Announcement

Collapse
No announcement yet.

AMD Reportedly Allows Disabling PSP Secure Processor With Latest AGESA

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AMD Reportedly Allows Disabling PSP Secure Processor With Latest AGESA

    Phoronix: AMD Reportedly Allows Disabling PSP Secure Processor With Latest AGESA

    With the latest AGESA update for Ryzen-based systems, AMD is reportedly allowing the Platform Security Processor (PSP) to be disabled. The AMD PSP akin to Intel's Management Engine...

    http://www.phoronix.com/scan.php?pag...Disable-Option

  • #2
    AWESOME!!
    I hope this pressures Intel to move in the same direction.

    Comment


    • #3
      I wouldn't get too excited yet. It would be great if an AMDer could weigh in on what exactly this option does, and if the PSP itself is actually disabled. "BIOS PSP Support" is pretty ambiguous.

      Comment


      • #4
        Is there any advantage to embed a OS inside the CPU? Or, is there something can't be implemented effectively in the outside kernel?

        Comment


        • #5
          Originally posted by Dawn View Post
          I wouldn't get too excited yet. It would be great if an AMDer could weigh in on what exactly this option does, and if the PSP itself is actually disabled. "BIOS PSP Support" is pretty ambiguous.
          Yep, this. We don't know what this option really does, and the description sounds more like it just "hides" the PSP from the OS. AMD is on record as saying the PSP is integral to the boot process, and in the best case here all we have is something like the HAP bit. In the worst case it's actually making security worse by hiding the potential backdoor from the user.

          Comment


          • #6
            ASRock AB350 Gaming-ITX/ac description for this flag is Enable Disable BIOS PSP driver execution (including all C2P/P2C mailbox. Secure S3. fTPM Support)

            Comment


            • #7
              Originally posted by madscientist159 View Post

              Yep, this. We don't know what this option really does, and the description sounds more like it just "hides" the PSP from the OS. AMD is on record as saying the PSP is integral to the boot process, and in the best case here all we have is something like the HAP bit. In the worst case it's actually making security worse by hiding the potential backdoor from the user.
              Depends. But, it's true, that you can't trust a fancy button, that it does, what is should do. Control UI/cli/config doesn't define actual behavior... As every power user and developer knows... But, not bloody fukin end users...

              Though, PSP might be needed for system to work, but disabling could mean complete cut off of the interface. Like, removing network from kernel completely, or replacing with dummy implementation doing nothing. Computer remains usable, but can't be accessed from network.

              Comment


              • #8
                When is this new AGESA coming to Asrock X370 Taichi?

                Comment


                • #9
                  Originally posted by Yndoendo View Post
                  ASRock AB350 Gaming-ITX/ac description for this flag is Enable Disable BIOS PSP driver execution (including all C2P/P2C mailbox. Secure S3. fTPM Support)
                  Reading that carefully, it explicitly calls out the BIOS driver itself. It just says that the BIOS (which is an odd misnomer, as UEFI is probably the firmware here) PSP driver doesn't talk to the PSP via the mailbox, and that as a result certain features won't work. It doesn't say *anything* about disabling the PSP itself as a stand-alone core.

                  Comment


                  • #10
                    Anyone know of a primer on the PSP--when it was introduced, etc.?

                    Comment

                    Working...
                    X