Commit Graph

925 Commits

Author SHA1 Message Date
Mario Limonciello
04c2186edc Add support for loading default BIOS settings policy
A user can place a JSON file in /etc/fwupd/bios-settings.d/ with
the default desired policy for the machine.

fwupd will load this policy on startup to ensure BIOS settings
are set as desired by the system administrator.
2022-08-24 12:59:42 -05:00
Mario Limonciello
2f9cb74c59 trivial: don't assume we know about pending_reboot
The `pending_reboot` variable is tracked by the kernel, make sure
that it is updated from the kernel when BIOS settings are changed.
2022-08-24 12:59:42 -05:00
Richard Hughes
fa2df1eed6 Use ID_VENDOR_ID and ID_MODEL_ID fallbacks
Some udev subsystems run probers to populate the values, rather than
just the kernel providing the sysfs files. Support reading these too.
2022-08-24 15:54:58 +01:00
Mario Limonciello
b7b0ce533d trivial: Unify ambiguity between bios-attrs and bios-settings
These are currently used interchangeably since there was indecisiveness
which to use as the feature was being developed.

As outward facing it will be named with "settings", change all uses
in the code to match this.
2022-08-24 07:20:01 -05:00
Richard Hughes
c886fb8f71 Include vfat in the list of possible BDP partition types
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2119436
2022-08-24 09:41:46 +01:00
Mario Limonciello
2045578d20 trivial: add a debugging statement to indicate BIOS settings work 2022-08-22 09:29:08 -05:00
Mario Limonciello
01d120efda trivial: Make BIOS setting parsing errors less verbose by default
The `--verbose` output for getting BIOS setting info is very noisy
on Lenovo systems due to a mismatch for the driver behavior and
kernel API.

Hide most of it behind an optional environment variable
`FWUPD_BIOS_SETTING_VERBOSE`.
2022-08-22 09:29:08 -05:00
Mario Limonciello
82e2d613aa Add GUIDs using MODALIAS as well
This will allow targeting the same thing that kernel drivers use to load the hardware
2022-08-22 06:03:19 -05:00
Mario Limonciello
2536bf462c Allow running get-bios-settings without root or PK
The only information that is secret is the `current_value`.
Augment the d-bus call to determine whether the caller needs this
information.

* If `fwupdmgr` is launched as root it will be provided.
* If `fwupdmgr` is launched with `--authenticate` it will be requested
  and PK will be engaged.
2022-08-11 09:52:26 -05:00
Mario Limonciello
7ddbe5e0b3 trivial: don't let people try to turn off UEFI secure boot
The firmware from both Dell and Lenovo actually blocks this, but the
error message is pretty confusing.

```
$ sudo fwupdtool set-bios-setting SecureBoot Disable
17:39:40:0249 FuBiosAttrs          KERNEL BUG: thinklmi doesn't export a 'type' attribute
Loading…                 [-                                      ]
failed to write 7 bytes to 17: Invalid argument
```
2022-08-10 11:09:31 -05:00
Mario Limonciello
5f0bb3dc8f Add support for translation for the sample Dell BIOS setting strings 2022-08-10 10:17:25 -05:00
Mario Limonciello
3e5fce5ffa trivial: ignore strings files in directory with drivers not attributes 2022-08-10 10:17:25 -05:00
Mario Limonciello
d51364a8b1 trivial: don't set target BIOS attribute for read only attributes
If an attribute is read only, then we'll have a failure trying to
set it.  So don't offer a target value so clients won't try to set
an attribute.x
2022-08-10 08:20:49 -05:00
Mario Limonciello
fdfdaed911 trivial: bios-attrs: fix a logic bug in lenovo string extraction
Several enumeration attributes were missing their final values
2022-08-05 14:39:48 -05:00
Mario Limonciello
04fd943abd trivial: fix a documentation comment mistake 2022-08-01 12:39:19 -05:00
Richard Hughes
0beed2f138 Store the current BIOS value in a security attribute
We can't very-well ask the user to 'change it back' if we do not tell
them what it is set to already.
2022-08-01 15:45:43 +01:00
Richard Hughes
934002553a Allow loading BIOS attributes for host emulation 2022-08-01 13:32:12 +01:00
Richard Hughes
77006b75eb Set the target value on the security attribute
Semantically it is the desire of the security attribute, not the bios
attribute, i.e. you could imagine that a specific attribute would have
to be *foo or bar or baz* for HSI-1 and *only foo* for HSI-2

Also make it easier to add possible BIOS attribute target values in
plugin code.
2022-08-01 07:12:18 +01:00
Mario Limonciello
7660222240 Add a unique identifier to all BIOSAttr objects
This identifier can be used by plugins or the daemon to disambiguate
behavior between two different drivers.

Set it up so that plugins don't NEED to use it, but optionally can
find attributes by either name or ID
2022-07-29 11:31:50 -05:00
Richard Hughes
93266d36be Fix a crash when parsing an empty BIOS attribute 2022-07-29 12:57:35 +01:00
Richard Hughes
4a78fed13c trivial: Check input parameters to fu_strsplit() 2022-07-29 12:57:35 +01:00
Mario Limonciello
5ded4f44fe Add support for reading and writing firmware attributes
This support is comprehensive:
 * Client library support
 * Daemon support
 * plugin support
 * Client tool support (with new commands)
2022-07-28 17:30:57 -05:00
Richard Hughes
829258401e Allow plugins and backends to print debugging information to the console
This is really useful for debugging.
2022-07-28 16:10:06 +01:00
Richard Hughes
b6ad1f248e trivial: Use fu_bytes_new_offset() in more places 2022-07-25 17:07:33 +01:00
Richard Hughes
0e74b89282 trivial: Enable fatal-criticals harder when fuzzing 2022-07-25 17:07:33 +01:00
Richard Hughes
66532a1293 trivial: Make fuzzing less verbose 2022-07-25 17:07:33 +01:00
Richard Hughes
9188060ce2 trivial: Reduce the debug output when fuzzing
At the moment the log is ~150,000 lines, and quite a bit of CPU time is
being spent just generating ignored XML for successful runs.
2022-07-25 17:07:33 +01:00
Mario Limonciello
4a02a154fe trivial: don't use /proc/self/exe on Windows
Fixes: #4864
2022-07-24 09:27:16 -05:00
Richard Hughes
8dc50c086f Fix a crash when a peripheral uses _USE_PARENT_FOR_BATTERY
Call the parent class method to avoid getting stuck in a recursive loop
which eventually causes the daemon to segfault.
2022-07-21 21:27:24 +01:00
Richard Hughes
74e9b04b39 trivial: Return a more invalid value if FWUPD_IS_DEVICE() fails
We don't want to return something that's actually the initial value.
2022-07-21 21:27:24 +01:00
Richard Hughes
221238b4c0 trivial: Allow each device to specify a different acquiesce delay
Different device classes may need different values, and these may need
modifying by quirks. Also use 50ms to flush out any pending events.
2022-07-21 15:27:04 +01:00
Richard Hughes
4f9b455880 Add UDev devices to the _REQUIRES_ACQUIESCE opt-in 2022-07-21 15:27:04 +01:00
Mario Limonciello
445a8af362 fu-smbios: Fix parsing smbios data
When support was added for falling back to SMBIOS data from the kernel
in /sys/class/dmi, we inadvertently stopped caring about the data parsed
directly from DMI tables as first priority.  This caused a regression in
hwids from some OEMs that relied upon IDs that could only be properly built
from DMI tables, not the kernel /sys/class/dmi interface.

Link: https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/1982103
Fixes: 464425fb5 ("SMBIOS: try reading from /sys/class/dmi if direct access fails")
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
2022-07-20 16:23:56 -05:00
Richard Hughes
847151a51a Wait for the system to acquiesce after doing each update
We want to allow all the device hotplug events to be processed before
marking the update as completed. Otherwise, we might have a situation
where we have a child device attached to a parent, where we want to
update the parent, then the child. e.g.

 1. Add parent
 2. Add child
 3. Update parent
 4. Attach parent
 5. Wait for parent

...some time passes...

 6. Parent re-appears
 7. Update finishes, client indicates success

...child update is scheduled...
...which returns with failure as it does not exist...

 8. Add child

The child should have been added *before* the update completed to avoid
the caller from needing an unspecified delay as a *workaround*.
2022-07-20 19:10:12 +01:00
Richard Hughes
f336a43936 Avoid duplicate device actions where possible
This removes at least two open(),probe(),setup(),close() chains for the
common case where the vfuncs are not implemented.
2022-07-20 19:01:02 +01:00
Richard Hughes
62fc515714 Allow loading in emulated host profiles for debugging
This allows us to load sets of different host security attributes
for testing the various front end tools we have now. e.g.

    sudo FWUPD_HOST_EMULATE=thinkpad-p1-iommu.json.gz fwupd

or, using a non-compressed absolute path:

    sudo FWUPD_HOST_EMULATE=/tmp/test/thinkpad-p1-iommu.json fwupd

Data can be created with `./contrib/generate-emulation.py file.json`
and then can be manually modified if required. Running the script on
a file that already exists will just strip out any unneeded data, as
well as piping content into it using stdin.

As a precaution, the org.fwupd.hsi.HostEmulation attribute is added
so we do not ask the user to upload the HSI report. It also allows
the LVFS to ignore any HSI reports with this attribute for clients
that upload HSI reports regardless.

See https://github.com/fwupd/fwupd/discussions/4832
2022-07-18 16:27:59 +01:00
Richard Hughes
fdc5131dca Only validate source artifacts at cabinet load time
The LVFS was being over-eager, and setting 'binary' for both -- but
for new firmware it's important to specify the correct thing.
2022-07-18 16:12:43 +01:00
Richard Hughes
a5749f4d23 Set the HSI levels in a central place
This means we don't need to worry about changing multiple
implementations if the HSI levels change for a specific ID.

It also means we can fake HSI results in the future without having
to also store the 'correct' level in the input file.
2022-07-15 20:21:22 +01:00
Richard Hughes
dc91444b46 trivial: Export fu_security_attrs_get_by_appstream_id() for future use 2022-07-14 14:49:00 +01:00
Richard Hughes
0c51630991 Check firmware magic in a more standard way
Some parsers are ignoring the magic when using _FLAG_IGNORE_CHECKSUM
(which is wrong; fuzzers have no problem with enforcing a static prefix)
and other either disregard the offset or check the magic in an unsafe
way. Also, use FWUPD_ERROR_INVALID_FILE consistently for magic failure.

Add a vfunc, and move all the clever code into one place.
2022-07-14 14:48:15 +01:00
Richard Hughes
a06dedb253 trivial: Add a fu_memread_uint24_safe() to make some code more correct 2022-07-14 11:03:13 +01:00
Richard Hughes
1ffc2608b0 Check for overflow when copying buffers with huge offset values 2022-07-13 22:04:10 +01:00
Richard Hughes
56e5c1b7a9 Fix critical warning when parsing invalid FDT firmware
Never let firmware_current be NULL by checking for the root node ENDing.

Fixes https://oss-fuzz.com/testcase-detail/5454411320655872
2022-07-13 22:04:01 +01:00
Richard Hughes
3b71918346 trivial: Remove some dead code spotted by Coverity 2022-07-11 10:17:59 +01:00
Richard Hughes
71c0641394 trivial: Fix a -Wunused-function warning on Windows 2022-07-10 11:15:16 +01:00
Richard Hughes
a6b96e2330 Use the SHA256 binary hash for the quirk GResource key
There's no security issue, but it's one less thing I have to justify
during a security review.
2022-07-09 14:56:28 +01:00
Richard Hughes
15536eb1bc Do not make failing to parse the i2c bus number fatal
This acccidentally become more strict in bb548f15f0 and means there
should be no more false-positive daemon warnings at startup.

Fixes the 2nd half of https://github.com/fwupd/fwupd/discussions/4810
2022-07-08 17:24:26 +01:00
Richard Hughes
6f5ebc5492 Handle ENOTTY with the correct error code for ioctl calls
Fixes half of https://github.com/fwupd/fwupd/discussions/4810
2022-07-08 16:25:38 +01:00
Richard Hughes
cb0966858d Fix fuzzing timeout in the new IFW CPD parsing
Limit the number of images to an order of magnitide more than we've ever seen.

Fixes https://oss-fuzz.com/testcase-detail/4842982326534144
2022-07-08 15:17:25 +01:00
Richard Hughes
7a224007f2 Add support for Flat Image Tree aka FIT firmware 2022-07-08 14:05:20 +01:00