Announcement

Collapse
No announcement yet.

AMD Reportedly Allows Disabling PSP Secure Processor With Latest AGESA

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by willmore View Post
    Anyone know of a primer on the PSP--when it was introduced, etc.?
    PSP was originally released by Sony in Japan in 2004. This cheap AMD ripoff came with Ryzen this year. It's so useless it can't even run PSP games though.

    Comment


    • #12
      Originally posted by trivialfis View Post
      Is there any advantage to embed a OS inside the CPU? Or, is there something can't be implemented effectively in the outside kernel?
      PSP doesn't really do much on it's own, it is an ARM core with ARM TrustZone, you need to load software onto it for it to do things and you need the drivers installed to put software on it, by default it just bootstraps the CPU.

      The PSP can read and write to the system RAM, L1&2 Caches, CPU registers and PCI-e bus, but the rest of the CPU cannot read or write to it. So the PSP can be used for DRM or security.

      For example on an EYPC server running ESXi and 5 VMs. The PSP can encrypt the memory of each VM and the hypervisor separately, so the VM's cannot read each others RAM or the Hypervisor's RAM, and the Hypervisor cannot read the VM's RAM, this closes all sorts of security holes.

      Comment


      • #13
        Very good news but still three problems remain:

        a) Trustzone is still there to be used from DRM vendors, we told AMD that we want a processor without it. Disabling it means nothing if some content distributors demand to enable it. Also newer Gpus have also secure processors.

        b) Single thread performance, Intel with Kabylake delivers 30watt per core at @5Ghz-1,375v. Amd cuts Cpus with Gpu libraries and can do better, i prefer a dual core - quad thread like that on my laptop or desktop because i run WineHQ and console emulators. Else they should take responsibility to support development of State Trackers and LLVM based efficient Multi-Transcoders.

        c) Strong APUs (undervolted) like consoles or like that you sell to Intel, for both laptops and desktops. Preferably with unified HBM ram and SOC based north-bridge, then let motherboard vendors to do what they want without having any money relationship with them. You can even sell this like a Gpu single (laptop) and dual floor with internal display port.
        Last edited by artivision; 12-07-2017, 02:05 PM.

        Comment


        • #14
          Originally posted by willmore View Post
          Anyone know of a primer on the PSP--when it was introduced, etc.?
          From what I remember, it was first referred to as "an ARM TrustZone core", then the PSP (Platform Security Processor), and now they call it the "AMD Secure Processor". Assuming Wikipedia is accurate in this case, it's been an ARM Cortex-A5 possibly since the beginning, given that both the Wikipedia Zen (microarchitecture) page and the Puma (microarchitecture) page say that.

          According to the Libreboot FAQ, it's built into anything Family 16h and newer (released mid-2013). Theoretically, that means Jaguar, Puma, Zen and beyond according to the Wikipedia List of AMD microprocessors page, but the Wikipedia Puma (microarchitecture) page claims that "Support for ARM TrustZone via integrated Cortex-A5 processor" in the "Improvements over Jaguar" list, so I'm unsure whether it was in the earliest Family 16h chips.

          I haven't been able to track down a solid answer on which newer entries in older families have it, but you should be able to get a meaningful answer if you e-mail AMD. (I know I did back in the early days of the PSP.)
          Last edited by ssokolow; 12-07-2017, 02:09 PM.

          Comment


          • #15
            Really nice to see by AMD, hope Intel gets the hint also.
            Desktop Environment poll:
            https://www.phoronix.com/forums/foru...de-do-you-like

            Comment


            • #16
              Originally posted by trivialfis View Post
              Is there any advantage to embed a OS inside the CPU? Or, is there something can't be implemented effectively in the outside kernel?
              Intel's IME is useful for stuff like "The system has hung and I'd like to reboot it now, but it's on the other side of the country and I don't want to have to pay someone to press the button."

              The problem is, anything that lets you do that counts as a way your system could be attacked. So, it's one of those features that increases the attack surface area, but also gives some people useful functionality. These features really should have a way to disable them for those who have no use for the feature, so they can decrease their attack surface. In fact, they should probably be default disabled, so that system administrators can enable them during commissioning on systems where the features would be useful.

              Comment


              • #17
                Originally posted by Niarbeht View Post

                Intel's IME is useful for stuff like "The system has hung and I'd like to reboot it now, but it's on the other side of the country and I don't want to have to pay someone to press the button."

                The problem is, anything that lets you do that counts as a way your system could be attacked. So, it's one of those features that increases the attack surface area, but also gives some people useful functionality. These features really should have a way to disable them for those who have no use for the feature, so they can decrease their attack surface. In fact, they should probably be default disabled, so that system administrators can enable them during commissioning on systems where the features would be useful.
                This is what Intel ME does.

                The remote bits are defaulted to off unless you manage the system via AMT, which nobody but sysadmins managing environments do.

                The problem is that Intel has locally accessible stuff still on, which can be owned by physical access.

                Comment


                • #18
                  Originally posted by eydee View Post

                  PSP was originally released by Sony in Japan in 2004. This cheap AMD ripoff came with Ryzen this year. It's so useless it can't even run PSP games though.
                  I made some basic drawings with PSP on my Windows 3.1 PC around 1994.

                  Comment


                  • #19
                    Originally posted by eydee View Post
                    PSP was originally released by Sony in Japan in 2004. This cheap AMD ripoff came with Ryzen this year. It's so useless it can't even run PSP games though.


                    OK, that deserves "post of the day".

                    Comment


                    • #20
                      Originally posted by madscientist159 View Post
                      Reading that carefully, it explicitly calls out the BIOS driver itself. It just says that the BIOS (which is an odd misnomer, as UEFI is probably the firmware here) PSP driver doesn't talk to the PSP via the mailbox, and that as a result certain features won't work. It doesn't say *anything* about disabling the PSP itself as a stand-alone core.
                      Not odd, many manufacturers keep calling board firmware BIOS for the sake of not confusing people.

                      Comment

                      Working...
                      X