proxmox-mirrors/fwupd
1
0
Fork 0
mirror of https://git.proxmox.com/git/fwupd synced 2025-05-16 17:43:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,575 Commits 1 Branch 0 Tags 24 MiB
7b7eb9e9b5
Commit Graph

16 Commits

Author SHA1 Message Date
Richard Hughes
f4c206d319 libfwupd: Do not export the HSI AppStream IDs 
The clients don't need to know this, and exporting them means we paint-ourselves
into a corner if we want to change the 'namespace' or how HSI actually works.
 2020-10-08 16:36:56 +01:00
Mario Limonciello
82c3e3471d Remove support for UEFI dbx security attribute 
This is no longer relevant as fwupd is providing dbxtool now.
 2020-08-19 07:38:51 +01:00
Richard Hughes
fd0ee5153e Add some of the HSI specification to the generated documentation 2020-08-17 20:23:49 +01:00
Richard Hughes
cad96542e2 Check if CET is actually being used on the runtime system 
With thanks to H.J. Lu <hjl.tools@gmail.com> for the initial code.
 2020-07-27 15:53:38 +01:00
Richard Hughes
30f7ffbdbd pci-mei: Split up the bootguard HSI checks into multiple entries 
Additionally, demote the error policy to HSI-3 and do not show the other
failures if BootGuard is disabled.

Fixes https://github.com/fwupd/fwupd/issues/2265
 2020-07-20 22:50:31 +01:00
Richard Hughes
474d1442f1 trivial: Use proper AppStream namespacing for HSI attributes 2020-07-20 22:50:31 +01:00
Richard Hughes
9a04ce8f29 msr: Add a new plugin to detect the Intel DCI state 2020-07-16 20:13:06 +01:00
Richard Hughes
6269a839eb Add a security attribute for BootGuard 
This information is obtained from the MEI configuration space.
 2020-07-02 20:25:48 +01:00
Richard Hughes
7b57ce226b libfwupd: Allow storing metadata on the security attr 2020-07-01 20:10:39 +01:00
Richard Hughes
0f6d754d5a Detect if the MEI device has known security issues 
If it has, fail HSI-1.
 2020-06-01 22:49:39 +01:00
Richard Hughes
bb228cbe53 pci-mei: Check the HFS register for the override strap 2020-05-29 17:34:18 +01:00
Mario Limonciello
bb6b1a8693 Revert "amt: Add a security attestation for provisioning" 
This reverts commit f160e6b7fc.
 2020-05-22 15:13:19 +01:00
Richard Hughes
c821923668 Add an HSI attribute for Intel SMAP 
See https://en.wikipedia.org/wiki/Supervisor_Mode_Access_Prevention for details.
 2020-05-22 07:26:47 +01:00
Richard Hughes
b246bcaecb Allow client tools to translate the HSI attributes and results 
To do this, rely on the AppStream ID to map to a translated string (providing a
fallback for clients that do not care) and switch the free-form result string
into a set of enumerated values that can be translated.

This fixes some of the problems where some things have to be enabled to "pass"
and other attributes have to be some other state. For cases where we want the
user to "do" something, provide a URL to a wiki page that we update out-of-band
of fwupd releases.
 2020-05-18 17:03:49 +01:00
Richard Hughes
cae111d1de Save the plugin that created the FwupdSecurityAttr 
This is really useful for debugging.
 2020-05-15 16:17:27 +01:00
Richard Hughes
173acd2e07 Add FwupdSecurityAttr to libfwupd 
This will be used to store security attributes about platform security.
 2020-05-11 17:52:41 +01:00