diff --git a/libfwupdplugin/fu-security-attrs-private.h b/libfwupdplugin/fu-security-attrs-private.h index 3f6b471fc..c9d6bfda7 100644 --- a/libfwupdplugin/fu-security-attrs-private.h +++ b/libfwupdplugin/fu-security-attrs-private.h @@ -34,3 +34,5 @@ GPtrArray * fu_security_attrs_get_all(FuSecurityAttrs *self); void fu_security_attrs_append_internal(FuSecurityAttrs *self, FwupdSecurityAttr *attr); +FwupdSecurityAttr * +fu_security_attrs_get_by_appstream_id(FuSecurityAttrs *self, const gchar *appstream_id); diff --git a/libfwupdplugin/fu-security-attrs.c b/libfwupdplugin/fu-security-attrs.c index c14b9976d..c13a06c5f 100644 --- a/libfwupdplugin/fu-security-attrs.c +++ b/libfwupdplugin/fu-security-attrs.c @@ -108,6 +108,29 @@ fu_security_attrs_append(FuSecurityAttrs *self, FwupdSecurityAttr *attr) fu_security_attrs_append_internal(self, attr); } +/** + * fu_security_attrs_get_by_appstream_id: + * @self: a #FuSecurityAttrs + * @appstream_id: an ID, e.g. %FWUPD_SECURITY_ATTR_ID_ENCRYPTED_RAM + * + * Gets a specific #FwupdSecurityAttr from the array. + * + * Returns: (transfer full): a #FwupdSecurityAttr or %NULL + * + * Since: 1.7.2 + **/ +FwupdSecurityAttr * +fu_security_attrs_get_by_appstream_id(FuSecurityAttrs *self, const gchar *appstream_id) +{ + g_return_val_if_fail(FU_IS_SECURITY_ATTRS(self), NULL); + for (guint i = 0; i < self->attrs->len; i++) { + FwupdSecurityAttr *attr = g_ptr_array_index(self->attrs, i); + if (g_strcmp0(fwupd_security_attr_get_appstream_id(attr), appstream_id) == 0) + return g_object_ref(attr); + } + return NULL; +} + /** * fu_security_attrs_to_variant: * @self: a #FuSecurityAttrs diff --git a/libfwupdplugin/fwupdplugin.map b/libfwupdplugin/fwupdplugin.map index 107dd4877..bb0d858c4 100644 --- a/libfwupdplugin/fwupdplugin.map +++ b/libfwupdplugin/fwupdplugin.map @@ -948,6 +948,7 @@ LIBFWUPDPLUGIN_1.7.2 { fu_context_has_hwid_flag; fu_device_get_firmware_gtype; fu_device_set_firmware_gtype; + fu_security_attrs_get_by_appstream_id; fu_udev_device_get_bind_id; fu_udev_device_get_sysfs_attr_uint64; fu_udev_device_seek; diff --git a/plugins/tpm/fu-plugin-tpm.c b/plugins/tpm/fu-plugin-tpm.c index eb96b73d6..04130147c 100644 --- a/plugins/tpm/fu-plugin-tpm.c +++ b/plugins/tpm/fu-plugin-tpm.c @@ -290,12 +290,14 @@ fu_plugin_tpm_startup(FuPlugin *plugin, GError **error) /* look for TPM v1.2 */ sysfstpmdir = fu_common_get_path(FU_PATH_KIND_SYSFSDIR_TPM); - fn_pcrs = g_build_filename(sysfstpmdir, "tmp0", "pcrs", NULL); + fn_pcrs = g_build_filename(sysfstpmdir, "tpm0", "pcrs", NULL); if (g_file_test(fn_pcrs, G_FILE_TEST_EXISTS) && g_getenv("FWUPD_FORCE_TPM2") == NULL) { data->tpm_device = fu_tpm_v1_device_new(fu_plugin_get_context(plugin)); g_object_set(data->tpm_device, "device-file", fn_pcrs, NULL); + fu_device_set_physical_id(FU_DEVICE(data->tpm_device), "tpm"); if (!fu_device_probe(FU_DEVICE(data->tpm_device), error)) return FALSE; + fu_plugin_device_add(plugin, FU_DEVICE(data->tpm_device)); } /* success */ diff --git a/plugins/tpm/fu-self-test.c b/plugins/tpm/fu-self-test.c index 72ce777b0..f7a0acd89 100644 --- a/plugins/tpm/fu-self-test.c +++ b/plugins/tpm/fu-self-test.c @@ -9,6 +9,8 @@ #include #include "fu-context-private.h" +#include "fu-plugin-private.h" +#include "fu-security-attrs-private.h" #include "fu-tpm-eventlog-common.h" #include "fu-tpm-eventlog-parser.h" #include "fu-tpm-v1-device.h" @@ -17,26 +19,54 @@ static void fu_tpm_device_1_2_func(void) { + FuTpmDevice *device; + GPtrArray *devices; gboolean ret; + g_autofree gchar *pluginfn = NULL; + g_autofree gchar *testdatadir = NULL; g_autoptr(FuContext) ctx = fu_context_new(); - g_autoptr(FuTpmDevice) device = fu_tpm_v1_device_new(ctx); + g_autoptr(FuPlugin) plugin = fu_plugin_new(ctx); + g_autoptr(FuSecurityAttrs) attrs = fu_security_attrs_new(); + g_autoptr(FwupdSecurityAttr) attr = NULL; g_autoptr(GError) error = NULL; g_autoptr(GPtrArray) pcr0s = NULL; g_autoptr(GPtrArray) pcrXs = NULL; - g_autofree gchar *testdatadir = NULL; - testdatadir = g_test_build_filename(G_TEST_DIST, "tests", "tpm0", "pcrs", NULL); - g_object_set(device, "device-file", testdatadir, NULL); - - ret = fu_device_setup(FU_DEVICE(device), &error); + /* do not save silo */ + ret = fu_context_load_quirks(ctx, FU_QUIRKS_LOAD_FLAG_NO_CACHE, &error); g_assert_no_error(error); g_assert_true(ret); + + /* load the plugin */ + pluginfn = g_test_build_filename(G_TEST_BUILT, "libfu_plugin_tpm." G_MODULE_SUFFIX, NULL); + ret = fu_plugin_open(plugin, pluginfn, &error); + g_assert_no_error(error); + g_assert_true(ret); + ret = fu_plugin_runner_startup(plugin, &error); + g_assert_no_error(error); + g_assert_true(ret); + + /* get the v1.2 device */ + devices = fu_plugin_get_devices(plugin); + g_assert_cmpint(devices->len, ==, 1); + device = g_ptr_array_index(devices, 0); + g_assert_true(FU_IS_TPM_DEVICE(device)); + + /* verify checksums set correctly */ pcr0s = fu_tpm_device_get_checksums(device, 0); g_assert_nonnull(pcr0s); g_assert_cmpint(pcr0s->len, ==, 1); pcrXs = fu_tpm_device_get_checksums(device, 999); g_assert_nonnull(pcrXs); g_assert_cmpint(pcrXs->len, ==, 0); + + /* verify HSI attr */ + fu_plugin_runner_add_security_attrs(plugin, attrs); + attr = fu_security_attrs_get_by_appstream_id(attrs, FWUPD_SECURITY_ATTR_ID_TPM_VERSION_20); + g_assert_nonnull(attr); + g_assert_cmpint(fwupd_security_attr_get_result(attr), + ==, + FWUPD_SECURITY_ATTR_RESULT_NOT_ENABLED); } static void @@ -159,6 +189,7 @@ main(int argc, char **argv) testdatadir = g_test_build_filename(G_TEST_DIST, "tests", NULL); g_setenv("FWUPD_SYSFSFWDIR", testdatadir, TRUE); g_setenv("FWUPD_SYSFSDRIVERDIR", testdatadir, TRUE); + g_setenv("FWUPD_SYSFSTPMDIR", testdatadir, TRUE); g_setenv("FWUPD_UEFI_TEST", "1", TRUE); /* only critical and error are fatal */ diff --git a/plugins/tpm/meson.build b/plugins/tpm/meson.build index 9a64a1d1b..8fcab8b4e 100644 --- a/plugins/tpm/meson.build +++ b/plugins/tpm/meson.build @@ -10,7 +10,7 @@ install_data([ install_dir: join_paths(datadir, 'fwupd', 'quirks.d') ) -shared_module('fu_plugin_tpm', +plugin_tpm = shared_module('fu_plugin_tpm', fu_hash, sources : [ 'fu-plugin-tpm.c', @@ -46,6 +46,7 @@ if get_option('tests') e = executable( 'tpm-self-test', fu_hash, + plugin_tpm, sources : [ 'fu-self-test.c', 'fu-tpm-device.c',