AMD releasing all their secret IP. Oh noes, Intel will steal it!

does it work only with epyc or can some of the features be used with ryzen pro cpus?

Let's not blow this out of proportion.

This is code for *one* app running on the PSP, it's far from complete, and you'll never be able to run it. This is just a code dump, with the intention of allowing security researchers to comb through it for bugs.

The licence is wrong for people to do anything with it, they're not accepting contributions, it's missing headers and build scripts and other junk, and you'd have to get it signed by AMD to run it because there's no provision for testing locally.

One has to admit though that it technically is *a step* towards the demands to "open source the PSP" even if very small.

It's a GREAT idea to modify (by yourself) the firmware of servers in a datacenter (this firmware is for EPYC cpu)!!

Errr, no, it's NOT a GREAT idea.

As usual. Nothing new

As counterintuitive as it may sound, major corps behind huge datacenters such as Facebook are of the opposite opinion, and have put their development weight behind making it happen:


This allows for a far smaller and easier to audit firmware attack surface because the custom firmware can cut off anything and everything that's not needed for that specific use, faster (re)booting positively impacting downtimes for each machine, advanced specialized architectures that a traditional firmware might not enable so directly, etc, etc

Is it complicated to develop? Sure... but then again being FOSS means there's at least the possibility for a wide-range cooperation and creation of reference designs, implementations, etc instead of each company reinventing the wheel alone from scratch


Unfortunately what AMD did falls short of being FOSS or even of the opencompute open firmware criteria, but still better than not doing it

Good move. While not letting anyone compile and run modified software, it allows independent engineers and hackers to read the code and verify it. To make sure there are no nasty surprises in it.

Having the "code" doesn't mean you can verify the shipped binaries were built from that version of the code. You need reproducible builds and a way to compare your binaries to what the vendor (AMD) ships. You can look for bugs with the code, which you might be able to verify have been fixed in the next binary release; but this won't help much to find any deliberate backdoors.

Agree. But it will help to find undeliberate backdoors.
It's not much from AMD, but better than nothing.