GNOME To Warn Users If Secure Boot Disabled, Preparing Other Firmware Security Help

Written by Michael Larabel in GNOME on 29 July 2022 at 06:11 AM EDT. 117 Comments
GNOME
GNOME and Red Hat developers are working on integrating firmware security tips and recommendations into the desktop for warning users about platform/firmware security issues like if UEFI Secure Boot is disabled and other possible avenues their system could be exploited.

Within the GNOME Control Center there is a firmware security area being worked on to show whether UEFI Secure Boot is active, various security protection details like the TPM status, whether Intel BootGuard is present and enabled, IOMMU protection state, and more. Ultimately those involved hope to allow triggering actions in some areas for fixing these issues when found to be in a less than ideal state.

The Plymouth boot splash screen is also preparing a warning image that would be displayed if Secure Boot is not enabled. That open merge request from Red Hat argues, "Secure boot is used against several security threats when malware tries to infect the firmware of the system. Users may inadvertently disable or software may intentionally disable the secure boot. Consequently, the system is running on an insecure platform with incorrect configuration. If Plymouth could offer a warning to the user, the user could reboot and reconfigure their system or asks for help immediately."


GNOME is preparing to warn users if Secure Boot is disabled, among other steps for trying to ensure the system state is at least secure at the platform level.


Similarly within the GDM display manager is this MR that is open for adding a Secure Boot check and warning notification so the user is alerted at log-in time whether their system could be vulnerable.

Building off that, Richard Hughes of Red Hat has blogged about work being done with Fwupd for allowing emulated host profiles. This emulated support is for helping to test firmware security states in arbitrary configurations for testing of the proposed GNOME Control Center additions and other work.
117 Comments
Related News
GNOME 48 Mutter To Enjoy Improved Cursor Scaling For Wine Wayland & More
Resources System Monitoring App For GNOME Now Displays NPU Usage
GNOME Mutter Switches To High Priority KMS Thread To Avoid Crashes
GNOME Mutter Lands Improved GPU Selection Logic For Laptops
GNOME Making Progress On Full-Featured USB Portal For Flatpaks
GNOME Triple Buffering May Need To Be Re-Engineered - Helping NVIDIA Performance
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features
NTSYNC Linux Patches Revived To Help Boost Steam Play Gaming Performance