Disable some Intel PMT kernel modules

[raja-grewal]

Disable some Intel Platform Monitoring Technology Telemetry (PMT) kernel modules.

Disabling was first suggested in Issue https://github.com/Kicksecure/security-misc/issues/224.

Changes

Add some Intel PMT modules to the list of disabled kernel modules.

Create disabled-intelpmt-by-security-misc.

Mandatory Checklist

• [x] Legal agreements accepted. By contributing to this organisation, you acknowledge you have read, understood, and agree to be bound by these these agreements:

Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint

Optional Checklist

The following items are optional but might be requested in certain cases.

• [x] I have tested it locally
• [x] I have reviewed and updated any documentation if relevant
• [ ] I am providing new code and test(s) for it

[raja-grewal]

https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/38

[adrelanos]

Moved my comment to https://github.com/Kicksecure/security-misc/pull/236 where it belongs. It is a related discussion.

[raja-grewal]

As per the discussion at https://github.com/Kicksecure/security-misc/issues/224#issuecomment-2230729392.

For disabling Intel PMT, perhaps we should make it opt-in because I would imagine a large portion of users would prefer to have it preemptively disabled than risk any potential future revelations regarding what was actually being collected.