© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
> A default Ubuntu install only gets us "Security Level 1". The highest level is "Security Level 3".
It's not a function of the OS, it's a function of the underlying hardware, firmware, and firmware configuration for your given system.
The "!" in the HSI string is controlled by OS behavior (such as encrypted swap, taint, etc).
At least on a pre-production Lenovo Z13 I can get HSI-2, depending on whether Lenovo has SPI replay protection in the production hardware I might be able to get all the way to HSI 4.
Host Security ID: HSI:2! (v1.8.4)
HSI-1
✔ Fused platform: Locked
✔ Rollback protection: Enabled
✔ Supported CPU: Valid
✔ TPM empty PCRs: Valid
✔ TPM v2.0: Found
✔ UEFI platform key: Valid
HSI-2
✔ IOMMU: Enabled
✔ Platform Debugging: Locked
✔ SPI write protection: Enabled
✔ TPM PCR0 reconstruction: Valid
HSI-3
✔ Pre-boot DMA protection: Enabled
✔ Suspend-to-idle: Enabled
✔ Suspend-to-ram: Disabled
✘ SPI replay protection: Disabled
HSI-4
✔ Encrypted RAM: Encrypted