Oh so you're not using AES-NI either? By tracing those instructions and memory accesses it'd be easy to locate your plaintexts

You just switched from talking about the security processor to talking about tracing host CPU instructions.

I mean, if you can just attack the process doing the encryption, then the method of encryption becomes somewhat irrelevant, right? But there's a pretty big gulf to cross from having access to the security processor. Very crossable, but basically you'd go for root access and then you've pwned the system and pretty much everything it's doing.

My point was that there's no reason to worry about a black-box security processor accelerating some crypto operations when there's Intel ME/AMD PSP present in the same system with capabilities to access anything you do anyway.

Actually, this should've occurred to me sooner but AMD and Intel have both been introducing wave after wave of new memory encryption techniques, at least some of which might not be circumventable by any other entity in the system, including the security processor. I don't usually pay much attention to this stuff, but I think AMD's is called SME and SEV, while Intel's is SGX and TME.

That said, AMD's security processor is supposedly involved in key management, in at least some cases. So, if you're presuming that it's been compromised, then the gig might be up. Although I'm not 100% certain that it does in fact have unfettered access to system memory and peripherals. I'm reading that it has its own ROM, SRAM, and dedicated slice of DRAM that no other core can access (and it's not a stretch to imagine that it might be restricted to using only that region).

It can muck with the CPU cores, I think, since one of its duties is securely bootstrapping them. However, if it's any comfort, Google was supposedly collaborating with AMD on the design of its security solution.

You can read more, here:

• https://www.nextplatform.com/2020/10...on-sp-servers/
• https://en.wikichip.org/wiki/intel/m...sion_.28SGX.29
• https://en.wikichip.org/wiki/x86/tme
• https://en.wikichip.org/wiki/x86/sme

The processor/ IMC have to get the key somehow so an entity able to view the processor's state can still theoretically get it anyway.

The PSP's design and function is still not fully explored while there's been more research into Intel ME. So we can't really know, that's why I wrote "presumably" in my first post about it

In my book that's a deterrent really

To be honest having a huge corporation backing a project is not a guarantee of security. Just look what Intel, the masters of computing, did with their Intel AMT (which runs on ME) security: sending an empty password allows total administrative access. It was not a particular version either, it was for all of them. When you read what AMT actually does, as a sold product, then the true power of ME starts to sink in...

Thanks, got any papers about attacks on them?

I am definitely not generalizing about the competence of large corporations. Like them or hate them, you really can't deny that Google has been at the forefront of security.