supportferro.blogg.se - What is amd psp 1.0 device driver

#WHAT IS AMD PSP 1.0 DEVICE DRIVER GENERATOR#
#WHAT IS AMD PSP 1.0 DEVICE DRIVER PATCH#
#WHAT IS AMD PSP 1.0 DEVICE DRIVER VERIFICATION#
#WHAT IS AMD PSP 1.0 DEVICE DRIVER CODE#

^ a b "Dissecting the AMD Platform Security Processor"."Dissecting the AMD Platform Security Processor". ^ a b Werling, Christian Buhren, Robert, Dissecting the AMD Platform Security Processor, retrieved.The PSP is an ARM core with TrustZone technology, built onto the main CPU die. This built-in AMD Secure Processor has been criticized by some as another possible attack vector. "AMD Reportedly Allows Disabling PSP Secure Processor With Latest AGESA".

#WHAT IS AMD PSP 1.0 DEVICE DRIVER CODE#

^ Claburn, Thomas (), Security hole in AMD CPUs' hidden secure processor code revealed ahead of patches, The Register.

"Expert Says NSA Have Backdoors Built Into Intel And AMD Processors".

^ "BIOS and Kernel Developer's Guide (BKDG) for AMD Family 16h Models 30h-3Fh Processors" (PDF).

This chip is found on most AMD platforms from 2013 on, and behaves much like Intel's Management Engine does The rather blunt realization that PSP wasn't being open sourced came out during a discussion with AMD top brass about EPYC. "AMD Confirms It Won't Opensource EPYC's Platform Security Processor Code". Their validity from a technical standpoint was upheld by independent security experts who reviewed the disclosures, although the high risks claimed by CTS Labs were dismissed, leading to claims that the flaws were published for the purpose of stock manipulation. AMD announced firmware updates to handle these flaws. In March 2018, an Israeli IT security company reported a handful of allegedly serious flaws related to the PSP in AMD's Zen architecture CPUs ( EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile) that could allow malware to run and gain access to sensitive information.

#WHAT IS AMD PSP 1.0 DEVICE DRIVER PATCH#

In September 2017, Google security researcher Cfir Cohen reported a vulnerability to AMD of a PSP subsystem that could allow an attacker access to passwords, certificates, and other sensitive information a patch was rumored to become available to vendors in December 2017.

#WHAT IS AMD PSP 1.0 DEVICE DRIVER VERIFICATION#

Using the previous data structures the off-chip firmware finds UEFI firmware within the SPI ROM and copies it over to DRAM, it may perform additional verification steps and if the system is deemed secure, it will release the x86 cores from their reset state, thus starting UEFI firmware. Off-chip phase The loaded off-chip modules will initialize DRAM and perform platform initialization. On-chip phase Firmware located directly on the PSP chip sets up the ARM CPU, verifies the integrity of the SPI ROM and using various data structures locates the off-chip firmware and copies it over to internal PSP memory.

The PSP is an integral part of the boot process, without it the x86 cores would never be activated.

#WHAT IS AMD PSP 1.0 DEVICE DRIVER GENERATOR#

The PSP also provides a random number generator for the RDRAND instruction and provides TPM services. They discovered that the firmware is run inside in the same system's memory space that user's applications do with unrestricted access to it (including MMIO) raising concerns over data safety. Investigation of a Lenovo ThinkPad A285 notebook's motherboard flash chip (stores UEFI firmware) revealed that the PSP core itself (as a device) is run before the main CPU and that its firmware bootstrapping process starts just before basic UEFI gets loaded. By using a few hand-written Python-based tools, they found that the off-chip firmware from the SPI ROM contained an application resembling an entire micro operating system. In 2019, a Berlin based security group discovered the off-chip firmware in ordinary UEFI image files (the code that boots up the operating system), which meant that it could be easily analyzed. The PSP contains on-chip firmware which is responsible for verifying the SPI ROM and loading off-chip firmware from it. The PSP itself represents an ARM core with the TrustZone extension which is inserted into the main CPU die as a coprocessor.