This isn't anywhere near as subtle, and you expose your operatives to being captured. Hacking is usually 100% safe and 100% deniable.

Virtually all AMD CPUs, APUs since ~2013(?) have a PSP in it. Ryzen just does not have all the graphics related stuff like (obviously) GPU and UVD, VCE,...

Edit: There was this ask me stuff on reddit some time ago with Lisa Su and this topic was also brought up, even Snowden sent a tweet that this would be a good opportunity to release specs/sources around this PSP / Trust Zone construct. Well, at least it was brought to the attention. (On the other hand AMD is a bit between the chairs here, FOSS enthusiast users / privacy concerned people and on the other side media industry that wants something like this for DRM purposes - AND the "normal" "unaware" users that wouldn't understand why they can't play Netflix 4k "premium content" on a machine without all that HW-DRM crap. They'd just blame AMD and say AMD sucks cause we can't have Netflix 4K on it. People are somewhat oblivious to the backgrounds sometimes... so maybe AMD can open up the things or give "the community" tools and means to write their own "OS" for the PSP, or maybe produce some units without PSP at all. Question is also what else is PSP needed for e.g. during HW bringup?
end of Edit

I'm much for offloading things to ASICs than can support the main CPU and take some load off it (esp. useful on small machines) - but not fond of "someone" sitting at max. privileges (access to everything and SMM capable) and lowest ring in the heart of my computer, someone who is "smart" (a program with interfaces and connections) and whom I absolutely don't know. And this someone shall be the one whom I trust my crypto stuff? Meh. :-/

Well , i found on AMD website this:

"AMD Secure Processor is currently only available on select AMD A-Series and AMD E-Series APUs."

Found this note in here:
http://www.amd.com/en-us/innovations...ogies/security
" AMD Secure Processor (formerly “Platform Security Processor” or “PSP”) is a dedicated processor that features ARM TrustZone® technology, along with a software-based Trusted Execution Environment (TEE) designed to enable third-party trusted applications. AMD Secure Processor is a hardware-based technology which enables secure boot up from BIOS level into the TEE. Trusted third-party applications are able to leverage industry-standard APIs to take advantage of the TEE’s secure execution environment. Not all applications utilize the TEE’s security features. AMD Secure Processor is currently only available on select AMD A-Series and AMD E-Series APUs."

The graphics component, i understand, but if i understand it correctly, and excuse me otherwise, because english is not my native language, ryzen 1600 is not APU and as consequence, does not have psp?

Would be no problem to enable it on default and let privacy aware users disable it. They could easily decide between Netflix 4k and an acceptable hardware/software platform.
It doesn't really matter, what functionality of the PSP is really needed e.g. to even boot up the system. AMD should be offering exactly that minimal functionality and under a free license, keep all the rest.



It's outdated info. Because the bulldozer way didn't work out, they haven't been releasing CPUs for the last few years, only updated APUs. That's why only APUs had the PSP for a while. Now with Zen they have a new CPU architecture and every Zen-based product has the PSP. Search specifically through Zen presentations if looking for proof.

This stuff needs to be done with open source alghorithms otherwise it is completely pointless. This feature should be disabled by default.

I would already be happy if the UEFI settings panel option called "Enable/Disable PSP" in my laptop actually worked and didn't reset to "goddamn PSP enabled" even if I choose "disabled" and saved the changes.
(I assume that it was supposed to disable external interfaces for it, similar to other "disable Management Engine" BIOS/UEFI settings I've actually seen working)

how can any code running on proprietary cpu ever be trusted?

but this is anti-hacking feature, isn't it?

Not to mention that using a PSP/ME exploit to bypass the OS's security is much more scalable than rubber-hose cryptanalysis, which makes it much more appealing to cybercriminals and/or three-letter agencies.

Yes and no. It will make hacking harder for a few years while it is still new, then it will be pwnzored and since no firmware will be updated in already deployed systems it will become just another boring thing for hackers to look up in exploit databases.

Really, it must not last too long or the $next_great_security_feature won't have much appeal.