WingNews logo WingNews
top | item 45997438

(no title)

artimaeis | 3 months ago

Happy to share the report from the ME Mini box (below). But the other one is running Windows so I can't help there. Thanks to this I was able to find I'd initially left off secure boot and was able to fix a couple of its suggestions at least, but if I'm understanding the HSI status and coreboot needs, there's fuses flipped that would prevent it.

  WARNING: UEFI capsule updates not available or enabled in firmware setup
  See https://github.com/fwupd/fwupd/wiki/PluginFlag:capsules-unsupported for more information.
  Host Security ID: HSI:0! (v2.0.8)
  
  HSI-1
   csme override:                 Locked
   csme v0:16.50.15.1515:         Valid
   Platform debugging:            Disabled
   SPI write:                     Disabled
   Supported CPU:                 Valid
   TPM empty PCRs:                Valid
   TPM v2.0:                      Found
   UEFI bootservice variables:    Locked
   UEFI secure boot:              Enabled
   BIOS firmware updates:         Disabled
   csme manufacturing mode:       Unlocked
   SPI lock:                      Disabled
   SPI BIOS region:               Unlocked
   UEFI platform key:             Invalid
  
  HSI-2
   Intel BootGuard:               Enabled
   IOMMU:                         Enabled
   Platform debugging:            Locked
   TPM PCR0 reconstruction:       Valid
   Intel BootGuard ACM protected: Invalid
   Intel BootGuard OTP fuse:      Invalid
   Intel BootGuard verified boot: Invalid
  
  HSI-3
   CET Platform:                  Supported
   Intel BootGuard error policy:  Invalid
   Pre-boot DMA protection:       Disabled
   Suspend-to-idle:               Disabled
   Suspend-to-ram:                Enabled
  
  HSI-4
   SMAP:                          Enabled
   Encrypted RAM:                 Not supported
  
  Runtime Suffix -!
   fwupd plugins:                 Untainted
   Linux kernel lockdown:         Enabled
   Linux kernel:                  Untainted
   CET OS Support:                Not supported
   Linux swap:                    Unencrypted
   UEFI db:                       Invalid
  
  This system has a low HSI security level.
   » https://fwupd.github.io/hsi.html#low-security-level
  
  This system has HSI runtime issues.
   » https://fwupd.github.io/hsi.html#hsi-runtime-suffix

discuss

order

No comments yet.