This would be, at least, because of the proprietary nvidia drivers, possibly others as well, if you use any third-party drivers that’s not baked into the kernel.
Isn’t supported by Manjaro, AFAIK. And by very little other distributions, IIRC.
Linux, and thus Manjaro is by default very secure. So I wouldn’t worry if I were you.
The question is ambiguous.
What kind of security do you have in mind?
Are you asking because of the messages about tainted kernel? That is because of the proprietary nvidia drivers you use.
Or are you asking about disabled secure boot?
The system does not get insecure through that - it’s only the boot process that is or is not “secure”.
You can remedy that, through quite some work.
For no benefit whatsoever though - IMO.
You hit the nail on the head, the OP needs to define what he means by the topic title…
ps:
That can be enabled via a kernel command-line option used in your bootloader, but is not required for normal operation except very few special purposes.
Anyhow the output of that command fwupdmgr security does NOT show if your system is secure or not, it just shows the results of some checks it does and provides info.
The red crosses in the suffix listing are all related to SecureBoot being disabled, which can be enabled in your UEFI-BIOS. But only do so if you use a signed boot loader ! (Else you will get a red screen with an error)
A safe baseline for security should be HSI-1. If your system isn’t at least meeting this criteria, you should adjust firmware setup options, contact your manufacturer or replace the hardware.
So you’re OKAY
Just as a reference on my system:
Host Security ID: HSI:INVALID:chassis[0xffffffff]
HSI-1
✔ ME manufacturing mode: Locked
✔ ME override: Locked
✔ Platform Debugging: Disabled
✔ SPI write: Disabled
✔ Supported CPU: Valid
✔ UEFI platform key: Valid
✔ UEFI secure boot: Enabled
✘ MEI version: Failed
✘ SPI BIOS region: Unlocked
✘ SPI lock: Disabled
✘ TPM v2.0: Not found
HSI-2
✔ IOMMU: Enabled
✔ Platform Debugging: Locked
✘ Intel BootGuard: Disabled
✘ Intel BootGuard ACM protected: Disabled
✘ Intel BootGuard OTP fuse: Disabled
✘ Intel BootGuard verified boot: Disabled
HSI-3
✘ Intel BootGuard error policy: Disabled
✘ Intel CET Enabled: Not supported
✘ Pre-boot DMA protection: Disabled
✘ Suspend-to-idle: Disabled
✘ Suspend-to-ram: Enabled
HSI-4
✘ Encrypted RAM: Not supported
✘ Intel SMAP: Not supported
Runtime Suffix -!
✔ Linux kernel lockdown: Enabled
✔ Linux swap: Disabled
✔ fwupd plugins: Untainted
✘ Linux kernel: Tainted
This system has a low HSI security level.
» https://fwupd.github.io/hsi.html#low-security-level
This system has HSI runtime issues.
» https://fwupd.github.io/hsi.html#hsi-runtime-suffix
The chasis is normal cause it’s a self-build computer, and the tainted kernel due to nVidia…