|
|
|
|
|
|
by adonig
1218 days ago
|
|
|
May I ask you what security features you have enabled? Mine looks like this: [root@fwk ~]# fwupdmgr security
Host Security ID: HSI:3 (v1.8.10)
HSI-1
CSME manufacturing mode: Locked
CSME override: Locked
CSME v0:16.0.15.1810: Valid
MEI key manifest: Valid
Platform debugging: Disabled
SPI BIOS region: Locked
SPI lock: Enabled
SPI write: Disabled
Supported CPU: Valid
TPM empty PCRs: Valid
TPM v2.0: Found
UEFI platform key: Valid
UEFI secure boot: Enabled
HSI-2
IOMMU: Enabled
Intel BootGuard: Enabled
Intel BootGuard ACM protected: Valid
Intel BootGuard OTP fuse: Valid
Intel BootGuard verified boot: Valid
Platform debugging: Locked
TPM PCR0 reconstruction: Valid
HSI-3
Intel BootGuard error policy: Valid
Intel CET Enabled: Enabled
Pre-boot DMA protection: Enabled
Suspend-to-idle: Enabled
Suspend-to-ram: Disabled
HSI-4
Intel SMAP: Enabled
Encrypted RAM: Disabled
Runtime Suffix -!
Intel CET Active: Supported
Linux kernel: Untainted
Linux kernel lockdown: Enabled
Linux swap: Encrypted
fwupd plugins: Untainted
I was wondering whether maybe one of those (maybe the kernel lockdown) prevents me from switching the PSR mode? |
|
|