PrivSec-dev/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2024-09-18 16:54:43 -04:00
Code

Update text

Browse Source 
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-06-10 04:20:32 -07:00
parent f98c309a4e
commit e81a6cd362
Signed by: Tomster
GPG Key ID: 555C902A34EC968F
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
content/posts/knowledge/Laptop Hardware Security.md
View File

@ -71,6 +71,12 @@ Intel CSME provides critical security features, including but not limited to:
- Memory Encryption (on Intel vPro Enterprise systems)
- Intel Locker (A nice mechanism to purge the encryption key from memory after early boot - not widely used on Linux yet, but is implemented on ChromeOS)
AMD PSP provides similar security features:
- Firmware TPM
- Memory Encryption (on Ryzen Pro and EPYC systems)
By disabling Intel CSME, you are **increasing the attack surface** by crippling security features. Additionally, if you buy hardware so old that you can run me_cleaner to disable the ME yourself, it means that these hardware do not have Boot Guard and it is impossible to implement any kind of boot security.
### Intel AMT and AMD DASH
### Restricted Boot