mirror of
https://github.com/PrivSec-dev/privsec.dev
synced 2024-12-22 12:51:34 -05:00
Update text
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
f98c309a4e
commit
e81a6cd362
@ -71,6 +71,12 @@ Intel CSME provides critical security features, including but not limited to:
|
|||||||
- Memory Encryption (on Intel vPro Enterprise systems)
|
- Memory Encryption (on Intel vPro Enterprise systems)
|
||||||
- Intel Locker (A nice mechanism to purge the encryption key from memory after early boot - not widely used on Linux yet, but is implemented on ChromeOS)
|
- Intel Locker (A nice mechanism to purge the encryption key from memory after early boot - not widely used on Linux yet, but is implemented on ChromeOS)
|
||||||
|
|
||||||
|
AMD PSP provides similar security features:
|
||||||
|
- Firmware TPM
|
||||||
|
- Memory Encryption (on Ryzen Pro and EPYC systems)
|
||||||
|
|
||||||
|
By disabling Intel CSME, you are **increasing the attack surface** by crippling security features. Additionally, if you buy hardware so old that you can run me_cleaner to disable the ME yourself, it means that these hardware do not have Boot Guard and it is impossible to implement any kind of boot security.
|
||||||
|
|
||||||
### Intel AMT and AMD DASH
|
### Intel AMT and AMD DASH
|
||||||
|
|
||||||
### Restricted Boot
|
### Restricted Boot
|
||||||
|
Loading…
Reference in New Issue
Block a user