Ubuntu Isn't Yet Onboard With GNOME's "Device Security" Screen

Written by Michael Larabel in Ubuntu on 28 August 2022 at 06:47 AM EDT. 59 Comments
UBUNTU
Coming with GNOME 43 is a "Device Security" panel within the GNOME Control Center. While intended to help ensure their system is protected, Ubuntu isn't onboard with this Device Security functionality yet and has stripped it out from their GNOME build for Ubuntu 22.10.

The GNOME Device Security area warns users if Secure Boot is disabled and other platform-related security settings that are less than ideal. This GNOME integration has been worked on by Red Hat engineers along with the lower-level platform checks tied into Fwupd and the like. Eventually the hope is this Device Security area could assist users in improving their security settings beyond just warning them over the current system state.

This week Ubuntu 22.10's GNOME Control Center package (gnome-control-center) package patched out the Device Security panel entirely.


This was done per this bug report on the basis of the Device Security feature being "confusing and unhelpful currently."

Due to not yet helping users addressing the exposed problems and Ubuntu reportedly only able to attain a highest security level score of 1 out of 3, it was decided by Canonical engineers to remove this functionality at least for Ubuntu 22.10. Obtaining a higher security level score requires the likes of Intel BootGuard, TPM reconstruction, IOMMU protections, pre-boot DMA protections, Intel CET, suspend-to-idle, and encrypted RAM.
A default Ubuntu install only gets us "Security Level 1". The highest level is "Security Level 3".

There isn't anything an Ubuntu user can do to get to a higher security level from the Device Security screen.

If a user attempts to get their system to a higher security level, I think they could break their system since this isn't something we currently support.

Therefore, I think we ought to hide/disable the screen for Ubuntu 22.10. We can work towards better integrating this screen for Ubuntu in future releases.

The "Security Level 1" under GNOME means TPM 2.0 presence, UEFI Secure Boot enabled, Intel ME override is locked, platform debugging is disabled, and other basics.

For those desiring a security dump of their system firmware state, from the command-line fwupdmgr security does provide some information in the absence of the GNOME Control Center's Device Security area in Ubuntu 22.10.
59 Comments
Related News
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
Ubuntu flash-kernel Package Looks To Drop Support For Old ARM Hardware
Ubuntu 25.04 Planning To Use GCC 15 As Well As Exploring Greater LLVM Use
Mir 2.19 Released With Atomic KMS Platform Support, New Wayland Protocols
UBports' Ubuntu Touch OTA-7 Atop Ubuntu 20.04 Released
Updated Ubuntu 24.10 Install Image Released For Snapdragon X1 Elite Laptops
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
Rustls Multi-Threaded Performance Is Battering OpenSSL
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
Fedora 42 Aims To Enhance The Windows Subsystem For Linux Experience
KDE Starts December By Landing A Number Of New Features