FWUPDMGR HSI levels: seeking information about 'SPI replay protection' (and how to enable it if possible)

anonymous455 · October 22, 2025, 9:13pm

I was recently going over a report generated by fwupdmgr securityand found that spi replay protection is the only hardware security feature not enabled by default on my system.

I’m struggling to find information about this feature apart from some unresolved questions about it on the Framework and HP help forums. It seems the feature is related to another term I can’t find much info on called “RPMC” (Relay Protected Monotonic Counter).

Does anyone have any information on this feature, how to enable it, or what it depends on?

Labfox · October 22, 2025, 9:54pm

SPI being a serial bus, maybe this is some kind of auth replay attack mitigation ?

hashcatHitman · October 22, 2025, 10:32pm

Unfortunately, I believe you can only get this enabled if your OEM issues a firmware update. This is sadly the case for many of the issues on my personal system. You can try reaching out, you might get lucky. I personally, did not.

Here’s more information: FwupdPlugin – 1.0: Host Security ID Specification

Topic		Replies	Views
How to properly enable IOMMU on Linux? Questions	7	2996	November 1, 2025
External HDD/SSD Firmware Off Topic	8	558	October 15, 2024
High level security Questions	34	2403	August 31, 2024
Coreboot Laptop finally getting Intel Boot Guard General article	5	597	February 21, 2026
Privacy noob with question about IntelME Questions	9	441	March 4, 2025

FWUPDMGR HSI levels: seeking information about 'SPI replay protection' (and how to enable it if possible)

Related topics