I switched Fedora recently. But I am curious if my device is secure enough? I enabled kernel lockdown mode (lockdown=integrity). When I used Fedora in the past, everything was fine, probably I used Ram-to-Suspend (S3). But my BIOS update forced me to use S0 (modern standby) again and made S3 broken. Here is my firmware security result, is this still secure or do you have suggestions?
1 Like
It is that age old question… Secure enough for what?
But yes, as long as you don’t have a ‘bad’ USB cable or that kind of thing, then Fedora is secure enough.
- SPI write protection sounds like it should be on (it’s usually difficult to disable that)
- Encrypted RAM on AMD Ryzen could be enabled with
mem_encrypt=on
, but not sure about Intel/others
I have never touched SPI write protection as my BIOS is very limited to configure. Should I use smokeless (it works to unlock advanced bios menu) to enable it?
1 Like
I just wanted to know if something is wrongly configured here