From 62dc2d448366d190812773ec9eeadd38e1223cbc Mon Sep 17 00:00:00 2001
From: raja-grewal <rg_public@proton.me>
Date: Tue, 18 Nov 2025 20:31:46 +1100
Subject: [PATCH] Add note about Intel TME

---
 etc/default/grub.d/40_kernel_hardening.cfg#security-misc-shared | 1 +
 1 file changed, 1 insertion(+)

diff --git a/etc/default/grub.d/40_kernel_hardening.cfg#security-misc-shared b/etc/default/grub.d/40_kernel_hardening.cfg#security-misc-shared
index 962e37d..61aad7c 100644
--- a/etc/default/grub.d/40_kernel_hardening.cfg#security-misc-shared
+++ b/etc/default/grub.d/40_kernel_hardening.cfg#security-misc-shared
@@ -243,6 +243,7 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX erst_disable"
 ## This is hardware-based encryption managed by the proprietary and closed-source AMD Platform Security Processor (PSP).
 ## Both require a compatible AMD CPU and support for SME to first be enabled in the BIOS/UEFI.
 ## Likely unavailable in consumer-grade AMD CPUs where Transparent SME (TSME) can be enabled in the BIOS/UEFI to achieve SME.
+## Note the corresponding Intel Total Memory Encryption (TME) can also be enabled via the BIOS/UEFI.
 ## May cause boot failure on certain hardware with incompatible DMA masks.
 ##
 ## https://www.kernel.org/doc/html/next/x86/amd-memory-encryption.html