GNOME To Warn Users If Secure Boot Disabled, Preparing Other Firmware Security Help

Written by Michael Larabel in GNOME on 29 July 2022 at 06:11 AM EDT. 117 Comments
GNOME
GNOME and Red Hat developers are working on integrating firmware security tips and recommendations into the desktop for warning users about platform/firmware security issues like if UEFI Secure Boot is disabled and other possible avenues their system could be exploited.

Within the GNOME Control Center there is a firmware security area being worked on to show whether UEFI Secure Boot is active, various security protection details like the TPM status, whether Intel BootGuard is present and enabled, IOMMU protection state, and more. Ultimately those involved hope to allow triggering actions in some areas for fixing these issues when found to be in a less than ideal state.

The Plymouth boot splash screen is also preparing a warning image that would be displayed if Secure Boot is not enabled. That open merge request from Red Hat argues, "Secure boot is used against several security threats when malware tries to infect the firmware of the system. Users may inadvertently disable or software may intentionally disable the secure boot. Consequently, the system is running on an insecure platform with incorrect configuration. If Plymouth could offer a warning to the user, the user could reboot and reconfigure their system or asks for help immediately."


GNOME is preparing to warn users if Secure Boot is disabled, among other steps for trying to ensure the system state is at least secure at the platform level.


Similarly within the GDM display manager is this MR that is open for adding a Secure Boot check and warning notification so the user is alerted at log-in time whether their system could be vulnerable.

Building off that, Richard Hughes of Red Hat has blogged about work being done with Fwupd for allowing emulated host profiles. This emulated support is for helping to test firmware security states in arbitrary configurations for testing of the proposed GNOME Control Center additions and other work.
117 Comments
Related News
GTK 4.15 Released With Vulkan Renderer By Default
GNOME Foundation To Focus On Fundraising After Years Running A Deficit
GNOME Mutter 46.1 Brings Explicit Sync, Better NVIDIA Hybrid GPU Acceleration
GNOME Working To Make Key Rack A Viable Password Manager, Better Printing For Flatpaks
GTK4 Continues Improving Graphics Offload & DMA-BUF Integration
GNOME Mutter Lands NVIDIA Hybrid GPU Copy Acceleration
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
systemd Rolling Out "run0" As sudo Alternative
Microsoft Open-Sources MS-DOS 4.0 Under MIT License
Linux Mint Looks To Fork More GNOME Software, Make XApp More Independent
Systemd 256-rc1 Brings A Huge Number Of New Features
NVIDIA Developer Opens Feature Pull Request For Open-Source NVK Driver
Microsoft Updates Cascadia Code: Its Open-Source Font For Developers
Rust-Based Coreutils 0.0.26 Increases Compatibility With GNU Coreutils
Ubuntu 24.04 LTS Downloads Now Available