| Line | Branch | Exec | Source |
|---|---|---|---|
| 1 | /* cc-firmware-security-utils.h | ||
| 2 | * | ||
| 3 | * Copyright (C) 2021 Red Hat, Inc | ||
| 4 | * | ||
| 5 | * This program is free software; you can redistribute it and/or modify | ||
| 6 | * it under the terms of the GNU General Public License as published by | ||
| 7 | * the Free Software Foundation; either version 2 of the License, or | ||
| 8 | * (at your option) any later version. | ||
| 9 | * | ||
| 10 | * This program is distributed in the hope that it will be useful, | ||
| 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| 13 | * GNU General Public License for more details. | ||
| 14 | * | ||
| 15 | * You should have received a copy of the GNU General Public License | ||
| 16 | * along with this program; if not, see <http://www.gnu.org/licenses/>. | ||
| 17 | * | ||
| 18 | * Author: Kate Hsuan <hpa@redhat.com> | ||
| 19 | * | ||
| 20 | * SPDX-License-Identifier: GPL-2.0-or-later | ||
| 21 | */ | ||
| 22 | |||
| 23 | #pragma once | ||
| 24 | |||
| 25 | #include <gtk/gtk.h> | ||
| 26 | |||
| 27 | G_BEGIN_DECLS | ||
| 28 | |||
| 29 | /* we don't need to keep this up to date and from fwupd >= 1.8.3 we only need the defines | ||
| 30 | * for the things we actually query, e.g. FWUPD_SECURITY_ATTR_ID_UEFI_SECUREBOOT */ | ||
| 31 | #define FWUPD_SECURITY_ATTR_ID_ACPI_DMAR "org.fwupd.hsi.AcpiDmar" | ||
| 32 | #define FWUPD_SECURITY_ATTR_ID_ENCRYPTED_RAM "org.fwupd.hsi.EncryptedRam" | ||
| 33 | #define FWUPD_SECURITY_ATTR_ID_FWUPD_ATTESTATION "org.fwupd.hsi.Fwupd.Attestation" | ||
| 34 | #define FWUPD_SECURITY_ATTR_ID_FWUPD_PLUGINS "org.fwupd.hsi.Fwupd.Plugins" | ||
| 35 | #define FWUPD_SECURITY_ATTR_ID_FWUPD_UPDATES "org.fwupd.hsi.Fwupd.Updates" | ||
| 36 | #define FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_ENABLED "org.fwupd.hsi.IntelBootguard.Enabled" | ||
| 37 | #define FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_VERIFIED "org.fwupd.hsi.IntelBootguard.Verified" | ||
| 38 | #define FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_ACM "org.fwupd.hsi.IntelBootguard.Acm" | ||
| 39 | #define FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_POLICY "org.fwupd.hsi.IntelBootguard.Policy" | ||
| 40 | #define FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_OTP "org.fwupd.hsi.IntelBootguard.Otp" | ||
| 41 | #define FWUPD_SECURITY_ATTR_ID_INTEL_CET_ENABLED "org.fwupd.hsi.IntelCet.Enabled" | ||
| 42 | #define FWUPD_SECURITY_ATTR_ID_INTEL_CET_ACTIVE "org.fwupd.hsi.IntelCet.Active" | ||
| 43 | #define FWUPD_SECURITY_ATTR_ID_INTEL_SMAP "org.fwupd.hsi.IntelSmap" | ||
| 44 | #define FWUPD_SECURITY_ATTR_ID_IOMMU "org.fwupd.hsi.Iommu" | ||
| 45 | #define FWUPD_SECURITY_ATTR_ID_KERNEL_LOCKDOWN "org.fwupd.hsi.Kernel.Lockdown" | ||
| 46 | #define FWUPD_SECURITY_ATTR_ID_KERNEL_SWAP "org.fwupd.hsi.Kernel.Swap" | ||
| 47 | #define FWUPD_SECURITY_ATTR_ID_KERNEL_TAINTED "org.fwupd.hsi.Kernel.Tainted" | ||
| 48 | #define FWUPD_SECURITY_ATTR_ID_MEI_MANUFACTURING_MODE "org.fwupd.hsi.Mei.ManufacturingMode" | ||
| 49 | #define FWUPD_SECURITY_ATTR_ID_MEI_OVERRIDE_STRAP "org.fwupd.hsi.Mei.OverrideStrap" | ||
| 50 | #define FWUPD_SECURITY_ATTR_ID_MEI_VERSION "org.fwupd.hsi.Mei.Version" | ||
| 51 | #define FWUPD_SECURITY_ATTR_ID_SPI_BIOSWE "org.fwupd.hsi.Spi.Bioswe" | ||
| 52 | #define FWUPD_SECURITY_ATTR_ID_SPI_BLE "org.fwupd.hsi.Spi.Ble" | ||
| 53 | #define FWUPD_SECURITY_ATTR_ID_SPI_SMM_BWP "org.fwupd.hsi.Spi.SmmBwp" | ||
| 54 | #define FWUPD_SECURITY_ATTR_ID_SPI_DESCRIPTOR "org.fwupd.hsi.Spi.Descriptor" | ||
| 55 | #define FWUPD_SECURITY_ATTR_ID_SUSPEND_TO_IDLE "org.fwupd.hsi.SuspendToIdle" | ||
| 56 | #define FWUPD_SECURITY_ATTR_ID_SUSPEND_TO_RAM "org.fwupd.hsi.SuspendToRam" | ||
| 57 | #define FWUPD_SECURITY_ATTR_ID_TPM_EMPTY_PCR "org.fwupd.hsi.Tpm.EmptyPcr" | ||
| 58 | #define FWUPD_SECURITY_ATTR_ID_TPM_RECONSTRUCTION_PCR0 "org.fwupd.hsi.Tpm.ReconstructionPcr0" | ||
| 59 | #define FWUPD_SECURITY_ATTR_ID_TPM_VERSION_20 "org.fwupd.hsi.Tpm.Version20" | ||
| 60 | #define FWUPD_SECURITY_ATTR_ID_UEFI_SECUREBOOT "org.fwupd.hsi.Uefi.SecureBoot" | ||
| 61 | #define FWUPD_SECURITY_ATTR_ID_INTEL_DCI_ENABLED "org.fwupd.hsi.IntelDci.Enabled" | ||
| 62 | #define FWUPD_SECURITY_ATTR_ID_INTEL_DCI_LOCKED "org.fwupd.hsi.IntelDci.Locked" | ||
| 63 | #define FWUPD_SECURITY_ATTR_ID_UEFI_PK "org.fwupd.hsi.Uefi.Pk" | ||
| 64 | #define FWUPD_SECURITY_ATTR_ID_PREBOOT_DMA_PROTECTION "org.fwupd.hsi.PrebootDma" | ||
| 65 | #define FWUPD_SECURITY_ATTR_ID_SUPPORTED_CPU "org.fwupd.hsi.SupportedCpu" | ||
| 66 | #define FWUPD_SECURITY_ATTR_ID_PLATFORM_DEBUG_LOCKED "org.fwupd.hsi.PlatformDebugLocked" | ||
| 67 | #define FWUPD_SECURITY_ATTR_ID_AMD_ROLLBACK_PROTECTION "org.fwupd.hsi.Amd.RollbackProtection" | ||
| 68 | #define FWUPD_SECURITY_ATTR_ID_AMD_SPI_WRITE_PROTECTION "org.fwupd.hsi.Amd.SpiWriteProtection" | ||
| 69 | #define FWUPD_SECURITY_ATTR_ID_AMD_SPI_REPLAY_PROTECTION "org.fwupd.hsi.Amd.SpiReplayProtection" | ||
| 70 | #define FWUPD_SECURITY_ATTR_ID_PLATFORM_DEBUG_ENABLED "org.fwupd.hsi.PlatformDebugEnabled" | ||
| 71 | #define FWUPD_SECURITY_ATTR_ID_PLATFORM_FUSED "org.fwupd.hsi.PlatformFused" | ||
| 72 | |||
| 73 | typedef enum { | ||
| 74 | SECURE_BOOT_STATE_UNKNOWN, | ||
| 75 | SECURE_BOOT_STATE_ACTIVE, | ||
| 76 | SECURE_BOOT_STATE_INACTIVE, | ||
| 77 | SECURE_BOOT_STATE_PROBLEMS, | ||
| 78 | } SecureBootState; | ||
| 79 | |||
| 80 | typedef enum { | ||
| 81 | FWUPD_SECURITY_ATTR_FLAG_NONE = 0, | ||
| 82 | FWUPD_SECURITY_ATTR_FLAG_SUCCESS = 1 << 0, | ||
| 83 | FWUPD_SECURITY_ATTR_FLAG_OBSOLETED = 1 << 1, | ||
| 84 | FWUPD_SECURITY_ATTR_FLAG_RUNTIME_UPDATES = 1 << 8, | ||
| 85 | FWUPD_SECURITY_ATTR_FLAG_RUNTIME_ATTESTATION = 1 << 9, | ||
| 86 | FWUPD_SECURITY_ATTR_FLAG_RUNTIME_ISSUE = 1 << 10, | ||
| 87 | FWUPD_SECURITY_ATTR_FLAG_ACTION_CONTACT_OEM = 1 << 11, | ||
| 88 | FWUPD_SECURITY_ATTR_FLAG_ACTION_CONFIG_FW = 1 << 12, | ||
| 89 | FWUPD_SECURITY_ATTR_FLAG_ACTION_CONFIG_OS = 1 << 13, | ||
| 90 | } FwupdSecurityAttrFlags; | ||
| 91 | |||
| 92 | typedef enum { | ||
| 93 | FWUPD_SECURITY_ATTR_RESULT_UNKNOWN, | ||
| 94 | FWUPD_SECURITY_ATTR_RESULT_ENABLED, | ||
| 95 | FWUPD_SECURITY_ATTR_RESULT_NOT_ENABLED, | ||
| 96 | FWUPD_SECURITY_ATTR_RESULT_VALID, | ||
| 97 | FWUPD_SECURITY_ATTR_RESULT_NOT_VALID, | ||
| 98 | FWUPD_SECURITY_ATTR_RESULT_LOCKED, | ||
| 99 | FWUPD_SECURITY_ATTR_RESULT_NOT_LOCKED, | ||
| 100 | FWUPD_SECURITY_ATTR_RESULT_ENCRYPTED, | ||
| 101 | FWUPD_SECURITY_ATTR_RESULT_NOT_ENCRYPTED, | ||
| 102 | FWUPD_SECURITY_ATTR_RESULT_TAINTED, | ||
| 103 | FWUPD_SECURITY_ATTR_RESULT_NOT_TAINTED, | ||
| 104 | FWUPD_SECURITY_ATTR_RESULT_FOUND, | ||
| 105 | FWUPD_SECURITY_ATTR_RESULT_NOT_FOUND, | ||
| 106 | FWUPD_SECURITY_ATTR_RESULT_SUPPORTED, | ||
| 107 | FWUPD_SECURITY_ATTR_RESULT_NOT_SUPPORTED, | ||
| 108 | FWUPD_SECURITY_ATTR_RESULT_LAST | ||
| 109 | } FwupdSecurityAttrResult; | ||
| 110 | |||
| 111 | typedef struct { | ||
| 112 | FwupdSecurityAttrResult result; | ||
| 113 | FwupdSecurityAttrResult result_fallback; | ||
| 114 | FwupdSecurityAttrFlags flags; | ||
| 115 | guint32 hsi_level; | ||
| 116 | guint64 timestamp; | ||
| 117 | gchar *appstream_id; | ||
| 118 | gchar *title; | ||
| 119 | gchar *description; | ||
| 120 | } FwupdSecurityAttr; | ||
| 121 | |||
| 122 | FwupdSecurityAttr *fu_security_attr_new_from_variant (GVariantIter *iter); | ||
| 123 | void fu_security_attr_free (FwupdSecurityAttr *attr); | ||
| 124 | |||
| 125 | ✗ | G_DEFINE_AUTOPTR_CLEANUP_FUNC (FwupdSecurityAttr, fu_security_attr_free) | |
| 126 | |||
| 127 | gboolean firmware_security_attr_has_flag (FwupdSecurityAttr *attr, | ||
| 128 | FwupdSecurityAttrFlags flag); | ||
| 129 | void load_custom_css (const char *path); | ||
| 130 | const gchar *fwupd_security_attr_result_to_string (FwupdSecurityAttrResult result); | ||
| 131 | gboolean fwupd_get_result_status (FwupdSecurityAttrResult result); | ||
| 132 | void hsi_report_title_print_padding (const gchar *title, GString *dst_string, gsize maxlen); | ||
| 133 | |||
| 134 | G_END_DECLS | ||
| 135 |