[coreboot] AMD PSP

Carl-Daniel Hailfinger c-d.hailfinger.devel.2006 at gmx.net
Tue Aug 26 23:54:28 CEST 2014 

Am 26.08.2014 20:00 schrieb Bruce Griffith:
> Here's what I know about PSP:
>
>> I'm utterly ignorant of the PSP -- is this thing like the Intel ME, and
>> how scared should we be of it?
> Somewhat scared.
>
> The PSP is an actual processor that takes control when reset is released.
> The x86 does not start fetching code until the PSP is satisfied that BIOS
> meets whatever constraints have been programmed into the PSP firmware.

I can see this as a way to prevent modification of some signed parts of
coreboot, i.e. it can be a usable and desirable security mechanism
against unauthorized firmware replacement. However, if the key used for
verification is under control of a foreign entity and can't be changed,
some users (especially government users) won't consider this to be
additional security.


> There are TPM-like characteristics but I don't know any specifics.
>
> The PSP is capable of "locking" additional processor features that could
> be exploited to take over a system.
>
>> My hope is that it ... deactivates itself silently.
> For the coreboot implementation, it runs, decides that the x86 code is not
> its concern, and the x86 starts fetching code.  From that point on, I
> think the PSP is transparent to the x86.
>
>> After glancing thru [the PSP presentation], it looks more like they are
>> grafting the security model of ARM-based SoCs onto x86 where a masked
>> ROM loads the next stage.
> A masked processor and associated firmware (the PSP) validate the first
> "stage" of x86 code.  What comprises the first stage is arbitrary and gets
> signed with an AMD private key.  Your first stage could be bootblock,
> bootblock plus romstage, something more involved, or something less
> involved.  You need a legal arrangement with AMD to get your first stage
> signed. For coreboot, none of the x86 code is signed.

Hm. Is there a way to have AMD exchange that key for your own, possibly
by paying decent money?
That way, the platform can be under your own control which would make
security-conscious users (governments, military, ...) happy.

Regards,
Carl-Daniel

More information about the coreboot mailing list