Indicate HSI attributes that will only be returned for specific CPU vendors

diff --git a/docs/generate-hsi-spec.py b/docs/generate-hsi-spec.py
index 7b15beb8b4e382d19715efe11d6e9bda17845a44..3bf3bd488cd18df654158ab45a1599ac8ad186d6 100755 (executable)
--- a/docs/generate-hsi-spec.py
+++ b/docs/generate-hsi-spec.py
@@ -86,6 +86,12 @@ if __name__ == "__main__":
             for url, title in item["references"].items():
                 tmp += ["- [{}]({})".format(title, url)]
             txt += ["\n".join(tmp)]
+        if "requires" in item:
+            txt += ["**Hardware requirements:**"]
+            if "CPUID\\VID_GenuineIntel" in item["requires"]:
+                txt += ["This attribute will only be available when using Intel CPUs."]
+            elif "CPUID\\VID_AuthenticAMD" in item["requires"]:
+                txt += ["This attribute will only be available when using AMD CPUs."]
         if "more-information" in item:
             txt += ["**More information:**"]
             for para in item["more-information"]:

diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Amd.PlatformRollbackProtection.json b/docs/hsi-tests.d/org.fwupd.hsi.Amd.PlatformRollbackProtection.json
index db0b4e7b70441013d235edb07ee6545897b56c3d..a56a65492fd67faf3a4179c73f0bdb7a6a65c4e6 100644 (file)
--- a/docs/hsi-tests.d/org.fwupd.hsi.Amd.PlatformRollbackProtection.json
+++ b/docs/hsi-tests.d/org.fwupd.hsi.Amd.PlatformRollbackProtection.json
@@ -25,5 +25,8 @@
     "https://www.amd.com/en/technologies/pro-security": "AMD Secure Processor",
     "https://forums.lenovo.com/t5/Fedora/AMD-Rollback-protection-not-detected-by-fwupd-on-T14-G3-AMD/m-p/5182708?page=1#5810366": "Loading OS Optimized Defaults on Lenovo systems"
   },
+  "requires": [
+    "CPUID\\VID_AuthenticAMD"
+  ],
   "fwupd-version": "1.8.0"
 }

diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Amd.SpiReplayProtection.json b/docs/hsi-tests.d/org.fwupd.hsi.Amd.SpiReplayProtection.json
index c9685fee1892daf321b82d8d8d3b566ff54ac894..1d0b03331d6ccb89e4a23fc1c150759e948ad0ff 100644 (file)
--- a/docs/hsi-tests.d/org.fwupd.hsi.Amd.SpiReplayProtection.json
+++ b/docs/hsi-tests.d/org.fwupd.hsi.Amd.SpiReplayProtection.json
@@ -14,5 +14,8 @@
     "enabled": "SPI protections enabled"
   },
   "hsi-level": 2,
+  "requires": [
+    "CPUID\\VID_AuthenticAMD"
+  ],
   "fwupd-version": "1.8.0"
 }

diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Amd.SpiWriteProtection.json b/docs/hsi-tests.d/org.fwupd.hsi.Amd.SpiWriteProtection.json
index 52b95f71ab670e6a1e4ad54161534e3b7c8e1ce4..e69642accff430df02d7a2b1ad44854970214cfc 100644 (file)
--- a/docs/hsi-tests.d/org.fwupd.hsi.Amd.SpiWriteProtection.json
+++ b/docs/hsi-tests.d/org.fwupd.hsi.Amd.SpiWriteProtection.json
@@ -14,5 +14,8 @@
     "enabled": "SPI protections enabled"
   },
   "hsi-level": 3,
+  "requires": [
+    "CPUID\\VID_AuthenticAMD"
+  ],
   "fwupd-version": "1.8.0"
 }

diff --git a/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Acm.json b/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Acm.json
index 54d98d127a88170ef3a778c2b56a4d52651d88fb..d57fab9f9ece96bb31ad1fd822e662d4daa86f3b 100644 (file)
--- a/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Acm.json
+++ b/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Acm.json
@@ -15,5 +15,8 @@
     "valid": "ACM protected"
   },
   "hsi-level": 2,
+  "requires": [
+    "CPUID\\VID_GenuineIntel"
+  ],
   "fwupd-version": "1.5.0"
 }

diff --git a/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Enabled.json b/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Enabled.json
index 55e4fcadddd376894199ab2af0004a1b78a35d70..f490351450523b727bd57c1115a28662f1781b4f 100644 (file)
--- a/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Enabled.json
+++ b/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Enabled.json
@@ -22,5 +22,8 @@
   "references": {
     "https://github.com/coreboot/coreboot/blob/master/src/soc/intel/jasperlake/include/soc/me.h": "Coreboot documentation"
   },
+  "requires": [
+    "CPUID\\VID_GenuineIntel"
+  ],
   "fwupd-version": "1.5.0"
 }

diff --git a/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Otp.json b/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Otp.json
index 8da0b35b54ede473cb916a5aaeafba7370e1ff3b..b5e1572b3baace32489290be66e4c880e903e328 100644 (file)
--- a/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Otp.json
+++ b/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Otp.json
@@ -16,5 +16,8 @@
     "valid": "SOC is locked"
   },
   "hsi-level": 2,
+  "requires": [
+    "CPUID\\VID_GenuineIntel"
+  ],
   "fwupd-version": "1.5.0"
 }

diff --git a/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Policy.json b/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Policy.json
index eb4cf3dab17db5503e04e188563a3cc3c26e8536..a7c259caef60037065f095f358ce94f362ae30fd 100644 (file)
--- a/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Policy.json
+++ b/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Policy.json
@@ -15,5 +15,8 @@
     "valid": "error enforce policy is set to shutdown"
   },
   "hsi-level": 3,
+  "requires": [
+    "CPUID\\VID_GenuineIntel"
+  ],
   "fwupd-version": "1.5.0"
 }

diff --git a/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Verified.json b/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Verified.json
index de1bbc59c5c33f09ba44c5d4b772683aab86163f..f939b80f45c9852e9aaec8942b1896cb5c1ed4e3 100644 (file)
--- a/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Verified.json
+++ b/docs/hsi-tests.d/org.fwupd.hsi.IntelBootguard.Verified.json
@@ -16,5 +16,8 @@
     "success": "verified boot chain"
   },
   "hsi-level": 2,
+  "requires": [
+    "CPUID\\VID_GenuineIntel"
+  ],
   "fwupd-version": "1.5.0"
 }

diff --git a/docs/hsi-tests.d/org.fwupd.hsi.IntelCet.Active.json b/docs/hsi-tests.d/org.fwupd.hsi.IntelCet.Active.json
index bb5697f3108b0f522590237fcbc0bf49d3ae9b55..f07af0ad4639d6eb10f275888dddab1a77800ab4 100644 (file)
--- a/docs/hsi-tests.d/org.fwupd.hsi.IntelCet.Active.json
+++ b/docs/hsi-tests.d/org.fwupd.hsi.IntelCet.Active.json
@@ -17,5 +17,8 @@
   "references": {
     "https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf": "Intel CET Technology Preview"
   },
+  "requires": [
+    "CPUID\\VID_GenuineIntel"
+  ],
   "fwupd-version": "1.5.0"
 }

diff --git a/docs/hsi-tests.d/org.fwupd.hsi.IntelCet.Enabled.json b/docs/hsi-tests.d/org.fwupd.hsi.IntelCet.Enabled.json
index d1fff8fd2f3279688cee6ccfdce03cf2fcd53a32..36e59af044cd1d4d979038bbc6bd420fee11f50e 100644 (file)
--- a/docs/hsi-tests.d/org.fwupd.hsi.IntelCet.Enabled.json
+++ b/docs/hsi-tests.d/org.fwupd.hsi.IntelCet.Enabled.json
@@ -17,5 +17,8 @@
   "references": {
     "https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf": "Intel CET Technology Preview"
   },
+  "requires": [
+    "CPUID\\VID_GenuineIntel"
+  ],
   "fwupd-version": "1.5.0"
 }

diff --git a/docs/hsi-tests.d/org.fwupd.hsi.IntelSmap.json b/docs/hsi-tests.d/org.fwupd.hsi.IntelSmap.json
index 9ce0104795e74defcc344769a3437123ff44b3d8..1a9755ba3f87adfdfc8227c379fa374043fcca07 100644 (file)
--- a/docs/hsi-tests.d/org.fwupd.hsi.IntelSmap.json
+++ b/docs/hsi-tests.d/org.fwupd.hsi.IntelSmap.json
@@ -18,5 +18,8 @@
   "references": {
     "https://en.wikipedia.org/wiki/Supervisor_Mode_Access_Prevention": "SMAP Wikipedia Page"
   },
+  "requires": [
+    "CPUID\\VID_GenuineIntel"
+  ],
   "fwupd-version": "1.5.0"
 }

diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Mei.KeyManifest.json b/docs/hsi-tests.d/org.fwupd.hsi.Mei.KeyManifest.json
index 22e0bc8a07f52b2b57f2e83cc5cab81b332c81cb..ecfb454947c33b2ec33da510a9508da66e53e524 100644 (file)
--- a/docs/hsi-tests.d/org.fwupd.hsi.Mei.KeyManifest.json
+++ b/docs/hsi-tests.d/org.fwupd.hsi.Mei.KeyManifest.json
@@ -21,5 +21,8 @@
     "https://github.com/phretor/intel-leak-checker/": "Intel leak checker",
     "https://www.tomshardware.com/news/intel-confirms-6gb-alder-lake-bios-source-code-leak-new-details-emerge": "Tom's Hardware Article"
   },
+  "requires": [
+    "CPUID\\VID_GenuineIntel"
+  ],
   "fwupd-version": "1.8.7"
 }

diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Mei.ManufacturingMode.json b/docs/hsi-tests.d/org.fwupd.hsi.Mei.ManufacturingMode.json
index 9a75cdd3934581ea04840343b174a05e623b2f21..9212f2773545044aa0d35b9062ed1eb8f5f69f06 100644 (file)
--- a/docs/hsi-tests.d/org.fwupd.hsi.Mei.ManufacturingMode.json
+++ b/docs/hsi-tests.d/org.fwupd.hsi.Mei.ManufacturingMode.json
@@ -20,5 +20,8 @@
     "https://malware.news/t/intel-me-manufacturing-mode-obscured-dangers-and-their-relationship-to-apple-macbook-vulnerability-cve-2018-4251/23214": "ME Manufacturing Mode: obscured dangers",
     "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00086.html": "Intel security advisory SA-00086"
   },
+  "requires": [
+    "CPUID\\VID_GenuineIntel"
+  ],
   "fwupd-version": "1.5.0"
 }

diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Mei.OverrideStrap.json b/docs/hsi-tests.d/org.fwupd.hsi.Mei.OverrideStrap.json
index 46338ef26686a4777880ea68f6066d343b2c1130..ff0975dfde1873d5a28af2ff78680e4d3c0d2389 100644 (file)
--- a/docs/hsi-tests.d/org.fwupd.hsi.Mei.OverrideStrap.json
+++ b/docs/hsi-tests.d/org.fwupd.hsi.Mei.OverrideStrap.json
@@ -18,5 +18,8 @@
   "references": {
     "https://chromium.googlesource.com/chromiumos/third_party/flashrom/+/master/Documentation/mysteries_intel.txt": "Chromium documentation for Intel ME"
   },
+  "requires": [
+    "CPUID\\VID_GenuineIntel"
+  ],
   "fwupd-version": "1.5.0"
 }

diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Mei.Version.json b/docs/hsi-tests.d/org.fwupd.hsi.Mei.Version.json
index 2db3c8b72007ba2ce3cb751c813e275a700c568a..285a787ca58399ef0ad9ef0a793409b1a075d858 100644 (file)
--- a/docs/hsi-tests.d/org.fwupd.hsi.Mei.Version.json
+++ b/docs/hsi-tests.d/org.fwupd.hsi.Mei.Version.json
@@ -30,5 +30,8 @@
     "CVE-2017-5711",
     "CVE-2017-5712"
   ],
+  "requires": [
+    "CPUID\\VID_GenuineIntel"
+  ],
   "fwupd-version": "1.5.0"
 }

diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Spi.Bioswe.json b/docs/hsi-tests.d/org.fwupd.hsi.Spi.Bioswe.json
index eac8d2dc807c819ff7ae6bced25740506a145d3a..aef05cf09375ea2a5f408c5fb5fdc807d7c698f3 100644 (file)
--- a/docs/hsi-tests.d/org.fwupd.hsi.Spi.Bioswe.json
+++ b/docs/hsi-tests.d/org.fwupd.hsi.Spi.Bioswe.json
@@ -20,5 +20,8 @@
   "references": {
     "https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/6-chipset-c200-chipset-datasheet.pdf": "Intel C200 Datasheet"
   },
+  "requires": [
+    "CPUID\\VID_GenuineIntel"
+  ],
   "fwupd-version": "1.5.0"
 }

diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Spi.Ble.json b/docs/hsi-tests.d/org.fwupd.hsi.Spi.Ble.json
index 47cd340396c74c65b549150b70974b512a2b6dd5..df3aaccc7a87fad1a3056d5864b50eb844c4e17c 100644 (file)
--- a/docs/hsi-tests.d/org.fwupd.hsi.Spi.Ble.json
+++ b/docs/hsi-tests.d/org.fwupd.hsi.Spi.Ble.json
@@ -19,5 +19,8 @@
   "references": {
     "https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/6-chipset-c200-chipset-datasheet.pdf": "Intel C200 Datasheet"
   },
+  "requires": [
+    "CPUID\\VID_GenuineIntel"
+  ],
   "fwupd-version": "1.5.0"
 }

diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Spi.Descriptor.json b/docs/hsi-tests.d/org.fwupd.hsi.Spi.Descriptor.json
index a068a555e4f9756be50c7b283dfae87e3eb33948..8713da6e0dfc24f979fe5e36a4e154bdeb9243ec 100644 (file)
--- a/docs/hsi-tests.d/org.fwupd.hsi.Spi.Descriptor.json
+++ b/docs/hsi-tests.d/org.fwupd.hsi.Spi.Descriptor.json
@@ -17,5 +17,8 @@
     "locked": "the SPI BAR is locked and read only from all regions"
   },
   "hsi-level": 1,
+  "requires": [
+    "CPUID\\VID_GenuineIntel"
+  ],
   "fwupd-version": "1.6.0"
 }

diff --git a/docs/hsi-tests.d/org.fwupd.hsi.Spi.SmmBwp.json b/docs/hsi-tests.d/org.fwupd.hsi.Spi.SmmBwp.json
index b9a59d3ab9e8ab4a3b2cac8b22095ed0f12f7a62..2dcbed35ef08f64fcc55a5e75b0193487a318912 100644 (file)
--- a/docs/hsi-tests.d/org.fwupd.hsi.Spi.SmmBwp.json
+++ b/docs/hsi-tests.d/org.fwupd.hsi.Spi.SmmBwp.json
@@ -19,5 +19,8 @@
   "references": {
     "https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/6-chipset-c200-chipset-datasheet.pdf": "Intel C200 Datasheet"
   },
+  "requires": [
+    "CPUID\\VID_GenuineIntel"
+  ],
   "fwupd-version": "1.5.0"
 }