mirror of
https://git.proxmox.com/git/fwupd
synced 2025-05-16 05:51:15 +00:00
c1eda7d516
The HSI specification is currently incomplete and in active development.
Sample output for my Lenovo P50 Laptop:
Host Security ID: HSI:2+UA!
HSI-1
✔ UEFI dbx: OK
✔ TPM: v2.0
✔ SPI: Write disabled
✔ SPI: Lock enabled
✔ SPI: SMM required
✔ UEFI Secure Boot: Enabled
HSI-2
✔ TPM Reconstruction: Matched PCR0 reading
HSI-3
✘ Linux Kernel S3 Sleep: Deep sleep available
HSI-4
✘ Intel CET: Unavailable
Runtime Suffix -U
✔ Firmware Updates: Newest release is 8 months old
Runtime Suffix -A
✔ Firmware Attestation: OK
Runtime Suffix -!
✔ fwupd plugins: OK
✔ Linux Kernel: OK
✔ Linux Kernel: Locked down
✘ Linux Swap: Not encrypted
|
||
|---|---|---|
| .. | ||
| fuzzing | ||
| create-fuzzing-targets.py | ||
| fu-fuzzer.c | ||
| fu-plugin-uefi-dbx.c | ||
| fu-self-test.c | ||
| fu-uefi-dbx-common.c | ||
| fu-uefi-dbx-common.h | ||
| fu-uefi-dbx-file.c | ||
| fu-uefi-dbx-file.h | ||
| meson.build | ||
| README.md | ||
UEFI dbx Support
Introduction
This plugin checks if the UEFI dbx contains all the most recent blacklisted checksums. The result will be stored in an security attribute for HSI.