Merge 5ab35e8a85
into 0e769e1426
This commit is contained in:
commit
61e5ef1397
|
@ -144,6 +144,8 @@ this section addresses core considerations when choosing a work system.
|
||||||
- [ ] System has no firewire, thunderbolt or ExpressCard ports _(NICE)_
|
- [ ] System has no firewire, thunderbolt or ExpressCard ports _(NICE)_
|
||||||
- [ ] System has a TPM chip _(NICE)_
|
- [ ] System has a TPM chip _(NICE)_
|
||||||
- [ ] System has disabled Intel ME chip _(PARANOID)_
|
- [ ] System has disabled Intel ME chip _(PARANOID)_
|
||||||
|
- [ ] System is not susceptible to Row hammer _(PARANOID)_
|
||||||
|
- [ ] System has no CPU vulnerabilities _(PARANOID)_
|
||||||
|
|
||||||
### Considerations
|
### Considerations
|
||||||
|
|
||||||
|
@ -201,6 +203,18 @@ chip functionality on your own. You should be mindful that it is an involved
|
||||||
process, and that disabling the IME may void the manufacturer support warranty
|
process, and that disabling the IME may void the manufacturer support warranty
|
||||||
(or even be against your employer policy).
|
(or even be against your employer policy).
|
||||||
|
|
||||||
|
#### Row hammer
|
||||||
|
|
||||||
|
There are no known types of RAM not effected by [Row hammer][28] / eccploit / Rowhammer.js /etc so test.
|
||||||
|
|
||||||
|
#### CPU vulnerabilities
|
||||||
|
|
||||||
|
Can be checked with
|
||||||
|
|
||||||
|
cd /sys/devices/system/cpu/vulnerabilities/ && grep . * | grep -v "Not affected"
|
||||||
|
|
||||||
|
Anything other than no response is not ideal
|
||||||
|
|
||||||
## Pre-boot environment
|
## Pre-boot environment
|
||||||
|
|
||||||
This is a set of recommendations for your workstation before you even start
|
This is a set of recommendations for your workstation before you even start
|
||||||
|
@ -871,3 +885,4 @@ This work is licensed under a
|
||||||
[25]: https://github.com/corna/me_cleaner
|
[25]: https://github.com/corna/me_cleaner
|
||||||
[26]: https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Known_vulnerabilities_and_exploits
|
[26]: https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Known_vulnerabilities_and_exploits
|
||||||
[27]: https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-management-engine/
|
[27]: https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-management-engine/
|
||||||
|
[28]: https://en.wikipedia.org/wiki/Row_hammer
|
||||||
|
|
Loading…
Reference in a new issue