Slashdot Mirror

← Back to Stories (view on slashdot.org)

AMD Has No Plans To Release PSP Code (twitch.tv)

Posted by msmash on from the no-change-of-heart dept.

AMD has faced calls from Edward Snowden, Libreboot and the Reddit community to release the source code to the AMD Secure Processor (PSP), a network-capable co-processor which some believe has the capacity to act as a backdoor. But despite some signs earlier that it might consider opening the PSP code at some point, the chip-maker has now confirmed that there hasn't been a change of heart yet. "We have no plans on releasing it to the public," the company executives said in a tech talk (video).

5 of 125 comments (clear)

  1. Lisa Su is BAE by Anonymous Coward · · Score: 5, Informative

    PSP stands for Platform Security Processor, a secure enclave in the processor and AMD's version of the Intel Management Engine.

    Quoting from Libreboot:

    As such, it has the ability to hide its own program code, scratch RAM, and any data it may have taken and stored from the lesser-privileged x86 system RAM (kernel encryption keys, login data, browsing history, keystrokes, who knows!). To make matters worse, the PSP theoretically has access to the entire system memory space (AMD either will not or cannot deny this, and it would seem to be required to allow the DRM “features” to work as intended), which means that it has at minimum MMIO-based access to the network controllers and any other PCI/PCIe peripherals installed on the system.

    AMD is no doubt being bitten on the sack for using third parts code and we again see why everything should be open sources.

    1. Re:Lisa Su is BAE by ShanghaiBill · · Score: 4, Informative

      5. There really is a backdoor.

  2. Re:Proof by StormReaver · · Score: 5, Informative

    Except that's conspiracy-theory reasoning.

    If we've learned anything in the last five years or so, it's that's yesterday's wacko conspiracy theory is today's jaw-dropping, fact-checked revelation.

  3. Re:Ok, next! by tlhIngan · · Score: 4, Informative

    Another chip manufacturer that cannot be used for trustworthy IT infrastructure. Who's next on the chopping block?

    Better get rid of ARM, too, since ARM has the same thing.

    In fact, I believe AMD licensed ARM's technology for it - it's called TrustZone, and it separates out threads of execution into "secure" and "open" modes. Your regular OS runs in the "open" mode, and makes calls into the secure OS, which can be used to keep stuff like encryption keys away from the main OS. (You can use it for disk encryption - get the secure OS to generate a key, save it, and load the encryption key into the onboard encryption hardware, so none of the user software touches it. If you rip out the disk, it's useless because the key is locked away).

    Several DRM schemes also use it, including Google's Widevine DRM (requires it in order to work).

    And yes, the secure OS has full access to the main OS and all the peripherals.

    The boot chain must be strictly controlled - you have to start with a onboard ROM monitor that verifies the images as they load before transferring control the open world OS. Otherwise you can load any code you want. I'm not sure how AMD processors boot, but all ARM processors using TrustZone have a boot ROM that verifies the next stage bootloaders (and secure OS) before loading them into memory.

  4. Talos II is coming by jbn-o · · Score: 4, Informative

    According to https://www.raptorcs.com/TALOS... Raptor Engineering is working on Talos II. They claim it "Libre-friendly, powerful, and competitively priced the new, POWER9-based Talos II takes flight in early August 2017!" so not long to wait before we can evaluate the specs and price. Debian GNU/Linux has a POWER9 port which I'd expect would run on such hardware.

    --
    Digital Citizen