applications/gnome-control-center
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

firmware-security: Move the workaround for UEFI Secure Boot lower

Browse source 
This fixes the toplevel security level to correctly show failed.
This commit is contained in:
Richard Hughes 2022-08-24 16:25:29 +01:00 committed by Georges Basile Stavracas Neto
parent ff904208cb
commit 12352f8c1a
2 changed files with 17 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

23
panels/firmware-security/cc-firmware-security-panel.c
View file

@ -73,6 +73,9 @@ struct _CcfirmwareSecurityPanel
CC_PANEL_REGISTER (CcfirmwareSecurityPanel, cc_firmware_security_panel)
static void
set_hsi_button_view (CcfirmwareSecurityPanel *self);
static void
set_secure_boot_button_view (CcfirmwareSecurityPanel *self)
{
@ -226,19 +229,19 @@ parse_variant_iter (CcfirmwareSecurityPanel *self,
if (appstream_id == NULL)
return;
/* in fwupd <= 1.8.3 org.fwupd.hsi.Uefi.SecureBoot was incorrectly marked as HSI-0,
* so lower the HSI number forcefully if this attribute failed -- the correct thing
* to do of course is to update fwupd to a newer build */
if (g_strcmp0 (attr->appstream_id, FWUPD_SECURITY_ATTR_ID_UEFI_SECUREBOOT) == 0 &&
(attr->flags & FWUPD_SECURITY_ATTR_FLAG_SUCCESS) == 0)
{
self->hsi_number = 0;
set_hsi_button_view (self);
}
/* insert into correct hash table */
switch (attr->hsi_level)
{
case 0:
/* in fwupd <= 1.8.3 org.fwupd.hsi.Uefi.SecureBoot was incorrectly marked as HSI-0,
* so accept either level here to avoid raising the runtime version requirement */
if (g_strcmp0 (attr->appstream_id, FWUPD_SECURITY_ATTR_ID_UEFI_SECUREBOOT) == 0)
{
g_hash_table_insert (self->hsi1_dict,
g_strdup (appstream_id),
g_steal_pointer (&attr));
}
break;
case 1:
g_hash_table_insert (self->hsi1_dict,
g_strdup (appstream_id),

4
panels/firmware-security/cc-firmware-security-utils.c
View file

@ -334,6 +334,10 @@ fu_security_attr_new_from_variant (GVariantIter *iter)
g_variant_unref (value);
}
/* in fwupd <= 1.8.3 org.fwupd.hsi.Uefi.SecureBoot was incorrectly marked as HSI-0 */
if (g_strcmp0 (attr->appstream_id, FWUPD_SECURITY_ATTR_ID_UEFI_SECUREBOOT) == 0)
attr->hsi_level = 1;
/* fallback for older fwupd versions */
if (attr->appstream_id != NULL && attr->title == NULL)
attr->title = g_strdup (fu_security_attr_get_title_fallback (attr->appstream_id));