Originally posted by starshipeleven
View Post
Announcement
Collapse
No announcement yet.
AMD Is Hiring For Coreboot Development, Sponsoring Open-Source Firmware Conference
Collapse
X
-
-
Originally posted by madscientist159 View Post
No. Full stop. Just no, by design.
The PSP firmware is cryptographically signed with a strong key. The hardware itself checks the signature before allowing the firmware to start. There is no running custom anything on the PSP without AMD's direct blessing (signing the firmware). Period.
Comment
-
Originally posted by makomk View Post
On older Zen CPUs, you can supposedly just abuse a handy AMD-signed header saying that none of the rest of the data has to be signed in order to execute your own arbitrary PSP code: https://www.youtube.com/watch?v=IW2YsxSj6zE I'm not sure how accurate this is since I haven't heard of anyone replicating it yet. The PSP code also doesn't seem to be all that secret; it's apparently just unencrypted ARM code.
If you can in fact execute arbitrary unsigned code inside the PSP post- PSP boot, that's a massive security hole that strongly reinforces the idea the PSP is an unwanted, insufficiently protected attack surface.
No one said the ARM code was encrypted. The complaints have always stemmed from the fact that it's half a meg or more of vendor-mutable, user-unmodifiable, completely unremovable proprietary firmware that AMD updates whenever it wants for any reason. It's vulnerable without additional security hardware to targeted supply chain and distribution attack (e.g. if AMD is acting under direction of investigators due to the CLOUD act) and would have to be fully reverse engineered and audited every single time AMD issues an update. The latter action is a legal risk in the US, so you become fully dependent on both AMD choosing not to include malware (ask some Lenovo owners how they liked trusting Lenovo in that way, and if their payout fully compensated them for their losses) and individuals in foreign jurisdictions choosing to do the reverse engineering and auditing work publicly.
Again, I get the attractiveness of Rome's performance. I've also been around long enough to know it's always temporary; vendors will jockey around and produce competing silicon soon as they always have, whereas choosing a pair of (digital) handcuffs is a rather more permanent action. Look at all the people that are (presumably) using Windows since the NT days, when Microsoft was significantly more benign and certainly didn't mandate the theft of your data to use the OS, and what those people have locked themselves into now with Windows 10 and its invasive privacy policy. If you just want the latest shiny toy, by all means buy an AMD processor and put your faith in AMD to do the right thing even if it works against their bottom line. If you actually need to protect data, assure business continuance, etc. while still having decent compute, there are other options on the market right now from various vendors, be it ARM or POWER -- no faith required.
Closing thought: If the PSP is so benign, why can't we get a tiny signed firmware from AMD that does nothing else except release the x86 cores from reset and put the PSP in a while loop? Maybe 100 instructions or less, nicely auditable, tiny attack surface. Why do they insist on the PSP running in full fat mode on every system?Last edited by madscientist159; 01 September 2019, 05:00 PM.
Comment
-
Originally posted by Almindor View PostWhen it comes to privacy and control only Sith are correct. There is no between. It's either or.
There is no such thing as "perfectly safe" or "perfectly private" or "that you perfectly control".
Comment
-
Originally posted by starshipeleven View PostBullshit, security, safety and privacy are a spectrum.
There is no such thing as "perfectly safe" or "perfectly private" or "that you perfectly control".
Before the DMCA and these modern concepts of firmware, in fact everything was by default perfectly under the control of its owner. Your shades of grey only started to come into play when people blurred the line between ownership and rental to save money. Trying to say that is the only option now, especially with open ISA systems growing rapidly, is laughable and smacks of desperation to justify an AMD CPU purchase.
Comment
-
Originally posted by madscientist159 View PostWhy? What are you actually gaining, besides a pile of trouble when the partly-open firmware doesn't have official OEM support available?
Originally posted by madscientist159 View PostThe PSP firmware is not hardware. Not even by FSF rules.
Comment
Comment