======================
Report details
Date generated: 2023-11-08 00:46:01
fwupd version: 1.9.7
System details
Hardware model: ASUSTeK COMPUTER INC ASUSLaptop X509DA
Processor: AMD Ryzen 5 3500
OS: Fedora Linux 39 (Workstation Edition)
Security level: HSI:0! (v1.9.7)
HSI-1 Tests
Variables del servicio de arranque de UEFI: Pass (Bloqueada)
Llave de Plataforma UEFI: Pass (Válido)
TPM v2.0: Pass (Encontrada)
BIOS Firmware Updates: Pass (Activada)
Arranque Seguro UEFI: Pass (Activada)
Plataforma Fusionada: ! Fail
Configuración de Plataforma TPM: Pass (Válido)
HSI-2 Tests
Escritura Firmware AMD: ! Fail
Reconstrucción TPM: Pass (Válido)
Protección de dispositivo IOMMU: Pass (Activada)
Depuración de Plataforma: ! Fail
HSI-3 Tests
Repetición de Protección AMD: ! Fail
Protección DMA de pre-arranque: ! Fail (No activada)
Suspender a RAM: ! Fail (Activada)
Suspendido a Descanso: ! Fail (No activada)
HSI-4 Tests
RAM cifrada: ! Fail
Protección de Reversión del Procesador AMD Segur! Fail
Runtime Tests
Verificación para Actualizador del Firmware: Pass (No envenenado)
Intercambio (swap) de Linux: Pass (Cifrado)
Verificación de Kernel Linux: ! Fail (Envenenado)
Kernel Linux bloqueado: Pass (Activada)
Host security events
2023-10-14 23:12:15 Verificación de Kernel LinuFalló (No envenenado → Envenenado)
2023-10-10 15:04:34 Verificación de Kernel Linux Correcto (Envenenado → No envenenado)
2023-10-10 13:31:18 Verificación de Kernel LinuFalló (No envenenado → Envenenado)
2023-10-10 09:41:04 Verificación de Kernel Linux Correcto (Envenenado → No envenenado)
2023-10-09 21:36:40 Intercambio (swap) de Linux Correcto (No cifrado → Cifrado)
2023-10-09 13:30:02 Verificación de Kernel LinuFalló (No envenenado → Envenenado)
For information on the contents of this report, see https://fwupd.github.io/hsi.htmlCan you tell us with which app you make this test?
Please put a:
LANGUAGE=en ;
your command
to get an English output.
$ fwupdmgr security
Host Security ID: HSI:0! (v1.9.7)
HSI-1
✔ BIOS firmware updates: Enabled
✔ TPM empty PCRs: Valid
✔ TPM v2.0: Found
✔ UEFI bootservice variables: Locked
✔ UEFI platform key: Valid
✔ UEFI secure boot: Enabled
✘ Fused platform: Unknown
✘ Supported CPU: Invalid
HSI-2
✔ IOMMU: Enabled
✔ TPM PCR0 reconstruction: Valid
✘ Platform debugging: Unknown
✘ SPI write protection: Unknown
HSI-3
✘ Pre-boot DMA protection: Disabled
✘ SPI replay protection: Unknown
✘ Suspend-to-idle: Disabled
✘ Suspend-to-ram: Enabled
HSI-4
✘ Encrypted RAM: Unknown
✘ Processor rollback protection: Unknown
Runtime Suffix -!
✔ Linux kernel lockdown: Enabled
✔ Linux swap: Encrypted
✔ fwupd plugins: Untainted
✘ Linux kernel: Tainted
This system has a low HSI security level.
» https://fwupd.github.io/hsi.html#low-security-level
This system has HSI runtime issues.
» https://fwupd.github.io/hsi.html#hsi-runtime-suffix
Host Security Events
2023-10-15 04:12:15: ✘ Kernel is tainted
2023-10-10 20:04:34: ✔ Kernel is no longer tainted
2023-10-10 18:31:18: ✘ Kernel is tainted
2023-10-10 14:41:04: ✔ Kernel is no longer tainted
2023-10-10 02:36:40: ✔ Intercambio de Linux changed: Unencrypted → EncryptedBTT… this report can also be found in GNOME Settings > Privacy > Checks Failed > Copy Technical Report. It’s funny, I found the same thing on my device (not quite as bad… tainted kernel?!) and went looking for what HSI tests even were, then found this thread (among others with the same output on OEM forums LOL).
From what I can tell most of these are firmware options. Maybe the suspend options could be the OS. The information on the HSI tests was in that GitHub link at the bottom all along. I’m about to test out this link (found in the GitHub) and report back if it fixed anything.
Device Security Report
======================
Report details
Date generated: 2023-12-27 23:24:09
fwupd version: 1.9.10
System details
Hardware model: LENOVO 20KVCTO1WW
Processor: AMD Ryzen 7 2700U with Radeon Vega Mobile Gfx
OS: Fedora Linux 39.20231227.0 (Silverblue)
Security level: HSI:0 (v1.9.10)
HSI-1 Tests
UEFI Platform Key: Pass (Valid)
UEFI Bootservice Variables: Pass (Locked)
TPM v2.0: Pass (Found)
BIOS Firmware Updates: Pass (Enabled)
UEFI Secure Boot: Pass (Enabled)
Fused Platform: ! Fail
TPM Platform Configuration: Pass (Valid)
HSI-2 Tests
AMD Firmware Write Protection: ! Fail
TPM Reconstruction: Pass (Valid)
IOMMU Protection: Pass (Enabled)
BIOS Rollback Protection: Pass (Enabled)
Platform Debugging: ! Fail
HSI-3 Tests
Pre-boot DMA Protection: ! Fail (Not Enabled)
AMD Firmware Replay Protection: ! Fail
Suspend To RAM: ! Fail (Enabled)
Suspend To Idle: ! Fail (Not Enabled)
HSI-4 Tests
Encrypted RAM: ! Fail
AMD Secure Processor Rollback Protection: ! Fail
Runtime Tests
Firmware Updater Verification: Pass (Not Tainted)
Linux Swap: Pass (Encrypted)
Linux Kernel Verification: Pass (Not Tainted)
Linux Kernel Lockdown: Pass (Enabled)
Host security events
2023-11-22 20:44:36 BIOS Rollback Protection Pass (Not Enabled → Enabled)
For information on the contents of this report, see https://fwupd.github.io/hsi.html
Unfortunately no luck on my device, nothing changed. I did see where another user had created a new thread about the guidance not working on his platform so there’s that. With all these questions being asked I would bet Lenovo and the other big OEMs will eventually put out updates and/or further guidance regarding these tests, but it might not be as quick as people like 
On a Flathub there is a program called “Firmware”. Maybe it would be able to fetch updates.