Fedora 43 - latest kernel 7.x shows "Intel Bootguard" as "Not Supported"

Hello,

basically, what title says.

I updated to latest kernel (7.0.4) and noticed via “Device Security” (or “fwdupdmgr security” command) that my system shows unsupported “Bootguard” feature.
If I boot with the previous one (6.19.4) the Intel Bootguard feature appears as enabled.

After update

# uname -r
7.0.4-100.fc43.x86_64

# fwupdmgr security
Host Security ID: HSI:1 (v2.0.20)
[...snip...]
HSI-2
✔ Intel GDS mitigation:          Enabled
✔ IOMMU:                         Enabled
✔ Platform debugging:            Locked
✔ TPM PCR0 reconstruction:       Valid
✘ Intel BootGuard:               Not supported  <<==
[...snip...]
Host Security Events
  2026-05-10 14:57:20:  ✘ Intel BootGuard changed: Enabled → Not supported

Before update

# uname -r
6.19.14-200.fc43.x86_64

# fwupdmgr security
Host Security ID: HSI:1 (v2.0.20)
[...snip...]
HSI-2
✔ Intel BootGuard ACM protected: Valid
✔ Intel BootGuard:               Enabled
✔ Intel BootGuard OTP fuse:      Valid
✔ Intel BootGuard verified boot: Valid
✔ Intel GDS mitigation:          Enabled
✔ IOMMU:                         Enabled
✔ Platform debugging:            Locked
✔ TPM PCR0 reconstruction:       Valid
[...snip...]

Does anyone have an idea why this happens?
If this behaviour represent an issue should I report it somewhere?

My system is a MSI Prestige 15 A11SCS laptop with latest available firmware vendor applied (BIOS/UEFI → E16S6IMS.119 from 2022-07-27 and Intel ME FW: → 15055_U from 2026-04-29).

EDIT: Secure boot is enabled.

Thanks.

Regards,
AC

I think, not sure, that this means that fwupdmgr cannot update firmware for the Interl BootGuard, but as I say I’m not sure. Someone else may have a better answer for you.

Hello @barryascott

thank you for your reply.

I think the issue was specific to kernel 7.0.4.
Today I did a dnf upgrade to my system which installed the current latest F43 kernel, version 7.0.6, and the Intel Bootguard feature is back on Enabled.

# uname -r
7.0.6-100.fc43.x86_64

# fwupdmgr security
Host Security ID: HSI:3 (v2.0.20)
[...snip...]
HSI-2
✔ Intel BootGuard ACM protected: Valid
✔ Intel BootGuard:               Enabled   <<==
✔ Intel BootGuard OTP fuse:      Valid
✔ Intel BootGuard verified boot: Valid
✔ Intel GDS mitigation:          Enabled
✔ IOMMU:                         Enabled
✔ Platform debugging:            Locked
✔ TPM PCR0 reconstruction:       Valid
[...snip...]
Host Security Events
  2026-05-10 21:18:15:  ✔ Intel BootGuard changed: Not supported → Enabled

Just out of curiosity, I wonder if there is a detailed “changelog” that shows what happened between Fedora kernel 7.0.4 and 7.0.6 in order to investigate the root cause of the issue (enabled kernel features, modules, compile options, etc…).

Another thing I don’t understand is why the fwupdmgr “Host Security Events” outputs the wrong date: I did the upgrade this morning and the date should be 2026-05-15.
I guess can live with that.

Thank you again for your attention.

Cheers,
AC

Note for the admin/forum moderator: please consider updating post title from

Fedora 43 - latest kernel 7.x shows “Intel Bootguard” as “Not Supported”

to

Fedora 43 - kernel 7.0.4 shows “Intel Bootguard” as “Not Supported”

since the problem disappeared with the current latest kernel (7.0.6) and I can’t edit the title.

Thanks,
AC

You woiuld need to look in two places.

Look at the changes that go into the kernel itself approx 10,000+ commits/release.
On https://www.kernel.org/ there is a changelog link for each kernel.

For changes in how the fedora kernel is built you would need to look at changes to the source RPM patches and spec file.