Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
AMD Privacy Security

AMD Has No Plans To Release PSP Code (twitch.tv) 125

AMD has faced calls from Edward Snowden, Libreboot and the Reddit community to release the source code to the AMD Secure Processor (PSP), a network-capable co-processor which some believe has the capacity to act as a backdoor. But despite some signs earlier that it might consider opening the PSP code at some point, the chip-maker has now confirmed that there hasn't been a change of heart yet. "We have no plans on releasing it to the public," the company executives said in a tech talk (video).
This discussion has been archived. No new comments can be posted.

AMD Has No Plans To Release PSP Code

Comments Filter:
  • Lisa Su is BAE (Score:5, Informative)

    by Anonymous Coward on Wednesday July 19, 2017 @10:24AM (#54839501)

    PSP stands for Platform Security Processor, a secure enclave in the processor and AMD's version of the Intel Management Engine.

    Quoting from Libreboot:

    As such, it has the ability to hide its own program code, scratch RAM, and any data it may have taken and stored from the lesser-privileged x86 system RAM (kernel encryption keys, login data, browsing history, keystrokes, who knows!). To make matters worse, the PSP theoretically has access to the entire system memory space (AMD either will not or cannot deny this, and it would seem to be required to allow the DRM “features” to work as intended), which means that it has at minimum MMIO-based access to the network controllers and any other PCI/PCIe peripherals installed on the system.

    AMD is no doubt being bitten on the sack for using third parts code and we again see why everything should be open sources.

    • Re:Lisa Su is BAE (Score:5, Insightful)

      by sl3xd ( 111641 ) on Wednesday July 19, 2017 @10:42AM (#54839689) Journal

      Seems odd that anybody would go down the route of obscurity, given the recent exposure of Intel AMT, and the problems it is causing.

      it would seem to be required to allow the DRM “features” to work as intended

      Odd to "protect" the use of DRM, given the track record of successful hacks against DRM. Even worse to compromise the security of the entire system for its sake.

      I see nothing that could possibly go wrong...

    • Re:Lisa Su is BAE (Score:4, Insightful)

      by Rick Schumann ( 4662797 ) on Wednesday July 19, 2017 @11:25AM (#54840019) Journal
      There's two reasons I can think of offhand why they wouldn't want to release the sourcecode:

      1. They don't want to make it any easier than necessary for hackers to find a way to exploit this
      2. They don't want the general public to know exactly how much any system using this hardware compromises their privacy and personal security

      As-is, I'd say that any computer using this technology is about as compromised as it can get, nothing you'd ever do on it would even be remotely secure, not unless it was never, ever connected to any network that has any route to the public Internet. The only way they could make something like this worse would be to somehow prevent any OS other than Windows to run on it, ensuring that you never, ever have any control over anything that isn't trivial.

      In the past I've said "computers aren't fun anymore", but when I said that previously I meant it in a totally different way than I do when I say it now; between hardware manufacturers, designing in hardware that allows for outside surveillance and control of a computer you ostensibly own, and shithead companies like Microsoft, who produce entire operating systems with surveillance-and-control completely integrated into every piece of code, computers are now worse than "no fun anymore", they're spiritually cancerous. As if that isn't all bad enough, now Microsoft is attempting to annex and subvert Linux, too, trying to bring it's further development under their control, and running half-assed versions of it under Windows, effectively removing all the advantages, security, and privacy.

      If I even cared anymore I guess I'd go play with microcontrollers. Until, that is, they manage to ruin that for everyone, too.
    • by Aaden42 ( 198257 )
      Honestly, I have a doubt it's third party code that's holding them back. I'd lay even odds on a polite reminder from a Three Letter Agency was all it took to scuttle any plans of revealing their backdoor source code.
  • by Anonymous Coward on Wednesday July 19, 2017 @10:29AM (#54839551)

    Closed source, out of band co-processors on every motherboard currently in production with no oversight or accountability? I'm surprised we don't have a third party stepping up here, like Samsung or Qualcomm, ready to take a crack at the CPU market with this kind of an opportunity.

    • by Anonymous Coward on Wednesday July 19, 2017 @10:40AM (#54839653)

      You are kidding right? The base band chip in mobile phones would make intel and amd look like amateurs with what samsung and qualcomm can do.

    • by Anonymous Coward

      >I'm surprised we don't have a third party stepping up here, like Samsung or Qualcomm

      If both Intel and AMD have this sort of thing baked into their hardware then I'd guess that either A) there's some sort of business/financial incentive for them to do so, or B) there's a lot of pressure from certain TLAs to do so. Either way, I can't see why the same pressure(s) wouldn't drive a third party to do the exact same thing, and that's before you ask yourself how sure you are that they aren't doing it already

    • by Anonymous Coward

      "oh sure i dont care i will just switch it off"

      "wait, i need it on to watch hbo go?"

      "ok here take all my privacy i just want to watch game of thrones"

    • by iCEBaLM ( 34905 )

      Where do you think they get the co-processors from? AMD's PSP is some ARM variant, could be qualcomm for all we know.

    • I'm surprised we don't have a third party stepping up here

      We did. For years 3rd parties made lots of money selling these as extras on every server or high end workstation. Now that everyone gets it for "free" people are upset.

    • I'm surprised we don't have a third party stepping up here, like Samsung or Qualcomm, ready to take a crack at the CPU market with this kind of an opportunity.

      They'd do better... especially Qualcomm?

  • by Anonymous Coward

    But DS code is allowed

  • Proof that it is a backdoor and that the crucial support of their business is a contract from the plutocracy, meaning that if they stop playing ball, they go out of business.

    • Except that's conspiracy-theory reasoning. They might just figure that not enough people care to bother.

      • Re:Proof (Score:5, Informative)

        by StormReaver ( 59959 ) on Wednesday July 19, 2017 @11:01AM (#54839825)

        Except that's conspiracy-theory reasoning.

        If we've learned anything in the last five years or so, it's that's yesterday's wacko conspiracy theory is today's jaw-dropping, fact-checked revelation.

  • Ok, next! (Score:4, Insightful)

    by Opportunist ( 166417 ) on Wednesday July 19, 2017 @10:39AM (#54839649)

    Another chip manufacturer that cannot be used for trustworthy IT infrastructure. Who's next on the chopping block?

    • Re:Ok, next! (Score:5, Insightful)

      by TFlan91 ( 2615727 ) on Wednesday July 19, 2017 @11:05AM (#54839859)

      What chip manufacturer is trustworthy?

    • Then you have two choices: Either some obscure 3rd-tier company, probably Chinese, who at best is hiding their backdoors, or expensive FPGAs, and you learn to 'roll your own' microprocessor that way. Or, used equipment wherever you can find it.

      I suppose you could also set up your firewalls to prevent any 'phone home' from occurring, but like Windows 10, it might have so many different ways to do that, that you'd be playing an endless game of Whack-a-Mole trying to lock it out.
    • Re:Ok, next! (Score:5, Informative)

      by tlhIngan ( 30335 ) <slashdot&worf,net> on Wednesday July 19, 2017 @11:41AM (#54840129)

      Another chip manufacturer that cannot be used for trustworthy IT infrastructure. Who's next on the chopping block?

      Better get rid of ARM, too, since ARM has the same thing.

      In fact, I believe AMD licensed ARM's technology for it - it's called TrustZone, and it separates out threads of execution into "secure" and "open" modes. Your regular OS runs in the "open" mode, and makes calls into the secure OS, which can be used to keep stuff like encryption keys away from the main OS. (You can use it for disk encryption - get the secure OS to generate a key, save it, and load the encryption key into the onboard encryption hardware, so none of the user software touches it. If you rip out the disk, it's useless because the key is locked away).

      Several DRM schemes also use it, including Google's Widevine DRM (requires it in order to work).

      And yes, the secure OS has full access to the main OS and all the peripherals.

      The boot chain must be strictly controlled - you have to start with a onboard ROM monitor that verifies the images as they load before transferring control the open world OS. Otherwise you can load any code you want. I'm not sure how AMD processors boot, but all ARM processors using TrustZone have a boot ROM that verifies the next stage bootloaders (and secure OS) before loading them into memory.

      • That code is loadable, and depending on the boot chain you may or may not be able to replace it. And you do get the source -- at least to the reference version, your machine's vendor may load something else there.

    • used for trustworthy IT infrastructure

      Infrastructure is exactly the kind of IT that has had these exact things for 2 decades. Just built into the motherboard instead of the CPU.

  • by bill_mcgonigle ( 4333 ) * on Wednesday July 19, 2017 @10:47AM (#54839719) Homepage Journal

    Go ahead, try to keep this stuff secret. There will be leakers and if you will be embarrassed by the leaks, it's better to come clean now than to be the center of market turmoil when the vulnerabilities are disclosed.

  • Just watch your network traffic, right? And those with really fancy tools can measure all the pin outs?

    • by Megane ( 129182 )
      I think the best thing you can do is don't plug anything into the integrated Ethernet port (or on-chip WiFi if it has that). You know that its built-in spyware knows all about how to use that. It's trickier to do that on a laptop, but a USB Ethernet will at least be much more trouble for it to spy on.
  • I had not idea that AMD was behind the Sony PlayStation Portable (PSP).
  • This is the same topic as for the Intel Management Engine, for example Is the Intel Management Engine a backdoor? [techrepublic.com]
  • by grumpy-cowboy ( 4342983 ) on Wednesday July 19, 2017 @11:08AM (#54839891)

    Period.

  • by Zombie Ryushu ( 803103 ) on Wednesday July 19, 2017 @11:11AM (#54839919)

    With the Intel AMT Platform, it is possible to render it "inert" such that yes its there, yes its running, but it won't accept any connections from the outside world. There is a Linux utility for checking if AMT is working or not. But Linux can't turn it on.

    The problem is if you have Windows installed, Windows CAN re-activate it, and remotely. Can the AMD PSP be rendered harmless by containment, to where when Running Linux, it is non-functional because Windows utilities aren't there to re-activate it?

  • I immediately interpreted PSP as Playstation Portable and wondered why AMD even held the source code for Sony's game system in the first place!

  • by gweihir ( 88907 ) on Wednesday July 19, 2017 @05:52PM (#54842667)

    That really is the only sane conclusion.

  • I don't care about the code. I just want to know how to turn it off.

    Seriously, what's a decent bypass for this? Ignore the onboard LAN and use an oddball gigabit NIC for which the PSP couldn't possibly have a driver?

1 Angstrom: measure of computer anxiety = 1000 nail-bytes

Working...