Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

Update docs regarding Intel module disabling

Browse Source
This commit is contained in:
Raja Grewal 2024-08-07 14:01:49 +10:00
parent 20454fb811
commit 50fa721fd5
No known key found for this signature in database
GPG Key ID: 92CA473C156B64C4
2 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -214,10 +214,10 @@ disabling should first be blacklisted for a suitable amount of time.
Satellite Systems (GNSS).
- Optional - Intel Management Engine (ME): Provides some disabling of the interface
between the Intel ME and the OS. May lead to breakages in places such as security,
power management, display, and DRM. See discussion: https://github.com/Kicksecure/security-misc/issues/239
between the Intel ME and the OS. May lead to breakages in places such as firmware
updates, security, power management, display, and DRM. See discussion: https://github.com/Kicksecure/security-misc/issues/239
- Intel Platform Monitoring Technology Telemetry (PMT): Disable some functionality
- Intel Platform Monitoring Technology (PMT) Telemetry: Disable some functionality
of the Intel PMT components.
- Network File Systems: Disable uncommon and legacy network file systems.

5
etc/modprobe.d/30_security-misc_disable.conf
View File

@ -119,7 +119,8 @@ install gnss-usb /usr/bin/disabled-gps-by-security-misc
## Intel Management Engine (ME):
## Partially disable the Intel ME interface with the OS.
## ME functionality has increasing become more intertwined with basic Intel system operation.
## Disabling may lead to breakages in places such as security, power management, display, and DRM.
## Disabling may lead to breakages in numerous places without clear debugging/error messages.
## May cause issues with firmware updates, security, power management, display, and DRM.
##
## https://www.kernel.org/doc/html/latest/driver-api/mei/mei.html
## https://en.wikipedia.org/wiki/Intel_Management_Engine#Security_vulnerabilities
@ -140,7 +141,7 @@ install gnss-usb /usr/bin/disabled-gps-by-security-misc
#install mei_wdt /usr/bin/disabled-intelme-by-security-misc
#install microread_mei /usr/bin/disabled-intelme-by-security-misc
## Intel Platform Monitoring Technology Telemetry (PMT):
## Intel Platform Monitoring Technology (PMT) Telemetry:
## Disable some functionality of the Intel PMT components.
##
## https://github.com/intel/Intel-PMT