Ubuntu/Gnome warnings

[MatejKovacic]

I am using a laptop with Dasharo (coreboot+Heads) and Ubuntu 24.04.

I ran into an interesting problem.

Ubuntu has a Settings centre, where you can select Privacy & Security tab and it will show you information about your device security. Basically, this is just gnome-control-center app.

The funny thing is, that those checks are ... well, a little sloppy. So my Ubuntu found out that I am not using Secure Boot, issues a warning that Intel BootGuard is not enabled and concluded that my hardware does not pass security checks.

Now, this is just wrong. I mean, yes, I am not using Secure Boot, but I am using measured boot, which is way better, because Dasharo (creboot+Heads) firmware (https://docs.dasharo.com/) ensures the system’s firmware and boot integrity at all stages. From SPI (BIOS) firmware itself and all of the important boot files in the /boot directory, including the disk encryption setup files, the kernel, the initrd file and the GRUB configuration. This means I have an attestation of the entire boot process.

So in contrast to Secure Boot, I have a chain of trust from the beginning of the boot process till the end, but Ubuntu is still saying that my hardware is not secure.

This is a clearly bug from Ubuntu/Gnome side, and I am pretty sure that is the lack of knowledge by developers of gnome-control-center. So I opened a bug report here:

https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2093192

and here:

https://gitlab.gnome.org/GNOME/gnome-control-center/-/issues/3297

I completely understand that this is not an issue from NovaCustom or Dasharo side, however it would be nice if we all try to press on Ubuntu/Gnome developers to change/update their security checks.

Thank you.

[MatejKovacic]

Now bug is moved here: fwupd/fwupd#8279