Device security: security event names are very technical
The security event names are technical and won't be meaningful to very many people:
We can control the labels used for the event names (see here). They are:
IOMMU device protection enabled
IOMMU device protection disabled
Kernel is no longer tainted
Kernel is tainted
Kernel lockdown disabled
Kernel lockdown enabled
Pre-boot DMA protection is disabled
Pre-boot DMA protection is enabled
Secure Boot disabled
Secure Boot enabled
All TPM PCRs are valid
All TPM PCRs are now valid
A TPM PCR is now an invalid value
TPM PCR0 reconstruction is invalid
Sidenote: looks like the label for https://gitlab.gnome.org/doremihsuan/gnome-control-center/-/blob/kate-fwupd-hsi-gtk4/panels/firmware-security/cc-firmware-security-utils.c#L223 is incorrect?
A couple of options here:
1 Description texts
We could provide a longer additional text with each event, to explain their significance. For example:
The challenge here is that we could end up carrying a lot of technical documentation ourselves.
2 Friendlier titles
Instead of saying "Valid TPM PCR", we'd say "Valid Trusted Platform Module (TPM) Memory".
(I'm sure my description here is wrong - it's just a hypothetical example.)
We could also do 1 and 2 combined, and we could potentially add a more technical error code to the description.