[gnome-control-center/wip/hughsie/hsi-sb-level] firmware-security: Move the workaround for UEFI Secure Boot lower




commit 4d5bcfe027fdeea83d412cf86e836e445487b1ff
Author: Richard Hughes <richard hughsie com>
Date:   Wed Aug 24 16:25:29 2022 +0100

    firmware-security: Move the workaround for UEFI Secure Boot lower
    
    This fixes the toplevel security level to correctly show failed.

 panels/firmware-security/cc-firmware-security-panel.c | 10 ----------
 panels/firmware-security/cc-firmware-security-utils.c |  4 ++++
 2 files changed, 4 insertions(+), 10 deletions(-)
---
diff --git a/panels/firmware-security/cc-firmware-security-panel.c 
b/panels/firmware-security/cc-firmware-security-panel.c
index 70a8664fe..76b3c3011 100644
--- a/panels/firmware-security/cc-firmware-security-panel.c
+++ b/panels/firmware-security/cc-firmware-security-panel.c
@@ -229,16 +229,6 @@ parse_variant_iter (CcfirmwareSecurityPanel *self,
   /* insert into correct hash table */
   switch (attr->hsi_level)
     {
-      case 0:
-        /* in fwupd <= 1.8.3 org.fwupd.hsi.Uefi.SecureBoot was incorrectly marked as HSI-0,
-         * so accept either level here to avoid raising the runtime version requirement */
-        if (g_strcmp0 (attr->appstream_id, FWUPD_SECURITY_ATTR_ID_UEFI_SECUREBOOT) == 0)
-          {
-            g_hash_table_insert (self->hsi1_dict,
-                                 g_strdup (appstream_id),
-                                 g_steal_pointer (&attr));
-          }
-        break;
       case 1:
         g_hash_table_insert (self->hsi1_dict,
                              g_strdup (appstream_id),
diff --git a/panels/firmware-security/cc-firmware-security-utils.c 
b/panels/firmware-security/cc-firmware-security-utils.c
index fa715cbac..f6df3aebe 100644
--- a/panels/firmware-security/cc-firmware-security-utils.c
+++ b/panels/firmware-security/cc-firmware-security-utils.c
@@ -334,6 +334,10 @@ fu_security_attr_new_from_variant (GVariantIter *iter)
       g_variant_unref (value);
     }
 
+  /* in fwupd <= 1.8.3 org.fwupd.hsi.Uefi.SecureBoot was incorrectly marked as HSI-0 */
+  if (g_strcmp0 (attr->appstream_id, FWUPD_SECURITY_ATTR_ID_UEFI_SECUREBOOT) == 0)
+    attr->hsi_level = 1;
+
   /* fallback for older fwupd versions */
   if (attr->appstream_id != NULL && attr->title == NULL)
     attr->title = g_strdup (fu_security_attr_get_title_fallback (attr->appstream_id));


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]