> A default Ubuntu install only gets us "Security Level 1". The highest level is "Security Level 3".
It's not a function of the OS, it's a function of the underlying hardware, firmware, and firmware configuration for your given system. The "!" in the HSI string is controlled by OS behavior (such as encrypted swap, taint, etc). At least on a pre-production Lenovo Z13 I can get HSI-2, depending on whether Lenovo has SPI replay protection in the production hardware I might be able to get all the way to HSI 4. Host Security ID: HSI:2! (v1.8.4) HSI-1 ✔ Fused platform: Locked ✔ Rollback protection: Enabled ✔ Supported CPU: Valid ✔ TPM empty PCRs: Valid ✔ TPM v2.0: Found ✔ UEFI platform key: Valid HSI-2 ✔ IOMMU: Enabled ✔ Platform Debugging: Locked ✔ SPI write protection: Enabled ✔ TPM PCR0 reconstruction: Valid HSI-3 ✔ Pre-boot DMA protection: Enabled ✔ Suspend-to-idle: Enabled ✔ Suspend-to-ram: Disabled ✘ SPI replay protection: Disabled HSI-4 ✔ Encrypted RAM: Encrypted -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-control-center in Ubuntu. https://bugs.launchpad.net/bugs/1987162 Title: 43: New Device Security feature is confusing and unhelpful currently To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1987162/+subscriptions -- desktop-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
