Merge 70d2bd5870
into 0e769e1426
This commit is contained in:
commit
e20ee83e2d
|
@ -1,6 +1,6 @@
|
||||||
# Linux workstation security checklist
|
# Linux workstation security checklist
|
||||||
|
|
||||||
Updated: 2017-12-15
|
Updated: 2019-08-22
|
||||||
|
|
||||||
*Status: CURRENT*
|
*Status: CURRENT*
|
||||||
|
|
||||||
|
@ -168,6 +168,10 @@ ExpressCard are guilty of the same, though some later implementations of
|
||||||
Thunderbolt attempt to limit the scope of memory access. It is best if the
|
Thunderbolt attempt to limit the scope of memory access. It is best if the
|
||||||
system you are getting has none of these ports, but it is not critical, as
|
system you are getting has none of these ports, but it is not critical, as
|
||||||
they usually can be turned off via UEFI or disabled in the kernel itself.
|
they usually can be turned off via UEFI or disabled in the kernel itself.
|
||||||
|
If you are getting a system that has Thunderbolt 3, it is best if you plan on
|
||||||
|
leaving it enabled to ensure that Thunderbolt security is enabled and if security
|
||||||
|
levels are supported it is set to User Authorzation. This will prevent Thunderbolt
|
||||||
|
devices from attaching to the system without the user's knowledge.
|
||||||
|
|
||||||
#### TPM Chip
|
#### TPM Chip
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue