Here's what I know about PSP:
I'm utterly ignorant of the PSP -- is this thing like the Intel ME, and
how scared should we be of it?
Somewhat scared.
The PSP is an actual processor that takes control when reset is released. The x86 does not start fetching code until the PSP is satisfied that BIOS meets whatever constraints have been programmed into the PSP firmware.
There are TPM-like characteristics but I don't know any specifics.
The PSP is capable of "locking" additional processor features that could be exploited to take over a system.
My hope is that it ... deactivates itself silently.
For the coreboot implementation, it runs, decides that the x86 code is not its concern, and the x86 starts fetching code. From that point on, I think the PSP is transparent to the x86.
After glancing thru [the PSP presentation], it looks more like they are grafting the security model of ARM-based SoCs onto x86 where a masked ROM loads the next stage.
A masked processor and associated firmware (the PSP) validate the first "stage" of x86 code. What comprises the first stage is arbitrary and gets signed with an AMD private key. Your first stage could be bootblock, bootblock plus romstage, something more involved, or something less involved. You need a legal arrangement with AMD to get your first stage signed. For coreboot, none of the x86 code is signed.
So we can kiss goodbye coreboot on AMD platforms in the future?.. How
sad! :-/
That isn't true for the first processor with PSP. Coreboot support for "Steppe Eagle" is already posted to Gerrit. Steppe Eagle is the AMD Embedded variant of Mullins. The Olive Hill+ platform demonstrates building a coreboot ROM without requiring that AMD sign any part of the coreboot code. I expect to have the final version of support posted by the end of the week. Give me some +2's and we could have PSP support available next week! ;-)
Does this thing ... exist in any AMD CPUs buyable today?
The processors are released as AMD Beema (A6-6310, A4-6210, E2-6110,E1-6010), AMD Mullins (A10 micro-6700T, A4 micro-6400T, E1 Micro-6200T), and AMD Steppe Eagle processors. AMD has developed reference boards similar to what was developed for AMD Kabini SoCs. I have not seen any retail "bare-bones" motherboards, but maybe there are low-end notebooks and desktops that use Mullins/Beema (perhaps Acer Aspire AXC-115-UR20)?
Am 26.08.2014 20:00 schrieb Bruce Griffith:
Here's what I know about PSP:
I'm utterly ignorant of the PSP -- is this thing like the Intel ME, and how scared should we be of it?
Somewhat scared.
The PSP is an actual processor that takes control when reset is released. The x86 does not start fetching code until the PSP is satisfied that BIOS meets whatever constraints have been programmed into the PSP firmware.
I can see this as a way to prevent modification of some signed parts of coreboot, i.e. it can be a usable and desirable security mechanism against unauthorized firmware replacement. However, if the key used for verification is under control of a foreign entity and can't be changed, some users (especially government users) won't consider this to be additional security.
There are TPM-like characteristics but I don't know any specifics.
The PSP is capable of "locking" additional processor features that could be exploited to take over a system.
My hope is that it ... deactivates itself silently.
For the coreboot implementation, it runs, decides that the x86 code is not its concern, and the x86 starts fetching code. From that point on, I think the PSP is transparent to the x86.
After glancing thru [the PSP presentation], it looks more like they are grafting the security model of ARM-based SoCs onto x86 where a masked ROM loads the next stage.
A masked processor and associated firmware (the PSP) validate the first "stage" of x86 code. What comprises the first stage is arbitrary and gets signed with an AMD private key. Your first stage could be bootblock, bootblock plus romstage, something more involved, or something less involved. You need a legal arrangement with AMD to get your first stage signed. For coreboot, none of the x86 code is signed.
Hm. Is there a way to have AMD exchange that key for your own, possibly by paying decent money? That way, the platform can be under your own control which would make security-conscious users (governments, military, ...) happy.
Regards, Carl-Daniel
-
Bruce Griffith -
Carl-Daniel Hailfinger