diff --git a/libfwupd/fwupd-client.c b/libfwupd/fwupd-client.c
index 9bea5f69e..e1532f5ab 100644
--- a/libfwupd/fwupd-client.c
+++ b/libfwupd/fwupd-client.c
@@ -66,6 +66,7 @@ typedef struct {
gchar *host_product;
gchar *host_machine_id;
gchar *host_security_id;
+ gboolean only_trusted;
GMutex proxy_mutex; /* for @proxy */
GDBusProxy *proxy;
GProxyResolver *proxy_resolver;
@@ -108,6 +109,7 @@ enum {
PROP_HOST_SECURITY_ID,
PROP_HOST_BKC,
PROP_INTERACTIVE,
+ PROP_ONLY_TRUSTED,
PROP_LAST
};
@@ -421,6 +423,14 @@ fwupd_client_properties_changed_cb(GDBusProxy *proxy,
if (val != NULL)
fwupd_client_set_host_security_id(self, g_variant_get_string(val, NULL));
}
+ if (g_variant_dict_contains(dict, "OnlyTrusted")) {
+ g_autoptr(GVariant) val = NULL;
+ val = g_dbus_proxy_get_cached_property(proxy, "OnlyTrusted");
+ if (val != NULL) {
+ priv->only_trusted = g_variant_get_boolean(val);
+ fwupd_client_object_notify(self, "only-trusted");
+ }
+ }
}
static void
@@ -666,6 +676,7 @@ fwupd_client_connect_get_proxy_cb(GObject *source, GAsyncResult *res, gpointer u
g_autoptr(GVariant) val6 = NULL;
g_autoptr(GVariant) val7 = NULL;
g_autoptr(GVariant) val8 = NULL;
+ g_autoptr(GVariant) val9 = NULL;
g_autoptr(GMutexLocker) locker = NULL;
proxy = g_dbus_proxy_new_finish(res, &error);
@@ -715,6 +726,9 @@ fwupd_client_connect_get_proxy_cb(GObject *source, GAsyncResult *res, gpointer u
val8 = g_dbus_proxy_get_cached_property(priv->proxy, "HostBkc");
if (val8 != NULL)
fwupd_client_set_host_bkc(self, g_variant_get_string(val8, NULL));
+ val9 = g_dbus_proxy_get_cached_property(priv->proxy, "OnlyTrusted");
+ if (val9 != NULL)
+ priv->only_trusted = g_variant_get_boolean(val9);
/* build client hints */
g_variant_builder_init(&builder, G_VARIANT_TYPE("a{ss}"));
@@ -3280,6 +3294,24 @@ fwupd_client_get_tainted(FwupdClient *self)
return priv->tainted;
}
+/**
+ * fwupd_client_get_only_trusted:
+ * @self: a #FwupdClient
+ *
+ * Gets if the daemon is verifying signatures from a trusted authority.
+ *
+ * Returns: %TRUE if the daemon is checking signatures
+ *
+ * Since: 1.8.0
+ **/
+gboolean
+fwupd_client_get_only_trusted(FwupdClient *self)
+{
+ FwupdClientPrivate *priv = GET_PRIVATE(self);
+ g_return_val_if_fail(FWUPD_IS_CLIENT(self), FALSE);
+ return priv->only_trusted;
+}
+
/**
* fwupd_client_get_daemon_interactive:
* @self: a #FwupdClient
@@ -5106,6 +5138,9 @@ fwupd_client_get_property(GObject *object, guint prop_id, GValue *value, GParamS
case PROP_HOST_SECURITY_ID:
g_value_set_string(value, priv->host_security_id);
break;
+ case PROP_ONLY_TRUSTED:
+ g_value_set_boolean(value, priv->only_trusted);
+ break;
case PROP_INTERACTIVE:
g_value_set_boolean(value, priv->interactive);
break;
@@ -5414,6 +5449,20 @@ fwupd_client_class_init(FwupdClientClass *klass)
NULL,
G_PARAM_READABLE | G_PARAM_STATIC_NAME);
g_object_class_install_property(object_class, PROP_HOST_SECURITY_ID, pspec);
+
+ /**
+ * FwupdClient:only-trusted:
+ *
+ * If the daemon is verifying signatures from a trusted authority.
+ *
+ * Since: 1.8.0
+ */
+ pspec = g_param_spec_boolean("only-trusted",
+ NULL,
+ NULL,
+ TRUE,
+ G_PARAM_READABLE | G_PARAM_STATIC_NAME);
+ g_object_class_install_property(object_class, PROP_ONLY_TRUSTED, pspec);
}
static void
diff --git a/libfwupd/fwupd-client.h b/libfwupd/fwupd-client.h
index 950935e4b..5f2dfe610 100644
--- a/libfwupd/fwupd-client.h
+++ b/libfwupd/fwupd-client.h
@@ -364,6 +364,8 @@ fwupd_client_get_status(FwupdClient *self);
gboolean
fwupd_client_get_tainted(FwupdClient *self);
gboolean
+fwupd_client_get_only_trusted(FwupdClient *self);
+gboolean
fwupd_client_get_daemon_interactive(FwupdClient *self);
guint
fwupd_client_get_percentage(FwupdClient *self);
diff --git a/libfwupd/fwupd.map b/libfwupd/fwupd.map
index 026b21a3b..f8fe546de 100644
--- a/libfwupd/fwupd.map
+++ b/libfwupd/fwupd.map
@@ -755,3 +755,9 @@ LIBFWUPD_1.7.6 {
fwupd_device_get_issues;
local: *;
} LIBFWUPD_1.7.4;
+
+LIBFWUPD_1.8.0 {
+ global:
+ fwupd_client_get_only_trusted;
+ local: *;
+} LIBFWUPD_1.7.6;
diff --git a/src/fu-engine.c b/src/fu-engine.c
index f9d9ae409..4f8685e07 100644
--- a/src/fu-engine.c
+++ b/src/fu-engine.c
@@ -110,6 +110,7 @@ struct _FuEngine {
FuDeviceList *device_list;
FwupdStatus status;
gboolean tainted;
+ gboolean only_trusted;
gboolean write_history;
guint percentage;
FuHistory *history;
@@ -6274,6 +6275,13 @@ fu_engine_get_tainted(FuEngine *self)
return self->tainted;
}
+gboolean
+fu_engine_get_only_trusted(FuEngine *self)
+{
+ g_return_val_if_fail(FU_IS_ENGINE(self), FALSE);
+ return fu_config_get_only_trusted(self->config);
+}
+
const gchar *
fu_engine_get_host_product(FuEngine *self)
{
diff --git a/src/fu-engine.h b/src/fu-engine.h
index e5d63233f..1839241db 100644
--- a/src/fu-engine.h
+++ b/src/fu-engine.h
@@ -59,6 +59,8 @@ gboolean
fu_engine_load_plugins(FuEngine *self, GError **error);
gboolean
fu_engine_get_tainted(FuEngine *self);
+gboolean
+fu_engine_get_only_trusted(FuEngine *self);
const gchar *
fu_engine_get_host_product(FuEngine *self);
const gchar *
diff --git a/src/fu-main.c b/src/fu-main.c
index 5ceb33737..e44295d81 100644
--- a/src/fu-main.c
+++ b/src/fu-main.c
@@ -1889,6 +1889,9 @@ fu_main_daemon_get_property(GDBusConnection *connection_,
if (g_strcmp0(property_name, "Interactive") == 0)
return g_variant_new_boolean(isatty(fileno(stdout)) != 0);
+ if (g_strcmp0(property_name, "OnlyTrusted") == 0)
+ return g_variant_new_boolean(fu_engine_get_only_trusted(priv->engine));
+
/* return an error */
g_set_error(error,
G_DBUS_ERROR,
diff --git a/src/org.freedesktop.fwupd.xml b/src/org.freedesktop.fwupd.xml
index 2d34d675a..5df7900ba 100644
--- a/src/org.freedesktop.fwupd.xml
+++ b/src/org.freedesktop.fwupd.xml
@@ -111,6 +111,17 @@
+
+
+
+
+
+ If the daemon requires trusted payloads.
+
+
+
+
+