mirror of
https://git.proxmox.com/git/fwupd
synced 2025-08-14 16:11:22 +00:00
Set the HSI levels in a central place
This means we don't need to worry about changing multiple implementations if the HSI levels change for a specific ID. It also means we can fake HSI results in the future without having to also store the 'correct' level in the input file.
This commit is contained in:
Richard Hughes
parent
f1aabcf6f7
commit
a5749f4d23
@ -1380,6 +1380,7 @@ static void
|
||||
fwupd_security_attr_init(FwupdSecurityAttr *self)
|
||||
{
|
||||
FwupdSecurityAttrPrivate *priv = GET_PRIVATE(self);
|
||||
priv->level = FWUPD_SECURITY_ATTR_LEVEL_NONE;
|
||||
priv->obsoletes = g_ptr_array_new_with_free_func(g_free);
|
||||
priv->guids = g_ptr_array_new_with_free_func(g_free);
|
||||
priv->created = (guint64)g_get_real_time() / G_USEC_PER_SEC;
|
||||
|
||||
@ -313,6 +313,70 @@ fu_security_attrs_sort_cb(gconstpointer item1, gconstpointer item2)
|
||||
return g_strcmp0(sort1, sort2);
|
||||
}
|
||||
|
||||
static struct {
|
||||
const gchar *appstream_id;
|
||||
FwupdSecurityAttrLevel level;
|
||||
} appstream_id_level_map[] = {
|
||||
{FWUPD_SECURITY_ATTR_ID_AMD_ROLLBACK_PROTECTION, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL},
|
||||
{FWUPD_SECURITY_ATTR_ID_AMD_SPI_REPLAY_PROTECTION, FWUPD_SECURITY_ATTR_LEVEL_THEORETICAL},
|
||||
{FWUPD_SECURITY_ATTR_ID_AMD_SPI_WRITE_PROTECTION, FWUPD_SECURITY_ATTR_LEVEL_IMPORTANT},
|
||||
{FWUPD_SECURITY_ATTR_ID_ENCRYPTED_RAM, FWUPD_SECURITY_ATTR_LEVEL_SYSTEM_PROTECTION},
|
||||
{FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_ACM, FWUPD_SECURITY_ATTR_LEVEL_IMPORTANT},
|
||||
{FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_ENABLED, FWUPD_SECURITY_ATTR_LEVEL_IMPORTANT},
|
||||
{FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_OTP, FWUPD_SECURITY_ATTR_LEVEL_IMPORTANT},
|
||||
{FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_POLICY, FWUPD_SECURITY_ATTR_LEVEL_THEORETICAL},
|
||||
{FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_VERIFIED, FWUPD_SECURITY_ATTR_LEVEL_IMPORTANT},
|
||||
{FWUPD_SECURITY_ATTR_ID_INTEL_CET_ACTIVE, FWUPD_SECURITY_ATTR_LEVEL_THEORETICAL},
|
||||
{FWUPD_SECURITY_ATTR_ID_INTEL_CET_ENABLED, FWUPD_SECURITY_ATTR_LEVEL_THEORETICAL},
|
||||
{FWUPD_SECURITY_ATTR_ID_INTEL_SMAP, FWUPD_SECURITY_ATTR_LEVEL_SYSTEM_PROTECTION},
|
||||
{FWUPD_SECURITY_ATTR_ID_IOMMU, FWUPD_SECURITY_ATTR_LEVEL_IMPORTANT},
|
||||
{FWUPD_SECURITY_ATTR_ID_MEI_MANUFACTURING_MODE, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL},
|
||||
{FWUPD_SECURITY_ATTR_ID_MEI_OVERRIDE_STRAP, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL},
|
||||
{FWUPD_SECURITY_ATTR_ID_MEI_VERSION, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL},
|
||||
{FWUPD_SECURITY_ATTR_ID_PLATFORM_DEBUG_ENABLED, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL},
|
||||
{FWUPD_SECURITY_ATTR_ID_PLATFORM_DEBUG_LOCKED, FWUPD_SECURITY_ATTR_LEVEL_IMPORTANT},
|
||||
{FWUPD_SECURITY_ATTR_ID_PLATFORM_FUSED, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL},
|
||||
{FWUPD_SECURITY_ATTR_ID_PREBOOT_DMA_PROTECTION, FWUPD_SECURITY_ATTR_LEVEL_THEORETICAL},
|
||||
{FWUPD_SECURITY_ATTR_ID_SPI_BIOSWE, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL},
|
||||
{FWUPD_SECURITY_ATTR_ID_SPI_BLE, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL},
|
||||
{FWUPD_SECURITY_ATTR_ID_SPI_DESCRIPTOR, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL},
|
||||
{FWUPD_SECURITY_ATTR_ID_SPI_SMM_BWP, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL},
|
||||
{FWUPD_SECURITY_ATTR_ID_SUPPORTED_CPU, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL},
|
||||
{FWUPD_SECURITY_ATTR_ID_SUSPEND_TO_IDLE, FWUPD_SECURITY_ATTR_LEVEL_THEORETICAL},
|
||||
{FWUPD_SECURITY_ATTR_ID_SUSPEND_TO_RAM, FWUPD_SECURITY_ATTR_LEVEL_THEORETICAL},
|
||||
{FWUPD_SECURITY_ATTR_ID_TPM_EMPTY_PCR, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL},
|
||||
{FWUPD_SECURITY_ATTR_ID_TPM_RECONSTRUCTION_PCR0, FWUPD_SECURITY_ATTR_LEVEL_IMPORTANT},
|
||||
{FWUPD_SECURITY_ATTR_ID_TPM_VERSION_20, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL},
|
||||
{FWUPD_SECURITY_ATTR_ID_UEFI_PK, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL},
|
||||
{FWUPD_SECURITY_ATTR_ID_UEFI_SECUREBOOT, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL},
|
||||
{NULL, FWUPD_SECURITY_ATTR_LEVEL_NONE}};
|
||||
|
||||
static void
|
||||
fu_security_attrs_ensure_level(FwupdSecurityAttr *attr)
|
||||
{
|
||||
const gchar *appstream_id = fwupd_security_attr_get_appstream_id(attr);
|
||||
|
||||
/* already set */
|
||||
if (fwupd_security_attr_get_level(attr) != FWUPD_SECURITY_ATTR_LEVEL_NONE)
|
||||
return;
|
||||
|
||||
/* not required */
|
||||
if (fwupd_security_attr_has_flag(attr, FWUPD_SECURITY_ATTR_FLAG_RUNTIME_ISSUE))
|
||||
return;
|
||||
|
||||
/* map ID to level in one place */
|
||||
for (guint i = 0; appstream_id_level_map[i].appstream_id != NULL; i++) {
|
||||
if (g_strcmp0(appstream_id, appstream_id_level_map[i].appstream_id) == 0) {
|
||||
fwupd_security_attr_set_level(attr, appstream_id_level_map[i].level);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
/* somebody forgot to add to the level map... */
|
||||
g_warning("cannot map %s to a HSI level, assuming critical", appstream_id);
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL);
|
||||
}
|
||||
|
||||
/**
|
||||
* fu_security_attrs_depsolve:
|
||||
* @self: a #FuSecurityAttrs
|
||||
@ -330,6 +394,12 @@ fu_security_attrs_depsolve(FuSecurityAttrs *self)
|
||||
{
|
||||
g_return_if_fail(FU_IS_SECURITY_ATTRS(self));
|
||||
|
||||
/* assign HSI levels if not already done */
|
||||
for (guint i = 0; i < self->attrs->len; i++) {
|
||||
FwupdSecurityAttr *attr = g_ptr_array_index(self->attrs, i);
|
||||
fu_security_attrs_ensure_level(attr);
|
||||
}
|
||||
|
||||
/* set flat where required */
|
||||
for (guint i = 0; i < self->attrs->len; i++) {
|
||||
FwupdSecurityAttr *attr = g_ptr_array_index(self->attrs, i);
|
||||
|
||||
@ -27,7 +27,6 @@ fu_plugin_acpi_dmar_add_security_attrs(FuPlugin *plugin, FuSecurityAttrs *attrs)
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_PREBOOT_DMA_PROTECTION);
|
||||
fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_THEORETICAL);
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
/* load DMAR table */
|
||||
|
||||
@ -23,7 +23,6 @@ fu_plugin_acpi_facp_add_security_attrs(FuPlugin *plugin, FuSecurityAttrs *attrs)
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_SUSPEND_TO_IDLE);
|
||||
fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_THEORETICAL);
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
/* load FACP table */
|
||||
|
||||
@ -28,7 +28,6 @@ fu_plugin_acpi_ivrs_add_security_attrs(FuPlugin *plugin, FuSecurityAttrs *attrs)
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_PREBOOT_DMA_PROTECTION);
|
||||
fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_THEORETICAL);
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
/* load IVRS table */
|
||||
|
||||
@ -300,7 +300,6 @@ fu_cpu_device_add_security_attrs_intel_cet_enabled(FuCpuDevice *self, FuSecurity
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_INTEL_CET_ENABLED);
|
||||
fwupd_security_attr_set_plugin(attr, fu_device_get_plugin(FU_DEVICE(self)));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_THEORETICAL);
|
||||
fwupd_security_attr_add_guids(attr, fu_device_get_guids(FU_DEVICE(self)));
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
@ -332,7 +331,6 @@ fu_cpu_device_add_security_attrs_intel_cet_active(FuCpuDevice *self, FuSecurityA
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_INTEL_CET_ACTIVE);
|
||||
fwupd_security_attr_set_plugin(attr, fu_device_get_plugin(FU_DEVICE(self)));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_THEORETICAL);
|
||||
fwupd_security_attr_add_guids(attr, fu_device_get_guids(FU_DEVICE(self)));
|
||||
fwupd_security_attr_add_flag(attr, FWUPD_SECURITY_ATTR_FLAG_RUNTIME_ISSUE);
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
@ -365,7 +363,6 @@ fu_cpu_device_add_security_attrs_intel_tme(FuCpuDevice *self, FuSecurityAttrs *a
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_ENCRYPTED_RAM);
|
||||
fwupd_security_attr_set_plugin(attr, fu_device_get_plugin(FU_DEVICE(self)));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_SYSTEM_PROTECTION);
|
||||
fwupd_security_attr_add_guids(attr, fu_device_get_guids(FU_DEVICE(self)));
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
@ -388,7 +385,6 @@ fu_cpu_device_add_security_attrs_intel_smap(FuCpuDevice *self, FuSecurityAttrs *
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_INTEL_SMAP);
|
||||
fwupd_security_attr_set_plugin(attr, fu_device_get_plugin(FU_DEVICE(self)));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_SYSTEM_PROTECTION);
|
||||
fwupd_security_attr_add_guids(attr, fu_device_get_guids(FU_DEVICE(self)));
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
@ -410,7 +406,6 @@ fu_cpu_device_add_supported_cpu_attribute(FuCpuDevice *self, FuSecurityAttrs *at
|
||||
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_SUPPORTED_CPU);
|
||||
fwupd_security_attr_set_plugin(attr, fu_device_get_plugin(FU_DEVICE(self)));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL);
|
||||
fwupd_security_attr_add_guids(attr, fu_device_get_guids(FU_DEVICE(self)));
|
||||
|
||||
switch (fu_cpu_get_vendor()) {
|
||||
|
||||
@ -216,7 +216,6 @@ fu_intel_spi_device_add_security_attrs(FuDevice *device, FuSecurityAttrs *attrs)
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_SPI_DESCRIPTOR);
|
||||
fwupd_security_attr_set_plugin(attr, fu_device_get_plugin(FU_DEVICE(self)));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL);
|
||||
fwupd_security_attr_add_guids(attr, fu_device_get_guids(device));
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
|
||||
@ -42,7 +42,6 @@ fu_plugin_iommu_add_security_attrs(FuPlugin *plugin, FuSecurityAttrs *attrs)
|
||||
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_IOMMU);
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_IMPORTANT);
|
||||
fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
|
||||
@ -20,7 +20,6 @@ fu_plugin_linux_sleep_add_security_attrs(FuPlugin *plugin, FuSecurityAttrs *attr
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_SUSPEND_TO_RAM);
|
||||
fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_THEORETICAL);
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
/* load file */
|
||||
|
||||
@ -240,7 +240,6 @@ fu_plugin_add_security_attr_dci_enabled(FuPlugin *plugin, FuSecurityAttrs *attrs
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_PLATFORM_DEBUG_ENABLED);
|
||||
fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL);
|
||||
if (device != NULL)
|
||||
fwupd_security_attr_add_guids(attr, fu_device_get_guids(device));
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
@ -282,7 +281,6 @@ fu_plugin_add_security_attr_dci_locked(FuPlugin *plugin, FuSecurityAttrs *attrs)
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_PLATFORM_DEBUG_LOCKED);
|
||||
fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_IMPORTANT);
|
||||
if (device != NULL)
|
||||
fwupd_security_attr_add_guids(attr, fu_device_get_guids(device));
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
@ -359,7 +357,6 @@ fu_plugin_add_security_attr_amd_sme_enabled(FuPlugin *plugin, FuSecurityAttrs *a
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_ENCRYPTED_RAM);
|
||||
fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_SYSTEM_PROTECTION);
|
||||
if (device != NULL)
|
||||
fwupd_security_attr_add_guids(attr, fu_device_get_guids(device));
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
@ -78,7 +78,6 @@ fu_plugin_add_security_attr_bioswe(FuPlugin *plugin, FuSecurityAttrs *attrs)
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_SPI_BIOSWE);
|
||||
fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL);
|
||||
if (msf_device != NULL)
|
||||
fwupd_security_attr_add_guids(attr, fu_device_get_guids(msf_device));
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
@ -117,7 +116,6 @@ fu_plugin_add_security_attr_ble(FuPlugin *plugin, FuSecurityAttrs *attrs)
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_SPI_BLE);
|
||||
fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL);
|
||||
if (msf_device != NULL)
|
||||
fwupd_security_attr_add_guids(attr, fu_device_get_guids(msf_device));
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
@ -155,7 +153,6 @@ fu_plugin_add_security_attr_smm_bwp(FuPlugin *plugin, FuSecurityAttrs *attrs)
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_SPI_SMM_BWP);
|
||||
fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL);
|
||||
if (msf_device != NULL)
|
||||
fwupd_security_attr_add_guids(attr, fu_device_get_guids(msf_device));
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
@ -252,7 +252,6 @@ fu_plugin_add_security_attrs_manufacturing_mode(FuPlugin *plugin, FuSecurityAttr
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_MEI_MANUFACTURING_MODE);
|
||||
fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL);
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
/* not enabled */
|
||||
@ -291,7 +290,6 @@ fu_plugin_add_security_attrs_override_strap(FuPlugin *plugin, FuSecurityAttrs *a
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_MEI_OVERRIDE_STRAP);
|
||||
fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL);
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
/* not enabled */
|
||||
@ -330,7 +328,6 @@ fu_plugin_add_security_attrs_bootguard_enabled(FuPlugin *plugin, FuSecurityAttrs
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_ENABLED);
|
||||
fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_IMPORTANT);
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
/* not enabled */
|
||||
@ -372,7 +369,6 @@ fu_plugin_add_security_attrs_bootguard_verified(FuPlugin *plugin, FuSecurityAttr
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_VERIFIED);
|
||||
fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_IMPORTANT);
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
/* not enabled */
|
||||
@ -420,7 +416,6 @@ fu_plugin_add_security_attrs_bootguard_acm(FuPlugin *plugin, FuSecurityAttrs *at
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_ACM);
|
||||
fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_IMPORTANT);
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
/* not enabled */
|
||||
@ -468,7 +463,6 @@ fu_plugin_add_security_attrs_bootguard_policy(FuPlugin *plugin, FuSecurityAttrs
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_POLICY);
|
||||
fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_THEORETICAL);
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
/* not enabled */
|
||||
@ -516,7 +510,6 @@ fu_plugin_add_security_attrs_bootguard_otp(FuPlugin *plugin, FuSecurityAttrs *at
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_OTP);
|
||||
fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_IMPORTANT);
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
/* not enabled */
|
||||
@ -575,7 +568,6 @@ fu_plugin_add_security_attrs_mei_version(FuPlugin *plugin, FuSecurityAttrs *attr
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_MEI_VERSION);
|
||||
fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL);
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
/* not enabled */
|
||||
|
||||
@ -60,7 +60,6 @@ fu_plugin_add_security_attrs_tsme(const gchar *path, FuSecurityAttrs *attrs)
|
||||
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_ENCRYPTED_RAM);
|
||||
fwupd_security_attr_set_plugin(attr, "pci_psp");
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_SYSTEM_PROTECTION);
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
if (!fu_plugin_pci_psp_get_attr(attr, path, "tsme_status", &val, &error_local)) {
|
||||
@ -88,7 +87,6 @@ fu_plugin_add_security_attrs_fused_part(const gchar *path, FuSecurityAttrs *attr
|
||||
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_PLATFORM_FUSED);
|
||||
fwupd_security_attr_set_plugin(attr, "pci_psp");
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL);
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
if (!fu_plugin_pci_psp_get_attr(attr, path, "fused_part", &val, &error_local)) {
|
||||
@ -117,7 +115,6 @@ fu_plugin_add_security_attrs_debug_locked_part(const gchar *path, FuSecurityAttr
|
||||
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_PLATFORM_DEBUG_LOCKED);
|
||||
fwupd_security_attr_set_plugin(attr, "pci_psp");
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_IMPORTANT);
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
if (!fu_plugin_pci_psp_get_attr(attr, path, "debug_lock_on", &val, &error_local)) {
|
||||
@ -146,7 +143,6 @@ fu_plugin_add_security_attrs_rollback_protection(const gchar *path, FuSecurityAt
|
||||
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_AMD_ROLLBACK_PROTECTION);
|
||||
fwupd_security_attr_set_plugin(attr, "pci_psp");
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL);
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
if (!fu_plugin_pci_psp_get_attr(attr, path, "anti_rollback_status", &val, &error_local)) {
|
||||
@ -175,7 +171,6 @@ fu_plugin_add_security_attrs_rom_armor(const gchar *path, FuSecurityAttrs *attrs
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_AMD_SPI_WRITE_PROTECTION);
|
||||
fwupd_security_attr_set_plugin(attr, "pci_psp");
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_IMPORTANT);
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
if (!fu_plugin_pci_psp_get_attr(attr, path, "rom_armor_enforced", &val, &error_local)) {
|
||||
@ -205,7 +200,6 @@ fu_plugin_add_security_attrs_rpmc(const gchar *path, FuSecurityAttrs *attrs)
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_AMD_SPI_REPLAY_PROTECTION);
|
||||
fwupd_security_attr_set_plugin(attr, "pci_psp");
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_THEORETICAL);
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
if (!fu_plugin_pci_psp_get_attr(attr, path, "rpmc_spirom_available", &val, &error_local)) {
|
||||
@ -246,7 +240,6 @@ fu_plugin_pci_psp_set_missing_data(FuSecurityAttrs *attrs)
|
||||
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_SUPPORTED_CPU);
|
||||
fwupd_security_attr_set_plugin(attr, "pci_psp");
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL);
|
||||
fwupd_security_attr_add_obsolete(attr, "cpu");
|
||||
fwupd_security_attr_add_flag(attr, FWUPD_SECURITY_ATTR_FLAG_MISSING_DATA);
|
||||
fwupd_security_attr_add_flag(attr, FWUPD_SECURITY_ATTR_FLAG_ACTION_CONTACT_OEM);
|
||||
|
||||
@ -111,7 +111,6 @@ fu_plugin_tpm_add_security_attr_version(FuPlugin *plugin, FuSecurityAttrs *attrs
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_TPM_VERSION_20);
|
||||
fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL);
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
/* check exists, and in v2.0 mode */
|
||||
@ -148,7 +147,6 @@ fu_plugin_tpm_add_security_attr_eventlog(FuPlugin *plugin, FuSecurityAttrs *attr
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_TPM_RECONSTRUCTION_PCR0);
|
||||
fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_IMPORTANT);
|
||||
fwupd_security_attr_add_guids(attr, fu_device_get_guids(priv->tpm_device));
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
@ -211,7 +209,6 @@ fu_plugin_tpm_add_security_attr_empty(FuPlugin *plugin, FuSecurityAttrs *attrs)
|
||||
/* add attributes */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_TPM_EMPTY_PCR);
|
||||
fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL);
|
||||
fwupd_security_attr_add_guids(attr, fu_device_get_guids(priv->tpm_device));
|
||||
fu_security_attrs_append(attrs, attr);
|
||||
|
||||
|
||||
@ -173,7 +173,6 @@ fu_plugin_uefi_pk_add_security_attrs(FuPlugin *plugin, FuSecurityAttrs *attrs)
|
||||
|
||||
/* create attr */
|
||||
attr = fwupd_security_attr_new(FWUPD_SECURITY_ATTR_ID_UEFI_PK);
|
||||
fwupd_security_attr_set_level(attr, FWUPD_SECURITY_ATTR_LEVEL_CRITICAL);
|
||||
fwupd_security_attr_set_plugin(attr, fu_plugin_get_name(plugin));
|
||||
if (msf_device != NULL)
|
||||
fwupd_security_attr_add_guids(attr, fu_device_get_guids(msf_device));
|
||||
|
||||
Loading…
Reference in New Issue
Block a user