Description of problem: `fwupdmgr security --force` say that my fwupd plugins are disabled. This line is present by default in my daemon config DisabledPlugins=test;test_ble;invalid After commenting that line and adding an empty DisabledPlugins entry, fwupdmgr security --force say that my fwupd plugins are tainted. Everything was fine before the update. Version-Release number of selected component (if applicable): fwupd-1.5.7-1.fc33.x86_64 How reproducible: Steps to Reproduce: 1. Install Fedora IoT 33.20210228.0 (fwupd-1.5.7-1.fc33.x86_64 is the default version there) 2. Run `fwupdmgr security --force` 3. Check the output of the test Actual results: fwupd plugins are disabled runtime issues are reported after removing the line disabling some plugins fwupd plugins are tainted Expected results: Should not be disabled nor tainted by default Additional info:
> fwupdmgr security --force` say that my fwupd plugins are disabled What's the exact output, with --verbose please
Created attachment 1760268 [details] fwupdtool security --force --verbose Getting timeouts several time while taking the logs [root@fitlet-1 ~]# fwupdmgr security --force --verbose (fwupdmgr:7058): GLib-DEBUG: 13:41:37.548: setenv()/putenv() are not thread-safe and should not be used after threads are created Failed to connect to daemon: Error calling StartServiceByName for org.freedesktop.fwupd: Timeout was reached And here is the other verbose log [root@fitlet-1 ~]# fwupdmgr security --force --verbose (fwupdmgr:7076): GLib-DEBUG: 13:42:05.971: setenv()/putenv() are not thread-safe and should not be used after threads are created (fwupdmgr:7076): Fwupd-DEBUG: 13:42:06.055: Emitting ::status-changed() [idle] WARNING: The daemon has loaded 3rd party code and is no longer supported by the upstream developers! Host Security ID: HSI:2! (v1.5.7) HSI-1 ? Intel DCI debugger: Disabled ? SPI BIOS region: Locked ? SPI lock: Enabled ? SPI write: Disabled ? TPM v2.0: Found ? TXE manufacturing mode: Locked ? TXE override: Locked ? TXE v0:3.1.70.2334: Valid ? UEFI platform key: Valid HSI-2 ? IOMMU: Enabled ? Intel DCI debugger: Locked ? TPM PCR0 reconstruction: Valid HSI-3 ? Suspend-to-ram: Disabled ? Intel CET Enabled: Not supported ? Pre-boot DMA protection: Disabled ? Suspend-to-idle: Disabled HSI-4 ? Intel SMAP: Enabled ? Encrypted RAM: Not supported Runtime Suffix -! ? Linux kernel: Untainted ? Linux kernel lockdown: Enabled ? Linux swap: Encrypted ? fwupd plugins: Tainted This system has HSI runtime issues. ? https://github.com/fwupd/fwupd/wiki/Host-security-ID-runtime-issues (fwupdmgr:7076): FuMain-DEBUG: 13:42:06.071: failed to find suitable remote: No remotes specified SecurityReportURI
Ahh, can you try "sudo fwupdtool security --verbose" please -- that runs without the daemon. Also, is bluetooth disabled by any chance on your machine?
The output of fwupdtool is in attachments. And yes, I don't have bluetooth in this device, [root@fitlet-1 ~]# systemctl status bluetooth.service ● bluetooth.service - Bluetooth service Loaded: loaded (/usr/lib/systemd/system/bluetooth.service; enabled; vendor pres> Active: inactive (dead) Docs: man:bluetoothd(8) [root@fitlet-1 ~]# journalctl -u bluetooth.service -- Logs begin at Mon 2021-03-01 16:34:02 -03, end at Tue 2021-03-02 13:49:20 -03. -- Mar 01 16:39:56 fedora-iot.mshome.net systemd[1]: Condition check resulted in Bluetooth service being skipped. -- Reboot --
Fix in https://github.com/fwupd/fwupd/pull/3051 -- would it be possible you test this please?