Английская Википедия:AMD Platform Security Processor

Материал из Онлайн справочника
Перейти к навигацииПерейти к поиску

Шаблон:Short description

Файл:InsydeH2O UEFI AMD PSP screenshot.jpg
AMD Platform Security Processor settings in an UEFI configuration screen.

The AMD Platform Security Processor (PSP), officially known as AMD Secure Technology, is a trusted execution environment subsystem incorporated since about 2013 into AMD microprocessors.[1] According to an AMD developer's guide, the subsystem is "responsible for creating, monitoring and maintaining the security environment" and "its functions include managing the boot process, initializing various security related mechanisms, and monitoring the system for any suspicious activity or events and implementing an appropriate response".[2] Critics worry it can be used as a backdoor and is a security concern.[3][4][5] AMD has denied requests to open source the code that runs on the PSP.[1]

Notable Critics

  • Independent technology journalist Mental Outlaw (a pseudonym he is most commonly known by) has likened AMD's PSP to Intel's Management Engine, noting that both have been proven to be non-essential, as they are removed for American government computers without problem, yet highly dangerous pieces of hardware which act as 'Spyware at the Hardware Level'.
  • Edward Snowden, an NSA whistleblower, has claimed that large tech companies have been forced by the government through FISA to spy on its users on the software, firmware, and hardware level. He is currently in political asylum in Russia

Details

The PSP itself represents an ARM core (ARM Cortex A5[6]Шаблон:Circular reference) with the TrustZone extension which is inserted into the main CPU die as a coprocessor. The PSP contains on-chip firmware which is responsible for verifying the SPI ROM and loading off-chip firmware from it. In 2019, a Berlin-based security group discovered the off-chip firmware in ordinary UEFI image files (the code that boots up the operating system), which meant that it could be easily analyzed. By using a few hand-written Python-based tools, they found that the off-chip firmware from the SPI ROM contained an application resembling an entire micro operating system.[7][8][9] Investigation of a Lenovo ThinkPad A285 notebook's motherboard flash chip (stores UEFI firmware) revealed that the PSP core itself (as a device) is run before the main CPU and that its firmware bootstrapping process starts just before basic UEFI gets loaded. They discovered that the firmware is run inside in the same system's memory space that user's applications do with unrestricted access to it (including MMIO) raising concerns over data safety.[7][8][9] Because PSP is the chip that decides whenever the x86 cores will run or not, it is used to implement hardware downcoring, specific cores on the system can be made permanently inaccessible during manufacturing. The PSP also provides a random number generator for the RDRAND instruction[10] and provides TPM services.

Boot process

The PSP is an integral part of the boot process, without which the x86 cores would never be activated.

On-chip phase
Firmware located directly on the PSP chip sets up the ARM CPU, verifies the integrity of the SPI ROM, using various data structures locates the off-chip firmware (AGESA) from the SPI ROM, and copies it over to internal PSP memory.
Off-chip phase
The loaded off-chip modules will initialize DRAM and perform platform initialization. Using the previous data structures the off-chip firmware finds UEFI firmware within the SPI ROM and copies it over to DRAM, it may perform additional verification steps and if the system is deemed secure, it will release the x86 cores from their reset state, thus starting UEFI firmware.

Reported vulnerabilities

In September 2017, Google security researcher Cfir Cohen reported a vulnerability to AMD of a PSP subsystem that could allow an attacker access to passwords, certificates, and other sensitive information; a patch was rumored to become available to vendors in December 2017.[11][12]

In March 2018, an Israeli IT security company reported a handful of allegedly serious flaws related to the PSP in AMD's Zen architecture CPUs (EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile) that could allow malware to run and gain access to sensitive information.[13] AMD announced firmware updates to handle these flaws.[14][15] Their validity from a technical standpoint was upheld by independent security experts who reviewed the disclosures, although the high risks claimed by CTS Labs were dismissed,[16] leading to claims that the flaws were published for the purpose of stock manipulation.[17][18]

See also

References

Шаблон:Reflist

External links

  1. 1,0 1,1 Ошибка цитирования Неверный тег <ref>; для сносок Williams_2017 не указан текст
  2. Ошибка цитирования Неверный тег <ref>; для сносок AMD_2016 не указан текст
  3. Ошибка цитирования Неверный тег <ref>; для сносок Martin_2013 не указан текст
  4. Ошибка цитирования Неверный тег <ref>; для сносок Claburn_2018 не указан текст
  5. Ошибка цитирования Неверный тег <ref>; для сносок Larabel_2017 не указан текст
  6. ARM Cortex-A5
  7. 7,0 7,1 Шаблон:Citation
  8. 8,0 8,1 Шаблон:Cite web
  9. 9,0 9,1 Шаблон:Cite web
  10. Ошибка цитирования Неверный тег <ref>; для сносок AMD_RNG не указан текст
  11. Ошибка цитирования Неверный тег <ref>; для сносок Millman_2018 не указан текст
  12. Ошибка цитирования Неверный тег <ref>; для сносок Cimpanu_2018 не указан текст
  13. Ошибка цитирования Неверный тег <ref>; для сносок Goodin_2018 не указан текст
  14. Ошибка цитирования Неверный тег <ref>; для сносок Bright_2018 не указан текст
  15. Ошибка цитирования Неверный тег <ref>; для сносок Papermaster_2018 не указан текст
  16. Ошибка цитирования Неверный тег <ref>; для сносок trailofbits не указан текст
  17. Шаблон:Cite web
  18. Шаблон:Cite web