Would you help me improve the security of my device? currently it is HSI:0


Report details
  Date generated:                                  2023-11-08 00:46:01
  fwupd version:                                   1.9.7

System details
  Hardware model:                                  ASUSTeK COMPUTER INC ASUSLaptop X509DA
  Processor:                                       AMD Ryzen 5 3500
  OS:                                              Fedora Linux 39 (Workstation Edition)
  Security level:                                  HSI:0! (v1.9.7)

HSI-1 Tests
  Variables del servicio de arranque de UEFI:      Pass (Bloqueada)
  Llave de Plataforma UEFI:                        Pass (Válido)
  TPM v2.0:                                        Pass (Encontrada)
  BIOS Firmware Updates:                           Pass (Activada)
  Arranque Seguro UEFI:                            Pass (Activada)
  Plataforma Fusionada:                          ! Fail 
  Configuración de Plataforma TPM:                 Pass (Válido)

HSI-2 Tests
  Escritura Firmware AMD:                        ! Fail 
  Reconstrucción TPM:                              Pass (Válido)
  Protección de dispositivo IOMMU:                 Pass (Activada)
  Depuración de Plataforma:                      ! Fail 

HSI-3 Tests
  Repetición de Protección AMD:                  ! Fail 
  Protección DMA de pre-arranque:                ! Fail (No activada)
  Suspender a RAM:                               ! Fail (Activada)
  Suspendido a Descanso:                         ! Fail (No activada)

HSI-4 Tests
  RAM cifrada:                                   ! Fail 
  Protección de Reversión del Procesador AMD Segur! Fail 

Runtime Tests
  Verificación para Actualizador del Firmware:     Pass (No envenenado)
  Intercambio (swap) de Linux:                     Pass (Cifrado)
  Verificación de Kernel Linux:                  ! Fail (Envenenado)
  Kernel Linux bloqueado:                          Pass (Activada)

Host security events
  2023-10-14 23:12:15   Verificación de Kernel LinuFalló (No envenenado → Envenenado)
  2023-10-10 15:04:34   Verificación de Kernel Linux Correcto (Envenenado → No envenenado)
  2023-10-10 13:31:18   Verificación de Kernel LinuFalló (No envenenado → Envenenado)
  2023-10-10 09:41:04   Verificación de Kernel Linux Correcto (Envenenado → No envenenado)
  2023-10-09 21:36:40   Intercambio (swap) de Linux  Correcto (No cifrado → Cifrado)
  2023-10-09 13:30:02   Verificación de Kernel LinuFalló (No envenenado → Envenenado)

For information on the contents of this report, see https://fwupd.github.io/hsi.html

Can you tell us with which app you make this test?

Please put a:

your command

to get an English output.

$ fwupdmgr security

Host Security ID: HSI:0! (v1.9.7)

✔ BIOS firmware updates:         Enabled
✔ TPM empty PCRs:                Valid
✔ TPM v2.0:                      Found
✔ UEFI bootservice variables:    Locked
✔ UEFI platform key:             Valid
✔ UEFI secure boot:              Enabled
✘ Fused platform:                Unknown
✘ Supported CPU:                 Invalid

✔ IOMMU:                         Enabled
✔ TPM PCR0 reconstruction:       Valid
✘ Platform debugging:            Unknown
✘ SPI write protection:          Unknown

✘ Pre-boot DMA protection:       Disabled
✘ SPI replay protection:         Unknown
✘ Suspend-to-idle:               Disabled
✘ Suspend-to-ram:                Enabled

✘ Encrypted RAM:                 Unknown
✘ Processor rollback protection: Unknown

Runtime Suffix -!
✔ Linux kernel lockdown:         Enabled
✔ Linux swap:                    Encrypted
✔ fwupd plugins:                 Untainted
✘ Linux kernel:                  Tainted

This system has a low HSI security level.
 » https://fwupd.github.io/hsi.html#low-security-level

This system has HSI runtime issues.
 » https://fwupd.github.io/hsi.html#hsi-runtime-suffix

Host Security Events
  2023-10-15 04:12:15:  ✘ Kernel is tainted
  2023-10-10 20:04:34:  ✔ Kernel is no longer tainted
  2023-10-10 18:31:18:  ✘ Kernel is tainted
  2023-10-10 14:41:04:  ✔ Kernel is no longer tainted
  2023-10-10 02:36:40:  ✔ Intercambio de Linux changed: Unencrypted → Encrypted