[gnome-control-center/wip/hughsie/hsi-fixes] firmware-security: Correctly show SecureBoot status with new fwupd versions

[Richard Hughes <rhughes src gnome org>]

commit f39ef2d2f0fdb8384a9b761b4410c63589c0571f
Author: Richard Hughes <richard hughsie com>
Date:   Tue Jul 19 14:42:39 2022 +0100

    firmware-security: Correctly show SecureBoot status with new fwupd versions
    
    Adapt to the org.fwupd.hsi.Uefi.SecureBoot HSI being fixed in
    https://github.com/fwupd/fwupd/pull/4835 (level 0 isn't a valid number
    unless it is a runtime issue, and the docs have always said HSI-1).
    
    The org.fwupd.hsi.Uefi.Pk attribute has always been HSI-1, and so the
    wrong hashtable was being queried -- which is probably my fault for
    making SecureBoot an invalid value in the first place.
    
    We also do not have to track the HSI-0 failures now, so delete the
    hashtable completely.

 panels/firmware-security/cc-firmware-security-panel.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)
---
diff --git a/panels/firmware-security/cc-firmware-security-panel.c 
b/panels/firmware-security/cc-firmware-security-panel.c
index ebd152834..fa6facda3 100644
--- a/panels/firmware-security/cc-firmware-security-panel.c
+++ b/panels/firmware-security/cc-firmware-security-panel.c
@@ -57,7 +57,6 @@ struct _CcfirmwareSecurityPanel
   GDBusProxy       *bus_proxy;
   GDBusProxy       *properties_bus_proxy;
 
-  GHashTable       *hsi0_dict;
   GHashTable       *hsi1_dict;
   GHashTable       *hsi2_dict;
   GHashTable       *hsi3_dict;
@@ -76,11 +75,11 @@ set_secure_boot_button_view (CcfirmwareSecurityPanel *self)
   guint64 pk_flags = 0;
   guint64 *result;
 
-  /* get HSI-0 flags if set */
-  result = g_hash_table_lookup (self->hsi0_dict, FWUPD_SECURITY_ATTR_ID_UEFI_SECUREBOOT);
+  /* get HSI-1 flags if set */
+  result = g_hash_table_lookup (self->hsi1_dict, FWUPD_SECURITY_ATTR_ID_UEFI_SECUREBOOT);
   if (result != NULL)
     sb_flags = GPOINTER_TO_INT (result);
-  result = g_hash_table_lookup (self->hsi0_dict, FWUPD_SECURITY_ATTR_ID_UEFI_PK);
+  result = g_hash_table_lookup (self->hsi1_dict, FWUPD_SECURITY_ATTR_ID_UEFI_PK);
   if (result != NULL)
     pk_flags = GPOINTER_TO_INT (result);
 
@@ -207,9 +206,14 @@ parse_variant_iter (CcfirmwareSecurityPanel *self,
   switch (hsi_level)
     {
       case 0:
-        g_hash_table_insert (self->hsi0_dict,
-                             g_strdup (appstream_id),
-                             GINT_TO_POINTER (flags));
+        /* in fwupd <= 1.8.3 org.fwupd.hsi.Uefi.SecureBoot was incorrectly marked as HSI-0,
+         * so accept either level here to avoid raising the runtime version requirement */
+        if (g_strcmp0 (appstream_id, FWUPD_SECURITY_ATTR_ID_UEFI_SECUREBOOT) == 0)
+          {
+            g_hash_table_insert (self->hsi1_dict,
+                                 g_strdup (appstream_id),
+                                 GINT_TO_POINTER (flags));
+          }
         break;
       case 1:
         g_hash_table_insert (self->hsi1_dict,
@@ -558,7 +562,6 @@ cc_firmware_security_panel_init (CcfirmwareSecurityPanel *self)
 
   gtk_widget_init_template (GTK_WIDGET (self));
 
-  self->hsi0_dict = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL);
   self->hsi1_dict = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL);
   self->hsi2_dict = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL);
   self->hsi3_dict = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL);