proxmox-mirrors/fwupd
1
0
Fork 0
mirror of https://git.proxmox.com/git/fwupd synced 2025-06-11 04:28:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
fd399da71b
fwupd/plugins/msr
History
Mario Limonciello 783e2e0448 Drop the AMD SME check for security attributes (Fixes: #4176) 
This method does not indicate whether the kernel has enabled encryption.
That information is only visible from the kernel log at this time.

Continue to read the MSRs though, because if/when we get a method for the
kernel to export it we may use these as a basis of "support" but not a
indication of it being enabled.

encrypted:
```FuPluginMsr          SME/SEV check MSR: eax 01000f, ebx 016f
FuPluginMsr          PCI_MSR_AMD64_SYSCFG: 0f40000, sme_is_enabled=1
FuPluginMsr          PCI_MSR_AMD64_SEV: 00, sev_is_enabled=0
```

not_encrypted:
```
FuPluginMsr          SME/SEV check MSR: eax 01000f, ebx 016f
FuPluginMsr          PCI_MSR_AMD64_SYSCFG: 0f40000, sme_is_enabled=1
FuPluginMsr          PCI_MSR_AMD64_SEV: 00, sev_is_enabled=0
```
2022-02-04 10:41:47 -06:00
..
fu-plugin-msr.c Drop the AMD SME check for security attributes (Fixes: #4176) 2022-02-04 10:41:47 -06:00
fwupd-msr.conf msr: Add a new plugin to detect the Intel DCI state 2020-07-16 20:13:06 +01:00
meson.build Make the HSI tests optional for embedded targets 2021-11-29 09:30:57 +00:00
msr.quirk Simplify the quirk file format 2021-03-03 08:30:34 +00:00
README.md trivial: update markdown for pre-commit style 2021-07-18 14:42:47 -05:00

README.md

MSR

Introduction

This plugin checks if the Model-specific registers (MSRs) indicate the Direct Connect Interface (DCI) is enabled.

DCI allows debugging of Intel processors using the USB3 port. DCI should always be disabled and locked on production hardware as it allows the attacker to disable other firmware protection methods.

The result will be stored in a security attribute for HSI.

External Interface Access

This plugin requires read access to /sys/class/msr.