┌──(martin㉿sagemcom)-[~] └─$ sudo fwupdmgr security --verbose [sudo] password for martin: (pkttyagent:19898): GLib-GIO-DEBUG: 20:21:54.945: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3) (fwupdmgr:19883): GLib-GIO-DEBUG: 20:21:54.954: _g_io_module_get_default: Found default implementation dconf (DConfSettingsBackend) for ‘gsettings-backend’ (fwupdmgr:19883): dconf-DEBUG: 20:21:54.954: watch_fast: "/system/proxy/" (establishing: 0, active: 0) (fwupdmgr:19883): dconf-DEBUG: 20:21:54.955: watch_fast: "/system/proxy/http/" (establishing: 0, active: 0) (fwupdmgr:19883): dconf-DEBUG: 20:21:54.955: watch_fast: "/system/proxy/https/" (establishing: 0, active: 0) (fwupdmgr:19883): dconf-DEBUG: 20:21:54.955: watch_fast: "/system/proxy/ftp/" (establishing: 0, active: 0) (fwupdmgr:19883): dconf-DEBUG: 20:21:54.955: watch_fast: "/system/proxy/socks/" (establishing: 0, active: 0) (fwupdmgr:19883): dconf-DEBUG: 20:21:54.955: unwatch_fast: "/system/proxy/" (active: 0, establishing: 1) (fwupdmgr:19883): dconf-DEBUG: 20:21:54.955: unwatch_fast: "/system/proxy/http/" (active: 0, establishing: 1) (fwupdmgr:19883): dconf-DEBUG: 20:21:54.955: unwatch_fast: "/system/proxy/https/" (active: 0, establishing: 1) (fwupdmgr:19883): dconf-DEBUG: 20:21:54.955: unwatch_fast: "/system/proxy/ftp/" (active: 0, establishing: 1) (fwupdmgr:19883): dconf-DEBUG: 20:21:54.955: unwatch_fast: "/system/proxy/socks/" (active: 0, establishing: 1) (fwupdmgr:19883): GLib-GIO-DEBUG: 20:21:54.958: _g_io_module_get_default: Found default implementation local (GLocalVfs) for ‘gio-vfs’ (fwupdmgr:19883): pxbackend-DEBUG: 20:21:54.958: px_config_sysconfig_set_config_file: Could not read file /etc/sysconfig/proxy (fwupdmgr:19883): pxbackend-DEBUG: 20:21:54.958: Active config plugins: (fwupdmgr:19883): pxbackend-DEBUG: 20:21:54.959: - config-env (fwupdmgr:19883): pxbackend-DEBUG: 20:21:54.959: - config-xdp (fwupdmgr:19883): pxbackend-DEBUG: 20:21:54.959: - config-kde (fwupdmgr:19883): pxbackend-DEBUG: 20:21:54.959: - config-gnome (fwupdmgr:19883): pxbackend-DEBUG: 20:21:54.959: - config-sysconfig (fwupdmgr:19883): GLib-GIO-DEBUG: 20:21:54.961: Failed to initialize portal (GNetworkMonitorPortal) for gio-network-monitor: Not using portals (fwupdmgr:19883): GLib-GIO-DEBUG: 20:21:54.972: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3) (fwupdmgr:19883): GLib-GIO-DEBUG: 20:21:54.972: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3) (fwupdmgr:19883): dconf-DEBUG: 20:21:54.974: watch_established: "/system/proxy/" (establishing: 0) (fwupdmgr:19883): dconf-DEBUG: 20:21:54.974: watch_established: "/system/proxy/http/" (establishing: 0) (fwupdmgr:19883): dconf-DEBUG: 20:21:54.974: watch_established: "/system/proxy/https/" (establishing: 0) (fwupdmgr:19883): dconf-DEBUG: 20:21:54.974: watch_established: "/system/proxy/ftp/" (establishing: 0) (fwupdmgr:19883): dconf-DEBUG: 20:21:54.975: watch_established: "/system/proxy/socks/" (establishing: 0) (fwupdmgr:19883): GLib-GIO-DEBUG: 20:21:54.976: _g_io_module_get_default: Found default implementation networkmanager (GNetworkMonitorNM) for ‘gio-network-monitor’ (fwupdmgr:19883): pxbackend-DEBUG: 20:21:54.976: px_manager_constructed: Up and running (fwupdmgr:19883): GLib-GIO-DEBUG: 20:21:54.976: _g_io_module_get_default: Found default implementation libproxy (GLibproxyResolver) for ‘gio-proxy-resolver’ (fwupdmgr:19883): Fwupd-DEBUG: 20:21:55.823: Emitting ::status-changed() [idle] Host Security ID: HSI:1! (v1.9.25) HSI-1 ✔ BIOS firmware updates: Enabled ✔ Fused platform: Locked ✔ Supported CPU: Valid ✔ TPM empty PCRs: Valid ✔ TPM v2.0: Found ✔ UEFI bootservice variables: Locked ✔ UEFI platform key: Valid HSI-2 ✔ IOMMU: Enabled ✔ Platform debugging: Locked ✔ TPM PCR0 reconstruction: Valid ✘ SPI write protection: Disabled HSI-3 ✔ Pre-boot DMA protection: Enabled ✘ SPI replay protection: Not supported ✘ CET Platform: Not supported ✘ Suspend-to-idle: Disabled ✘ Suspend-to-ram: Enabled HSI-4 ✔ SMAP: Enabled ✘ Processor rollback protection: Disabled ✘ Encrypted RAM: Not supported Runtime Suffix -! ✔ fwupd plugins: Untainted ✔ Linux kernel lockdown: Enabled ✔ Linux kernel: Untainted ✘ Linux swap: Unencrypted ✘ UEFI secure boot: Disabled This system has HSI runtime issues. » https://fwupd.github.io/hsi.html#hsi-runtime-suffix FuMain-INFO: 20:21:55.843: AppstreamId: org.fwupd.hsi.Kernel.Lockdown Created: 2024-10-13 HsiResult: enabled HsiResultFallback: not-enabled Flags: success|runtime-issue Name: Linux kernel lockdown Summary: Linux Kernel Lockdown Description: Linux Kernel Lockdown mode prevents administrator (root) accounts from accessing and changing critical parts of system software. Plugin: linux_lockdown Uri: https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Kernel.Lockdown FuMain-INFO: 20:21:55.843: AppstreamId: org.fwupd.hsi.Kernel.Tainted Created: 2024-10-13 HsiResult: not-tainted HsiResultFallback: tainted Flags: success|runtime-issue Name: Linux kernel Summary: Linux Kernel Verification Description: Linux Kernel Verification makes sure that critical system software has not been tampered with. Using device drivers which are not provided with the system can prevent this security feature from working correctly. Plugin: linux_tainted Uri: https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Kernel.Tainted FuMain-INFO: 20:21:55.843: AppstreamId: org.fwupd.hsi.Kernel.Lockdown Created: 2024-09-12 HsiResult: not-enabled HsiResultFallback: enabled Flags: runtime-issue|action-config-os Name: Linux kernel lockdown Summary: Linux Kernel Lockdown Description: Linux Kernel Lockdown mode prevents administrator (root) accounts from accessing and changing critical parts of system software. Plugin: linux_lockdown Uri: https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Kernel.Lockdown FuMain-INFO: 20:21:55.844: AppstreamId: org.fwupd.hsi.Kernel.Tainted Created: 2024-09-12 HsiResult: tainted HsiResultFallback: not-tainted Flags: runtime-issue|action-config-os Name: Linux kernel Summary: Linux Kernel Verification Description: Linux Kernel Verification makes sure that critical system software has not been tampered with. Using device drivers which are not provided with the system can prevent this security feature from working correctly. Plugin: linux_tainted Uri: https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Kernel.Tainted FuMain-INFO: 20:21:55.844: AppstreamId: org.fwupd.hsi.Kernel.Lockdown Created: 2024-09-11 HsiResult: enabled HsiResultFallback: not-enabled Flags: success|runtime-issue Name: Linux kernel lockdown Summary: Linux Kernel Lockdown Description: Linux Kernel Lockdown mode prevents administrator (root) accounts from accessing and changing critical parts of system software. Plugin: linux_lockdown Uri: https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Kernel.Lockdown FuMain-INFO: 20:21:55.844: AppstreamId: org.fwupd.hsi.Uefi.Pk Created: 2024-09-11 HsiLevel: 1 HsiResult: valid Flags: success Name: UEFI platform key Summary: UEFI Platform Key Description: The UEFI Platform Key is used to determine if device software comes from a trusted source. Plugin: uefi_pk Uri: https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Uefi.Pk Guid: 77c6cc94-a10e-5208-916d-2a805c661547 Host Security Events 2024-10-13 10:31:57: ✔ Kernel lockdown enabled 2024-10-13 10:31:57: ✔ Kernel is no longer tainted 2024-09-12 07:28:13: ✘ Kernel lockdown disabled 2024-09-12 07:28:13: ✘ Kernel is tainted 2024-09-11 15:27:14: ✔ Kernel lockdown enabled Upload these anonymous results to the Linux Vendor Firmware Service to help other users? [y|N]: y Target: https://fwupd.org/lvfs/hsireports/upload Payload: { "ReportVersion" : 2, "MachineId" : "534dbf6550f7d2b6d710f423b5df04179a90a1a53555dc92e6063492e76cad8c", "Metadata" : { "HostBiosMinorRelease" : "27", "HostFirmwareMinorRelease" : "17", "DisplayState" : "connected", "DistroId" : "kali", "KernelCmdline" : "lockdown=confidentiality", "CompileVersion(com.hughsie.libxmlb)" : "0.3.19", "HostBaseboardProduct" : "890E", "CompileVersion(com.hughsie.libjcat)" : "0.2.0", "HostBiosVendor" : "Insyde", "HostBiosMajorRelease" : "0f", "CompileVersion(org.freedesktop.fwupd)" : "1.9.25", "HostBaseboardManufacturer" : "HP", "RuntimeVersion(org.freedesktop.fwupd-efi)" : "1.7", "HostFirmwareMajorRelease" : "53", "BootTime" : "1728843517", "HostProduct" : "HP 255 G8 Notebook PC", "BatteryThreshold" : "50", "CpuModel" : "Advanced Micro Devices, Inc. AMD Ryzen 5 5500U with Radeon Graphics", "CompileVersion(org.freedesktop.gusb)" : "0.4.9", "KernelVersion" : "6.10.11-amd64", "RuntimeVersion(com.hughsie.libxmlb)" : "0.3.19", "LidState" : "open", "RuntimeVersion(com.hughsie.libjcat)" : "0.2.0", "DistroName" : "Kali GNU/Linux", "FwupdSupported" : "True", "DistroPrettyName" : "Kali GNU/Linux Rolling", "KernelName" : "Linux", "RuntimeVersion(org.freedesktop.gusb)" : "0.4.9", "PowerState" : "battery-discharging", "HostVendor" : "HP", "HostBiosVersion" : "F.39", "HostFamily" : "103C_5336AN HP 200", "BatteryLevel" : "72", "CpuArchitecture" : "x86_64", "RuntimeVersion(org.kernel)" : "6.10.11-amd64", "RuntimeVersion(org.freedesktop.fwupd)" : "1.9.25", "HostSku" : "7J059AA#BCM", "DistroVersion" : "2024.3", "HostEnclosureKind" : "a", "HostSecurityId" : "HSI:1! (v1.9.25)" }, "SecurityAttributes" : [ { "AppstreamId" : "org.fwupd.hsi.Fwupd.Plugins", "Created" : 1728843715, "HsiLevel" : 0, "HsiResult" : "not-tainted", "HsiResultSuccess" : "not-tainted", "Name" : "fwupd plugins", "Summary" : "Firmware Updater Verification", "Description" : "Firmware Updater Verification checks that software used for updating has not been tampered with.", "Plugin" : "core", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Fwupd.Plugins", "Flags" : [ "success", "runtime-issue" ] }, { "AppstreamId" : "org.fwupd.hsi.Kernel.Lockdown", "Created" : 1728843715, "HsiLevel" : 0, "HsiResult" : "enabled", "HsiResultSuccess" : "enabled", "Name" : "Linux kernel lockdown", "Summary" : "Linux Kernel Lockdown", "Description" : "Linux Kernel Lockdown mode prevents administrator (root) accounts from accessing and changing critical parts of system software.", "Plugin" : "linux_lockdown", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Kernel.Lockdown", "Flags" : [ "success", "runtime-issue" ] }, { "AppstreamId" : "org.fwupd.hsi.Kernel.Tainted", "Created" : 1728843715, "HsiLevel" : 0, "HsiResult" : "not-tainted", "HsiResultSuccess" : "not-tainted", "Name" : "Linux kernel", "Summary" : "Linux Kernel Verification", "Description" : "Linux Kernel Verification makes sure that critical system software has not been tampered with. Using device drivers which are not provided with the system can prevent this security feature from working correctly.", "Plugin" : "linux_tainted", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Kernel.Tainted", "Flags" : [ "success", "runtime-issue" ] }, { "AppstreamId" : "org.fwupd.hsi.Kernel.Swap", "Created" : 1728843715, "HsiLevel" : 0, "HsiResult" : "not-encrypted", "HsiResultSuccess" : "encrypted", "Name" : "Linux swap", "Summary" : "Linux Swap", "Description" : "Linux Kernel Swap temporarily saves information to disk as you work. If the information is not protected, it could be accessed by someone if they obtained the disk.", "Plugin" : "linux_swap", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Kernel.Swap", "Flags" : [ "runtime-issue", "action-config-os" ] }, { "AppstreamId" : "org.fwupd.hsi.Uefi.SecureBoot", "Created" : 1728843715, "HsiLevel" : 0, "HsiResult" : "not-enabled", "HsiResultSuccess" : "enabled", "Name" : "UEFI secure boot", "Summary" : "UEFI Secure Boot", "Description" : "UEFI Secure Boot prevents malicious software from being loaded when the device starts.", "Plugin" : "uefi_capsule", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Uefi.SecureBoot", "Flags" : [ "runtime-issue", "action-config-fw" ] }, { "AppstreamId" : "org.fwupd.hsi.Bios.CapsuleUpdates", "Created" : 1728843715, "HsiLevel" : 1, "HsiResult" : "enabled", "HsiResultSuccess" : "enabled", "Name" : "BIOS firmware updates", "Summary" : "BIOS Firmware Updates", "Description" : "Enabling firmware updates for the BIOS allows fixing security issues.", "Plugin" : "uefi_esrt", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Bios.CapsuleUpdates", "Flags" : [ "success" ] }, { "AppstreamId" : "org.fwupd.hsi.PlatformFused", "Created" : 1728843715, "HsiLevel" : 1, "HsiResult" : "locked", "HsiResultSuccess" : "locked", "Name" : "Fused platform", "Summary" : "Fused Platform", "Description" : "Manufacturing Mode is used when the device is manufactured and security features are not yet enabled.", "Plugin" : "pci_psp", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.PlatformFused", "Flags" : [ "success" ], "Guid" : [ "0e8dc554-a0a2-51fb-b439-1eb72b14ec38", "e31eca57-868f-5c87-9dba-16214680c5d2" ] }, { "AppstreamId" : "org.fwupd.hsi.SupportedCpu", "Created" : 1728843715, "HsiLevel" : 1, "HsiResult" : "valid", "HsiResultSuccess" : "valid", "Name" : "Supported CPU", "Summary" : "Processor Security Checks", "Description" : "Each system should have tests to ensure firmware security.", "Plugin" : "core", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.SupportedCpu", "Flags" : [ "success", "action-contact-oem" ] }, { "AppstreamId" : "org.fwupd.hsi.Tpm.EmptyPcr", "Created" : 1728843715, "HsiLevel" : 1, "HsiResult" : "valid", "HsiResultSuccess" : "valid", "Name" : "TPM empty PCRs", "Summary" : "TPM Platform Configuration", "Description" : "The TPM (Trusted Platform Module) Platform Configuration is used to check whether the device start process has been modified.", "Plugin" : "tpm", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Tpm.EmptyPcr", "Flags" : [ "success" ], "Guid" : [ "9305de1c-1e12-5665-81c4-37f8e51219b8", "78a291ae-b499-5b0f-8f1d-74e1fefd0b1c", "65a3fced-b423-563f-8098-bf5c329fc063", "5e704f0d-83cb-5364-8384-f46d725a23b8" ] }, { "AppstreamId" : "org.fwupd.hsi.Tpm.Version20", "Created" : 1728843715, "HsiLevel" : 1, "HsiResult" : "found", "HsiResultSuccess" : "found", "Name" : "TPM v2.0", "Summary" : "TPM v2.0", "Description" : "TPM (Trusted Platform Module) is a computer chip that detects when hardware components have been tampered with.", "Plugin" : "tpm", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Tpm.Version20", "Flags" : [ "success" ], "Guid" : [ "9305de1c-1e12-5665-81c4-37f8e51219b8", "78a291ae-b499-5b0f-8f1d-74e1fefd0b1c", "65a3fced-b423-563f-8098-bf5c329fc063", "5e704f0d-83cb-5364-8384-f46d725a23b8" ] }, { "AppstreamId" : "org.fwupd.hsi.Uefi.BootserviceVars", "Created" : 1728843715, "HsiLevel" : 1, "HsiResult" : "locked", "HsiResultSuccess" : "locked", "Name" : "UEFI bootservice variables", "Summary" : "UEFI Bootservice Variables", "Description" : "UEFI boot service variables should not be readable from runtime mode.", "Plugin" : "uefi_capsule", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Uefi.BootserviceVars", "Flags" : [ "success" ] }, { "AppstreamId" : "org.fwupd.hsi.Uefi.Pk", "Created" : 1728843715, "HsiLevel" : 1, "HsiResult" : "valid", "HsiResultSuccess" : "valid", "Name" : "UEFI platform key", "Summary" : "UEFI Platform Key", "Description" : "The UEFI Platform Key is used to determine if device software comes from a trusted source.", "Plugin" : "uefi_pk", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Uefi.Pk", "Flags" : [ "success" ], "Guid" : [ "77c6cc94-a10e-5208-916d-2a805c661547" ] }, { "AppstreamId" : "org.fwupd.hsi.Iommu", "Created" : 1728843715, "HsiLevel" : 2, "HsiResult" : "enabled", "HsiResultSuccess" : "enabled", "Name" : "IOMMU", "Summary" : "IOMMU Protection", "Description" : "IOMMU Protection prevents connected devices from accessing unauthorized parts of system memory.", "Plugin" : "iommu", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Iommu", "Flags" : [ "success" ] }, { "AppstreamId" : "org.fwupd.hsi.PlatformDebugLocked", "Created" : 1728843715, "HsiLevel" : 2, "HsiResult" : "locked", "HsiResultSuccess" : "locked", "Name" : "Platform debugging", "Summary" : "Platform Debugging", "Description" : "Platform Debugging allows device security features to be disabled. This should only be used by hardware manufacturers.", "Plugin" : "pci_psp", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.PlatformDebugLocked", "Flags" : [ "success" ], "Guid" : [ "0e8dc554-a0a2-51fb-b439-1eb72b14ec38", "e31eca57-868f-5c87-9dba-16214680c5d2" ] }, { "AppstreamId" : "org.fwupd.hsi.Tpm.ReconstructionPcr0", "Created" : 1728843715, "HsiLevel" : 2, "HsiResult" : "valid", "HsiResultSuccess" : "valid", "Name" : "TPM PCR0 reconstruction", "Summary" : "TPM Reconstruction", "Description" : "The TPM (Trusted Platform Module) Reconstruction is used to check whether the device start process has been modified.", "Plugin" : "tpm", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Tpm.ReconstructionPcr0", "Flags" : [ "success" ], "Guid" : [ "9305de1c-1e12-5665-81c4-37f8e51219b8", "78a291ae-b499-5b0f-8f1d-74e1fefd0b1c", "65a3fced-b423-563f-8098-bf5c329fc063", "5e704f0d-83cb-5364-8384-f46d725a23b8" ] }, { "AppstreamId" : "org.fwupd.hsi.Amd.SpiWriteProtection", "Created" : 1728843715, "HsiLevel" : 2, "HsiResult" : "not-enabled", "HsiResultSuccess" : "enabled", "Name" : "SPI write protection", "Summary" : "AMD Firmware Write Protection", "Description" : "Firmware Write Protection protects device firmware memory from being tampered with.", "Plugin" : "pci_psp", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Amd.SpiWriteProtection", "Flags" : [ "action-contact-oem" ], "Guid" : [ "0e8dc554-a0a2-51fb-b439-1eb72b14ec38", "e31eca57-868f-5c87-9dba-16214680c5d2" ] }, { "AppstreamId" : "org.fwupd.hsi.PrebootDma", "Created" : 1728843715, "HsiLevel" : 3, "HsiResult" : "enabled", "HsiResultSuccess" : "enabled", "Name" : "Pre-boot DMA protection", "Summary" : "Pre-boot DMA Protection", "Description" : "Pre-boot DMA protection prevents devices from accessing system memory after being connected to the computer.", "Plugin" : "acpi_ivrs", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.PrebootDma", "Flags" : [ "success" ] }, { "AppstreamId" : "org.fwupd.hsi.Amd.SpiReplayProtection", "Created" : 1728843715, "HsiLevel" : 3, "HsiResult" : "not-supported", "HsiResultSuccess" : "enabled", "Name" : "SPI replay protection", "Summary" : "AMD Firmware Replay Protection", "Description" : "Rollback Protection prevents device software from being downgraded to an older version that has security problems.", "Plugin" : "pci_psp", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Amd.SpiReplayProtection", "Guid" : [ "0e8dc554-a0a2-51fb-b439-1eb72b14ec38", "e31eca57-868f-5c87-9dba-16214680c5d2" ] }, { "AppstreamId" : "org.fwupd.hsi.IntelCet.Enabled", "Created" : 1728843715, "HsiLevel" : 3, "HsiResult" : "not-supported", "HsiResultSuccess" : "supported", "Name" : "CET Platform", "Summary" : "Control-flow Enforcement Technology", "Description" : "Control-Flow Enforcement Technology detects and prevents certain methods for running malicious software on the device.", "Plugin" : "cpu", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.IntelCet.Enabled", "Guid" : [ "aa488f1a-d73b-5d1b-ad35-42d603bac73b", "faaa1b3c-207e-58ef-a0ca-4fe005eae0c8" ] }, { "AppstreamId" : "org.fwupd.hsi.SuspendToIdle", "Created" : 1728843715, "HsiLevel" : 3, "HsiResult" : "not-enabled", "HsiResultSuccess" : "enabled", "Name" : "Suspend-to-idle", "Summary" : "Suspend To Idle", "Description" : "Suspend to Idle allows the device to quickly go to sleep in order to save power. While the device has been suspended, its memory could be physically removed and its information accessed.", "Plugin" : "acpi_facp", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.SuspendToIdle", "Flags" : [ "action-config-fw", "action-config-os" ] }, { "AppstreamId" : "org.fwupd.hsi.SuspendToRam", "Created" : 1728843715, "HsiLevel" : 3, "HsiResult" : "enabled", "HsiResultSuccess" : "not-enabled", "Name" : "Suspend-to-ram", "Summary" : "Suspend To RAM", "Description" : "Suspend to RAM allows the device to quickly go to sleep in order to save power. While the device has been suspended, its memory could be physically removed and its information accessed.", "Plugin" : "linux_sleep", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.SuspendToRam", "Flags" : [ "action-config-fw", "action-config-os" ] }, { "AppstreamId" : "org.fwupd.hsi.IntelSmap", "Created" : 1728843715, "HsiLevel" : 4, "HsiResult" : "enabled", "HsiResultSuccess" : "enabled", "Name" : "SMAP", "Summary" : "Supervisor Mode Access Prevention", "Description" : "Supervisor Mode Access Prevention ensures critical parts of device memory are not accessed by less secure programs.", "Plugin" : "cpu", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.IntelSmap", "Flags" : [ "success" ], "Guid" : [ "aa488f1a-d73b-5d1b-ad35-42d603bac73b", "faaa1b3c-207e-58ef-a0ca-4fe005eae0c8" ] }, { "AppstreamId" : "org.fwupd.hsi.Amd.RollbackProtection", "Created" : 1728843715, "HsiLevel" : 4, "HsiResult" : "not-enabled", "HsiResultSuccess" : "enabled", "Name" : "Processor rollback protection", "Summary" : "AMD Secure Processor Rollback Protection", "Description" : "Rollback Protection prevents device software from being downgraded to an older version that has security problems.", "Plugin" : "pci_psp", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Amd.RollbackProtection", "Flags" : [ "action-contact-oem", "action-config-fw" ], "Guid" : [ "0e8dc554-a0a2-51fb-b439-1eb72b14ec38", "e31eca57-868f-5c87-9dba-16214680c5d2" ] }, { "AppstreamId" : "org.fwupd.hsi.EncryptedRam", "Created" : 1728843715, "HsiLevel" : 4, "HsiResult" : "not-supported", "HsiResultSuccess" : "encrypted", "Name" : "Encrypted RAM", "Summary" : "Encrypted RAM", "Description" : "Encrypted RAM makes it impossible for information that is stored in device memory to be read if the memory chip is removed and accessed.", "Plugin" : "pci_psp", "Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.EncryptedRam", "Flags" : [ "action-config-fw" ], "Guid" : [ "0e8dc554-a0a2-51fb-b439-1eb72b14ec38", "e31eca57-868f-5c87-9dba-16214680c5d2" ] } ] } Proceed with upload? [Y|n]: y Fwupd-INFO: 20:22:01.625: uploading to https://fwupd.org/lvfs/hsireports/upload Fwupd-INFO: 20:22:02.227: upload progress: 100% Host Security ID attributes uploaded successfully, thanks! Automatically upload every time? [y|N]: ┌──(martin㉿sagemcom)-[~] └─$