Line |
Branch |
Exec |
Source |
1 |
|
|
/* cc-firmware-security-utils.h |
2 |
|
|
* |
3 |
|
|
* Copyright (C) 2021 Red Hat, Inc |
4 |
|
|
* |
5 |
|
|
* This program is free software; you can redistribute it and/or modify |
6 |
|
|
* it under the terms of the GNU General Public License as published by |
7 |
|
|
* the Free Software Foundation; either version 2 of the License, or |
8 |
|
|
* (at your option) any later version. |
9 |
|
|
* |
10 |
|
|
* This program is distributed in the hope that it will be useful, |
11 |
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
12 |
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
13 |
|
|
* GNU General Public License for more details. |
14 |
|
|
* |
15 |
|
|
* You should have received a copy of the GNU General Public License |
16 |
|
|
* along with this program; if not, see <http://www.gnu.org/licenses/>. |
17 |
|
|
* |
18 |
|
|
* Author: Kate Hsuan <hpa@redhat.com> |
19 |
|
|
* |
20 |
|
|
* SPDX-License-Identifier: GPL-2.0-or-later |
21 |
|
|
*/ |
22 |
|
|
|
23 |
|
|
#pragma once |
24 |
|
|
|
25 |
|
|
#include <gtk/gtk.h> |
26 |
|
|
|
27 |
|
|
G_BEGIN_DECLS |
28 |
|
|
|
29 |
|
|
/* we don't need to keep this up to date and from fwupd >= 1.8.3 we only need the defines |
30 |
|
|
* for the things we actually query, e.g. FWUPD_SECURITY_ATTR_ID_UEFI_SECUREBOOT */ |
31 |
|
|
#define FWUPD_SECURITY_ATTR_ID_ACPI_DMAR "org.fwupd.hsi.AcpiDmar" |
32 |
|
|
#define FWUPD_SECURITY_ATTR_ID_ENCRYPTED_RAM "org.fwupd.hsi.EncryptedRam" |
33 |
|
|
#define FWUPD_SECURITY_ATTR_ID_FWUPD_ATTESTATION "org.fwupd.hsi.Fwupd.Attestation" |
34 |
|
|
#define FWUPD_SECURITY_ATTR_ID_FWUPD_PLUGINS "org.fwupd.hsi.Fwupd.Plugins" |
35 |
|
|
#define FWUPD_SECURITY_ATTR_ID_FWUPD_UPDATES "org.fwupd.hsi.Fwupd.Updates" |
36 |
|
|
#define FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_ENABLED "org.fwupd.hsi.IntelBootguard.Enabled" |
37 |
|
|
#define FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_VERIFIED "org.fwupd.hsi.IntelBootguard.Verified" |
38 |
|
|
#define FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_ACM "org.fwupd.hsi.IntelBootguard.Acm" |
39 |
|
|
#define FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_POLICY "org.fwupd.hsi.IntelBootguard.Policy" |
40 |
|
|
#define FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_OTP "org.fwupd.hsi.IntelBootguard.Otp" |
41 |
|
|
#define FWUPD_SECURITY_ATTR_ID_INTEL_CET_ENABLED "org.fwupd.hsi.IntelCet.Enabled" |
42 |
|
|
#define FWUPD_SECURITY_ATTR_ID_INTEL_CET_ACTIVE "org.fwupd.hsi.IntelCet.Active" |
43 |
|
|
#define FWUPD_SECURITY_ATTR_ID_INTEL_SMAP "org.fwupd.hsi.IntelSmap" |
44 |
|
|
#define FWUPD_SECURITY_ATTR_ID_IOMMU "org.fwupd.hsi.Iommu" |
45 |
|
|
#define FWUPD_SECURITY_ATTR_ID_KERNEL_LOCKDOWN "org.fwupd.hsi.Kernel.Lockdown" |
46 |
|
|
#define FWUPD_SECURITY_ATTR_ID_KERNEL_SWAP "org.fwupd.hsi.Kernel.Swap" |
47 |
|
|
#define FWUPD_SECURITY_ATTR_ID_KERNEL_TAINTED "org.fwupd.hsi.Kernel.Tainted" |
48 |
|
|
#define FWUPD_SECURITY_ATTR_ID_MEI_MANUFACTURING_MODE "org.fwupd.hsi.Mei.ManufacturingMode" |
49 |
|
|
#define FWUPD_SECURITY_ATTR_ID_MEI_OVERRIDE_STRAP "org.fwupd.hsi.Mei.OverrideStrap" |
50 |
|
|
#define FWUPD_SECURITY_ATTR_ID_MEI_VERSION "org.fwupd.hsi.Mei.Version" |
51 |
|
|
#define FWUPD_SECURITY_ATTR_ID_SPI_BIOSWE "org.fwupd.hsi.Spi.Bioswe" |
52 |
|
|
#define FWUPD_SECURITY_ATTR_ID_SPI_BLE "org.fwupd.hsi.Spi.Ble" |
53 |
|
|
#define FWUPD_SECURITY_ATTR_ID_SPI_SMM_BWP "org.fwupd.hsi.Spi.SmmBwp" |
54 |
|
|
#define FWUPD_SECURITY_ATTR_ID_SPI_DESCRIPTOR "org.fwupd.hsi.Spi.Descriptor" |
55 |
|
|
#define FWUPD_SECURITY_ATTR_ID_SUSPEND_TO_IDLE "org.fwupd.hsi.SuspendToIdle" |
56 |
|
|
#define FWUPD_SECURITY_ATTR_ID_SUSPEND_TO_RAM "org.fwupd.hsi.SuspendToRam" |
57 |
|
|
#define FWUPD_SECURITY_ATTR_ID_TPM_EMPTY_PCR "org.fwupd.hsi.Tpm.EmptyPcr" |
58 |
|
|
#define FWUPD_SECURITY_ATTR_ID_TPM_RECONSTRUCTION_PCR0 "org.fwupd.hsi.Tpm.ReconstructionPcr0" |
59 |
|
|
#define FWUPD_SECURITY_ATTR_ID_TPM_VERSION_20 "org.fwupd.hsi.Tpm.Version20" |
60 |
|
|
#define FWUPD_SECURITY_ATTR_ID_UEFI_SECUREBOOT "org.fwupd.hsi.Uefi.SecureBoot" |
61 |
|
|
#define FWUPD_SECURITY_ATTR_ID_INTEL_DCI_ENABLED "org.fwupd.hsi.IntelDci.Enabled" |
62 |
|
|
#define FWUPD_SECURITY_ATTR_ID_INTEL_DCI_LOCKED "org.fwupd.hsi.IntelDci.Locked" |
63 |
|
|
#define FWUPD_SECURITY_ATTR_ID_UEFI_PK "org.fwupd.hsi.Uefi.Pk" |
64 |
|
|
#define FWUPD_SECURITY_ATTR_ID_PREBOOT_DMA_PROTECTION "org.fwupd.hsi.PrebootDma" |
65 |
|
|
#define FWUPD_SECURITY_ATTR_ID_SUPPORTED_CPU "org.fwupd.hsi.SupportedCpu" |
66 |
|
|
#define FWUPD_SECURITY_ATTR_ID_PLATFORM_DEBUG_LOCKED "org.fwupd.hsi.PlatformDebugLocked" |
67 |
|
|
#define FWUPD_SECURITY_ATTR_ID_AMD_ROLLBACK_PROTECTION "org.fwupd.hsi.Amd.RollbackProtection" |
68 |
|
|
#define FWUPD_SECURITY_ATTR_ID_AMD_SPI_WRITE_PROTECTION "org.fwupd.hsi.Amd.SpiWriteProtection" |
69 |
|
|
#define FWUPD_SECURITY_ATTR_ID_AMD_SPI_REPLAY_PROTECTION "org.fwupd.hsi.Amd.SpiReplayProtection" |
70 |
|
|
#define FWUPD_SECURITY_ATTR_ID_PLATFORM_DEBUG_ENABLED "org.fwupd.hsi.PlatformDebugEnabled" |
71 |
|
|
#define FWUPD_SECURITY_ATTR_ID_PLATFORM_FUSED "org.fwupd.hsi.PlatformFused" |
72 |
|
|
|
73 |
|
|
typedef enum { |
74 |
|
|
SECURE_BOOT_STATE_UNKNOWN, |
75 |
|
|
SECURE_BOOT_STATE_ACTIVE, |
76 |
|
|
SECURE_BOOT_STATE_INACTIVE, |
77 |
|
|
SECURE_BOOT_STATE_PROBLEMS, |
78 |
|
|
} SecureBootState; |
79 |
|
|
|
80 |
|
|
typedef enum { |
81 |
|
|
FWUPD_SECURITY_ATTR_FLAG_NONE = 0, |
82 |
|
|
FWUPD_SECURITY_ATTR_FLAG_SUCCESS = 1 << 0, |
83 |
|
|
FWUPD_SECURITY_ATTR_FLAG_OBSOLETED = 1 << 1, |
84 |
|
|
FWUPD_SECURITY_ATTR_FLAG_RUNTIME_UPDATES = 1 << 8, |
85 |
|
|
FWUPD_SECURITY_ATTR_FLAG_RUNTIME_ATTESTATION = 1 << 9, |
86 |
|
|
FWUPD_SECURITY_ATTR_FLAG_RUNTIME_ISSUE = 1 << 10, |
87 |
|
|
FWUPD_SECURITY_ATTR_FLAG_ACTION_CONTACT_OEM = 1 << 11, |
88 |
|
|
FWUPD_SECURITY_ATTR_FLAG_ACTION_CONFIG_FW = 1 << 12, |
89 |
|
|
FWUPD_SECURITY_ATTR_FLAG_ACTION_CONFIG_OS = 1 << 13, |
90 |
|
|
} FwupdSecurityAttrFlags; |
91 |
|
|
|
92 |
|
|
typedef enum { |
93 |
|
|
FWUPD_SECURITY_ATTR_RESULT_UNKNOWN, |
94 |
|
|
FWUPD_SECURITY_ATTR_RESULT_ENABLED, |
95 |
|
|
FWUPD_SECURITY_ATTR_RESULT_NOT_ENABLED, |
96 |
|
|
FWUPD_SECURITY_ATTR_RESULT_VALID, |
97 |
|
|
FWUPD_SECURITY_ATTR_RESULT_NOT_VALID, |
98 |
|
|
FWUPD_SECURITY_ATTR_RESULT_LOCKED, |
99 |
|
|
FWUPD_SECURITY_ATTR_RESULT_NOT_LOCKED, |
100 |
|
|
FWUPD_SECURITY_ATTR_RESULT_ENCRYPTED, |
101 |
|
|
FWUPD_SECURITY_ATTR_RESULT_NOT_ENCRYPTED, |
102 |
|
|
FWUPD_SECURITY_ATTR_RESULT_TAINTED, |
103 |
|
|
FWUPD_SECURITY_ATTR_RESULT_NOT_TAINTED, |
104 |
|
|
FWUPD_SECURITY_ATTR_RESULT_FOUND, |
105 |
|
|
FWUPD_SECURITY_ATTR_RESULT_NOT_FOUND, |
106 |
|
|
FWUPD_SECURITY_ATTR_RESULT_SUPPORTED, |
107 |
|
|
FWUPD_SECURITY_ATTR_RESULT_NOT_SUPPORTED, |
108 |
|
|
FWUPD_SECURITY_ATTR_RESULT_LAST |
109 |
|
|
} FwupdSecurityAttrResult; |
110 |
|
|
|
111 |
|
|
typedef struct { |
112 |
|
|
FwupdSecurityAttrResult result; |
113 |
|
|
FwupdSecurityAttrResult result_fallback; |
114 |
|
|
FwupdSecurityAttrFlags flags; |
115 |
|
|
guint32 hsi_level; |
116 |
|
|
guint64 timestamp; |
117 |
|
|
gchar *appstream_id; |
118 |
|
|
gchar *title; |
119 |
|
|
gchar *description; |
120 |
|
|
} FwupdSecurityAttr; |
121 |
|
|
|
122 |
|
|
FwupdSecurityAttr *fu_security_attr_new_from_variant (GVariantIter *iter); |
123 |
|
|
void fu_security_attr_free (FwupdSecurityAttr *attr); |
124 |
|
|
|
125 |
|
✗ |
G_DEFINE_AUTOPTR_CLEANUP_FUNC (FwupdSecurityAttr, fu_security_attr_free) |
126 |
|
|
|
127 |
|
|
gboolean firmware_security_attr_has_flag (FwupdSecurityAttr *attr, |
128 |
|
|
FwupdSecurityAttrFlags flag); |
129 |
|
|
void load_custom_css (const char *path); |
130 |
|
|
const gchar *fwupd_security_attr_result_to_string (FwupdSecurityAttrResult result); |
131 |
|
|
gboolean fwupd_get_result_status (FwupdSecurityAttrResult result); |
132 |
|
|
void hsi_report_title_print_padding (const gchar *title, GString *dst_string, gsize maxlen); |
133 |
|
|
|
134 |
|
|
G_END_DECLS |
135 |
|
|
|