Commit Graph

48 Commits

Author SHA1 Message Date
Richard Hughes
058dc2301a Include the plugin README text in the generated docs 2023-01-10 14:58:30 +00:00
Richard Hughes
99002a7a18 Build many more plugins as builtin
This reduces the plugin directory size by 2.2Mb
2022-09-28 17:01:23 +01:00
Richard Hughes
c4b7f42e43 Only compress one version of the builtin-quirks
Saving the quirks in the GResource section worked well, but it made the build
system very complicated and also meant the .data section was duplicated in
both `fwupd` and `fwupdtool` -- negating a lot of the hard-fought savings.

Simplify this feature so that we just `cat` all the quirk files together, then
gzip them into a single file. This means that at startup fwupd only needs to
check the mtime of one file, and weirdly it's actually faster to load a smaller
compressed file from disk that it is to load multiple uncompressed files.
2022-09-27 12:44:04 +01:00
Richard Hughes
0415db6f67 Revert "trivial: Use files() rather than current_source_dir()"
This reverts commit b581fa5670 as it breaks
`ninja dist` with `-Dgresource_quirks=enabled`.
2022-09-25 10:31:14 +01:00
Richard Hughes
b581fa5670 trivial: Use files() rather than current_source_dir() 2022-09-24 09:12:14 -05:00
Mario Limonciello
2705179117 Convert HSI into a meson tristate-feature
This allows us to disable it automatically on architectures that
aren't supported and OSes that aren't supported.

Link: https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/1987067
2022-08-22 06:03:38 -05:00
Richard Hughes
77006b75eb Set the target value on the security attribute
Semantically it is the desire of the security attribute, not the bios
attribute, i.e. you could imagine that a specific attribute would have
to be *foo or bar or baz* for HSI-1 and *only foo* for HSI-2

Also make it easier to add possible BIOS attribute target values in
plugin code.
2022-08-01 07:12:18 +01:00
Richard Hughes
829258401e Allow plugins and backends to print debugging information to the console
This is really useful for debugging.
2022-07-28 16:10:06 +01:00
Richard Hughes
a5749f4d23 Set the HSI levels in a central place
This means we don't need to worry about changing multiple
implementations if the HSI levels change for a specific ID.

It also means we can fake HSI results in the future without having
to also store the 'correct' level in the input file.
2022-07-15 20:21:22 +01:00
Richard Hughes
58171d46da pci-bcr: Fix fwupdmgr security when the plugin is added to the blocklist 2022-07-14 16:05:34 +01:00
Richard Hughes
ae0c3fe38a Add 'action' resolution flags to each FwupdSecurityAttr
We tried to solve this by matching the org.fwupd.hsi AppStream ID, but
in some cases the resolution depends on what actually failed.

Add "the action the user is supposed to do" as flags so that the
front-end can translate this in the appropriate way, for instance,
using a different string for log events and HSI dialogs.
2022-07-14 14:47:44 +01:00
Richard Hughes
a61bb37881 Build the quirk files into the daemon as a GResource
Interestingly, this increases the `fwupd` binary size by ~30kb but
reduces the installed size of /usr/share/fwupd/quirks.d by ~330kb.
2022-06-30 18:52:24 +01:00
Gaël PORTAY
299b42fe96 trivial: Make meson.build indentation consistent 2022-06-21 03:27:38 -04:00
Richard Hughes
1d9d82ebc5 Use a common prefix for CPU-specific methods 2022-06-14 14:36:52 -05:00
Richard Hughes
029d2895bd Rename fu_udev_device_pread_full() as we broke ABI 2022-06-03 13:47:11 -05:00
Richard Hughes
d3d7cfa816 Add plugin quirk keys earlier in the startup process
This allows creating the silo when starting the engine with custom
plugin keys such as WacomI2cFlashBaseAddr.

If we move the plugin initialization earlier then we don't get the
HwID matches, so we really do have to split this into a 4-stage startup,
e.g. ->load(), ->init(), ->startup() and ->coldplug().
2022-05-09 11:13:52 +01:00
Richard Hughes
dc1d5de057 Make the HSI tests optional for embedded targets
70% of the plugins installed on OpenBMC are not being used...
2021-11-29 09:30:57 +00:00
Richard Hughes
e87fc05ab9 Speed up the daemon startup by ~2% by doing dlsym much less
We were calling g_module_symbol() 2703 times, which is actually more
expensive than you'd think.

It also means the plugins are actually what we tell people they are:
A set of vfuncs that get run. The reality before that they were dlsym'd
functions that get called at pretty random times.
2021-11-09 12:02:07 +00:00
Richard Hughes
f56878ff88 Allow adding GUIDs to each HSI security attr
This indicates the GUID in some way contributed to the result decided.

It also allows us to match the submitted HSI results back to a firmware
stream on the LVFS, which allows us to allow vendors to see a subset of
results for uploaded devices.
2021-09-03 22:03:28 +01:00
Mario Limonciello
55de39c077 trivial: reformat the whole tree to match new format 2021-08-24 11:18:40 -05:00
Mario Limonciello
798d1ed3ee trivial: update markdown for pre-commit style 2021-07-18 14:42:47 -05:00
Richard Hughes
dfaae2e837 Move amdgpu safety check into the plugin
There are now multiple plugins using drm_dp_aux_dev interface which
may potentially be combined with an amdgpu. Prevent exercising this
interface with any plugin using DP aux unless a new enough kernel is
installed.
2021-07-04 17:49:36 +01:00
Mario Limonciello
73cdf067ed trivial: fixup includes for a variety of plugins 2021-06-14 10:12:45 +01:00
Richard Hughes
147ad17a84 pci-bcr: Use fu_device_inhibit() rather than removing UPDATABLE 2021-04-20 15:09:58 +01:00
Richard Hughes
b333e0045c Split out a shared system context
There is a lot of code in fwupd that just assigns a shared object type to
a FuPlugin, and then for each device on that plugin assigns that same shared
object to each FuDevice.

Rather than proxy several kinds of information stores over two different levels
of abstraction create a 'context' which contains the shared *system* state
between the daemon, the plugins and the daemon.

This will allow us to hold other per-machine state in the future, for instance
the system battery level or AC state.
2021-04-01 21:11:29 +01:00
Sean Rhodes
247f29ad47 Updated StarLabs guids 2021-03-04 17:56:43 +00:00
Richard Hughes
c81b755872 Be more strict for custom quirk keys
Rather than trying to guess typos, force each plugin to register the quirk
keys it supports, so we can show a sensible warning if required at startup on
the console.
2021-03-03 08:30:34 +00:00
Richard Hughes
7d132b728c Simplify the quirk file format
The best way of not getting something wrong is to not require it in the first
place...

All plugins now use DeviceInstanceId-style quirk matches and we can just drop
the prefix in all files. We were treating HwId=, Guid= and DeviceInstanceId= in
exactly the same way -- they're just converted to GUIDs when building the silo!
2021-03-03 08:30:34 +00:00
Richard Hughes
24232d1d63 pci-bcr: Use a plugin prefix for quirk keys 2021-03-03 08:30:34 +00:00
Richard Hughes
a22c13c637 Move the plugin build logic to the plugins themselves 2021-02-18 14:46:20 +00:00
Richard Hughes
525f71f54b Merge the _udev_device() and _usb_device() vfuncs
There are now two 'backends' of device plug/unplug events, and there is about
to become three. Rather than just adding two more vfuncs for every backend type
define common ones that all providers can use.

Also fix up the existing in-tree plugins to use the new vfunc names and filter
on the correct GType.
2021-02-10 12:04:05 +00:00
Mario Limonciello
75835b4a0b Use FWUPD_COMPILATION define to indicate an in tree build
When this is done, include:
* Including the hash
* Including anything that is not ABI stable in plugins yet

Suggested-by: Simon McVittie <smcv@debian.org>
2021-01-22 14:01:25 -06:00
Richard Hughes
9a81d63add pci-bcr: Only mark the device non-updatable if WPD unset and BLE set
It's unusual, but if BIOS lock enable is enabled (so we cannot *change* the
value of BIOSWE) but the BIOS is already WE then we can write to the hardware
just fine.
2021-01-19 14:44:51 +00:00
Richard Hughes
425ed311aa flashrom: Do not allow flashing if BLE is enabled
If BLE is set flashrom isn't going to work and the user would get a super scary
warning.
2021-01-15 15:24:19 +00:00
Richard Hughes
b63cfa90d6 Detect the AMD TSME encryption state for HSI 2021-01-06 16:45:33 +00:00
Richard Hughes
58993ac005 trivial: Fix some error prefixes 2020-11-06 09:57:03 +00:00
Mario Limonciello
8aa5d41eb7 Add external interface messages 2020-10-26 12:05:20 -05:00
Richard Hughes
13bae744be platform-integrity: Use the BCR values provided by the kernel class
This requires the new kernel driver by Daniel Gutson.
2020-09-14 16:18:12 +01:00
Richard Hughes
8c200a9e41 cpu: Correct the BCR address for Atom Bay Trail 2020-09-09 20:18:32 +01:00
Richard Hughes
bd1dc2a1e2 pcb-bcr: Use the correct BCR register for Bay Trail CPUs
Fixes https://github.com/fwupd/fwupd/issues/2328
2020-08-20 22:07:05 +01:00
Richard Hughes
f6b48edebf pci-bcr: Read the ISA bridge BCR from the PCI device class
The SPI controllers are always identified with one of two device classes.
2020-05-18 21:16:59 -05:00
Richard Hughes
2157468709 pcr-bpc: Don't show the 'Not found' message for BLE and SMM_BWP
If we did not find the device for BIOSWP it is completely useless.
2020-05-18 15:43:23 -05:00
Richard Hughes
b246bcaecb Allow client tools to translate the HSI attributes and results
To do this, rely on the AppStream ID to map to a translated string (providing a
fallback for clients that do not care) and switch the free-form result string
into a set of enumerated values that can be translated.

This fixes some of the problems where some things have to be enabled to "pass"
and other attributes have to be some other state. For cases where we want the
user to "do" something, provide a URL to a wiki page that we update out-of-band
of fwupd releases.
2020-05-18 17:03:49 +01:00
Richard Hughes
63fa4effd3 pci-mei: Check the ME device is not in manufacturing mode 2020-05-15 21:28:27 -05:00
Mario Limonciello
6ecf511d52 trivial: pci-bcr: request pci udev subsystem
If another plugin didn't do this, the pci-bcr plugin doesn't work.
It's noticable by --plugin-whitelist=pci_bcr
2020-05-15 11:32:51 -05:00
Richard Hughes
cae111d1de Save the plugin that created the FwupdSecurityAttr
This is really useful for debugging.
2020-05-15 16:17:27 +01:00
Richard Hughes
43451d458b pci-bcr: Fail HSI:1 if the BCR register cannot be loaded
Add obsoletes to attributes added by linux-spi-lpc if we're using the kernel
support for hidden PCI devices.
2020-05-15 09:17:33 -05:00
Richard Hughes
8fdefd459b pci-bcr: Read the PCI BCR config register from userspace
We can read this from userspace even when SB is turned on and with the kernel
locked down. The kernel securityfs patches are still in-progress, but will take
significant time to get upstream.

The kernel patches are needed when the PCI device is hidden from userspace.
2020-05-15 10:21:07 +01:00