Add the HwId for the Star LabTop Mk III when using coreboot firmware,
as this differs to AMI.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
The only information that is secret is the `current_value`.
Augment the d-bus call to determine whether the caller needs this
information.
* If `fwupdmgr` is launched as root it will be provided.
* If `fwupdmgr` is launched with `--authenticate` it will be requested
and PK will be engaged.
The firmware from both Dell and Lenovo actually blocks this, but the
error message is pretty confusing.
```
$ sudo fwupdtool set-bios-setting SecureBoot Disable
17:39:40:0249 FuBiosAttrs KERNEL BUG: thinklmi doesn't export a 'type' attribute
Loading… [- ]
failed to write 7 bytes to 17: Invalid argument
```
Dell and Lenovo use Enable or Enabled and Disable or Disabled which is confusing
to an end user.
Set up some heuristics to map positive values and negative values when passed
into the client.
* trivial: ci: debian: Use helper script to install dependencies instead.
Should fix building Debian stable containers
Fixes: #4901
* trivial: debian: ci: only populate fwupd-doc if dependencies are met
* trivial: ci: debian: generate control file using fwupd_setup_helpers
Set BcrAddr to 0x0 for all coreboot devices, so that the check of
BIOS Control is skipped as coreboot won't forcibly set this.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Semantically it is the desire of the security attribute, not the bios
attribute, i.e. you could imagine that a specific attribute would have
to be *foo or bar or baz* for HSI-1 and *only foo* for HSI-2
Also make it easier to add possible BIOS attribute target values in
plugin code.
This identifier can be used by plugins or the daemon to disambiguate
behavior between two different drivers.
Set it up so that plugins don't NEED to use it, but optionally can
find attributes by either name or ID
We used the firmware builder functionality to either build or modify
firmware images on the end-user system, e.g. copying the MAC address
from the old system image to the new system image.
Unfortunately running fwupd on the command line (e.g. ./src/fwupd)
leaves the tty connected and thus bubblewrap doesn't protect us from
installing malicious signed firmware. The firmware would have to have
been uploaded to the LVFS by a trusted vendor and signed before being
installed, which further decreases the severity of this problem.
As there was only one vendor who asked for this functionality (who have
yet to upload a single firmware to the LVFS...) just rip out this
functionality to reduce our attack surface and completely fix the bug,
and any like it.
Many thanks to Aaron Janse <aaron@ajanse.me> for discovering and
disclosing this issue to us.
Several of the string/integer/time functions are duplicated in multiple
source files for no discernable reason. Move them into fwupd-common
as private symbols instead.
