The PSP on amd GPUs is good for Digital Rights Management and damn near nothing else. It's even more useless than the PSP built into their CPUs.

Michael

This might interest you.



Sorry for being off topic.

the real big AMD news is this:

"AMD reports numerous security gaps in processors
AMD has published security notices about vulnerabilities in various processors. Firmware updates are intended to improve them. AMD has published several security notices in which the company addresses security gaps in the processors and their firmware. Some of the vulnerabilities allow attackers to inject and execute malicious code on systems with high privileges. Firmware updates should close the gaps. However, motherboard and computer manufacturers must include these in their BIOS versions and distribute them to end customers.
A security notice from AMD affects various general purpose processors. Four vulnerabilities allow you to access flash memory connected via SPI in different ways and fill it with your own content - usually the BIOS is in the SPI flash and can be manipulated in this way. This allows attackers to inject and execute their own code. In doing so, they gain the highest rights. The associated CVE entries are CVE-2023-20576, CVE-2023-20577, CVE-2023-20579, and CVE-2023-20587. AMD classifies the risk as “high” for everyone. AMD lists various processors as affected. For example, the EPYC CPUs from the first to the fourth generation intended for data centers, desktop CPUs Ryzen from the 3000 to 7000 series, Threadripper from the 3000 and 5000 series as well as the mobile processors from the Athlon 3000 series and Mobile Ryzen 3000 series. up to 7000m. AMD also counts embedded processors from the EPYC and Ryzen brands among the vulnerable CPUs. Not all processors mentioned are vulnerable to all four vulnerabilities at the same time. The security notification lists firmware blobs with version numbers for the different CPUs that manufacturers can integrate into their BIOS. AMD reports significantly more than a handful of security gaps in its embedded processors . Some date back a long time, around 2020, and concern the AMD Platform Security Processor (PSP), which is now called AMD Secure Processor (ASP). Security holes in the drivers or kernel can allow attackers to increase their rights. In addition to these two, there are five other vulnerabilities classified as high risk that allow malicious actors to escalate their privileges or execute arbitrary program code. Here, too, not every embedded processor is affected by every security vulnerability listed. AMD also provides firmware blobs to seal security leaks.

In addition , AMD reports that the Ultrascale and Ultrascale+ FPGAs that use RSA authentication without encryption or without forced encryption using the eFUSE register set can be loaded by attackers with arbitrary data streams without generating an authentication error message (CVE-2023- 20570, risk "medium"). A design recommendation is intended to reduce the risk.
Somewhat more exotic are gaps in the Secure Encrypted Virtualization and Secure Nested Paging (SEV-SNP) firmware. A vulnerability allows attackers with elevated privileges to access (outdated) data from other guest systems (CVE-2023-31346, medium) or to display an incorrect Time Stamp Counter (TSC) for a guest system when a secure TSC has actually been activated - this can be done Violating Guest System Integrity (CVE-2023-31347, Low). Users with AMD systems should check whether the manufacturer of their system provides BIOS updates and install them if they are available. In August last year, Intel and AMD discovered several security gaps in their processors . Microcode and firmware updates should help against this. Even back then, motherboard and PC builders had to create their own BIOS updates and distribute them so that end users were protected from them.

Update: Some manufacturers of servers, desktop PCs and notebooks are now already providing BIOS updates"

Michael

Some BIOS updates are ready.