i found some threads and articles with lots of info on this topic but i cant seem to make sense of it just yet, im running fedora workstation with secure boot and full disk encryption on a asus tuf gaming x570 board and AMD Ryzen 7 PRO 4750G
heres the info im reading about this :
my device security report HSI-3 needs to show suspend to ram disabled, and suspend to idle enable, that is the goal all other security checks passed
im sure the answer is in the links i just shared, but ive never done this before and i could use some help figuring out what files to edit or what commands to use, also with security in mind do i want S0 S1 S4 ? thank you very much for any help
The BIOS needs to export support in the
FADT for Low Power Idle capable.
Some vendors offer a BIOS setting that configures the system this way. Not all do though, and if they don’t there isn’t much more you can do about this.
ok that makes sense, i would assume at least one of my machines is capable of this, do you have any suggestions as to how i should find the bios setting?
i have meg x570 unify board and an asus tuf gaming x570 plus wifi board
both bios have alot of differences but i managed to find most settings once i know what to look for
i ran this command: sudo grubby --args=“mem_sleep_default=s2idle” --update-kernel=ALL
so now my device security report looks like this:
Pre-boot DMA Protection: Pass (Enabled)
Suspend To RAM: Pass (Not Enabled)
Suspend To Idle: ! Fail (Not Enabled)
the command changed suspend to ram to pass and im assuming the reason it still says fail for suspend to idle is because of the flag you mentioned but i have no idea where to look for that in the bios, any suggestions?
It would be called something like “Sleep Mode” if your BIOS offers it. It’s entirely possible it doesn’t.