1
0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2024-11-09 08:21:32 -05:00

Update text

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-06-10 04:20:32 -07:00
parent f98c309a4e
commit e81a6cd362
Signed by: Tomster
GPG Key ID: 555C902A34EC968F

View File

@ -71,6 +71,12 @@ Intel CSME provides critical security features, including but not limited to:
- Memory Encryption (on Intel vPro Enterprise systems)
- Intel Locker (A nice mechanism to purge the encryption key from memory after early boot - not widely used on Linux yet, but is implemented on ChromeOS)
AMD PSP provides similar security features:
- Firmware TPM
- Memory Encryption (on Ryzen Pro and EPYC systems)
By disabling Intel CSME, you are **increasing the attack surface** by crippling security features. Additionally, if you buy hardware so old that you can run me_cleaner to disable the ME yourself, it means that these hardware do not have Boot Guard and it is impossible to implement any kind of boot security.
### Intel AMT and AMD DASH
### Restricted Boot