlugin *plugin, FuSecurityAttrs *attr
 		return;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_TPM_RECONSTRUCTION_PCR0);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_TPM_RECONSTRUCTION_PCR0);
 	fwupd_security_attr_add_guids(attr, fu_device_get_guids(priv->tpm_device));
 	fu_security_attrs_append(attrs, attr);
 
@@ -217,8 +215,7 @@ fu_plugin_tpm_add_security_attr_empty(FuPlugin *plugin, FuSecurityAttrs *attrs)
 		return;
 
 	/* add attributes */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_TPM_EMPTY_PCR);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_TPM_EMPTY_PCR);
 	fwupd_security_attr_add_guids(attr, fu_device_get_guids(priv->tpm_device));
 	fu_security_attrs_append(attrs, attr);
 

plugins/uefi-capsule/fu-plugin-uefi-capsule.c

@@ -181,21 +181,16 @@ fu_plugin_uefi_capsule_add_security_attrs(FuPlugin *plugin, FuSecurityAttrs *att
 	g_autoptr(GError) error = NULL;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_UEFI_SECUREBOOT);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_UEFI_SECUREBOOT);
 	fu_security_attrs_append(attrs, attr);
 
 	/* SB not available or disabled */
 	if (!fu_efivar_secure_boot_enabled(&error)) {
-		FwupdBiosAttr *bios_attr;
 		if (g_error_matches(error, FWUPD_ERROR, FWUPD_ERROR_NOT_SUPPORTED)) {
 			fwupd_security_attr_set_result(attr, FWUPD_SECURITY_ATTR_RESULT_NOT_FOUND);
 			return;
 		}
-		bios_attr = fu_context_get_bios_attr(fu_plugin_get_context(plugin), "SecureBoot");
-		if (bios_attr != NULL)
-			fwupd_security_attr_set_bios_attr_id(attr,
-							     fwupd_bios_attr_get_id(bios_attr));
+		fu_security_attr_add_bios_target_value(attr, "SecureBoot", "enable");
 		fwupd_security_attr_add_flag(attr, FWUPD_SECURITY_ATTR_FLAG_RUNTIME_ISSUE);
 		fwupd_security_attr_add_flag(attr, FWUPD_SECURITY_ATTR_FLAG_ACTION_CONFIG_FW);
 		fwupd_security_attr_set_result(attr, FWUPD_SECURITY_ATTR_RESULT_NOT_ENABLED);

plugins/uefi-pk/fu-plugin-uefi-pk.c

@@ -177,8 +177,7 @@ fu_plugin_uefi_pk_add_security_attrs(FuPlugin *plugin, FuSecurityAttrs *attrs)
 	g_autoptr(FwupdSecurityAttr) attr = NULL;
 
 	/* create attr */
-	attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_UEFI_PK);
-	fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
+	attr = fu_plugin_security_attr_new(plugin, FWUPD_SECURITY_ATTR_ID_UEFI_PK);
 	if (msf_device != NULL)
 		fwupd_security_attr_add_guids(attr, fu_device_get_guids(msf_device));
 	fu_security_attrs_append(attrs, attr);

po/POTFILES.in

@@ -12,7 +12,7 @@ src/fu-main.c
 src/fu-offline.c
 src/fu-progressbar.c
 src/fu-remote-list.c
-src/fu-security-attr.c
+src/fu-security-attr-common.c
 src/fu-tool.c
 src/fu-util.c
 src/fu-util-bios-attr.c

src/fu-engine.c

@@ -56,7 +56,7 @@
 #include "fu-plugin-private.h"
 #include "fu-release.h"
 #include "fu-remote-list.h"
-#include "fu-security-attr.h"
+#include "fu-security-attr-common.h"
 #include "fu-security-attrs-private.h"
 #include "fu-udev-device-private.h"
 #include "fu-version.h"

src/fu-history.c

@@ -20,7 +20,7 @@
 #include "fu-device-private.h"
 #include "fu-history.h"
 #include "fu-mutex.h"
-#include "fu-security-attr.h"
+#include "fu-security-attr-common.h"
 
 #define FU_HISTORY_CURRENT_SCHEMA_VERSION 8
 

src/fu-security-attr-common.c

@@ -11,7 +11,7 @@
 
 #include "fwupd-security-attr-private.h"
 
-#include "fu-security-attr.h"
+#include "fu-security-attr-common.h"
 #include "fu-security-attrs-private.h"
 
 gchar *

src/fu-self-test.c

@@ -28,7 +28,7 @@
 #include "fu-plugin-private.h"
 #include "fu-progressbar.h"
 #include "fu-release-common.h"
-#include "fu-security-attr.h"
+#include "fu-security-attr-common.h"
 #include "fu-smbios-private.h"
 #include "fu-spawn.h"
 

src/fu-tool.c

@@ -36,7 +36,7 @@
 #include "fu-hwids.h"
 #include "fu-plugin-private.h"
 #include "fu-progressbar.h"
-#include "fu-security-attr.h"
+#include "fu-security-attr-common.h"
 #include "fu-security-attrs-private.h"
 #include "fu-smbios-private.h"
 #include "fu-util-bios-attr.h"

src/fu-util-common.c

@@ -26,7 +26,7 @@
 #endif
 
 #include "fu-device-private.h"
-#include "fu-security-attr.h"
+#include "fu-security-attr-common.h"
 #include "fu-util-common.h"
 
 #ifdef HAVE_SYSTEMD

src/meson.build

@@ -46,7 +46,7 @@ daemon_src = [
   'fu-keyring-utils.c',
   'fu-plugin-list.c',
   'fu-remote-list.c',
-  'fu-security-attr.c',
+  'fu-security-attr-common.c',
 ] + systemd_src
 
 if gudev.found()
@@ -84,7 +84,7 @@ fwupdmgr = executable(
     'fu-util.c',
     'fu-history.c',
     'fu-progressbar.c',
-    'fu-security-attr.c',
+    'fu-security-attr-common.c',
     'fu-util-bios-attr.c',
     'fu-util-common.c',
     client_src,
@@ -126,7 +126,7 @@ fwupdoffline = executable(
     'fu-history.c',
     'fu-offline.c',
     'fu-spawn.c',
-    'fu-security-attr.c',
+    'fu-security-attr-common.c',
     'fu-util-common.c',
     systemd_src
   ],