mirror of
https://github.com/PrivSec-dev/privsec.dev
synced 2024-12-22 21:01:34 -05:00
Update text
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
141fe62bee
commit
f98c309a4e
@ -58,9 +58,20 @@ It is important to note that DRTM technologies can be bypassed via the System Ma
|
|||||||
|
|
||||||
### Intel CSME and AMD PSP
|
### Intel CSME and AMD PSP
|
||||||
|
|
||||||
|
A very common misinformation among privacy communities is that the Intel Management Engine (ME), its sucessor - Intel Converged Security and Management Engine (CSME), and AMD Platform Security Processor (PSP) are some sort of evil backdoor. Some may go so far as to tell the user to "disable the ME", either out of paranoia or for attack surface reduction:
|
||||||
|
|
||||||
|
![Intel ME Misinformation](/images/intel-me-misinfo.png)
|
||||||
|
|
||||||
|
|
||||||
### Intel AMT
|
The problem with these recommendations are as follows:
|
||||||
|
|
||||||
|
Intel CSME provides critical security features, including but not limited to:
|
||||||
|
- Boot Guard (The basis of SRTM, as discussed above)
|
||||||
|
- Firmware TPM (Generally better than dedicated TPMs by being not being vulnerable to bus sniffing)
|
||||||
|
- Memory Encryption (on Intel vPro Enterprise systems)
|
||||||
|
- Intel Locker (A nice mechanism to purge the encryption key from memory after early boot - not widely used on Linux yet, but is implemented on ChromeOS)
|
||||||
|
|
||||||
|
### Intel AMT and AMD DASH
|
||||||
|
|
||||||
### Restricted Boot
|
### Restricted Boot
|
||||||
|
|
||||||
|
BIN
static/images/intel-me-misinfo.png
Normal file
BIN
static/images/intel-me-misinfo.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 166 KiB |
Loading…
Reference in New Issue
Block a user