Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-24 22:05:21 -05:00
Code Issues Projects Releases Packages Wiki Activity

Add note about Intel TME

Browse source
This commit is contained in:
raja-grewal 2025-11-18 20:31:46 +11:00 committed by GitHub
parent 99e993b885
commit 62dc2d4483
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
etc/default/grub.d/40_kernel_hardening.cfg#security-misc-shared
View file

@ -243,6 +243,7 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX erst_disable"
## This is hardware-based encryption managed by the proprietary and closed-source AMD Platform Security Processor (PSP).
## Both require a compatible AMD CPU and support for SME to first be enabled in the BIOS/UEFI.
## Likely unavailable in consumer-grade AMD CPUs where Transparent SME (TSME) can be enabled in the BIOS/UEFI to achieve SME.
## Note the corresponding Intel Total Memory Encryption (TME) can also be enabled via the BIOS/UEFI.
## May cause boot failure on certain hardware with incompatible DMA masks.
##
## https://www.kernel.org/doc/html/next/x86/amd-memory-encryption.html