From 9391deb2d78d3e6f9ede514e70657fe030bb27ba Mon Sep 17 00:00:00 2001 From: Mario Limonciello Date: Wed, 24 Aug 2022 21:47:02 -0500 Subject: [PATCH] trivial: only accept bios settings ending in .json --- docs/bios-settings.md | 2 +- src/fu-engine.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/bios-settings.md b/docs/bios-settings.md index be64574bc..03d161d14 100644 --- a/docs/bios-settings.md +++ b/docs/bios-settings.md @@ -162,7 +162,7 @@ An important return code to know for programmatic usage is that *2* means nothin `fwupd` has the ability to enforce the BIOS settings policy of a system administrator. To use this feature, create a json payload using `fwupdmgr get-bios-setting --json` that reflects the settings you would like to see enforced. -Then copy this payload into `/etc/fwupd/bios-settings.d`. The next time that the fwupd daemon is started (such as a system bootup) it will ensure that all BIOS settings are programed to your desired values. It will also mark those settings as read-only so no fwupd clients will be able to modify them. +Then copy this payload into `/etc/fwupd/bios-settings.d` with a filename ending in `.json`. The next time that the fwupd daemon is started (such as a system bootup) it will ensure that all BIOS settings are programed to your desired values. It will also mark those settings as read-only so no fwupd clients will be able to modify them. This *does not* stop the kernel firmware-attributes API from working. So a determined user with appropriate permissions would be able to modify settings from the kernel API directly, but they would be changed again on fwupd daemon startup. diff --git a/src/fu-engine.c b/src/fu-engine.c index 88dea5369..6a8ab2902 100644 --- a/src/fu-engine.c +++ b/src/fu-engine.c @@ -6906,7 +6906,7 @@ fu_engine_apply_default_bios_settings_policy(FuEngine *self, GError **error) dir = g_dir_open(dirname, 0, error); while ((tmp = g_dir_read_name(dir)) != NULL) { g_autofree gchar *fn = NULL; - if (g_strcmp0(tmp, "README.md") == 0) + if (!g_str_has_suffix(tmp, ".json")) continue; fn = g_build_filename(dirname, tmp, NULL); g_debug("Loading default BIOS settings policy from %s", fn);