GNOME To Warn Users If Secure Boot Disabled, Preparing Other Firmware Security Help

Written by Michael Larabel in GNOME on 29 July 2022 at 06:11 AM EDT. 117 Comments
GNOME and Red Hat developers are working on integrating firmware security tips and recommendations into the desktop for warning users about platform/firmware security issues like if UEFI Secure Boot is disabled and other possible avenues their system could be exploited.

Within the GNOME Control Center there is a firmware security area being worked on to show whether UEFI Secure Boot is active, various security protection details like the TPM status, whether Intel BootGuard is present and enabled, IOMMU protection state, and more. Ultimately those involved hope to allow triggering actions in some areas for fixing these issues when found to be in a less than ideal state.

The Plymouth boot splash screen is also preparing a warning image that would be displayed if Secure Boot is not enabled. That open merge request from Red Hat argues, "Secure boot is used against several security threats when malware tries to infect the firmware of the system. Users may inadvertently disable or software may intentionally disable the secure boot. Consequently, the system is running on an insecure platform with incorrect configuration. If Plymouth could offer a warning to the user, the user could reboot and reconfigure their system or asks for help immediately."

GNOME is preparing to warn users if Secure Boot is disabled, among other steps for trying to ensure the system state is at least secure at the platform level.

Similarly within the GDM display manager is this MR that is open for adding a Secure Boot check and warning notification so the user is alerted at log-in time whether their system could be vulnerable.

Building off that, Richard Hughes of Red Hat has blogged about work being done with Fwupd for allowing emulated host profiles. This emulated support is for helping to test firmware security states in arbitrary configurations for testing of the proposed GNOME Control Center additions and other work.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week