1
0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2024-11-08 07:51:33 -05:00

Update text

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-06-10 04:11:44 -07:00
parent 141fe62bee
commit f98c309a4e
Signed by: Tomster
GPG Key ID: 555C902A34EC968F
2 changed files with 12 additions and 1 deletions

View File

@ -58,9 +58,20 @@ It is important to note that DRTM technologies can be bypassed via the System Ma
### Intel CSME and AMD PSP ### Intel CSME and AMD PSP
A very common misinformation among privacy communities is that the Intel Management Engine (ME), its sucessor - Intel Converged Security and Management Engine (CSME), and AMD Platform Security Processor (PSP) are some sort of evil backdoor. Some may go so far as to tell the user to "disable the ME", either out of paranoia or for attack surface reduction:
![Intel ME Misinformation](/images/intel-me-misinfo.png)
### Intel AMT The problem with these recommendations are as follows:
Intel CSME provides critical security features, including but not limited to:
- Boot Guard (The basis of SRTM, as discussed above)
- Firmware TPM (Generally better than dedicated TPMs by being not being vulnerable to bus sniffing)
- Memory Encryption (on Intel vPro Enterprise systems)
- Intel Locker (A nice mechanism to purge the encryption key from memory after early boot - not widely used on Linux yet, but is implemented on ChromeOS)
### Intel AMT and AMD DASH
### Restricted Boot ### Restricted Boot

Binary file not shown.

After

Width:  |  Height:  |  Size: 166 KiB