I noticed in the Device Security Report that my device is at a level of HSI:2! and the following are the failed tests:
UEFI Secure Boot: ! Fail (Not Enabled)
Control-flow Enforcement Technology: ! Fail (Not Supported)
Encrypted RAM: ! Fail (Not Supported)
AMD Secure Processor Rollback Protection: ! Fail (Not Enabled)
Linux Kernel Lockdown: ! Fail (Not Enabled)
It has been mentioned at the end to refer to this link (Redirecting to https://fwupd.github.io/libfwupdplugin/hsi.html) for more information. However, it is quite difficult for me to interpret the consequences of my report.
Would you please advise me, based on this, do I need to tweak any parameters or make any modifications?
PS. Sorry I forgot to add the system details. It is a Asus Flow X13 laptop (GV302XA) with AMD Ryzen 9 7940HS w/ Radeon 780M Graphics.
It seems pretty explanatory to me;
According to that ranking these vulnerabilities are only theoretical, and therefor of little concern to a casual user.
I dont know if I agree with that ranking/description … however;
Secure boot is off. There exists endless information on this topic.
CET is not supported on your device. There is literally nothing you can do about this … and this vulnerability can only be leveraged by someone with local or physical access.
Encrypted RAM is not supported.
And ‘rollback protection’ is not enabled … meaning your system does not disallow downgrading firmware.
What it says … ‘lockdown’ (introduced in kernel 5.4) is not enabled.
Note it changes or disables a number of common features … hibernation among them.
See here about it and how to enable if you want
Manjato does not natively support secure boot.
Thank you very much. Indeed, it is very helpful. I am new to most of these terminologies and a bit nervous with the phrase “Risky state”.