Package: gnome-control-center Version: 1:45.1-1 Severity: normal X-Debbugs-Cc: steven.jay.co...@gmail.com
Dear Maintainer, Gnome-Control-Center > Privacy > Device Security Security Events: Intel Management Engine Version The Intel Management Engine controls device components and needs to have a recent version to avoid security issues. I booted into the BIOS and found that IME was already disabled and has been since before the original Linux Install on this device. SUGGESTION: Can IME state be detected? If so, is this still an issue? If it is not an issue, then it should not be reported or it should be reported differently and not treated as a Security Event Failure. Disabling IME reports as LOCKED (see below). Which is why a valid IME version is not being reported back. So, if both IME Mode and IME Override report back Pass(Locked) and IME Version reports back (Not Valid) then IME is Disabled, right? Device Security Report ====================== Report details Date generated: 2023-11-01 08:28:16 fwupd version: 1.9.6 System details Hardware model: Dell Inc. Latitude 7210 2-in-1 Processor: Intel(R) Core(TM) i7-10610U CPU @ 1.80GHz OS: Debian GNU/Linux trixie/sid Security level: HSI:0! (v1.9.6) HSI-1 Tests Firmware BIOS Region: Pass (Locked) UEFI Platform Key: Pass (Valid) UEFI Bootservice Variables: Pass (Locked) MEI Key Manifest: Pass (Valid) TPM v2.0: ! Fail (Not Found) Firmware Write Protection Lock: Pass (Enabled) Platform Debugging: Pass (Not Enabled) Intel Management Engine Manufacturing Mode: Pass (Locked) UEFI Secure Boot: Pass (Enabled) BIOS Firmware updates: Pass (Enabled) Firmware Write Protection: Pass (Not Enabled) Intel Management Engine Override: Pass (Locked) Intel Management Engine Version: ! Fail (Not Valid) HSI-2 Tests Platform Debugging: Pass (Locked) Intel BootGuard ACM Protected: Pass (Valid) IOMMU Protection: Pass (Enabled) Intel BootGuard Fuse: Pass (Valid) Intel GDS Mitigation: Pass (Enabled) BIOS Rollback Protection: ! Fail (Not Enabled) Intel BootGuard Verified Boot: Pass (Valid) Intel BootGuard: Pass (Enabled) HSI-3 Tests Intel CET: ! Fail (Not Supported) Intel BootGuard Error Policy: Pass (Valid) Pre-boot DMA Protection: Pass (Enabled) Suspend To RAM: Pass (Not Enabled) Suspend To Idle: Pass (Enabled) HSI-4 Tests Encrypted RAM: ! Fail (Not Supported) Intel SMAP: Pass (Enabled) Runtime Tests Firmware Updater Verification: Pass (Not Tainted) Linux Swap: ! Fail (Not Encrypted) Linux Kernel Lockdown: Pass (Enabled) Linux Kernel Verification: Pass (Not Tainted) Host security events 2022-07-05 18:46:50 Intel Management Engine Versi! Fail (Valid → Not Valid) For information on the contents of this report, see https://fwupd.github.io/hsi.html -- System Information: Debian Release: trixie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-3-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gnome-control-center depends on: ii accountsservice 23.13.9-4 ii apg 2.2.3.dfsg.1-5+b2 ii colord 1.4.6-3 ii desktop-base 12.0.6+nmu1 ii desktop-file-utils 0.26-1 ii gnome-control-center-data 1:45.1-1 ii gnome-desktop3-data 44.0-2 ii gnome-settings-daemon 45.0-1 ii gsettings-desktop-schemas 45.0-1 ii libaccountsservice0 23.13.9-4 ii libadwaita-1-0 1.4.0-1 ii libc6 2.37-12 ii libcairo2 1.18.0-1 ii libcolord-gtk4-1 0.3.0-4 ii libcolord2 1.4.6-3 ii libcups2 2.4.7-1 ii libepoxy0 1.5.10-1 ii libfontconfig1 2.14.2-6 ii libgcr-base-3-1 3.41.1-3 ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+b1 ii libglib2.0-0 2.78.0-2 ii libgnome-bg-4-2 44.0-2 ii libgnome-bluetooth-ui-3.0-13 42.6-1 ii libgnome-desktop-4-2 44.0-2 ii libgnome-rr-4-2 44.0-2 ii libgnutls30 3.8.1-4+b1 ii libgoa-1.0-0b 3.48.0-2 ii libgoa-backend-1.0-1 3.48.0-2 ii libgsound0 1.0.3-2 ii libgtk-3-0 3.24.38-5 ii libgtk-4-1 4.12.3+ds-1 ii libgtop-2.0-11 2.40.0-2 ii libgudev-1.0-0 238-2 ii libibus-1.0-5 1.5.29~rc1-1 ii libkrb5-3 1.20.1-5 ii libmalcontent-0-0 0.11.1-1 ii libmm-glib0 1.22.0-1 ii libnm0 1.44.2-3 ii libnma-gtk4-0 1.10.6-1 ii libpango-1.0-0 1.51.0+ds-2 ii libpangocairo-1.0-0 1.51.0+ds-2 ii libpolkit-gobject-1-0 123-3 ii libpulse-mainloop-glib0 16.1+dfsg1-2+b1 ii libpulse0 16.1+dfsg1-2+b1 ii libpwquality1 1.4.5-1+b1 ii libsecret-1-0 0.21.1-1 ii libsmbclient 2:4.19.2+dfsg-1 ii libsnapd-glib-2-1 1.63-5 ii libudisks2-0 2.10.1-2 ii libupower-glib3 1.90.2-6 ii libwacom9 2.8.0-1 ii libx11-6 2:1.8.7-1 ii libxi6 2:1.8-1+b1 ii libxml2 2.9.14+dfsg-1.3 ii tecla 45.0-1 ii webp-pixbuf-loader 0.2.4-2 Versions of packages gnome-control-center recommends: ii cracklib-runtime 2.9.6-5+b1 ii cups-pk-helper 0.2.6-1+b1 ii fwupd 1.9.6-1 ii gnome-bluetooth-sendto 42.6-1 ii gnome-online-accounts 3.48.0-2 ii gnome-remote-desktop 44.2-6 ii gnome-user-docs 45.1-1 ii gnome-user-share 43.0-1 ii iso-codes 4.15.0-1 ii libcanberra-pulse 0.30-11 ii libnss-myhostname 254.5-1 ii libspa-0.2-bluetooth 0.3.83-1 pn malcontent-gui <none> ii network-manager-gnome 1.34.0-1 ii polkitd 123-3 ii power-profiles-daemon 0.13-2 ii realmd 0.17.1-2 ii rygel 0.42.4-1+b1 ii rygel-tracker 0.42.4-1+b1 ii system-config-printer-common 1.5.18-1 Versions of packages gnome-control-center suggests: ii gnome-software 45.1-1 ii gstreamer1.0-pulseaudio 1.22.6-1+b1 ii pkexec 123-3 ii x11-xserver-utils 7.7+9+b1 -- no debconf information