Security checks failed

Bazzite
1

I just got secure boot up and running correctly but am still getting “security checks failed” in the other category. I saved the device security report but I’m not sure what it all means.

Screenshot From 2025-01-30 10-18-53
Screenshot From 2025-01-30 10-18-53978×634 52.9 KB

Device Security Report

Report details
Date generated: 2025-01-30 10:11:58
fwupd version: 1.9.26

System details
Hardware model: Micro-Star International Co., Ltd. MS-7E06
Processor: 13th Gen Intel(R) Core™ i5-13600K
OS: Bazzite 41 (FROM Fedora Silverblue)
Security level: HSI:0! (v1.9.26)

HSI-1 Tests
UEFI Platform Key: Pass (Valid)
Firmware BIOS Region: ! Fail (Not Locked)
UEFI Bootservice Variables: Pass (Locked)
TPM v2.0: Pass (Found)
Intel Management Engine Version: Pass (Valid)
Firmware Write Protection Lock: ! Fail (Not Enabled)
Platform Debugging: Pass (Not Enabled)
Intel Management Engine Manufacturing Mode: ! Fail (Not Locked)
BIOS Firmware Updates: ! Fail (Not Enabled)
UEFI Secure Boot: Pass (Enabled)
Firmware Write Protection: Pass (Not Enabled)
Intel Management Engine Override: Pass (Locked)
TPM Platform Configuration: Pass (Valid)

HSI-2 Tests
Intel BootGuard Fuse: ! Fail (Not Valid)
Intel BootGuard Verified Boot: ! Fail (Not Valid)
Intel BootGuard ACM Protected: ! Fail (Not Valid)
Intel BootGuard: Pass (Enabled)
IOMMU Protection: ! Fail (Not Found)
TPM Reconstruction: Pass (Valid)
Platform Debugging: Pass (Locked)

HSI-3 Tests
Suspend To RAM: ! Fail (Enabled)
Intel BootGuard Error Policy: ! Fail (Not Valid)
Pre-boot DMA Protection: ! Fail (Not Enabled)
Control-flow Enforcement Technology: Pass (Supported)
Suspend To Idle: ! Fail (Not Enabled)

HSI-4 Tests
Encrypted RAM: ! Fail (Not Enabled)
Supervisor Mode Access Prevention: Pass (Enabled)

Runtime Tests
Linux Kernel Verification: ! Fail (Tainted)
Firmware Updater Verification: Pass (Not Tainted)
Linux Swap: Pass (Encrypted)
Linux Kernel Lockdown: ! Fail (Not Enabled)
Control-flow Enforcement Technology: Pass (Supported)

Host security events
2025-01-02 18:17:39 UEFI Secure Boot Pass (Not Enabled → Enabled)

For information on the contents of this report, see Redirecting to https://fwupd.github.io/libfwupdplugin/hsi.html

2

Basically either you have those option disabled in BIOS but also your bios might not even have those settings.

Nothing to really worry about.