Announcement

Collapse
No announcement yet.

AMD laptops without "Platform Security Processor"

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AMD laptops without "Platform Security Processor"

    Hi, everyone.

    For security reasons, I'm looking for a laptop without the new "UEFI" type of BIOS. (That is, laptops that have neither Intel's "Management Engine (ME)" or AMD's "Platform Security Processor (PSP)" embedded in their motherboards: https://libreboot.org/faq.html#amd)

    And, when it comes to laptops with Intel CPUs, I was able to figure out that the latest ones to have been released with an old type of BIOS are the ones that come with "Core 2 Duo" processors.

    But, when it comes to laptops with AMD CPUs, because I'm not familiar with this line, I'm having a hard time figuring out what to look for...

    So, can anyone here (who knows about this subject) tell me which kind of AMD laptops should I look for?

  • #2
    [Deleted unimportant message about duplicate thread.]
    Last edited by Fernando Negro; 12-07-2017, 06:07 AM.

    Comment


    • #3
      First, I don't believe there is any connection between having a UEFI-style VBIOS and having a security processor, other than the fact the two changes happened at roughly the same time (although I believe UEFI happened a few years earlier).

      Trinity, Richland and Kabini were probably the last generations without security processors - look for APU codes like A*-4*** or A*-5***. I didn't think Kaveri (A*-7***) had PSP either (ie Carrizo and Beema/Mullins were first) but a lot of the online wikis seem to think it does, so grey area for now but will try to confirm.

      Don't buy into the panic too much though... everyone seems to assume that "whatever evil Intel is doing with ME AMD must be doing more evil with PSP because they're less evil in other places so they must be making up for it there" or something like that.

      Comment


      • #4
        Hello, bridgman.

        Well,

        I just found it too coincidental for motherboards to come with a new BIOS, with a whole new set of (extended) options, and for this to have happened at the same time that motherboards started coming with added processors and firmwares embedded in them. (After all, there have to be new hardware and firmware components on such motherboards, on which such new and extended options in the BIOS can operate on). And, looking for information about this, in the past, I was able to find the following description:

        "[Intel] Management Engine (which is a part of UEFI BIOS firmware)"
        --- https://fruct.org/publications/abstract20/files/Ogo.pdf

        (So, I can only deduce that the situation must be the same for AMD motherboards...)

        About the processors you mention,

        Thank you, very much, for your tips. (I will then look for more information about what you say.) But, trying to match already the information you gave me with the listed "Processor Types" that eBay lets me choose from, when I look for AMD laptops, I can't find a correspondence (https://www.dropbox.com/s/hg19f0cwnd...nshot_1of2.png + https://www.dropbox.com/s/4gvb2h1z27...nshot_2of2.png)... Is that because all the latest AMD laptops come with APUs (and not with separated CPUs and graphics cards anymore)?

        As for my security concerns,

        Unfortunately, they're very well-founded... Since that, not only do I happen to know how evil big corporations really are, and what their plans for complete surveillance are, but ever since I started fighting and exposing them, I've watched things like: a laptop of mine turning on on its own, in the middle of the night; comments of mine disappear on YouTube (https://www.youtube.com/watch?v=CMQXO_fXDcE); and a future blog post of mine being deleted *live* on Blogger (confirmedly, not because of any key I had pressed). So, I really want to be as careful as I can, with my computers, so that the same thing of "mysterious viruses" deleting important works on activists' computers, when they're about to be published, doesn't happen to me also (https://www.youtube.com/watch?v=u0j_SQ0W9mQ#t=9m21s).
        Last edited by Fernando Negro; 12-07-2017, 11:19 AM. Reason: Corrected spelling error. (My English is not perfect.)

        Comment


        • #5
          Whoa, that's the most useless pick list I have seen in a long time. It provides generational info for Intel but not for AMD.

          On the other hand I guess I'm a bit surprised the generation info made it into the Intel portion of the pick list. Normally part numbering schemes are designed to emphasise capability (eg i3 vs i5 vs i7 in CPUs, R5 vs R7 vs R9 in GPUs) and downplay the generational aspect, and that bias tends to show up in menus and pick lists as well.

          Security processor code can be stored in the SBIOS (CPU/APU) or VBIOS (dGPU) image but whether the BIOS is UEFI or not is orthogonal to whether or not a security processor is present. UEFI had simply become the dominant SBIOS model by the time security and maintenance processors started to be formalized.

          I'm sure you know this, but wake-on-LAN (probably how your laptop turned on in the middle of the night) and back doors into social media servers have both been around for a *lot* longer than security processors.
          Last edited by bridgman; 12-07-2017, 07:21 AM.

          Comment


          • #6
            Yes, I know about the "Wake-on-LAN" function already present in old BIOSes. (The incident that happened, of my laptop turning on on its own, was back in 2001, with a 56k dial-up connection.) This being the reason why I don't plan on plugging my laptop with a LAN cable to the Internet (and only use Wi-Fi).

            Je... It looks like I will have a really hard time looking for the type of AMD laptop that I want... Maybe I'll just look for the cheaper (that should also be the older) ones, and then *try* to check if their motherboards have the mentioned "Platform Security Processor (PSP)" or not.

            And, by the way, speaking also of other AMD motherboards,

            Can anyone tell me if this AMD desktop motherboard, for example - https://www.asus.com/us/Motherboards...pecifications/ - (that is still possible to buy new, and is not listed as having a new type of UEFI BIOS) has a "Platform Security Processor (PSP)" or not?

            Is there any way by which I can check for this, for any AMD motherboard?

            Comment


            • #7
              Might be of interest for you.
              https://hothardware.com/news/researc...-thanks-to-nsa
              Purism laptops
              https://puri.sm/products/
              Last edited by aht0; 12-07-2017, 11:39 AM.

              Comment


              • #8
                Hello, aht0.

                Concerning the first link,

                Thanks, but unfortunately I read that, not only (1) "following these steps could damage your PC", but also that (2) "you cannot completely turn this off"... :\

                Concerning the second link,

                Thank you also for sharing it. I've been aware of "Purism" laptops since they were launched. But, although they claim to disable Intel's ME, from what I know they come with newer-generation Intel CPUs, suspected of having possible 3G backdoors in them: https://trisquel.info/en/forum/secre...door-pc-access (There's no way of knowing this. But, the technology already exists to implement such backdoors in such newer-generation CPUs - and, I remember well seeing, a good number of years ago, laptops on sale that had this possibility of being remotely disabled.) Paranoid as I am, and this being a USA company, I even suspect the name "Purism" to be some sort of inside joke with "PRISM": https://en.wikipedia.org/wiki/PRISM_...llance_program)

                Comment


                • #9
                  Originally posted by Fernando Negro View Post
                  It looks like I will have a really hard time looking for the type of AMD laptop that I want... Maybe I'll just look for the cheaper (that should also be the older) ones, and then *try* to check if their motherboards have the mentioned "Platform Security Processor (PSP)" or not.
                  Once you get past the pick lists every laptop should include a mention of the specific processor, eg "A10-7850". Once you have that you can use the rules I provided earlier.

                  Note that "cheaper" often means "a smaller APU" (we have always had "large" and "small" APU chips) rather than "an older generation".

                  Originally posted by Fernando Negro View Post
                  Can anyone tell me if this AMD desktop motherboard, for example - https://www.asus.com/us/Motherboards...pecifications/ - (that is still possible to buy new, and is not listed as having a new type of UEFI BIOS) has a "Platform Security Processor (PSP)" or not?

                  Is there any way by which I can check for this, for any AMD motherboard?
                  AFAIK only server motherboards have maintenance processors on the mobo itself - for desktop and laptop any such processor would be in the CPU/APU.

                  Still not sure why you are lumping PSP and ME together, since they do have fairly different capabilities. PSP is more like Intel's TXE than like ME.

                  Comment


                  • #10
                    AMD's PSP now supposedly possible to be disabled
                    https://www.phoronix.com/forums/foru...esa#post994165

                    Look into Xeon's if they have builtin ME in CPU. If not, there are certain consumer (gaming and workstation) boards that can run Xeon processors. Gaming boards because quite a few gamers bought Xeon processors - which came cheaper than equivalent i7's and some OEM board manufacturers picked up on the trend and started providing gaming boards sporting C-series chips normally not found on such boards.
                    Last edited by aht0; 12-08-2017, 02:44 AM.

                    Comment

                    Working...
                    X