PrivSec-dev/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2024-09-19 17:24:43 -04:00
Code

Add Framework

Browse Source 
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-06-10 13:24:24 -07:00
parent e09b1b5d72
commit 69b20b0482
Signed by: Tomster
GPG Key ID: 555C902A34EC968F
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
content/posts/knowledge/Laptop Hardware Security/index.md
View File

@ -167,14 +167,18 @@ The harshest reality of all, is that because of how much they have crippled hard
Unfortunately, much like Purism, a lot of "Linux-focused" laptop vendors either do not set up Boot Guard, or set it up incorrectly. These include, but not limited to: Unfortunately, much like Purism, a lot of "Linux-focused" laptop vendors either do not set up Boot Guard, or set it up incorrectly. These include, but not limited to:
- [StarLabs](https://www.fwupd.org/lvfs/hsireports/device?host_vendor=Star+Labs&host_family=I3&host_product=Lite). - [StarLabs](https://www.fwupd.org/lvfs/hsireports/device?host_vendor=Star+Labs&host_family=I3&host_product=Lite)
- [System76](https://www.fwupd.org/lvfs/hsireports/device?host_vendor=System76&host_family=&host_product=Darter+Pro) - [System76](https://www.fwupd.org/lvfs/hsireports/device?host_vendor=System76&host_family=&host_product=Darter+Pro). They also say that their UEFI Secure Boot [is only intended for Windows installation checks to pass and not proper](https://github.com/system76/firmware-open/blob/3e19b73397c27cf88b048902a3f080f584d0f851/docs/uefi.md#secure-boot).
- [Tuxedo](https://www.fwupd.org/lvfs/hsireports/device?host_vendor=TUXEDO&host_family=&host_product=TUXEDO+InfinityBook+Pro+14+Gen6) - [Tuxedo](https://www.fwupd.org/lvfs/hsireports/device?host_vendor=TUXEDO&host_family=&host_product=TUXEDO+InfinityBook+Pro+14+Gen6)
You should avoid buying from these vendors as well, as it is impossible to have any kind of firmware security without Boot Guard. They all have HSI level 0. You should avoid buying from these vendors as well, as it is impossible to have any kind of firmware security without Boot Guard. They all have HSI level 0.
### Laptops with Insufficient Firmware Updates ### Laptops with Insufficient Firmware Updates
Some laptop brands may set up Boot Guard correctly and meet a high HSI level, but do not ship firmware frequently enough to fix critical vulnerabilities. These include, but not limited to:
- Framework. vPro Enterprise Framework devices actually meet [HSI level 4](https://www.fwupd.org/lvfs/hsireports/device?host_vendor=Framework&host_family=13in+Laptop&host_product=Laptop+(13th+Gen+Intel+Core)), but they unfortunately do not handle firmware updates properly. They have not shipped a single firmware for their 13th generation over a year since its release date, and over 6 months since the disclosure of LogoFail. While they do ship some updates for other devices, how they have been handling so far is not acceptable if you need a secure device.
### Ancient laptops ### Ancient laptops
### RYF and the Illusion of Freedom ### RYF and the Illusion of Freedom