In data martedì 28 novembre 2023 23:28:48 CET, Stakanov ha scritto:
In data martedì 28 novembre 2023 17:11:55 CET, Manfred Hollstein ha scritto:
On Tue, 28 Nov 2023, 16:15:40 +0100, Stakanov wrote:
In data martedì 28 novembre 2023 15:52:31 CET, Carlos E. R. ha scritto:
[...] During grub boot. Secure booting has to be enabled.
In Linux it is
Are you sure? IIRC, secure boot has to be enabled explicitly. You can
check your setting in /etc/sysconfig/boot: $ grep SEC /etc/sysconfig/bootloader SECURE_BOOT="no"
This is the setting on my systems. Again, I don't remember the default, but I'm doubtful it's "yes".
Cheers.
l8er manfred
[sudo] password di root: SECURE_BOOT="yes"
hence it is. I will have to check the BIOS (just searching for the password that I forgot lol, long time no use.....
More info (unfortunately copying from "info" (firmware security) does give all nefarious colour codes (no idea why): If you happen to know with what command I can achieve the output from the command line I will provide. Interestingly the output is even a wild mix of German and Italian (which is my GUI language, why German does appear, it is nowhere set, root is EN, so no idea), which makes readability low even for me. In synthesis it complains that the UEFI partition "may be set up wrongly" but does not provide details. It says TPM2 is not active (but it is) It says "secureboot HSI 1 and HSI 2 informations are wrong (TPM is active, the CPU is AMD socket 4, recognized normally in info and IOMMU is definitely active). As all this is wrong in the output, I doubt the issue is on my side but before filing a bug report maybe somebody knows if this software is maybe beta, or maybe is known to have issues? It sends you to GIT but in GIT I did not find anything usable (at least to my eyes). And that's all about it. <?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/ TR/xhtml1/DTD/xhtml1-strict.dtd"> <!-- This file was created with the aha Ansi HTML Adapter. <a href="https:// github.com/theZiz/aha">https://github.com/theZiz/aha</a> --> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="application/xml+xhtml; charset=UTF-8"/> <title>stdin</title> </head> <body> <pre> <span style="color:red;"></span><span style="font- weight:bold;color:red;">AVVERTENZA</span>: Die UEFI-ESP-Partition ist möglicherweise nicht korrekt eingerichtet Per maggiori informazioni, consultare <a href="https://github.com/fwupd/fwupd/ wiki/PluginFlag:esp-not-valid.">https://github.com/fwupd/fwupd/wiki/ PluginFlag:esp-not-valid.</a> ID sicurezza host: <span style="font-weight:bold;">HSI:0! (v1.9.9)</span> <span style="font-weight:bold;">HSI-1</span> ✔ BIOS Firmware-Aktualisierungen:<span style="color:green;"></span><span style="font-weight:bold;color:green;">Abilitato</span> ✔ Variabili bootservice UEFI: <span style="color:green;"></span><span style="font-weight:bold;color:green;">Bloccato</span> ✘ CPU supportata: <span style="color:red;"></span><span style="font-weight:bold;color:red;">Non valido</span> ✘ Piattaforma saldata: <span style="color:red;"></span><span style="font-weight:bold;color:red;">Sconosciuto</span> ✘ TPM v2.0: <span style="color:red;"></span><span style="font-weight:bold;color:red;">Non trovato</span> <span style="font-weight:bold;">HSI-2</span> ✘ Debug piattaforma: <span style="color:red;"></span><span style="font-weight:bold;color:red;">Sconosciuto</span> ✘ IOMMU: <span style="color:red;"></span><span style="font-weight:bold;color:red;">Non trovato</span> ✘ Protezione scrittura SPI: <span style="color:red;"></span><span style="font-weight:bold;color:red;">Sconosciuto</span> <span style="font-weight:bold;">HSI-3</span> ✘ Protezione DMA pre-boot: <span style="color:red;"></span><span style="font-weight:bold;color:red;">Non valido</span> ✘ Protezione replay SPI: <span style="color:red;"></span><span style="font-weight:bold;color:red;">Sconosciuto</span> ✘ Suspend-to-idle: <span style="color:red;"></span><span style="font-weight:bold;color:red;">Disabilitato</span> ✘ Suspend-to-ram: <span style="color:red;"></span><span style="font-weight:bold;color:red;">Abilitato</span> <span style="font-weight:bold;">HSI-4</span> ✘ Protezione rollback del processore:<span style="color:red;"></span><span style="font-weight:bold;color:red;">Sconosciuto</span> ✘ RAM cifrata: <span style="color:red;"></span><span style="font-weight:bold;color:red;">Sconosciuto</span> <span style="font-weight:bold;">Suffisso di runtime -!</span> ✔ Plugin fwupd: <span style="color:green;"></span><span style="font-weight:bold;color:green;">Integro</span> ✔ Swap Linux: <span style="color:green;"></span><span style="font-weight:bold;color:green;">Disabilitato</span> ✘ Avvio sicuro UEFI: <span style="color:red;"></span><span style="font-weight:bold;color:red;">Disabilitato</span> ✘ Kernel Linux: <span style="color:red;"></span><span style="font-weight:bold;color:red;">Non integro</span> ✘ Lockdown kernel Linux: <span style="color:red;"></span><span style="font-weight:bold;color:red;">Disabilitato</span> Questo sistema ha un livello di sicurezza HSI basso. » <a href="https://fwupd.github.io/hsi.html#low-security-level">https:// fwupd.github.io/hsi.html#low-security-level</a> Questo sistema presenta dei problemi di runtime HSI. » <a href="https://fwupd.github.io/hsi.html#hsi-runtime-suffix">https:// fwupd.github.io/hsi.html#hsi-runtime-suffix</a> Eventi sicurezza host 2023-08-27 07:22:35: <span style="color:red;"></span><span style="font- weight:bold;color:red;">✘</span> Il kernel non è integro </pre> </body> </html>