You are not logged in.

Pages: 1

#1 2025-08-07 10:00

swarfendor437
Member
Registered: 2024-11-06
Posts: 51

Firmware Security - should I be concerned?

Just ran System Info | Firmware Security which gave these results:

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!-- This file was created with the aha Ansi HTML Adapter. <a href="https://github.com/theZiz/aha">https://github.com/theZiz/aha</a> -->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="application/xml+xhtml; charset=UTF-8"/>
<title>stdin</title>
</head>
<body>
<pre>
Host Security ID: <span style="font-weight:bold;">HSI:INVALID:missing-data</span>

<span style="font-weight:bold;">HSI-1</span>
✔ TPM empty PCRs:                <span style="color:green;"></span><span style="font-weight:bold;color:green;">Valid</span>
✔ TPM v2.0:                      <span style="color:green;"></span><span style="font-weight:bold;color:green;">Found</span>
✔ UEFI platform key:             <span style="color:green;"></span><span style="font-weight:bold;color:green;">Valid</span>
✘ Supported CPU:                 <span style="color:red;"></span><span style="font-weight:bold;color:red;">Failed</span>

<span style="font-weight:bold;">HSI-2</span>
✔ IOMMU:                         <span style="color:green;"></span><span style="font-weight:bold;color:green;">Enabled</span>
✔ TPM PCR0 reconstruction:       <span style="color:green;"></span><span style="font-weight:bold;color:green;">Valid</span>

<span style="font-weight:bold;">HSI-3</span>
✘ Pre-boot DMA protection:       <span style="color:red;"></span><span style="font-weight:bold;color:red;">Disabled</span>
✘ Suspend-to-idle:               <span style="color:red;"></span><span style="font-weight:bold;color:red;">Disabled</span>
✘ Suspend-to-ram:                <span style="color:red;"></span><span style="font-weight:bold;color:red;">Enabled</span>

<span style="font-weight:bold;">HSI-4</span>
✘ Encrypted RAM:                 <span style="color:red;"></span><span style="font-weight:bold;color:red;">Not supported</span>

<span style="font-weight:bold;">Runtime Suffix -!</span>
✔ Linux kernel:                  <span style="color:green;"></span><span style="font-weight:bold;color:green;">Untainted</span>
✔ fwupd plugins:                 <span style="color:green;"></span><span style="font-weight:bold;color:green;">Untainted</span>
✘ Linux kernel lockdown:         <span style="color:red;"></span><span style="font-weight:bold;color:red;">Disabled</span>
✘ Linux swap:                    <span style="color:red;"></span><span style="font-weight:bold;color:red;">Unencrypted</span>
✘ UEFI secure boot:              <span style="color:red;"></span><span style="font-weight:bold;color:red;">Disabled</span>

This system has a low HSI security level.
» <a href="https://fwupd.github.io/hsi.html#low-security-level">https://fwupd.github.io/hsi.html#low-security-level</a>

This system has HSI runtime issues.
» <a href="https://fwupd.github.io/hsi.html#hsi-runtime-suffix">https://fwupd.github.io/hsi.html#hsi-runtime-suffix</a>

Host Security Events
  2025-05-25 13:55:09:  <span style="color:green;"></span><span style="font-weight:bold;color:green;">✔</span> TPM v2.0 changed: Not found → Found
  2025-05-22 20:02:30:  <span style="color:red;"></span><span style="font-weight:bold;color:red;">✘</span> TPM v2.0 changed: Found → Not found
  2025-05-21 22:06:25:  <span style="color:red;"></span><span style="font-weight:bold;color:red;">✘</span> UEFI secure boot changed: Not found → Disabled
  2025-05-21 17:02:01:  <span style="color:red;"></span><span style="font-weight:bold;color:red;">✘</span> UEFI secure boot changed: Disabled → Not found
  2025-05-19 17:23:37:  <span style="color:red;"></span><span style="font-weight:bold;color:red;">✘</span> UEFI secure boot changed: Not found → Disabled
  2025-04-04 14:10:02:  <span style="color:red;"></span><span style="font-weight:bold;color:red;">✘</span> UEFI secure boot changed: Not found → Disabled
  2025-04-04 14:10:02:  <span style="color:green;"></span><span style="font-weight:bold;color:green;">✔</span> TPM v2.0 changed: Not found → Found
  2025-03-21 20:43:33:  <span style="color:red;"></span><span style="font-weight:bold;color:red;">✘</span> UEFI secure boot changed: Disabled → Not found
  2025-01-08 15:41:52:  <span style="color:red;"></span><span style="font-weight:bold;color:red;">✘</span> UEFI secure boot changed: Not found → Disabled
  2024-11-12 23:21:14:  <span style="color:red;"></span><span style="font-weight:bold;color:red;">✘</span> UEFI secure boot changed: Not found → Disabled
  2024-11-12 23:21:14:  <span style="color:red;"></span><span style="font-weight:bold;color:red;">✘</span> TPM v2.0 changed: Found → Not found

</pre>
</body>
</html>

It's an ASUS PRIME X470-PRO with an AMD Ryzen 7 1700X Processor and BIOS is up-to-date.

ASUS X470-PRO, AMD Ryzen 7 1700X 8 Core, 16 Gb RAM, Asus GT1030 2 Gb DDR-5  Q4OS 5.8 (Aquarius)

Offline

#2 2025-08-08 01:35

crosscourt
Banned
Registered: 2017-05-07
Posts: 2,706

Re: Firmware Security - should I be concerned?

It appears the last bios for your motherboard was 11/14/2024 and their description makes it hard to tell if there could be an issue.

Your Ryzen 1700x isnt supported anymore by AMD and they wont be patching for some of the recent security issues like Sinkclose. To be honest, its less of an issue for home users.

Your chipset drivers have an update from 7/3/2024  6.05.16.221 so hard to say if there are any issues there, based on the description.

Not having any updates for 2025 is a bit interesting.

I use a hardware firewall which isnt perfect but does help my older hardware. Personally I dont think you need to be concerned but just be aware and be smart with how you use your pc.

Last edited by crosscourt (2025-08-08 03:55)

Offline

Pages: 1

Board footer

Powered by FluxBB