Device Security

[tunix]

I recently moved to a custom image based on silverblue-main. Before that, it was an official ISO installation of Fedora Silverblue 36 updated to 38 and all those time, I had some level of Device Security checks ticked.

Now that I moved over to the new image, I see the following screen when I look at Device Security part of GNOME Settings (it's in Turkish but I think it's self explatory):

This machine is a System76 Lemur Pro (lemp10). I know that SecureBoot has issues with CoreBoot and therefore some of the things will look insecure in this window. But now it looks like it's gone worse compared to an official Fedora Silverblue installation medium.

Do we have a plan to address this issue or is this normal since I've the isogenerator so my ISO image probably lacks things that exist in Fedora's official images and it won't get fixed anytime soon?

I also wonder how bad is this in terms of security? (my drive is encrypted)

[bsherman]

I don't have a CoreBoot or System76 system to compare against, but this is what it looks like on my Dell XPS 15 9520.

It similar report on my sons' older Dell XPS laptops.

For clarity on how the custom ISO works... it uses a kickstart file to direct the normal Fedora Anaconda installer to directly install the uBlue modified image vs the default Silverblue image.

If you are in a position to spend time tinkering and testing. It would be helpful to know if your security report is the same when if you install stock Silverblue and rebase to uBlue. ( see https://ublue.it/images/#latest_14 )