Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

Update docs regarding Intel module disabling

Browse Source
This commit is contained in:
Raja Grewal 2024-08-07 14:01:49 +10:00
parent 20454fb811
commit 50fa721fd5
No known key found for this signature in database
GPG Key ID: 92CA473C156B64C4
2 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -214,10 +214,10 @@ disabling should first be blacklisted for a suitable amount of time.
Satellite Systems (GNSS). Satellite Systems (GNSS).
- Optional - Intel Management Engine (ME): Provides some disabling of the interface - Optional - Intel Management Engine (ME): Provides some disabling of the interface
between the Intel ME and the OS. May lead to breakages in places such as security, between the Intel ME and the OS. May lead to breakages in places such as firmware
power management, display, and DRM. See discussion: https://github.com/Kicksecure/security-misc/issues/239 updates, security, power management, display, and DRM. See discussion: https://github.com/Kicksecure/security-misc/issues/239
- Intel Platform Monitoring Technology Telemetry (PMT): Disable some functionality - Intel Platform Monitoring Technology (PMT) Telemetry: Disable some functionality
of the Intel PMT components. of the Intel PMT components.
- Network File Systems: Disable uncommon and legacy network file systems. - Network File Systems: Disable uncommon and legacy network file systems.

5
etc/modprobe.d/30_security-misc_disable.conf
View File

@ -119,7 +119,8 @@ install gnss-usb /usr/bin/disabled-gps-by-security-misc
## Intel Management Engine (ME): ## Intel Management Engine (ME):
## Partially disable the Intel ME interface with the OS. ## Partially disable the Intel ME interface with the OS.
## ME functionality has increasing become more intertwined with basic Intel system operation. ## ME functionality has increasing become more intertwined with basic Intel system operation.
## Disabling may lead to breakages in places such as security, power management, display, and DRM. ## Disabling may lead to breakages in numerous places without clear debugging/error messages.
## May cause issues with firmware updates, security, power management, display, and DRM.
## ##
## https://www.kernel.org/doc/html/latest/driver-api/mei/mei.html ## https://www.kernel.org/doc/html/latest/driver-api/mei/mei.html
## https://en.wikipedia.org/wiki/Intel_Management_Engine#Security_vulnerabilities ## https://en.wikipedia.org/wiki/Intel_Management_Engine#Security_vulnerabilities
@ -140,7 +141,7 @@ install gnss-usb /usr/bin/disabled-gps-by-security-misc
#install mei_wdt /usr/bin/disabled-intelme-by-security-misc #install mei_wdt /usr/bin/disabled-intelme-by-security-misc
#install microread_mei /usr/bin/disabled-intelme-by-security-misc #install microread_mei /usr/bin/disabled-intelme-by-security-misc
## Intel Platform Monitoring Technology Telemetry (PMT): ## Intel Platform Monitoring Technology (PMT) Telemetry:
## Disable some functionality of the Intel PMT components. ## Disable some functionality of the Intel PMT components.
## ##
## https://github.com/intel/Intel-PMT ## https://github.com/intel/Intel-PMT