PrivSec-dev/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2024-11-08 07:51:33 -05:00
Code

Update layout

Browse Source 
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-06-10 02:53:41 -07:00
parent 846bec0628
commit ad00063084
Signed by: Tomster
GPG Key ID: 555C902A34EC968F
1 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
content/posts/knowledge/Laptop Hardware Security.md
View File

@ -52,4 +52,24 @@ In general, DRTM works by loading in an ACM binary signed by the CPU vendor alon
On Windows, DRTM is implemented with [System Guard](https://learn.microsoft.com/en-us/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows). On Linux, [TrenchBoot](https://trenchboot.org/) is being developed. One application of it would be to provide the Anti Evil Maid setup with Qubes OS. On Windows, DRTM is implemented with [System Guard](https://learn.microsoft.com/en-us/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows). On Linux, [TrenchBoot](https://trenchboot.org/) is being developed. One application of it would be to provide the Anti Evil Maid setup with Qubes OS.
One important thing here is that DRTM technologies can be bypassed via SMM, so you still need to have some level of trust in your firmware to implement SMM mitigations. One important thing here is that DRTM technologies can be bypassed via SMM, so you still need to have some level of trust in your firmware to implement SMM mitigations.
## Common misinformation
### Intel TSME and AMD PSP
### Intel AMT
### Restricted Boot
## Insecure Products
### Heads and PureBoot
### Lack of Intel Boot Guard
## Better Products
### Dell
### Lenovo