AMD Has No Plans To Release PSP Code (twitch.tv) 28
AMD has faced calls from Edward Snowden, Libreboot and the Reddit community to release the source code to the AMD Secure Processor (PSP), a network-capable co-processor which some believe has the capacity to act as a backdoor. But despite some signs earlier that it might consider opening the PSP code at some point, the chip-maker has now confirmed that there hasn't been a change of heart yet. "We have no plans on releasing it to the public," the company executives said in a tech talk (video).
PSP stands for Platform Security Processor, a secure enclave in the processor and AMD's version of the Intel Management Engine.
Quoting from Libreboot:
As such, it has the ability to hide its own program code, scratch RAM, and any data it may have taken and stored from the lesser-privileged x86 system RAM (kernel encryption keys, login data, browsing history, keystrokes, who knows!). To make matters worse, the PSP theoretically has access to the entire system memory space (AMD either will not or cannot deny this, and it would seem to be required to allow the DRM “features” to work as intended), which means that it has at minimum MMIO-based access to the network controllers and any other PCI/PCIe peripherals installed on the system.
AMD is no doubt being bitten on the sack for using third parts code and we again see why everything should be open sources.
Seems odd that anybody would go down the route of obscurity, given the recent exposure of Intel AMT, and the problems it is causing.
it would seem to be required to allow the DRM “features” to work as intended
Odd to "protect" the use of DRM, given the track record of successful hacks against DRM. Even worse to compromise the security of the entire system for its sake.
I see nothing that could possibly go wrong...
"the Reddit community" (Score:2)
Huh? What's wrong with you, are you an icky weirdo or something? I bet you don't have a facebook either or watch television at least 20 hours per week. That's sooooo creepy.
"AMD has faced calls from Edward Snowden, Libreboot and the Reddit community"
Yea those are all quality calls which if I hear their name I think to myself Yea I should give up my company secrets to them.
So we have a traitor, a rather unknown NPO, and a Message Board.
Come on you should at least get a Congressman, just to give the request some weight.
The distrust only grows from here (Score:1)
Closed source, out of band co-processors on every motherboard currently in production with no oversight or accountability? I'm surprised we don't have a third party stepping up here, like Samsung or Qualcomm, ready to take a crack at the CPU market with this kind of an opportunity.
You are kidding right? The base band chip in mobile phones would make intel and amd look like amateurs with what samsung and qualcomm can do.
>I'm surprised we don't have a third party stepping up here, like Samsung or Qualcomm
If both Intel and AMD have this sort of thing baked into their hardware then I'd guess that either A) there's some sort of business/financial incentive for them to do so, or B) there's a lot of pressure from certain TLAs to do so. Either way, I can't see why the same pressure(s) wouldn't drive a third party to do the exact same thing, and that's before you ask yourself how sure you are that they aren't doing it already
Except that's conspiracy-theory reasoning. They might just figure that not enough people care to bother.
Except that's conspiracy-theory reasoning.
If we've learned anything in the last five years or so, it's that's yesterday's wacko conspiracy theory is today's jaw-dropping, fact-checked revelation.
Another chip manufacturer that cannot be used for trustworthy IT infrastructure. Who's next on the chopping block?
What chip manufacturer is trustworthy?
Go ahead, try to keep this stuff secret. There will be leakers and if you will be embarrassed by the leaks, it's better to come clean now than to be the center of market turmoil when the vulnerabilities are disclosed.
Just watch your network traffic, right? And those with really fancy tools can measure all the pin outs?
