https://storage.googleapis.com/wzukusers/user-28822230/documents/5c5b3fd28b6...
PSP is so powerful just like ME/SPS on Intel chipset. AMD user might need a similar tool like me_cleaner? psp_cleaner?
Hi Shawn, thank you for the message! Luckily almost all the coreboot-supported AMD boards don't contain the PSP inside their CPUs - maybe because PSP got added to AMD much later than ME got added to Intel. Only a few AMD boards, starting with "late 16h" architecture (early 16h is fine) have the PSP inside. "With PSP + coreboot-supported" : could remember only some of newer PC Engines boards. Some examples: I have Lenovo G505S laptop - it has powerful quadcore CPU and supports 16GB RAM, but it is AMD 15h architecture, so no PSP there. ASUS KGPE-D16 powerful server with two AMD opterons (up to 16 cores each) - also no PSP. So, as you see, this "PSP problem" is not critical yet for AMD coreboot users. But of course it is important and thank you for raising the awareness and sharing this interesting presentation. Although maybe it'd have been better if such presentations were released later by their authors, because now AMD could patch these PSP flaws to make it stronger and harder to jailbreak :P
чт, 7 февр. 2019 г. в 09:13, Shawn citypw@gmail.com:
https://storage.googleapis.com/wzukusers/user-28822230/documents/5c5b3fd28b6...
PSP is so powerful just like ME/SPS on Intel chipset. AMD user might need a similar tool like me_cleaner? psp_cleaner?
-- GNU powered it... GPL protect it... God blessing it...
regards Shawn _______________________________________________ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.org
This fairly interesting stuff. With the fairly wide range of attacks (arbitrary code execution and faking signatures for modules) maybe some sort of runtime "psp-cleaner" might be possible, but it would probably be a crushingly difficult undertaking.
It's somewhat unclear form the slides, but it looks like these target the 17h (ryzen) psp. Do the same exploits also affect earlier versions?
As for the patching, afaik AMD has released patches for all of these, but I haven't seen any patches for my 16h systems. Maybe if it's ryzen there has been more enthusiasm to provide patches?
-Matt
On Sat, Feb 9, 2019 at 4:53 PM Ivan Ivanov qmastery16@gmail.com wrote:
Hi Shawn, thank you for the message! Luckily almost all the coreboot-supported AMD boards don't contain the PSP inside their CPUs
- maybe because PSP got added to AMD much later than ME got added to
Intel. Only a few AMD boards, starting with "late 16h" architecture (early 16h is fine) have the PSP inside. "With PSP + coreboot-supported" : could remember only some of newer PC Engines boards. Some examples: I have Lenovo G505S laptop - it has powerful quadcore CPU and supports 16GB RAM, but it is AMD 15h architecture, so no PSP there. ASUS KGPE-D16 powerful server with two AMD opterons (up to 16 cores each) - also no PSP. So, as you see, this "PSP problem" is not critical yet for AMD coreboot users. But of course it is important and thank you for raising the awareness and sharing this interesting presentation. Although maybe it'd have been better if such presentations were released later by their authors, because now AMD could patch these PSP flaws to make it stronger and harder to jailbreak :P
чт, 7 февр. 2019 г. в 09:13, Shawn citypw@gmail.com:
https://storage.googleapis.com/wzukusers/user-28822230/documents/5c5b3fd28b6...
PSP is so powerful just like ME/SPS on Intel chipset. AMD user might need a similar tool like me_cleaner? psp_cleaner?
-- GNU powered it... GPL protect it... God blessing it...
regards Shawn _______________________________________________ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.org
coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.org
Hi,
On Sun, Feb 17, 2019 at 12:18 AM Matt B matthewwbradley6@gmail.com wrote:
It's somewhat unclear form the slides, but it looks like these target the 17h (ryzen) psp. Do the same exploits also affect earlier versions?
I think these attacks are possible because of the general flaws at PSP architecture, so yes they should also affect e.g. the late 16h systems (Puma). Early 16h systems (Jaguar) are safe because they don't have a PSP, so my ASUS AM1I-A with Athlon 5370 is safe - although maybe not yet, because I'm too busy with G505S and still haven't flashed a coreboot there! Just collecting the dust at the moment... :P
On Sun, Feb 17, 2019 at 12:18 AM Matt B matthewwbradley6@gmail.com wrote:
As for the patching, afaik AMD has released patches for all of these, but I haven't seen any patches for my 16h systems.
Almost all the coreboot-supported AMD 16h boards are AMD _early_ 16h (so no PSP). Please tell what 16h systems do you have, maybe they don't have a PSP at all?
Best regards, Mike Banon
On Sun, Feb 17, 2019 at 8:47 AM Mike Banon mikebdp2@gmail.com wrote:
Hi,
Almost all the coreboot-supported AMD 16h boards are AMD _early_ 16h
(so no PSP). Please tell what 16h systems do you have, maybe they don't have a PSP at all?
Well pcengines/apu2 variants are fam16h model30h with PSP.
I have done experiments with it to reduce PSP blob footprint, see the branch [1] in gerrit. There is some (NDAd) documentation about the firmware signatures and one can capture PSP firwmare POST codes from LPC. Now since the build of x86 AGESA blob used never actually sends PSP the message RAM is ready, I figured that we may never actually load the "PSP Secure OS" but only the bootloader part.
Also, don't forget pre-PSP silicons still have SMU/PMU.
Early 16h systems (Jaguar) are safe because they don't have a PSP
Safe yes, but not helpful in coming to grips with the PSP.
On Sun, Feb 17, 2019 at 12:18 AM Matt B matthewwbradley6@gmail.com
wrote:
As for the patching, afaik AMD has released patches for all of these,
but I haven't seen any patches for my 16h systems.
Almost all the coreboot-supported AMD 16h boards are AMD _early_ 16h (so no PSP). Please tell what 16h systems do you have, maybe they don't have a PSP at all?
I was specifically referring to the non-coreboot-supported 16h systems with PSP that I have.
Now since the build of x86 AGESA blob used never actually sends PSP the
message RAM is ready, I figured that we may never actually load the "PSP Secure OS" but only the bootloader part.
This sounds very promising and should be well worth pursuing.
Also, don't forget pre-PSP silicons still have SMU/PMU.
One step at a time I guess. We'd get nowhere if we weren't willing to tolerate some imperfections, especially while working on others.
-Matt
On Sun, Feb 17, 2019 at 7:20 AM Kyösti Mälkki kyosti.malkki@gmail.com wrote:
On Sun, Feb 17, 2019 at 8:47 AM Mike Banon mikebdp2@gmail.com wrote:
Hi,
Almost all the coreboot-supported AMD 16h boards are AMD _early_ 16h
(so no PSP). Please tell what 16h systems do you have, maybe they don't have a PSP at all?
Well pcengines/apu2 variants are fam16h model30h with PSP.
I have done experiments with it to reduce PSP blob footprint, see the branch [1] in gerrit. There is some (NDAd) documentation about the firmware signatures and one can capture PSP firwmare POST codes from LPC. Now since the build of x86 AGESA blob used never actually sends PSP the message RAM is ready, I figured that we may never actually load the "PSP Secure OS" but only the bootloader part.
Also, don't forget pre-PSP silicons still have SMU/PMU.
-
Ivan Ivanov -
Kyösti Mälkki -
Matt B -
Mike Banon -
Shawn