[coreboot] AMDPSP discussion

Julius Werner jwerner at chromium.org
Thu Jun 8 03:32:31 CEST 2017

On Wed, Jun 7, 2017 at 8:37 AM, Johnysecured88 via coreboot
<coreboot at coreboot.org> wrote:
> What I don't understand is how this will matter. Releasing the source code
> won't mean that is the source code they are using for PSP. Think of it like
> an open source program with a compiled binary available. The only way to
> ensure the code is the code of the binary is to do your own compiling. But
> for a CPU that would mean..... something much more difficult.

Does the PSP not load its code from SPI ROM (like the Intel ME)? If it
did, and you could recompile the SPI image yourself, you could be
reasonably sure that that's what it's executing after you flash it.

Even if the code is stored on the PSP itself and you have to upload it
there through some runtime interface, releasing the source would be a
start. Sure, you won't know whether the image you're uploading is
really the one it's executing... but assuming they would release the
whole source code and they use the same interface for official
updates, it would at least be very difficult to hide some trickery
there (in a way that still allows them to update the hidden parts
without anybody noticing).

More information about the coreboot mailing list