diff --git a/plugins/acpi-dmar/README.md b/plugins/acpi-dmar/README.md index da544cb50..226fabbc4 100644 --- a/plugins/acpi-dmar/README.md +++ b/plugins/acpi-dmar/README.md @@ -6,3 +6,7 @@ Introduction This plugin checks if DMA remapping for Thunderbolt devices is available. The result will be stored in an security attribute for HSI. + +External interface access +------------------------- +This plugin requires read access to `/sys/firmware/acpi/tables`. diff --git a/plugins/acpi-facp/README.md b/plugins/acpi-facp/README.md index 5a4bd120d..885d6368a 100644 --- a/plugins/acpi-facp/README.md +++ b/plugins/acpi-facp/README.md @@ -6,3 +6,7 @@ Introduction This plugin checks if S2I sleep is available. The result will be stored in an security attribute for HSI. + +External interface access +------------------------- +This plugin requires read access to `/sys/firmware/acpi/tables`. diff --git a/plugins/altos/README.md b/plugins/altos/README.md index a05734451..d8d28895c 100644 --- a/plugins/altos/README.md +++ b/plugins/altos/README.md @@ -67,3 +67,7 @@ Command: `W $addr\n` where `$addr` is a memory address `0x8001000->0x8008000` Command: `v\n` The device will reboot into application mode. This is typically performed after flashing firmware completes successfully. + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. diff --git a/plugins/amt/README.md b/plugins/amt/README.md index e53d9d736..55ad2003c 100644 --- a/plugins/amt/README.md +++ b/plugins/amt/README.md @@ -25,3 +25,7 @@ Vendor ID Security ------------------ The device is not upgradable and thus requires no vendor ID set. + +External interface access +------------------------- +This plugin requires read only access to `/dev/mei0`. diff --git a/plugins/ata/README.md b/plugins/ata/README.md index 97240c8da..f9dbc87d5 100644 --- a/plugins/ata/README.md +++ b/plugins/ata/README.md @@ -47,3 +47,7 @@ This plugin uses the following plugin-specific quirks: |------------------------|-------------------------------------------|-----------------------| | `AtaTransferBlocks` | Blocks to transfer, or `0xffff` for max | 1.2.4 | | `AtaTransferMode` | The transfer mode, `0x3`, `0x7` or `0xe` | 1.2.4 | + +External interface access +------------------------- +This plugin requires the `SG_IO` ioctl interface. diff --git a/plugins/bcm57xx/README.md b/plugins/bcm57xx/README.md index 5cb0890d7..f8e85f1c1 100644 --- a/plugins/bcm57xx/README.md +++ b/plugins/bcm57xx/README.md @@ -26,3 +26,7 @@ Vendor ID Security ------------------ The vendor ID is set from the PCI vendor, in this instance set to `PCI:0x14E4` + +External interface access +------------------------- +This plugin requires the `SIOCETHTOOL` ioctl interface. diff --git a/plugins/ccgx/README.md b/plugins/ccgx/README.md index 8be26bdf8..67444e68f 100644 --- a/plugins/ccgx/README.md +++ b/plugins/ccgx/README.md @@ -97,3 +97,7 @@ Vendor ID Security ------------------ The vendor ID is set from the USB vendor, for example set to `USB:0x04B4` + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. diff --git a/plugins/colorhug/README.md b/plugins/colorhug/README.md index c86db7516..9e19ec748 100644 --- a/plugins/colorhug/README.md +++ b/plugins/colorhug/README.md @@ -34,3 +34,7 @@ Vendor ID Security ------------------ The vendor ID is set from the USB vendor, in this instance set to `USB:0x273F` + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. diff --git a/plugins/coreboot/README.md b/plugins/coreboot/README.md index beec31f75..c55ca55a3 100644 --- a/plugins/coreboot/README.md +++ b/plugins/coreboot/README.md @@ -57,3 +57,7 @@ Vendor ID Security ------------------ The vendor ID is set from the BIOS vendor, in this instance `DMI:coreboot` + +External interface access +------------------------- +This plugin does not currently use any external access. diff --git a/plugins/cpu/README.md b/plugins/cpu/README.md index 5ef8b88c5..b2f54c230 100644 --- a/plugins/cpu/README.md +++ b/plugins/cpu/README.md @@ -16,3 +16,7 @@ These devices add extra instance IDs from the CPUID values, e.g. * `CPUID\PRO_0&FAM_06` * `CPUID\PRO_0&FAM_06&MOD_0E` * `CPUID\PRO_0&FAM_06&MOD_0E&STP_3` + +External interface access +------------------------- +This plugin requires no extra access. diff --git a/plugins/cros-ec/README.md b/plugins/cros-ec/README.md index a16ac6dd0..5b348b004 100644 --- a/plugins/cros-ec/README.md +++ b/plugins/cros-ec/README.md @@ -38,6 +38,10 @@ values depending on the model and device mode. The list of USB VIDs used is: * `USB:0x18D1` +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. + [1] https://chromium.googlesource.com/chromiumos/platform/ec/+/master/extra/usb_updater/usb_updater2.c [2] https://chromium.googlesource.com/chromiumos/platform/ec/+/master/docs/usb_updater.md [3] https://www.chromium.org/chromium-os/firmware-porting-guide/fmap diff --git a/plugins/csr/README.md b/plugins/csr/README.md index 0d013af4b..72286c323 100644 --- a/plugins/csr/README.md +++ b/plugins/csr/README.md @@ -39,3 +39,7 @@ Vendor ID Security ------------------ The vendor ID is set from the USB vendor, in this instance set to `USB:0x0A12` + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. diff --git a/plugins/dell-dock/README.md b/plugins/dell-dock/README.md index 67e213972..8866867ca 100644 --- a/plugins/dell-dock/README.md +++ b/plugins/dell-dock/README.md @@ -68,3 +68,7 @@ This plugin uses the following plugin-specific quirks: | `DellDockVersionLowest` | The minimum component version required to safely operate the plugin | 1.1.3 | | `DellDockBoard*` | The board description of a board revision | 1.1.3 | | `DellDockInstallDurationI2C` | The duration of time required to install a payload via I2C. | 1.1.3 | + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. diff --git a/plugins/dell-esrt/README.md b/plugins/dell-esrt/README.md index 5c5aefc4a..b96120ac9 100644 --- a/plugins/dell-esrt/README.md +++ b/plugins/dell-esrt/README.md @@ -45,3 +45,9 @@ UEFI dummy device Version: 0 Created: 2018-06-25 ``` + +External interface access +------------------------- +This plugin requires: +* read/write access to `/dev/wmi/dell-smbios` and `/sys/bus/platform/devices/dcdbas`. +* read access to `/sys/firmware/efi/esrt`. diff --git a/plugins/dell/README.md b/plugins/dell/README.md index aa25bcfb9..c6e7a1058 100644 --- a/plugins/dell/README.md +++ b/plugins/dell/README.md @@ -181,3 +181,7 @@ These updates can be performed the standard method of using: Some components are updatable via other plugins in fwupd such as multi stream transport hub (MST) and thunderbolt NVM. + +External interface access +------------------------- +This plugin requires read/write access to `/dev/wmi/dell-smbios` and `/sys/bus/platform/devices/dcdbas`. diff --git a/plugins/dfu/README.md b/plugins/dfu/README.md index d3fce1b10..1170526ad 100644 --- a/plugins/dfu/README.md +++ b/plugins/dfu/README.md @@ -41,3 +41,7 @@ This plugin uses the following plugin-specific quirks: |`DfuFlags` | Optional quirks for a DFU device which doesn't follow the DFU 1.0 or 1.1 specification | 1.0.1| |`DfuForceVersion` | Forces a specific DFU version for the hardware device. This is required if the device does not set, or sets incorrectly, items in the DFU functional descriptor. |1.0.1| |`DfuForceTimeout` | Forces a specific device timeout, in ms | 1.4.0 | + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. diff --git a/plugins/ebitdo/README.md b/plugins/ebitdo/README.md index c26bce02e..d2a63e49e 100644 --- a/plugins/ebitdo/README.md +++ b/plugins/ebitdo/README.md @@ -44,3 +44,7 @@ values depending on the model and device mode. The list of USB VIDs used is: * `USB:0x1235` * `USB:0x2002` * `USB:0x8000` + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. diff --git a/plugins/elantp/README.md b/plugins/elantp/README.md index 5e4ea26d7..15bafcf40 100644 --- a/plugins/elantp/README.md +++ b/plugins/elantp/README.md @@ -31,7 +31,7 @@ Additionally another instance ID is added which corresponds to the module ID: These devices also use custom GUID values for the IC configuration, e.g. * `ELANTP\ICTYPE_09` - + Additionally another instance ID is added which corresponds to the IC type & module ID: * `ELANTP\ICTYPE_09&MOD_1234` @@ -50,3 +50,7 @@ This plugin uses the following plugin-specific quirks: |------------------------|-------------------------------------------|-----------------------| | `ElantpIcPageCount` | The IC page count | 1.4.6 | | `ElantpIapPassword` | The IAP password | 1.4.6 | + +External interface access +------------------------- +This plugin requires ioctl access to `HIDIOCSFEATURE` and `HIDIOCGFEATURE`. diff --git a/plugins/emmc/README.md b/plugins/emmc/README.md index 249f7056b..0ce5aa33c 100644 --- a/plugins/emmc/README.md +++ b/plugins/emmc/README.md @@ -24,3 +24,7 @@ Vendor ID Security ------------------ The vendor ID is set from the EMMC vendor, for example set to `EMMC:{$manfid}` + +External interface access +------------------------- +This plugin requires ioctl `MMC_IOC_CMD` and `MMC_IOC_MULTI_CMD` access. diff --git a/plugins/ep963x/README.md b/plugins/ep963x/README.md index c510cc19f..14bb362c9 100644 --- a/plugins/ep963x/README.md +++ b/plugins/ep963x/README.md @@ -29,3 +29,7 @@ Vendor ID Security ------------------ The vendor ID is set from the USB vendor, in this instance set to `USB:0x17EF` + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. diff --git a/plugins/fastboot/README.md b/plugins/fastboot/README.md index 2850a9246..d99cc8012 100644 --- a/plugins/fastboot/README.md +++ b/plugins/fastboot/README.md @@ -43,3 +43,7 @@ Vendor ID Security ------------------ The vendor ID is set from the USB vendor, for example `USB:0x18D1` + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. diff --git a/plugins/flashrom/README.md b/plugins/flashrom/README.md index f8b718244..b3fb1a257 100644 --- a/plugins/flashrom/README.md +++ b/plugins/flashrom/README.md @@ -28,3 +28,8 @@ Vendor ID Security ------------------ The vendor ID is set from the BIOS vendor, for example `DMI:Google` + +External interface access +--- +This plugin requires access to all interfaces that `libflashrom` has been compiled for. +This typically is `/sys/bus/spi` but there may be other interfaces as well. diff --git a/plugins/fresco-pd/README.md b/plugins/fresco-pd/README.md index c592e9059..6f87a3ea5 100644 --- a/plugins/fresco-pd/README.md +++ b/plugins/fresco-pd/README.md @@ -33,3 +33,7 @@ Vendor ID Security ------------------ The vendor ID is set from the USB vendor, in this instance set to `USB:0x1D5C` + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. diff --git a/plugins/goodix-moc/README.md b/plugins/goodix-moc/README.md index 8c35edbc7..17c0cd700 100644 --- a/plugins/goodix-moc/README.md +++ b/plugins/goodix-moc/README.md @@ -29,3 +29,7 @@ Vendor ID Security ------------------ The vendor ID is set from the USB vendor, in this instance set to `USB:0x27C6` + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. diff --git a/plugins/iommu/README.md b/plugins/iommu/README.md index 12574ffd6..407d55b8d 100644 --- a/plugins/iommu/README.md +++ b/plugins/iommu/README.md @@ -5,3 +5,7 @@ Introduction ------------ This plugin checks if an IOMMU is available on the system. + +External interface access +------------------------- +This plugin requires no extra access. diff --git a/plugins/jabra/README.md b/plugins/jabra/README.md index 3a5ab7fa8..f0466349e 100644 --- a/plugins/jabra/README.md +++ b/plugins/jabra/README.md @@ -26,3 +26,7 @@ Vendor ID Security ------------------ The vendor ID is set from the USB vendor, in this instance set to `USB:0x0A12` + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. diff --git a/plugins/linux-lockdown/README.md b/plugins/linux-lockdown/README.md index 0cd58d6b9..8fef436f6 100644 --- a/plugins/linux-lockdown/README.md +++ b/plugins/linux-lockdown/README.md @@ -6,3 +6,7 @@ Introduction This plugin checks if the currently running kernel is locked down. The result will be stored in an security attribute for HSI. + +External interface access +------------------------- +This plugin requires read access to `/sys/sys/kernel/security`. diff --git a/plugins/linux-sleep/README.md b/plugins/linux-sleep/README.md index b7864933e..e87d422fa 100644 --- a/plugins/linux-sleep/README.md +++ b/plugins/linux-sleep/README.md @@ -6,3 +6,7 @@ Introduction This plugin checks if s3 sleep is available. The result will be stored in an security attribute for HSI. + +External interface access +------------------------- +This plugin requires read access to `/sys/power/mem_sleep`. diff --git a/plugins/linux-swap/README.md b/plugins/linux-swap/README.md index f7e28574a..f3b3f770d 100644 --- a/plugins/linux-swap/README.md +++ b/plugins/linux-swap/README.md @@ -6,3 +6,7 @@ Introduction This plugin checks if the currently available swap partitions and files are all encrypted. The result will be stored in an security attribute for HSI. + +External interface access +------------------------- +This plugin requires read access to `/proc` diff --git a/plugins/linux-tainted/README.md b/plugins/linux-tainted/README.md index 3c1a72d71..e240061df 100644 --- a/plugins/linux-tainted/README.md +++ b/plugins/linux-tainted/README.md @@ -6,3 +6,7 @@ Introduction This plugin checks if the currently running kernel is tainted. The result will be stored in an security attribute for HSI. + +External interface access +------------------------- +This plugin requires read access to `/sys/kernel/tainted`. diff --git a/plugins/logind/README.md b/plugins/logind/README.md index bd66d8bba..d7d5456ae 100644 --- a/plugins/logind/README.md +++ b/plugins/logind/README.md @@ -11,3 +11,7 @@ Vendor ID Security ------------------ This protocol does not create a device and thus requires no vendor ID set. + +External interface access +------------------------- +This plugin requires access to the dbus interface `org.freedesktop.login1`. diff --git a/plugins/logitech-hidpp/README.md b/plugins/logitech-hidpp/README.md index 89f918323..3a00e6ae0 100644 --- a/plugins/logitech-hidpp/README.md +++ b/plugins/logitech-hidpp/README.md @@ -58,3 +58,7 @@ paired devices. [1] https://www.mousejack.com/ [2] https://pwr-Solaar.github.io/Solaar/ + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. diff --git a/plugins/modem-manager/README.md b/plugins/modem-manager/README.md index a2ab7645e..b97eeafe9 100644 --- a/plugins/modem-manager/README.md +++ b/plugins/modem-manager/README.md @@ -48,3 +48,7 @@ partition where the MCFG files are stored can be wiped out before installing the new ones. Update protocol: com.qualcomm.qmi_pdc + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. diff --git a/plugins/msr/README.md b/plugins/msr/README.md index a5a245160..0fbfe725e 100644 --- a/plugins/msr/README.md +++ b/plugins/msr/README.md @@ -12,3 +12,7 @@ always be disabled and locked on production hardware as it allows the attacker to disable other firmware protection methods. The result will be stored in a security attribute for HSI. + +External interface access +------------------------- +This plugin requires read access to `/sys/class/msr`. diff --git a/plugins/nitrokey/README.md b/plugins/nitrokey/README.md index 852e88a43..e50b472e3 100644 --- a/plugins/nitrokey/README.md +++ b/plugins/nitrokey/README.md @@ -25,3 +25,7 @@ Vendor ID Security The vendor ID is set from the USB vendor, in this instance set to `USB:0x20A0` in runtime mode and `USB:0x03EB` in bootloader mode. + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. diff --git a/plugins/nvme/README.md b/plugins/nvme/README.md index da5c86253..3005948e9 100644 --- a/plugins/nvme/README.md +++ b/plugins/nvme/README.md @@ -54,3 +54,7 @@ Vendor ID Security ------------------ The vendor ID is set from the udev vendor, for example set to `NVME:0x1179` + +External interface access +------------------------- +This plugin requires ioctl `NVME_IOCTL_ADMIN_CMD` access. diff --git a/plugins/optionrom/README.md b/plugins/optionrom/README.md index f07405c2b..d028e3ca3 100644 --- a/plugins/optionrom/README.md +++ b/plugins/optionrom/README.md @@ -24,3 +24,7 @@ Vendor ID Security ------------------ The device is not upgradable and thus requires no vendor ID set. + +External interface access +------------------------- +This plugin requires read access to the rom file of PCI devices (`/sys/class/pci_bus/*/device/rom`) diff --git a/plugins/pci-bcr/README.md b/plugins/pci-bcr/README.md index c838edea9..dae5c5974 100644 --- a/plugins/pci-bcr/README.md +++ b/plugins/pci-bcr/README.md @@ -6,3 +6,7 @@ Introduction This plugin checks if the system SPI chip is locked. The result will be stored in an security attribute for HSI. + +External interface access +------------------------- +This plugin requires read access to the config space of PCI devices (`/sys/class/pci_bus/*/device/config`) diff --git a/plugins/pci-mei/README.md b/plugins/pci-mei/README.md index 1744c6c4a..d52e8f005 100644 --- a/plugins/pci-mei/README.md +++ b/plugins/pci-mei/README.md @@ -6,3 +6,7 @@ Introduction This plugin checks if the ME is in Manufacturing Mode. The result will be stored in an security attribute for HSI. + +External interface access +------------------------- +This plugin requires read access to the config space of PCI devices (`/sys/class/pci_bus/*/device/config`) diff --git a/plugins/platform-integrity/README.md b/plugins/platform-integrity/README.md index aad353a5e..170e541a9 100644 --- a/plugins/platform-integrity/README.md +++ b/plugins/platform-integrity/README.md @@ -6,3 +6,7 @@ Introduction This plugin checks if the system SPI chip is locked. The result will be stored in an security attribute for HSI. + +External interface access +------------------------- +This plugin requires read access to `/sys/class/platform-integrity` diff --git a/plugins/redfish/README.md b/plugins/redfish/README.md index 55b3cca0b..b46dd525a 100644 --- a/plugins/redfish/README.md +++ b/plugins/redfish/README.md @@ -73,3 +73,7 @@ and verify the uri with or $ curl -k https://192.168.0.133:443/redfish/v1/ + +External interface access +------------------------- +This requires HTTP access to a given URL. diff --git a/plugins/rts54hid/README.md b/plugins/rts54hid/README.md index 9a5b6a679..9cb52a604 100644 --- a/plugins/rts54hid/README.md +++ b/plugins/rts54hid/README.md @@ -47,3 +47,7 @@ This plugin uses the following plugin-specific quirks: | `Rts54TargetAddr` | The target address of a child module. | 1.1.3 | | `Rts54I2cSpeed` | The I2C speed to operate at (0, 1, 2). | 1.1.3 | | `Rts54RegisterAddrLen` | The I2C register address length of commands | 1.1.3 | + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. diff --git a/plugins/rts54hub/README.md b/plugins/rts54hub/README.md index be4818da4..c0c231d51 100644 --- a/plugins/rts54hub/README.md +++ b/plugins/rts54hub/README.md @@ -33,3 +33,7 @@ Vendor ID Security ------------------ The vendor ID is set from the USB vendor, in this instance set to `USB:0x0BDA` + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. diff --git a/plugins/solokey/README.md b/plugins/solokey/README.md index 5f72e8d76..b32a0a48f 100644 --- a/plugins/solokey/README.md +++ b/plugins/solokey/README.md @@ -31,3 +31,7 @@ Vendor ID Security ------------------ The vendor ID is set from the USB vendor, in this instance set to `USB:0x0483` + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. diff --git a/plugins/steelseries/README.md b/plugins/steelseries/README.md index dd3c745f5..9ea70cf40 100644 --- a/plugins/steelseries/README.md +++ b/plugins/steelseries/README.md @@ -21,3 +21,7 @@ Vendor ID Security ------------------ The device is not upgradable and thus requires no vendor ID set. + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. diff --git a/plugins/superio/README.md b/plugins/superio/README.md index 79c97efd8..8ef8f91c9 100644 --- a/plugins/superio/README.md +++ b/plugins/superio/README.md @@ -27,3 +27,7 @@ Vendor ID Security ------------------ The vendor ID is set from the baseboard vendor, for example `DMI:Star Labs` + +External interface access +------------------------- +This plugin requires access to raw system memory via `inb`/`outb`. diff --git a/plugins/synaptics-cxaudio/README.md b/plugins/synaptics-cxaudio/README.md index ac32c8886..1bd7d2c15 100644 --- a/plugins/synaptics-cxaudio/README.md +++ b/plugins/synaptics-cxaudio/README.md @@ -47,3 +47,7 @@ This plugin uses the following plugin-specific quirks: | `IsSoftwareResetSupported` | If the chip supports self-reset | 1.3.2 | | `EepromPatchValidAddr` | Address of patch location #1 | 1.3.2 | | `EepromPatch2ValidAddr` | Address of patch location #2 | 1.3.2 | + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. diff --git a/plugins/synaptics-mst/README.md b/plugins/synaptics-mst/README.md index a821455f3..1a9ecfa32 100644 --- a/plugins/synaptics-mst/README.md +++ b/plugins/synaptics-mst/README.md @@ -84,3 +84,7 @@ Here is a sample list of systems known to support them however: * Latitude Rugged 5414 * Latitude Rugged 7214 * Latitude Rugged 7414 + +External interface access +------------------------- +This plugin requires read/write access to `/dev/drm_dp_aux*`. diff --git a/plugins/synaptics-prometheus/README.md b/plugins/synaptics-prometheus/README.md index c448680eb..993ff031c 100644 --- a/plugins/synaptics-prometheus/README.md +++ b/plugins/synaptics-prometheus/README.md @@ -31,3 +31,7 @@ Vendor ID Security ------------------ The vendor ID is set from the USB vendor, in this instance set to `USB:0x06CB` + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. diff --git a/plugins/synaptics-rmi/README.md b/plugins/synaptics-rmi/README.md index e2c8fdddc..d3e6ea919 100644 --- a/plugins/synaptics-rmi/README.md +++ b/plugins/synaptics-rmi/README.md @@ -31,3 +31,7 @@ a proprietary (but docucumented) file format. This plugin supports the following protocol ID: * com.synaptics.rmi + +External interface access +------------------------- +This plugin requires ioctl access to `HIDIOCSFEATURE` and `HIDIOCGFEATURE`. diff --git a/plugins/test/README.md b/plugins/test/README.md index 3ab0229c8..4691cce0a 100644 --- a/plugins/test/README.md +++ b/plugins/test/README.md @@ -16,3 +16,7 @@ Vendor ID Security ------------------ The fake device is only for local testing and thus requires no vendor ID set. + +External interface access +------------------------- +This plugin requires no extra access. diff --git a/plugins/thelio-io/README.md b/plugins/thelio-io/README.md index f85e8735e..812f62571 100644 --- a/plugins/thelio-io/README.md +++ b/plugins/thelio-io/README.md @@ -20,3 +20,7 @@ Vendor ID Security ------------------ The vendor ID is set from the USB vendor, in this instance set to `USB:0x1209` + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. diff --git a/plugins/thunderbolt/README.md b/plugins/thunderbolt/README.md index bcc54550d..4823a2ac9 100644 --- a/plugins/thunderbolt/README.md +++ b/plugins/thunderbolt/README.md @@ -92,3 +92,7 @@ DROM and exposed in the relevant sysfs attributes. If the controller is in native enumeration mode, the string "-native" is added at the end so the format is "TBT-vvvvdddd-native". + +External interface access +------------------------- +This plugin requires read/write access to `/sys/bus/thunderbolt`. diff --git a/plugins/tpm-eventlog/README.md b/plugins/tpm-eventlog/README.md index 603b21995..af62cb55a 100644 --- a/plugins/tpm-eventlog/README.md +++ b/plugins/tpm-eventlog/README.md @@ -15,3 +15,7 @@ Vendor ID Security ------------------ The device is not upgradable and thus requires no vendor ID set. + +External interface access +------------------------- +This plugin requires read only access to `/sys/kernel/security/tpm0/binary_bios_measurements`. diff --git a/plugins/tpm/README.md b/plugins/tpm/README.md index f37561bd7..32fceeee3 100644 --- a/plugins/tpm/README.md +++ b/plugins/tpm/README.md @@ -30,3 +30,7 @@ Vendor ID Security ------------------ The device is not upgradable and thus requires no vendor ID set. + +External interface access +------------------------- +This plugin uses the tpm2-tss library to access the TPM. It requires access to `/sys/class/tpm`. diff --git a/plugins/uefi-dbx/README.md b/plugins/uefi-dbx/README.md index 3607a8d19..69ac99507 100644 --- a/plugins/uefi-dbx/README.md +++ b/plugins/uefi-dbx/README.md @@ -39,3 +39,9 @@ Vendor ID Security ------------------ The vendor ID is hardcoded to `UEFI:Microsoft` for all devices. + + +External interface access +------------------------- +This plugin requires: +* read/write access to `/sys/firmware/efi/efivars` diff --git a/plugins/uefi-recovery/README.md b/plugins/uefi-recovery/README.md index 4e3f5d70c..33ff21434 100644 --- a/plugins/uefi-recovery/README.md +++ b/plugins/uefi-recovery/README.md @@ -20,3 +20,7 @@ Vendor ID Security ------------------ The vendor ID is set from the BIOS vendor, for example `DMI:LENOVO` + +External interface access +------------------------- +This plugin requires no extra access. diff --git a/plugins/uefi/README.md b/plugins/uefi/README.md index 10d06c918..0b973a441 100644 --- a/plugins/uefi/README.md +++ b/plugins/uefi/README.md @@ -58,3 +58,11 @@ Since version 1.1.0 fwupd will autodetect the ESP when it is mounted on used by modifying *OverrideESPMountPoint* in `/etc/fwupd/uefi.conf`. Setting an invalid directory will disable the fwupd plugin. + +External interface access +------------------------- +This plugin requires: +* read/write access to the EFI system partition. +* read access to `/sys/firmware/efi/esrt/` +* read access to `/sys/firmware/efi/fw_platform_size` +* read/write access to `/sys/firmware/efi/efivars` diff --git a/plugins/upower/README.md b/plugins/upower/README.md index 3940be144..e27863dd0 100644 --- a/plugins/upower/README.md +++ b/plugins/upower/README.md @@ -10,3 +10,7 @@ Vendor ID Security ------------------ This protocol does not create a device and thus requires no vendor ID set. + +External interface access +------------------------- +This plugin requires access to the dbus interface `org.freedesktop.UPower`. diff --git a/plugins/vli/README.md b/plugins/vli/README.md index 71f459b65..14a47a70c 100644 --- a/plugins/vli/README.md +++ b/plugins/vli/README.md @@ -80,3 +80,7 @@ the other flash chip parameters. For example: [Guid=VLI_USBHUB\\SPI_37303840] SpiCmdChipErase = 0xc7 SpiCmdSectorErase = 0x20 + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`. diff --git a/plugins/wacom-raw/README.md b/plugins/wacom-raw/README.md index 24eb155d9..0bf6afae0 100644 --- a/plugins/wacom-raw/README.md +++ b/plugins/wacom-raw/README.md @@ -36,3 +36,7 @@ Vendor ID Security ------------------ The vendor ID is set from the udev vendor, in this instance set to `HIDRAW:0x056A` + +External interface access +------------------------- +This plugin requires ioctl `HIDIOCSFEATURE` access. diff --git a/plugins/wacom-usb/README.md b/plugins/wacom-usb/README.md index 7db56c244..46eaddfc6 100644 --- a/plugins/wacom-usb/README.md +++ b/plugins/wacom-usb/README.md @@ -44,3 +44,7 @@ Vendor ID Security ------------------ The vendor ID is set from the USB vendor, for example set to `USB:0x056A` + +External interface access +------------------------- +This plugin requires read/write access to `/dev/bus/usb`.