proxmox-mirrors/fwupd
1
0
Fork 0
mirror of https://git.proxmox.com/git/fwupd synced 2025-09-13 06:13:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
9,606 Commits 1 Branch 0 Tags 24 MiB
67f7db8f6d
Commit Graph

9606 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Richard Hughes
dcd32eb582 trivial: Fix obsoleted line prefix to match the others 2020-05-18 15:43:23 -05:00
Mario Limonciello
b0e1e5ec12 Add daemon version into the HSI string 2020-05-18 15:41:51 -05:00
Mario Limonciello
5d8c630d83 trivial: fix attestation checksum verification 
It was just checking if a checksum was in the release, which it was
for the payload.  It didn't make sure that it actually matched the
device.
 2020-05-18 15:15:42 -05:00
Mario Limonciello
b0d2e9e07b trivial: correct an assertion for HSI attributes 2020-05-18 15:15:42 -05:00
Richard Hughes
aa2cc57d90 trivial: post release version bump 2020-05-18 17:14:39 +01:00
Richard Hughes
e43f42b7df Release fwupd 1.4.2 2020-05-18 17:12:03 +01:00
Richard Hughes
b246bcaecb Allow client tools to translate the HSI attributes and results 
To do this, rely on the AppStream ID to map to a translated string (providing a
fallback for clients that do not care) and switch the free-form result string
into a set of enumerated values that can be translated.

This fixes some of the problems where some things have to be enabled to "pass"
and other attributes have to be some other state. For cases where we want the
user to "do" something, provide a URL to a wiki page that we update out-of-band
of fwupd releases.
 2020-05-18 17:03:49 +01:00
Richard Hughes
cef874f8f3 Include the HSI results and attributes in the uploaded report 
But only for system firmware devices otherwise it's probably crossing the line
from a privacy point of view.
 2020-05-18 11:31:35 +01:00
Richard Hughes
56e7ae503a trivial: Remove the GError from fu_engine_get_host_security_attrs() 
It cannot fail.
 2020-05-18 11:24:50 +01:00
Richard Hughes
f50c6b5526 trivial: Make --force wotk in fwupdagent 2020-05-17 20:32:23 +01:00
Richard Hughes
8847a09f3d vli: Add no-guid-matching for all VLI devices 
We need to detect different USB 3.x hubs on the ThinkPad Basic, Pro and Ultra
docking stations.
 2020-05-17 20:24:59 +01:00
Richard Hughes
e913b589b4 vli: Remove a copy-and-paste mistake 
This is not a PD device, it's a USB hub.
 2020-05-17 20:24:52 +01:00
Richard Hughes
b9d49e2e16 trivial: Turn off werror for Arch CI 2020-05-17 20:24:32 +01:00
Richard Hughes
e5d3ad2b90 trivial: Fix a -Wnull-dereference false positive 2020-05-17 20:24:24 +01:00
HROMANO
bdd9cef0f1 Add two OUI quirks 
Two OUI quirks outputed by 'fwupdtool get-updates' on my computer.
 2020-05-17 20:24:12 +01:00
Michael
d4c6a8f53f ata: Add WD OUI quirk 000cca 2020-05-17 20:24:05 +01:00
Richard Hughes
39ed43f2b5 synaptics-rmi: Essentially blacklist Dell K12A 
Fixes https://github.com/fwupd/fwupd/issues/2052
 2020-05-17 20:23:55 +01:00
Ilya Guterman
81349ad2d5 dfu: Avoid communicating when bitManifestationTolerant is off 2020-05-17 20:23:46 +01:00
Subhendu Ghosh
733a517def ata: Add OUI quirk for Western Digital 2020-05-17 20:22:57 +01:00
Ilya Guterman
02fcf6709f dfu: Support MATEKF722SE quirk 
MATEKF722SE has unconvetional behavior for dfu protocol, where the sector size
isn't specified and sector type is shiffted left by 1. This happens only for
one sector.

Sector parsing from MATEKF722SE:

 * `016Kg`
 * `64Kg`
 * `128Kg`
 * `048 e`
 * `528e`
 * `004 e`
 2020-05-17 20:22:44 +01:00
Richard Hughes
678877b0cc Fix various build issues with -Wdiscarded-qualifiers 
Fixes https://github.com/fwupd/fwupd/issues/2068
 2020-05-17 20:22:29 +01:00
Mario Limonciello
d67a77cb9d trivial: fix TME support 
On a CPU that does support it the security check was still failing.
 2020-05-16 06:16:57 +01:00
Richard Hughes
63fa4effd3 pci-mei: Check the ME device is not in manufacturing mode 2020-05-15 21:28:27 -05:00
Mario Limonciello
8b5bcbb9e3 Add a new plugin for IOMMU support 2020-05-15 11:32:51 -05:00
Mario Limonciello
6ecf511d52 trivial: pci-bcr: request pci udev subsystem 
If another plugin didn't do this, the pci-bcr plugin doesn't work.
It's noticable by --plugin-whitelist=pci_bcr
 2020-05-15 11:32:51 -05:00
Mario Limonciello
921c22725a trivial: acpi-dmar: Correct platform-opt in flag 2020-05-15 11:32:51 -05:00
Richard Hughes
8a71bd128f vli: Add no-guid-matching for all VLI devices 
We need to detect different USB 3.x hubs on the ThinkPad Basic, Pro and Ultra
docking stations.
 2020-05-15 16:38:18 +01:00
Richard Hughes
71d6fe5ffa vli: Remove a copy-and-paste mistake 
This is not a PD device, it's a USB hub.
 2020-05-15 16:38:18 +01:00
Richard Hughes
0613b3cdf3 trivial: Fix the docstring for fwupd_security_attr_set_name() 2020-05-15 16:17:27 +01:00
Richard Hughes
cae111d1de Save the plugin that created the FwupdSecurityAttr 
This is really useful for debugging.
 2020-05-15 16:17:27 +01:00
Mario Limonciello
07f3fe702b trivial: if not specified try to use some better dbx defaults 2020-05-15 09:33:01 -05:00
Richard Hughes
43451d458b pci-bcr: Fail HSI:1 if the BCR register cannot be loaded 
Add obsoletes to attributes added by linux-spi-lpc if we're using the kernel
support for hidden PCI devices.
 2020-05-15 09:17:33 -05:00
Mario Limonciello
983263bc8d cpu: Add support for a security attribute related to Intel TME 
This only checks that it was available from the CPU.
To be complete an additional check should be made to show that it
was actually enabled from the firmware.

This will require a kernel modification though because MSR access
will be forbidden from userland while in kernel lockdown.
 2020-05-15 07:16:17 -05:00
Richard Hughes
730e2bd6e3 linux-spi-lpc: Disable by default 
The kernel patches are a log way from being upstreamed, so disable this until
there is even a chance the user might be running it.

This removes the obsoletes line from *every* system running 'fwupdmgr security'.
 2020-05-15 10:21:07 +01:00
Richard Hughes
8fdefd459b pci-bcr: Read the PCI BCR config register from userspace 
We can read this from userspace even when SB is turned on and with the kernel
locked down. The kernel securityfs patches are still in-progress, but will take
significant time to get upstream.

The kernel patches are needed when the PCI device is hidden from userspace.
 2020-05-15 10:21:07 +01:00
Mario Limonciello
0f68c29908 trivial: Sort the HSI attribute list in the daemon 
Sort by level, success/fail/obsoleted, then by name.
 2020-05-15 10:21:07 +01:00
Richard Hughes
1b97ee29c9 trivial: Do not use a failed checkmark for an obsoleted attr 2020-05-15 10:21:07 +01:00
Richard Hughes
4661cc52d7 trivial: Set a log domain for the obsoleted message 2020-05-15 10:21:07 +01:00
Richard Hughes
9d4ce3c4f1 trivial: Turn off werror for Arch CI 2020-05-14 16:45:45 -05:00
Richard Hughes
fd732d219d trivial: Fix a -Wnull-dereference false positive 2020-05-14 16:45:45 -05:00
Mario Limonciello
05b9eb5936 trivial: remove an extra colon at the end of uefi-dbx error 2020-05-14 15:40:24 -05:00
HROMANO
7180536c69 Add two OUI quirks 
Two OUI quirks outputed by 'fwupdtool get-updates' on my computer.
 2020-05-14 15:19:54 -05:00
Michael
9d07b7c23c ata: Add WD OUI quirk 000cca 2020-05-14 13:21:20 -05:00
Mario Limonciello
d617d9e287 trivial: downgrade CET to HSI:3 
This is not actually a system protection, but rather a theoretical
protection
 2020-05-14 13:15:40 -05:00
Richard Hughes
5b24547197 synaptics-rmi: Essentially blacklist Dell K12A 
Fixes https://github.com/fwupd/fwupd/issues/2052
 2020-05-14 13:14:39 +01:00
Ilya Guterman
92da8a894d dfu: Avoid communicating when bitManifestationTolerant is off 2020-05-13 20:30:04 +01:00
Mario Limonciello
f160e6b7fc amt: Add a security attestation for provisioning 2020-05-13 11:58:19 -05:00
Mario Limonciello
6ed9cbd201 trivial: add a wiki page for low HSI levels 
When HSI level is below 2, direct users here to help improve the level
 2020-05-13 11:00:52 -05:00
Mario Limonciello
a83428462d trivial: fu-engine: if plugins are blacklisted in daemon.conf raise runtime issue 2020-05-13 11:00:52 -05:00
Mario Limonciello
c88d4eadf1 trivial: fu-engine: raise a runtime issue if plugin whitelist set 
If a plugin whitelist is set, the HSI value will be wrong.

```
$ sudo ./build/src/fwupdtool security --force --plugin-whitelist=tpm
Loading…                 [***************************************]
Host Security ID: HSI:1

HSI-1
✔  TPM: v2.0

Runtime Suffix -U
✘  Firmware Updates: No system device

Runtime Suffix -A
✘  Firmware Attestation: No PCR0s

Runtime Suffix -!
✔  fwupd plugins: OK
```
 2020-05-13 11:00:52 -05:00