On Tuesday, May 28th, 2024 at 10:07 PM, Mario Limonciello <mario.limonciello@xxxxxxx> wrote: > v1->v2: Looks great, and the output of "fwupdmgr security" on my pre-production Lenovo T14 (AMD Ryzen 7 PRO 4750U) is now a lot more accurate: HSI-1 ✔ BIOS firmware updates: Enabled +✔ Fused platform: Locked +✔ Supported CPU: Valid ✔ TPM empty PCRs: Valid ✔ TPM v2.0: Found ✔ UEFI bootservice variables: Locked ✔ UEFI platform key: Valid HSI-2 ✔ IOMMU: Enabled +✔ Platform debugging: Locked ✔ TPM PCR0 reconstruction: Valid +✘ SPI write protection: Disabled ✘ BIOS rollback protection: Disabled HSI-3 +✘ SPI replay protection: Not supported ✘ CET Platform: Not supported ✘ Pre-boot DMA protection: Disabled ✘ Suspend-to-idle: Disabled ✘ Suspend-to-ram: Enabled HSI-4 +✔ Encrypted RAM: Encrypted ✔ SMAP: Enabled +✘ Processor rollback protection: Disabled Tested-by: Richard Hughes <richard@xxxxxxxxxxx> Richard
