69598b9e08
The Firmware Security panel exposes the host security levels and details. The information is generated by fwupd. The panel also exposes hardware configuration changes to pinpoint the configuration changing time. Currently this panel shows: - HSI and secure boot status - Details of HSI and secure boot - Configuration changelog - Digested security level - Extended protection
109 lines
5.1 KiB
C
109 lines
5.1 KiB
C
/* cc-firmware-security-utils.h
|
|
*
|
|
* Copyright (C) 2021 Red Hat, Inc
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
|
*
|
|
* Author: Kate Hsuan <hpa@redhat.com>
|
|
*
|
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
#include <gtk/gtk.h>
|
|
|
|
G_BEGIN_DECLS
|
|
|
|
#define FWUPD_SECURITY_ATTR_ID_ACPI_DMAR "org.fwupd.hsi.AcpiDmar"
|
|
#define FWUPD_SECURITY_ATTR_ID_ENCRYPTED_RAM "org.fwupd.hsi.EncryptedRam"
|
|
#define FWUPD_SECURITY_ATTR_ID_FWUPD_ATTESTATION "org.fwupd.hsi.Fwupd.Attestation"
|
|
#define FWUPD_SECURITY_ATTR_ID_FWUPD_PLUGINS "org.fwupd.hsi.Fwupd.Plugins"
|
|
#define FWUPD_SECURITY_ATTR_ID_FWUPD_UPDATES "org.fwupd.hsi.Fwupd.Updates"
|
|
#define FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_ENABLED "org.fwupd.hsi.IntelBootguard.Enabled"
|
|
#define FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_VERIFIED "org.fwupd.hsi.IntelBootguard.Verified"
|
|
#define FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_ACM "org.fwupd.hsi.IntelBootguard.Acm"
|
|
#define FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_POLICY "org.fwupd.hsi.IntelBootguard.Policy"
|
|
#define FWUPD_SECURITY_ATTR_ID_INTEL_BOOTGUARD_OTP "org.fwupd.hsi.IntelBootguard.Otp"
|
|
#define FWUPD_SECURITY_ATTR_ID_INTEL_CET_ENABLED "org.fwupd.hsi.IntelCet.Enabled"
|
|
#define FWUPD_SECURITY_ATTR_ID_INTEL_CET_ACTIVE "org.fwupd.hsi.IntelCet.Active"
|
|
#define FWUPD_SECURITY_ATTR_ID_INTEL_SMAP "org.fwupd.hsi.IntelSmap"
|
|
#define FWUPD_SECURITY_ATTR_ID_IOMMU "org.fwupd.hsi.Iommu"
|
|
#define FWUPD_SECURITY_ATTR_ID_KERNEL_LOCKDOWN "org.fwupd.hsi.Kernel.Lockdown"
|
|
#define FWUPD_SECURITY_ATTR_ID_KERNEL_SWAP "org.fwupd.hsi.Kernel.Swap"
|
|
#define FWUPD_SECURITY_ATTR_ID_KERNEL_TAINTED "org.fwupd.hsi.Kernel.Tainted"
|
|
#define FWUPD_SECURITY_ATTR_ID_MEI_MANUFACTURING_MODE "org.fwupd.hsi.Mei.ManufacturingMode"
|
|
#define FWUPD_SECURITY_ATTR_ID_MEI_OVERRIDE_STRAP "org.fwupd.hsi.Mei.OverrideStrap"
|
|
#define FWUPD_SECURITY_ATTR_ID_MEI_VERSION "org.fwupd.hsi.Mei.Version"
|
|
#define FWUPD_SECURITY_ATTR_ID_SPI_BIOSWE "org.fwupd.hsi.Spi.Bioswe"
|
|
#define FWUPD_SECURITY_ATTR_ID_SPI_BLE "org.fwupd.hsi.Spi.Ble"
|
|
#define FWUPD_SECURITY_ATTR_ID_SPI_SMM_BWP "org.fwupd.hsi.Spi.SmmBwp"
|
|
#define FWUPD_SECURITY_ATTR_ID_SPI_DESCRIPTOR "org.fwupd.hsi.Spi.Descriptor"
|
|
#define FWUPD_SECURITY_ATTR_ID_SUSPEND_TO_IDLE "org.fwupd.hsi.SuspendToIdle"
|
|
#define FWUPD_SECURITY_ATTR_ID_SUSPEND_TO_RAM "org.fwupd.hsi.SuspendToRam"
|
|
#define FWUPD_SECURITY_ATTR_ID_TPM_EMPTY_PCR "org.fwupd.hsi.Tpm.EmptyPcr"
|
|
#define FWUPD_SECURITY_ATTR_ID_TPM_RECONSTRUCTION_PCR0 "org.fwupd.hsi.Tpm.ReconstructionPcr0"
|
|
#define FWUPD_SECURITY_ATTR_ID_TPM_VERSION_20 "org.fwupd.hsi.Tpm.Version20"
|
|
#define FWUPD_SECURITY_ATTR_ID_UEFI_SECUREBOOT "org.fwupd.hsi.Uefi.SecureBoot"
|
|
#define FWUPD_SECURITY_ATTR_ID_INTEL_DCI_ENABLED "org.fwupd.hsi.IntelDci.Enabled"
|
|
#define FWUPD_SECURITY_ATTR_ID_INTEL_DCI_LOCKED "org.fwupd.hsi.IntelDci.Locked"
|
|
#define FWUPD_SECURITY_ATTR_ID_UEFI_PK "org.fwupd.hsi.Uefi.Pk"
|
|
#define FWUPD_SECURITY_ATTR_ID_PREBOOT_DMA_PROTECTION "org.fwupd.hsi.PrebootDma"
|
|
#define FWUPD_SECURITY_ATTR_ID_SUPPORTED_CPU "org.fwupd.hsi.SupportedCpu"
|
|
|
|
|
|
typedef enum {
|
|
SECURE_BOOT_STATE_UNKNOWN,
|
|
SECURE_BOOT_STATE_ACTIVE,
|
|
SECURE_BOOT_STATE_INACTIVE,
|
|
SECURE_BOOT_STATE_PROBLEMS,
|
|
} SecureBootState;
|
|
|
|
typedef enum {
|
|
FWUPD_SECURITY_ATTR_FLAG_NONE = 0,
|
|
FWUPD_SECURITY_ATTR_FLAG_SUCCESS = 1 << 0,
|
|
FWUPD_SECURITY_ATTR_FLAG_OBSOLETED = 1 << 1,
|
|
FWUPD_SECURITY_ATTR_FLAG_RUNTIME_UPDATES = 1 << 8,
|
|
FWUPD_SECURITY_ATTR_FLAG_RUNTIME_ATTESTATION = 1 << 9,
|
|
FWUPD_SECURITY_ATTR_FLAG_RUNTIME_ISSUE = 1 << 10,
|
|
} FwupdSecurityAttrFlags;
|
|
|
|
typedef enum {
|
|
FWUPD_SECURITY_ATTR_RESULT_UNKNOWN,
|
|
FWUPD_SECURITY_ATTR_RESULT_ENABLED,
|
|
FWUPD_SECURITY_ATTR_RESULT_NOT_ENABLED,
|
|
FWUPD_SECURITY_ATTR_RESULT_VALID,
|
|
FWUPD_SECURITY_ATTR_RESULT_NOT_VALID,
|
|
FWUPD_SECURITY_ATTR_RESULT_LOCKED,
|
|
FWUPD_SECURITY_ATTR_RESULT_NOT_LOCKED,
|
|
FWUPD_SECURITY_ATTR_RESULT_ENCRYPTED,
|
|
FWUPD_SECURITY_ATTR_RESULT_NOT_ENCRYPTED,
|
|
FWUPD_SECURITY_ATTR_RESULT_TAINTED,
|
|
FWUPD_SECURITY_ATTR_RESULT_NOT_TAINTED,
|
|
FWUPD_SECURITY_ATTR_RESULT_FOUND,
|
|
FWUPD_SECURITY_ATTR_RESULT_NOT_FOUND,
|
|
FWUPD_SECURITY_ATTR_RESULT_SUPPORTED,
|
|
FWUPD_SECURITY_ATTR_RESULT_NOT_SUPPORTED,
|
|
FWUPD_SECURITY_ATTR_RESULT_LAST
|
|
} FwupdSecurityAttrResult;
|
|
|
|
const gchar *fu_security_attr_get_name (const gchar *appstream_id);
|
|
gboolean firmware_security_attr_has_flag (guint64 flags,
|
|
FwupdSecurityAttrFlags flag);
|
|
void load_custom_css (const char *path);
|
|
const char *fwupd_event_to_log (const char *appstream_id,
|
|
FwupdSecurityAttrResult result);
|
|
|
|
|
|
G_END_DECLS
|