Hi. bought a new desktop with a ASRock B760M Pro RS/D4 and a 12th Gen Intel® Core™ i9-12900KF × 24 CPU, however after transferring my hard drive to my new desktop,nearly all hardware security checks which I have listed at the end of this topic. It seems that I contacted ASRock over this and they recommended reinstalling the operating system which I did, but the results are the same. Seems that ASRock recommended that I contact Ubuntu directly which brings me here. Most troubling of the settings seems that the motherboard is in manufacturing mode which really creeps me out. Is there a conflict between the motherboard and Ubuntu? Let me know if you have any ideas or need more details. I’ll provide what I canwith the latter.
Below is the Device Security Report.
Device Security Report
Report details
Date generated: 2025-08-29 15:29:04
fwupd version: 2.0.7
System details
Hardware model: ASRock B760M Pro RS/D4
Processor: 12th Gen Intel(R) Core™ i9-12900KF
OS: Ubuntu 25.04
Security level: HSI:0! (v2.0.7)
maybe check if there are linux drivers on your brand pc, but it seems that maybe uefi needs its windows settings be turned on(this report then should be new on kernel update)… amid some HSI Tests failing as they are not Ubuntu Ready for First Install, and also Network Administrator needs maybe some admission for your approval and maybe some licensing if required for compatibility with Android and similars.
That’s a curiously-phrased question.
From a software (Ubuntu) standpoint, a hardware “conflict” would typically mean that the software simply could not load or run.
That’s curious advice, as changing the operating system rarely has any effect on hardware.
Well, as I said being stuck in manufacturing is the main concern I have here, though I contacted ASRock, the company that made the motherboard and they said it could be the OS being at fault here. From what hifron said earlier it could be that the UEFI needs the Windows settings turned and mentioned something about a kernel update. This is certainly new territory for me.
Edit Update:
I just updated the Kernel to the latest version. Still no change. I guess updating the kernel is at least something.
Second Edit Update:
Seems that I restarted the system and for what ever reason my desxktop doesn’t like the new Kernel. It says:
Quote
Loading Linux 6.16.4-061604-generic …
error: bad shim signature.
Loading initial ramdisk …
error: you need to load the kernel first.
Unquote
It seems you turn UEFI Secure boot on, but have installed Ubuntu with it off. You may be able to update, but if new install, easier to just reinstall with Secure Boot on.
Fwupdate is a tool to update UEFI firmware. It now also can run a check on settings. But most motherboard manufacturers do not provide firmware for updates, many laptop mfgs do.
Often updating UEFI, reverts settings to vendor defaults. If you change settings, you have to redo them. My old motherboard required 6 or 7 settings changed with every updates. My newer Dell laptop automatically udpates with Dell, and does not need any settings changed, if I want Secure Boot on.
I think manufacturer mode, just means you can update UEFI settings.
Only some vendors & even then only some models are supported with fwupdate. You can use Windows if dual booting, or most vendors have instructions on downloading the update file into a FAT32 partition and updating from there or a DOS type bootable flash drive with update files.
Some systems have added locks on UEFI updates/changes. Check UEFI settings. Often better to download manual for more explanation that what little is inside UEFI itself.
Good news. I finally was able to disable secure boot and the updates installed properly with most of the security risks gone. All that’s left is the Linux Kernal Verification.
don’t know why - there is gnome firmware and sign option… fwupdmgr --help as cmd when something does not show up in snap version of gnome firmware to snap package change.
Note that this is not an Ubuntu kernel (the version looks like it is one of the debug kernels from the mainline PPA which should not be used in production (there are tons of security patches missing, the config is wrong and installing such a kernel disables kernel updates for good) these kernels are solely for the case where a kernel team member asks you in a bug to temporarily install them to verify if a bug is fixed in a mainline release (and then remove them again immediately))…
Also see the bold warning in the first paragraph from the Ubuntu kernel team at:
I do not have any recommendation here and it is up to you to decide to drop all security from your system at the very core by installing a mainline kernel that does not have the security options set or patches applied a normal supported Ubuntu kernel provides, your system, your choice …
I’m just asking that you do not spread links to instructions that might lead others to installing a mainline kernel without knowing what they get themselves into. If you put a link like the above in one of your posts here, please add a big disclaimer so people reading along do understand the massive security hole they open on their system when following it.
Sorry. Didn’t intend to post a link with risk info. Any idea where I can download the mainline kernel. Seems like this issue is coming to a close.
Update:I may get some heat over this, but I came across a video on installing mainline kernels. Based on what the video advises i’m supposed to install and uses the latest “long term” kernel rather than the flat out newest one. https://www.youtube.com/watch?v=AV6sk_8IBME
I tried the latest mainnline(6.12.45 I currently only can use 6.14.29-0) version marked as “longterm.” Still no luck. Same message as the latest version
