Fedora 39 (KDE Spin)
Acer Aspire A517-53
Info Centre reports that:
- the UEFI ESP “may not be set up correctly”. It says I should ‘set 1 esp on’. I checked with parted and the flag is already on, but I issued the command anyway, rebooted, and the warning is still there.
Could this be because I left the original (Windows) EFI intact? I am not dual-booting, but I worried that formatting EFI partition might lock me out of the system, due to the Secure Boot function in the firmware. Were I to reformat the EFI partition, would this warning go away?
When reinstalling Fedora, is it safe to format the EFI partition? Will the firmware automatically be aware of whatever it needs to know? I read an article in Fedora Magazine some months ago about secure boot and how one configures it and I do not want to enter this minefield.
- the system has a low HSI security level. I see that all of the Intel BootGuard points are flagged ‘invalid’. I presume this is Secure Boot in the firmware? I have it enabled and unchanged, just the way it was when I bought the computer.
Were I to reformat the EFI partition next time I install, likely for Fedora 40, given that these issues appear to be weighty, would this be resolved? Or is there something else at play?
Again, as I mentioned in point #1, I do not care to get into configuring the Secure Boot in the firmware (unless it turns out to be super easy and without risk of me being unable to boot into my computer).
the system has HSI runtime issues. I see further red flags:
csme manufacturing mode: unlocked
encrypted RAM: not supported
Linux Swap: unencrypted
The last point could be because I also have a swap partition. I know that Fedora has used some sort of virtual swap for the last 2 or so releases, but I have enabled the swap partition as well, because ‘hibernate (suspend to disk)’ has in the past required it.
Conclusion: So, what does all of this mean? Are the security concerns especially concerning for a the average individual? What can I do to resolve these warnings?