This fairly interesting stuff. With the fairly wide range of attacks (arbitrary code execution and faking signatures for modules) maybe some sort of runtime "psp-cleaner" might be possible, but it would probably be a crushingly difficult undertaking.
It's somewhat unclear form the slides, but it looks like these target the 17h (ryzen) psp. Do the same exploits also affect earlier versions?
As for the patching, afaik AMD has released patches for all of these, but I haven't seen any patches for my 16h systems. Maybe if it's ryzen there has been more enthusiasm to provide patches?
-Matt
On Sat, Feb 9, 2019 at 4:53 PM Ivan Ivanov qmastery16@gmail.com wrote:
Hi Shawn, thank you for the message! Luckily almost all the coreboot-supported AMD boards don't contain the PSP inside their CPUs
- maybe because PSP got added to AMD much later than ME got added to
Intel. Only a few AMD boards, starting with "late 16h" architecture (early 16h is fine) have the PSP inside. "With PSP + coreboot-supported" : could remember only some of newer PC Engines boards. Some examples: I have Lenovo G505S laptop - it has powerful quadcore CPU and supports 16GB RAM, but it is AMD 15h architecture, so no PSP there. ASUS KGPE-D16 powerful server with two AMD opterons (up to 16 cores each) - also no PSP. So, as you see, this "PSP problem" is not critical yet for AMD coreboot users. But of course it is important and thank you for raising the awareness and sharing this interesting presentation. Although maybe it'd have been better if such presentations were released later by their authors, because now AMD could patch these PSP flaws to make it stronger and harder to jailbreak :P
чт, 7 февр. 2019 г. в 09:13, Shawn citypw@gmail.com:
https://storage.googleapis.com/wzukusers/user-28822230/documents/5c5b3fd28b6...
PSP is so powerful just like ME/SPS on Intel chipset. AMD user might need a similar tool like me_cleaner? psp_cleaner?
-- GNU powered it... GPL protect it... God blessing it...
regards Shawn _______________________________________________ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.org
coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.org