Cwerling, a security researcher, has released a new tool, called PSPTool, that can be used to analyze the firmware used by AMD's Secure Platform Processor (PSP).
NotePSPTool has nothing to do with the old Sony PSP handheld.
AMD's PSP is the equivalent of Intel Management Engine and has been criticized for many of the same problems this solution. Security researchers have been publicly unhappy with AMD's and Intel's decision to keep these chips running secretly because they work in secrecy, completely separate from the operation of the main processor or operating system. If you can hack the IME or the AMD PSP, you can theoretically run a totally invisible computer for the end user. And while it is not clear that there are exploits in nature that exploit these abilities, their existence and obscuration are enough to give a white cap to safety in case of a heartburn. serious.
This is hardly unique to both x86 plants. Closed-source software developers and many hardware companies have often incorporated the principle of dark security into their security systems, believing that limiting the information available to a solution would also limit addressable attack surface. Proponents of a more open approach have called on Intel and AMD to provide much more information publicly. The PSPTool is intended to allow a review of the AMD firmware higher than that authorized by the company. The author writes:
PSPTool is a Swiss army knife designed to process the firmware of the AMD Secure Processor (formerly known as Platform security processor or PSP). It locates the AMD firmware inside UEFI Images as part of targeting BIOS updates AMD platforms.
It is based on the reverse engineering efforts of AMD proprietary file system used to pack firmware blobs in UEFI firmware images. They are usually 16 MB in size and can easily be analyzed by UEFITool. However, all AMD binary blobs are located in non-analyzable filler volumes by UEFITool. (underlined by all)
PSPTool works favorably with UEFI images obtained through BIOS updates.
UEFITool is described in its own repository as a cross-platform application for modifying and extracting firmware images.
AMD's PSP uses ARM TrustZone software. AMD CPU APUs with a PSP integrate an ARM processor core to handle these functions. We do not necessarily know what kind of processor AMD uses – the initial AMD APUs used for Cortex-A5, but ARM does support the product across all Cortex-A chips and some Cortex-M processors. Presumably, the A5 is still the nucleus of choice.
DRM hardware support can be implemented via the PSP (and probably has been with regard to the Windows 10 4K reading scheme). The ability to scan the firmware of the PSP could result in cracks in digital rights management or the discovery of additional security vulnerabilities.
Some of the security issues at play here are related to those raised last year by CTS-Labs. These defects were made public under very suspicious circumstances and with the participation of a short-selling company, Viceroy Research. Viceroy Research is known to have published damaging reports for the purpose of tank company stock price. But while the security disclosure process was incredibly suspicious in this case, the actual problems themselves were confirmed by independent researchers. In other words, there are reasons to doubt the approach to security by the darkness implemented by AMD and Intel.
This does not mean that automatically will be find flaws in the implementation of AMD's PSP. Even if gaps are discovered, it is possible that they are the responsibility of ARM, depending on the exact nature of the problem and its location.
It could be argued that the resolution of these problems would ultimately benefit AMD, not its harm. Currently, AMD's practical exposure to sophisticated secondary channel attacks or high-level corporate / state espionage is minimal, as Intel's controls ~ 97% of the x86 server market and between 80 and 87 percent of the desktop and mobile markets. Companies are far more likely to have Intel systems, not AMD.
Fixing PSP security issues before their hardware is widely deployed in strategic environments is better than being forced to repair them later, especially if customers started to look to AMD instead of Intel due to the perceived superiority over AMD's security relating to ongoing disclosure of spectrum class defects.