Jump to content

AMD Platform Security Processor

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Hairy Dude (talk | contribs) at 18:36, 21 February 2020 (Security history: spelling). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The AMD Platform Security Processor (PSP), officially known as AMD Secure Technology, is a trusted execution environment subsystem incorporated since about 2013 into AMD microprocessors.[1] According to an AMD developer's guide, the subsystem is "responsible for creating, monitoring and maintaining the security environment" and "its functions include managing the boot process, initializing various security related mechanisms, and monitoring the system for any suspicious activity or events and implementing an appropriate response".[2] Critics worry it can be used as a backdoor and is a security concern.[3][4][5] AMD has denied requests to open source the code that runs on the PSP.[1]

The PSP is similar to the Intel Management Engine for Intel processors.[1]

Details

The PSP itself is an ARM core inserted on the main CPU.[6]

Security history

In September 2017, Google security researcher Cfir Cohen reported a vulnerability to AMD of a PSP subsystem that could allow an attacker access to passwords, certificates, and other sensitive information; a patch was rumored to become available to vendors in December 2017.[7][8]

In March 2018, a handful of alleged serious flaws were announced in AMD's Zen architecture CPUs (EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile) by an Israeli IT security company related to the PSP that could allow malware to run and gain access to sensitive information.[9] AMD has announced firmware updates to handle these flaws.[10][11] While there were claims that the flaws were published for the purpose of stock manipulation,[12][13] their validity from a technical standpoint was upheld by independent security experts who reviewed the disclosures, although the high risks claimed by CTS Labs were often dismissed by said independent experts.[14]

References

  1. ^ a b c Williams, Rob (2017-07-19). "AMD Confirms It Won't Opensource EPYC's Platform Security Processor Code". This chip is found on most AMD platforms from 2013 on, and behaves much like Intel's Management Engine does [...] The rather blunt realization that PSP wasn't being open sourced came out during a discussion with AMD top brass about EPYC.
  2. ^ "BIOS and Kernel Developer's Guide (BKDG) for AMD Family 16h Models 30h-3Fh Processors" (PDF). AMD. 2016. p. 156.
  3. ^ Martin, Ryan (July 2013). "Expert Says NSA Have Backdoors Built Into Intel And AMD Processors". eteknix.com. Retrieved 2018-01-19.
  4. ^ Claburn, Thomas (2018-01-06), Security hole in AMD CPUs' hidden secure processor code revealed ahead of patches, The Register
  5. ^ Larabel, Michael (2017-12-07). "AMD Reportedly Allows Disabling PSP Secure Processor With Latest AGESA". This built-in AMD Secure Processor has been criticized by some as another possible attack vector...
  6. ^ "Libreboot FAQ". The PSP is an ARM core with TrustZone technology, built onto the main CPU die.
  7. ^ Millman, Rene (2018-01-08). "Security issue found in AMD's Platform Security Processor".
  8. ^ Cimpanu, Catalin (2018-01-06). "Security Flaw in AMD's Secure Chip-On-Chip Processor Disclosed Online".
  9. ^ Goodin, Dan (2018-03-13). "A raft of flaws in AMD chips makes bad hacks much, much worse". Ars Technica.
  10. ^ Bright, Peter (2018-03-20). "AMD promises firmware fixes for security processor bugs All bugs require administrative access to exploit". Ars Technica.
  11. ^ Papermaster, Mark (2018-03-21). "Initial AMD Technical Assessment of CTS Labs Research". AMD Community.
  12. ^ Burke, Steve; Lathan, Patrick. "Assassination Attempt on AMD by Viceroy Research & CTS Labs, AMD "Should Be $0"". GamersNexus.
  13. ^ Zynath Investment. "AMD And CTS Labs: A Story Of Failed Stock Manipulation". Seeking Alpha.
  14. ^ Guido, Dan. ""AMD Flaws" Technical Summary".