Merge pull request #236 from raja-grewal/intel_me

Disable more Intel ME kernel modules

etc/modprobe.d/30_security-misc_disable.conf

@@ -82,11 +82,26 @@ install gnss-usb /usr/bin/disabled-gps-by-security-misc
 
 ## Intel Management Engine (ME):
 ## Partially disable the Intel ME interface with the OS.
+## ME functionality has increasing become more intertwined with basic system operation.
+## Disabling may lead to breakages places such as security, power management, display, and DRM.
 ##
 ## https://www.kernel.org/doc/html/latest/driver-api/mei/mei.html
+## https://en.wikipedia.org/wiki/Intel_Management_Engine#Security_vulnerabilities
+## https://www.kicksecure.com/wiki/Out-of-band_Management_Technology#Intel_ME_Disabling_Disadvantages
+## https://github.com/Kicksecure/security-misc/pull/236#issuecomment-2229092813
 ##
 install mei /usr/bin/disabled-intelme-by-security-misc
+install mei-gsc /usr/bin/disabled-intelme-by-security-misc
+install mei_gsc_proxy /usr/bin/disabled-intelme-by-security-misc
+install mei_hdcp /usr/bin/disabled-intelme-by-security-misc
 install mei-me /usr/bin/disabled-intelme-by-security-misc
+install mei_phy /usr/bin/disabled-intelme-by-security-misc
+install mei_pxp /usr/bin/disabled-intelme-by-security-misc
+install mei-txe /usr/bin/disabled-intelme-by-security-misc
+install mei-vsc /usr/bin/disabled-intelme-by-security-misc
+install mei-vsc-hw /usr/bin/disabled-intelme-by-security-misc
+install mei_wdt /usr/bin/disabled-intelme-by-security-misc
+install microread_mei /usr/bin/disabled-intelme-by-security-misc
 
 ## Network File Systems:
 ## Disable uncommon network file systems to reduce attack surface.