Failed to get device security check

ja7ad · January 31, 2024, 7:26am

In Settings > Privacy > Device Security failed to check device security.

Technical reports:

Device Security Report
======================

Report details
  Date generated:                                  2024-01-31 09:55:50
  fwupd version:                                   1.9.11

System details
  Hardware model:                                  LENOVO 82KU
  Processor:                                       AMD Ryzen 7 5700U with Radeon Graphics
  OS:                                              Fedora Linux 39 (Workstation Edition)
  Security level:                                  HSI:0 (v1.9.11)

HSI-1 Tests
  UEFI Platform Key:                               Pass (Valid)
  UEFI Bootservice Variables:                      Pass (Locked)
  TPM v2.0:                                        Pass (Found)
  BIOS Firmware Updates:                           Pass (Enabled)
  UEFI Secure Boot:                                Pass (Enabled)
  Fused Platform:                                ! Fail 
  TPM Platform Configuration:                      Pass (Valid)

HSI-2 Tests
  AMD Firmware Write Protection:                 ! Fail 
  TPM Reconstruction:                              Pass (Valid)
  IOMMU Protection:                                Pass (Enabled)
  Platform Debugging:                            ! Fail 

HSI-3 Tests
  Suspend To RAM:                                ! Fail (Enabled)
  AMD Firmware Replay Protection:                ! Fail 
  Pre-boot DMA Protection:                         Pass (Enabled)
  Control-flow Enforcement Technology:           ! Fail (Not Supported)
  Suspend To Idle:                               ! Fail (Not Enabled)

HSI-4 Tests
  Encrypted RAM:                                 ! Fail 
  Supervisor Mode Access Prevention:               Pass (Enabled)
  AMD Secure Processor Rollback Protection:      ! Fail 

Runtime Tests
  Firmware Updater Verification:                   Pass (Not Tainted)
  Linux Swap:                                      Pass (Encrypted)
  Linux Kernel Verification:                       Pass (Not Tainted)
  Linux Kernel Lockdown:                           Pass (Enabled)

Host security events

For information on the contents of this report, see https://fwupd.github.io/hsi.html

barryascott · January 31, 2024, 10:23am

A quick look at the items marked as failed seem to require Lenovo to fix things.

Do you have a specific question?

ja7ad · February 1, 2024, 6:02pm

This problem is from manufacture?

barryascott · February 1, 2024, 6:58pm

Or from design not including security as a feature.

This, for example, requires a CPU feature I think.

This is a UEFI BIOS implementation problem I think.

Hopefully if you read up on the details in the link at the bottom of the report it will explain what the tests are checking for: Redirecting to https://fwupd.github.io/libfwupdplugin/hsi.html

Topic		Replies	Views
Would you help me improve the security of my device? currently it is HSI:0 Ask Fedora amd , gnome , f39 , workstation	5	2609	December 28, 2023
Security problems Ask Fedora f38 , amd , security , workstation	3	702	October 30, 2023
Failed Linux Kernel checks Ask Fedora f38 , amd , gnome	5	825	October 21, 2023
Device Security Checks Failed in F38 (TPM 2.0) Ask Fedora f37 , f38 , security , intel , workstation	4	7425	April 22, 2023
Checks failed ! Hardware does not pass checks Ask Fedora intel , f39 , workstation	2	16072	April 15, 2024

Failed to get device security check

Related topics