Firmware Security Question

HealingMindNOS · February 17, 2024, 6:54pm

I have been negligent in setting up UEFI in my BIOS from what I observe in my firmware security. Is this safe enough to wait until my next upgrade to 15.6? I promise to set up UEFI in my BIOS for next upgrade. Thanks in advance.

WARNING: UEFI firmware can not be updated in legacy BIOS mode
See PluginFlag:legacy bios · fwupd/fwupd Wiki · GitHub for more information.
Host Security ID: HSI:INVALID:missing-data

HSI-1
? UEFI platform key: Valid
? Supported CPU: Failed
? TPM v2.0: Not found

HSI-2
? IOMMU: Enabled

HSI-3
? Pre-boot DMA protection: Disabled
? Suspend-to-idle: Disabled
? Suspend-to-ram: Enabled

HSI-4
? Encrypted RAM: Failed

Runtime Suffix -!
? Linux kernel: Untainted
? fwupd plugins: Untainted
? Linux kernel lockdown: Disabled
? Linux swap: Unencrypted
? UEFI secure boot: Disabled

This system has a low HSI security level.
» Redirecting to https://fwupd.github.io/libfwupdplugin/hsi.html

This system has HSI runtime issues.
» Redirecting to https://fwupd.github.io/libfwupdplugin/hsi.html

Host Security Events
2022-11-08 23:49:22: ? Kernel is tainted
2022-11-08 23:49:22: ? UEFI secure boot changed: Not found ? Disabled

sfalken · February 17, 2024, 6:59pm

No idea, and I don’t think anybody can confirm if it’s “safe” or not, It absolutely depends on what vulnerabilities might currently exist within your existing firmware.

Generally speaking, I wouldn’t consider having unpatched/unupdated firmware to be “safe”, it depends on your personal risk tolerance.

HealingMindNOS · February 17, 2024, 7:03pm

There are No existing errors that I know of. I didn’t bother in the past because switching to UEFI is more trouble than I was willing to deal with: https://www.amd.com/en/support/kb/faq/cpu-uefi-mode

system · March 18, 2024, 7:03pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.