Return to list New
View: 471|Reply: 4

GTR7 Pro BIOS Security

[Copy link]
Wowa

2

Threads

8

Posts

129

Credits

Member

Rank: 2

Credits
129
Post time 2024-05-30 03:17:52 | Show all posts |Read mode
Hello,

I own a GTR7 Pro with BIOS version GTR_P5C6V37.
System notified me that I have poor seciurity configuration of the BIOS.

Here is what I found using fwupdmgr security --force command:
  • Host Security ID: HSI:0 (v1.9.20)
  • HSI-1
  • ✔ BIOS firmware updates:         Enabled
  • ✔ Fused platform:                Locked
  • ✔ Supported CPU:                 Valid
  • ✔ TPM empty PCRs:                Valid
  • ✔ TPM v2.0:                      Found
  • ✔ UEFI bootservice variables:    Locked
  • ✔ UEFI secure boot:              Enabled
  • ✘ UEFI platform key:             Invalid
  • HSI-2
  • ✔ IOMMU:                         Enabled
  • ✔ Platform debugging:            Locked
  • ✔ TPM PCR0 reconstruction:       Valid
  • ✘ SPI write protection:          Disabled
  • HSI-3
  • ✔ CET Platform:                  Supported
  • ✔ Suspend-to-idle:               Enabled
  • ✔ Suspend-to-ram:                Disabled
  • ✘ SPI replay protection:         Not supported
  • ✘ Pre-boot DMA protection:       Disabled
  • HSI-4
  • ✔ SMAP:                          Enabled
  • ✘ Processor rollback protection: Disabled
  • ✘ Encrypted RAM:                 Not supported
  • Runtime Suffix -!
  • ✔ fwupd plugins:                 Untainted
  • ✔ CET OS Support:                Supported
  • ✔ Linux kernel lockdown:         Enabled
  • ✔ Linux swap:                    Encrypted
  • ✔ Linux kernel:                  Untainted

Copy the Code
What particularly bothered me:
  • UEFI platform key - probably outdated - I'll be reading about that. I hope it will be possible to update this key.
  • SPI write protection and SPI replay protection - I can't find BIOS option for that. Is it possible to enable it?

Reply

Use magic Report

tuiguang13

0

Threads

77

Posts

701

Credits

Moderator

Rank: 7Rank: 7Rank: 7

Credits
701
Post time 2024-05-30 15:38:57 | Show all posts
Hello there,
We will ask for the technical personnel.After getting any answer,we will reply you.
Reply Support Not support

Use magic Report

Wowa

2

Threads

8

Posts

129

Credits

Member

Rank: 2

Credits
129
 Author| Post time 2024-06-05 22:58:15 | Show all posts
tuiguang13 replied at 2024-05-30 15:38
Hello there,
We will ask for the technical personnel.After getting any answer,we will reply you.

Any update?

I was able to workaround the UEFI platform key problem, by replacing keys using github/microsoft/secureboot_objects keys. Now UEFI platform key test is marked valid. It would be good if Beelink released a BIOS update that includes the latest certificates. At this moment there is Platform Key named "DO NOT TRUST - Ami Test PK"
Reply Support Not support

Use magic Report

Wowa

2

Threads

8

Posts

129

Credits

Member

Rank: 2

Credits
129
 Author| Post time 2024-06-05 23:40:10 | Show all posts
Moved it to the new forum
Reply Support Not support

Use magic Report

bignay2000

1

Threads

9

Posts

47

Credits

Newbie

Rank: 1

Credits
47
Post time 2024-06-14 05:53:45 | Show all posts
Really be great to get a BIOS version that passed this modern security stuff.  This would make the GTR7Pro a perfect computer!
Reply Support Not support

Use magic Report

Return to list New
Advanced Mode
B Color Image Link Quote Code Smilies
You have to log in before you can reply Login | Sign up

Points Rules

Copyright © 2023 All Rights Reserved X3.4 Beelink Copyright Holder  
/ Support-PC@bee-link.com
Quick Reply To Top Return to the list