From abafb1945cace774429fefd0c1a037fb2ec3f774 Mon Sep 17 00:00:00 2001
From: Raja Grewal <rg_public@proton.me>
Date: Wed, 17 Jul 2024 13:26:03 +1000
Subject: [PATCH] Add Intel ME references

---
 etc/modprobe.d/30_security-misc_disable.conf | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/etc/modprobe.d/30_security-misc_disable.conf b/etc/modprobe.d/30_security-misc_disable.conf
index da40ded..28f9f3d 100644
--- a/etc/modprobe.d/30_security-misc_disable.conf
+++ b/etc/modprobe.d/30_security-misc_disable.conf
@@ -64,8 +64,13 @@ install gnss-usb /usr/bin/disabled-gps-by-security-misc
 
 ## Intel Management Engine (ME):
 ## Partially disable the Intel ME interface with the OS.
+## ME functionality has increasing become more intertwined with basic system operation.
+## Disabling may lead to breakages places such as security, power management, display, and DRM.
 ##
 ## https://www.kernel.org/doc/html/latest/driver-api/mei/mei.html
+## https://en.wikipedia.org/wiki/Intel_Management_Engine#Security_vulnerabilities
+## https://www.kicksecure.com/wiki/Out-of-band_Management_Technology#Intel_ME_Disabling_Disadvantages
+## https://github.com/Kicksecure/security-misc/pull/236#issuecomment-2229092813
 ##
 install mei /usr/bin/disabled-intelme-by-security-misc
 install mei-gsc /usr/bin/disabled-intelme-by-security-misc
@@ -75,8 +80,8 @@ install mei-me /usr/bin/disabled-intelme-by-security-misc
 install mei_phy /usr/bin/disabled-intelme-by-security-misc
 install mei_pxp /usr/bin/disabled-intelme-by-security-misc
 install mei-txe /usr/bin/disabled-intelme-by-security-misc
-install mei-vsc-hw /usr/bin/disabled-intelme-by-security-misc
 install mei-vsc /usr/bin/disabled-intelme-by-security-misc
+install mei-vsc-hw /usr/bin/disabled-intelme-by-security-misc
 install mei_wdt /usr/bin/disabled-intelme-by-security-misc
 install microread_mei /usr/bin/disabled-intelme-by-security-misc