proxmox-mirrors/fwupd
1
0
Fork 0
mirror of https://git.proxmox.com/git/fwupd synced 2025-06-04 00:40:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,425 Commits 1 Branch 0 Tags 24 MiB
02d94d3139
Commit Graph

4425 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mario Limonciello
1a52051471 fu-engine: Allow --plugin-whitelist to use dashes instead of underscores 
I have found this confusing myself that even if plugins have the dash in
the name the daemon needs to internally use underscores.
 2020-05-26 11:04:09 -05:00
Mario Limonciello
a42daefb9e dell-dock: Capture the dock SKU in metadata 
Should be helpful in reproducing failure reports.
 2020-05-26 10:22:58 -05:00
Mario Limonciello
4a844c3024 trivial: drop libgpgme deps 
These aren't needed anymore since moving to libjcat
Note: snap still keeps them because libjcat builds in snap and
needs them.
 2020-05-26 08:25:08 +01:00
Richard Hughes
b3d3f21a00 Check the device requirements when returning from GetDetails 
One vendor is shipping a cab archive with two metadata files, both referencing
the same GUID. The 'correct' metainfo description is selected using a GUID
'other device' requirement. This works fine when installing, but breaks when
double clicking on the .cab file as both components are valid, and thus get
returned.

In this case, return the component that matches the requirement 'first' so that
it gets chosen by gnome-software as the default.
 2020-05-22 16:07:11 +01:00
Richard Hughes
4b16642dc5 ccgx: Fix a potential division by zero 
Spotted by Coverity.
 2020-05-22 15:34:16 +01:00
Richard Hughes
e3091c394b trivial: Move the SecureBoot attr to a runtime issue 2020-05-22 15:15:09 +01:00
Mario Limonciello
bb6b1a8693 Revert "amt: Add a security attestation for provisioning" 
This reverts commit f160e6b7fc.
 2020-05-22 15:13:19 +01:00
Richard Hughes
c821923668 Add an HSI attribute for Intel SMAP 
See https://en.wikipedia.org/wiki/Supervisor_Mode_Access_Prevention for details.
 2020-05-22 07:26:47 +01:00
Richard Hughes
4a62329401 trivial: One more thing to ignore in the kernel cmdline 2020-05-21 20:58:28 +01:00
Richard Hughes
bd44432240 trivial: Fix a build failure on aarch64 
It seems cpuid.h isn't available everywhere, which make sense in retrospect.
 2020-05-21 12:05:05 +01:00
Richard Hughes
9bc9debd98 Allow uploading security attributes to the LVFS 
We sign the data with the client cert to allow users with LVFS accounts to
publish 'official' HSI ratings.
 2020-05-21 11:48:09 +01:00
Richard Hughes
c05ac2d074 trivial: Add three more things to the cmdline blocklist 2020-05-21 11:48:09 +01:00
Richard Hughes
0abba6cbb0 ata: A OUI quirk for Kingston 
Fixes https://github.com/fwupd/fwupd/issues/2121
 2020-05-21 11:16:08 +01:00
Richard Hughes
dc867ddd77 trivial: Include a safe version of the kernel cmdline in the report metadata 2020-05-20 19:47:53 +01:00
Richard Hughes
a778ac9899 trivial: Include some useful DMI values in the report metadata 2020-05-20 19:47:53 +01:00
Richard Hughes
08bb9223ec trivial: Include the kernel version in the report metadata 2020-05-20 19:47:53 +01:00
Richard Hughes
6ecc4ca144 Export the report metadata on the D-Bus interface 
This allows the client to easily query metadata to upload with the report,
without exporting rarely used attributes as D-Bus properties on the interface.

It also allows us to add extra metadata values in the future without changing
the public API.
 2020-05-20 19:47:53 +01:00
Richard Hughes
0c6efe2e04 Revert "Export the host vendor, family and SKU" 
This reverts commit 81c371098c.
 2020-05-20 19:47:53 +01:00
Richard Hughes
3ecd22c764 trivial: Fix fu_plugin_runner_add_security_attrs() gtk-doc header 2020-05-19 20:13:47 +01:00
Richard Hughes
e56fe2a0ca trivial: Fix fu_efivar_set_data() gtk-doc header 2020-05-19 20:13:26 +01:00
Richard Hughes
c11bed4079 trivial: Fix the HSI warnings after some translator feedback. 2020-05-19 20:10:45 +01:00
Richard Hughes
b05f2d60c5 trivial: Fix up the NOT_VALID translated string 2020-05-19 20:09:53 +01:00
Richard Hughes
81c371098c Export the host vendor, family and SKU 
The 'product name' is not typically what the hardware is known as. We need the
vendor, family and SKU if the user is going to recognise the hardware.
 2020-05-19 19:42:45 +01:00
Vincent Huang
0a11350396 synaptics-prometheus: Force the minor version from 0x02 to 0x01 to make 
sure the devices can be updated back to 0x01.
 2020-05-19 15:12:10 +01:00
Mario Limonciello
7c8e9cf316 trivial: pci-mei: use driver to detect which plugin to use instead of a list 
Let the kernel keep track of all the supported devices instead.
 2020-05-19 09:05:52 -05:00
Mario Limonciello
e36d3e3faa trivial: fu-udev-device: create another instance ID for the driver 2020-05-19 09:05:52 -05:00
Richard Hughes
f6b48edebf pci-bcr: Read the ISA bridge BCR from the PCI device class 
The SPI controllers are always identified with one of two device classes.
 2020-05-18 21:16:59 -05:00
Richard Hughes
de8d40d602 tpm-eventlog: Do not return a security attr if there is no TPM device 
There is literally no point in showing two TPM failures.
 2020-05-18 15:43:23 -05:00
Richard Hughes
2157468709 pcr-bpc: Don't show the 'Not found' message for BLE and SMM_BWP 
If we did not find the device for BIOSWP it is completely useless.
 2020-05-18 15:43:23 -05:00
Richard Hughes
dcd32eb582 trivial: Fix obsoleted line prefix to match the others 2020-05-18 15:43:23 -05:00
Mario Limonciello
b0e1e5ec12 Add daemon version into the HSI string 2020-05-18 15:41:51 -05:00
Mario Limonciello
5d8c630d83 trivial: fix attestation checksum verification 
It was just checking if a checksum was in the release, which it was
for the payload.  It didn't make sure that it actually matched the
device.
 2020-05-18 15:15:42 -05:00
Mario Limonciello
b0d2e9e07b trivial: correct an assertion for HSI attributes 2020-05-18 15:15:42 -05:00
Richard Hughes
b246bcaecb Allow client tools to translate the HSI attributes and results 
To do this, rely on the AppStream ID to map to a translated string (providing a
fallback for clients that do not care) and switch the free-form result string
into a set of enumerated values that can be translated.

This fixes some of the problems where some things have to be enabled to "pass"
and other attributes have to be some other state. For cases where we want the
user to "do" something, provide a URL to a wiki page that we update out-of-band
of fwupd releases.
 2020-05-18 17:03:49 +01:00
Richard Hughes
cef874f8f3 Include the HSI results and attributes in the uploaded report 
But only for system firmware devices otherwise it's probably crossing the line
from a privacy point of view.
 2020-05-18 11:31:35 +01:00
Richard Hughes
56e7ae503a trivial: Remove the GError from fu_engine_get_host_security_attrs() 
It cannot fail.
 2020-05-18 11:24:50 +01:00
Richard Hughes
f50c6b5526 trivial: Make --force wotk in fwupdagent 2020-05-17 20:32:23 +01:00
Mario Limonciello
d67a77cb9d trivial: fix TME support 
On a CPU that does support it the security check was still failing.
 2020-05-16 06:16:57 +01:00
Richard Hughes
63fa4effd3 pci-mei: Check the ME device is not in manufacturing mode 2020-05-15 21:28:27 -05:00
Mario Limonciello
8b5bcbb9e3 Add a new plugin for IOMMU support 2020-05-15 11:32:51 -05:00
Mario Limonciello
6ecf511d52 trivial: pci-bcr: request pci udev subsystem 
If another plugin didn't do this, the pci-bcr plugin doesn't work.
It's noticable by --plugin-whitelist=pci_bcr
 2020-05-15 11:32:51 -05:00
Mario Limonciello
921c22725a trivial: acpi-dmar: Correct platform-opt in flag 2020-05-15 11:32:51 -05:00
Richard Hughes
8a71bd128f vli: Add no-guid-matching for all VLI devices 
We need to detect different USB 3.x hubs on the ThinkPad Basic, Pro and Ultra
docking stations.
 2020-05-15 16:38:18 +01:00
Richard Hughes
71d6fe5ffa vli: Remove a copy-and-paste mistake 
This is not a PD device, it's a USB hub.
 2020-05-15 16:38:18 +01:00
Richard Hughes
0613b3cdf3 trivial: Fix the docstring for fwupd_security_attr_set_name() 2020-05-15 16:17:27 +01:00
Richard Hughes
cae111d1de Save the plugin that created the FwupdSecurityAttr 
This is really useful for debugging.
 2020-05-15 16:17:27 +01:00
Mario Limonciello
07f3fe702b trivial: if not specified try to use some better dbx defaults 2020-05-15 09:33:01 -05:00
Richard Hughes
43451d458b pci-bcr: Fail HSI:1 if the BCR register cannot be loaded 
Add obsoletes to attributes added by linux-spi-lpc if we're using the kernel
support for hidden PCI devices.
 2020-05-15 09:17:33 -05:00
Mario Limonciello
983263bc8d cpu: Add support for a security attribute related to Intel TME 
This only checks that it was available from the CPU.
To be complete an additional check should be made to show that it
was actually enabled from the firmware.

This will require a kernel modification though because MSR access
will be forbidden from userland while in kernel lockdown.
 2020-05-15 07:16:17 -05:00
Richard Hughes
730e2bd6e3 linux-spi-lpc: Disable by default 
The kernel patches are a log way from being upstreamed, so disable this until
there is even a chance the user might be running it.

This removes the obsoletes line from *every* system running 'fwupdmgr security'.
 2020-05-15 10:21:07 +01:00