After Intel ME, Researchers Find Security Bug In AMD's SPS Secret Chip-on-Chip

An anonymous reader writes: AMD has fixed, but not yet released BIOS/UEFI/firmware updates for the general public for a security flaw affecting the AMD Secure Processor. This component, formerly known as AMD PSP (Platform Security Processor), is a chip-on-chip security system, similar to Intel's much-hated Management Engine (ME). Just like Intel ME, the AMD Secure Processor is an integrated coprocessor that sits next to the real AMD64 x86 CPU cores and runs a separate operating system tasked with handling various security-related operations.

The security bug is a buffer overflow that allows code execution inside the AMD SPS TPM, the component that stores critical system data such as passwords, certificates, and encryption keys, in a secure environment and outside of the more easily accessible AMD cores. Intel fixed a similar flaw last year in the Intel ME.

Re:Not the same? Not an actual backdoor?

[TheMiddleRoad]

Because buffer overflows are only usable with physical access? AMD fanboys are the best.

Re:Not the same? Not an actual backdoor?

Sadly you're defending the indefensible. But that is how it goes with AMD fans.