From faac369d3a2e195a8b3eb790a53786f58faccecd Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Fri, 4 Mar 2022 13:18:04 +0000
Subject: [PATCH] uefi-dbx: No not allow the DBX update for specific
 motherboards

This list of hardware is provided by Microsoft.
---
 plugins/uefi-dbx/fu-plugin-uefi-dbx.c |   5 ++
 plugins/uefi-dbx/meson.build          |   4 +
 plugins/uefi-dbx/uefi-dbx.quirk       | 117 ++++++++++++++++++++++++++
 3 files changed, 126 insertions(+)
 create mode 100644 plugins/uefi-dbx/uefi-dbx.quirk

diff --git a/plugins/uefi-dbx/fu-plugin-uefi-dbx.c b/plugins/uefi-dbx/fu-plugin-uefi-dbx.c
index 8a4431d80..330008cba 100644
--- a/plugins/uefi-dbx/fu-plugin-uefi-dbx.c
+++ b/plugins/uefi-dbx/fu-plugin-uefi-dbx.c
@@ -26,6 +26,11 @@ fu_plugin_uefi_dbx_coldplug(FuPlugin *plugin, GError **error)
 		return FALSE;
 	if (!fu_device_setup(FU_DEVICE(device), error))
 		return FALSE;
+	if (fu_context_has_hwid_flag(fu_plugin_get_context(plugin), "no-dbx-updates")) {
+		fu_device_inhibit(FU_DEVICE(device),
+				  "no-dbx",
+				  "System firmware cannot accept DBX updates");
+	}
 	fu_plugin_device_add(plugin, FU_DEVICE(device));
 	return TRUE;
 }
diff --git a/plugins/uefi-dbx/meson.build b/plugins/uefi-dbx/meson.build
index 151208dc6..4440ef314 100644
--- a/plugins/uefi-dbx/meson.build
+++ b/plugins/uefi-dbx/meson.build
@@ -1,6 +1,10 @@
 if efiboot.found() and efivar.found()
 cargs = ['-DG_LOG_DOMAIN="FuPluginUefiDbx"']
 
+install_data(['uefi-dbx.quirk'],
+  install_dir: join_paths(datadir, 'fwupd', 'quirks.d')
+)
+
 shared_module('fu_plugin_uefi_dbx',
   fu_hash,
   sources : [
diff --git a/plugins/uefi-dbx/uefi-dbx.quirk b/plugins/uefi-dbx/uefi-dbx.quirk
new file mode 100644
index 000000000..648b8e4cd
--- /dev/null
+++ b/plugins/uefi-dbx/uefi-dbx.quirk
@@ -0,0 +1,117 @@
+# Manufacturer=Apple Inc.
+[80f95c96-a739-5ef5-8482-3d65cb39ff55]
+Flags = no-dbx-updates
+
+# Manufacturer=FUJITSU
+# BaseboardManufacturer=FUJITSU
+# BaseboardProduct=FJNBB38
+[71c3a6cd-3e9a-5b49-a4eb-0e2a57dd265b]
+Flags = no-dbx-updates
+
+# Manufacturer=HP
+# BaseboardManufacturer=HP
+# BaseboardProduct=83D5
+[35ed19f7-015a-5da8-adf7-b31dc515c23a]
+Flags = no-dbx-updates
+
+# Manufacturer=HP
+# BaseboardManufacturer=HP
+# BaseboardProduct=83DA
+[a8cd7a16-e01e-5cdd-a098-cd5a29868d4c]
+Flags = no-dbx-updates
+
+# Manufacturer=HP
+# BaseboardManufacturer=HP
+# BaseboardProduct=83DD
+[580e5a81-1979-5e29-8d16-bb1ddcc43e87]
+Flags = no-dbx-updates
+
+# Manufacturer=HP
+# BaseboardManufacturer=HP
+# BaseboardProduct=83E7
+[c7211192-6168-530e-b42d-650b9f091c7a]
+Flags = no-dbx-updates
+
+# Manufacturer=HP
+# BaseboardManufacturer=HP
+# BaseboardProduct=83E8
+[624f1327-d66b-5f20-865f-9a978dc940ac]
+Flags = no-dbx-updates
+
+# Manufacturer=HP
+# BaseboardManufacturer=HP
+# BaseboardProduct=83E9
+[af7be2cf-a1c2-50ce-b880-c090ee252249]
+Flags = no-dbx-updates
+
+# Manufacturer=HP
+# BaseboardManufacturer=HP
+# BaseboardProduct=8401
+[48bd5791-ceaa-5f79-b8e6-c45bdf956c1e]
+Flags = no-dbx-updates
+
+# Manufacturer=HP
+# BaseboardManufacturer=HP
+# BaseboardProduct=8460
+[7bf700eb-c41b-5898-9e09-5a26ca10c14e]
+Flags = no-dbx-updates
+
+# Manufacturer=HP
+# BaseboardManufacturer=HP
+# BaseboardProduct=8461
+[c9f16517-3849-50cf-8b8a-48773695bfe4]
+Flags = no-dbx-updates
+
+# Manufacturer=HP
+# BaseboardManufacturer=HP
+# BaseboardProduct=8462
+[d605b1fa-0eb3-5bd4-9ab4-2c65d7fc2a8b]
+Flags = no-dbx-updates
+
+# Manufacturer=HP
+# BaseboardManufacturer=HP
+# BaseboardProduct=8463
+[7e2cbc58-92cf-5504-a1d4-b4f85de526a1]
+Flags = no-dbx-updates
+
+# Manufacturer=HP
+# BaseboardManufacturer=HP
+# BaseboardProduct=8464
+[35ccf8b1-7f97-5f84-b3cb-8d343d2b595c]
+Flags = no-dbx-updates
+
+# Manufacturer=HP
+# BaseboardManufacturer=HP
+# BaseboardProduct=8584
+[49549ee6-fa8e-5bb7-a346-9e93d2652b5d]
+Flags = no-dbx-updates
+
+# Manufacturer=HP
+# BaseboardManufacturer=HP
+# BaseboardProduct=8589
+[23bfe0fb-be17-55a2-86e0-7970254b357c]
+Flags = no-dbx-updates
+
+# Manufacturer=HP
+# BaseboardManufacturer=HP
+# BaseboardProduct=8617
+[cb686451-b325-57e4-a4fc-84bddb2ee470]
+Flags = no-dbx-updates
+
+# Manufacturer=HP
+# BaseboardManufacturer=HP
+# BaseboardProduct=8618
+[2edc773c-03f9-5d72-966d-5f612f4cf127]
+Flags = no-dbx-updates
+
+# Manufacturer=HP
+# BaseboardManufacturer=HP
+# BaseboardProduct=8619
+[2cc829ba-013c-5843-9b60-406e1ac6e106]
+Flags = no-dbx-updates
+
+# Manufacturer=HP
+# BaseboardManufacturer=HP
+# BaseboardProduct=8620
+[3f4f41b0-f419-5715-879e-73500cdb3c5d]
+Flags = no-dbx-updates