> A default Ubuntu install only gets us "Security Level 1". The highest level is "Security Level 3".
It's not a function of the OS, it's a function of the underlying hardware, firmware, and firmware configuration for your given system. The "!" in the HSI string is controlled by OS behavior (such as encrypted swap, taint, etc). At least on a pre-production Lenovo Z13 I can get HSI-2, depending on whether Lenovo has SPI replay protection in the production hardware I might be able to get all the way to HSI 4. Host Security ID: HSI:2! (v1.8.4) HSI-1 ✔ Fused platform: Locked ✔ Rollback protection: Enabled ✔ Supported CPU: Valid ✔ TPM empty PCRs: Valid ✔ TPM v2.0: Found ✔ UEFI platform key: Valid HSI-2 ✔ IOMMU: Enabled ✔ Platform Debugging: Locked ✔ SPI write protection: Enabled ✔ TPM PCR0 reconstruction: Valid HSI-3 ✔ Pre-boot DMA protection: Enabled ✔ Suspend-to-idle: Enabled ✔ Suspend-to-ram: Disabled ✘ SPI replay protection: Disabled HSI-4 ✔ Encrypted RAM: Encrypted -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-control-center in Ubuntu. https://bugs.launchpad.net/bugs/1987162 Title: 43: New Device Security feature is confusing and unhelpful currently Status in gnome-control-center package in Ubuntu: Fix Released Bug description: GNOME 43 added a new Device Security feature in the Settings app. You can access it in gnome-control-center 1:43~beta-1ubuntu1 1. Open the Settings app 2. Click Privacy then Device Security The Security Events aren't clickable. A default Ubuntu install only gets us "Security Level 1". The highest level is "Security Level 3". There isn't anything an Ubuntu user can do to get to a higher security level from the Device Security screen. If a user attempts to get their system to a higher security level, I think they could break their system since this isn't something we currently support. Therefore, I think we ought to hide/disable the screen for Ubuntu 22.10. We can work towards better integrating this screen for Ubuntu in future releases. I'm attaching several screenshots although it's worth trying out the feature for yourself too. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1987162/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
