I hate to say it, but I TOLD YOU SO.

The PSP is no better than intel ME and BOTH NEED TO GO NOW!

I wouldn't say they need to go. Having some "security processor" is required for cool features like memory encryption in Ryzen or remote control (many customers want that). All that we really need is to reliably disable it if we don't want those features, so it's not accessible (at all) from network, UEFI, OS, ...

I'd say that while (obviously) control processors are needed, the concept of a single "God-mode" processor that controls everything on the system via vendor-signed and vendor-controlled proprietary firmware is flawed. For example, with POWER9, IBM broke up all the functionality baked into something like the ME/PSP into a bunch of little processors (PPEs [1]) that basically do one task each. Breaking one doesn't get you full control of the system, and you can alter the firmware on any of them provided you have the appropriate access level (think board level jumpers and/or your preprogrammed signing keys for that particular system, depending on how you configure the security hardware).

[1] https://wiki.raptorcs.com/wiki/PPE

Not good enough. Make them optional as hardware. Create separate line for the fools that want to be hacked. Don't push it down everyone's throat. And yes, I know how expensive that would be, let those that want it pay the bill.

AMD reported via email to us now that this vulnerability isn't subject to remote code execution.

chuckula,

Same thing here. This new type of controlling hardware (Intel's ME, and AMD's PSP) are (to me also) clearly features that were built in order to let the "powers-that-be" remotely manage our computers. So that things like this - https://www.youtube.com/watch?v=ASQcEgnZ8xo#t=9m21s - can be made.

(And, there are indications of the same thing happening with operating systems: https://www.heise.de/tp/features/How...s-3444341.html + https://www.computerworld.com/articl...velopment.html)

There's no security justification for a PSP or similar hardware (they're logically counterproductive). To the contrary, what this represents (as it has began to be proven - more noticeably with Intel's hardware) is clearly an enormous security risk: https://www.phoronix.com/forums/foru...323#post994323 (And, computers worked fine, before this new type of hardware was added.)

oooverclocker,

Even if you "disable" or "deactivate" the PSP in AMD CPUs, a virus/Trojan/malware can always activate it again, and alter the BIOS to make the BIOS tell you that it's still deactivated... (So, no matter what you do, this security risk is always present.)

This new type of hardware is the reason why Russia has already started developing its own computers: https://sputniknews.com/military/201...icroprocessor/

And, I'm with you, concerning the choices that we, as consumers, should make (I always try to buy Free Software-compatible hardware). Let's see what happens, in the near future...

What rationalization? (I'm honestly curious what you think is going on inside my head.)

I've been buying AMD since I became aware of them as an option (2007. I wasn't very hardware-aware in my youth.) because of the various nasty things Intel has done in the past (screwing AMD over in their "borrow your fabs to meet 386 demand in echange for a piece of the 486 pie" deal, trying to undermine the OLPC XO with an objectively inferior x86-based device, etc.) but there's a limit to how much I'm willing to sacrifice on my own part to support a company that makes more ethical decisions.

nVidia now uses signed firmware while AMD drivers have been getting good, so I'll go for a discrete AMD GPU when my nVidia GeForce GTX750 dies.

Both AMD and Intel have Ring -3 cores running proprietary software, so my choice is to either buy something old (only AMD has stuff recent enough to satisfy) or buy something that can be neutered (me_cleaner only supports Intel currently).

If I can only afford one machine, I'll buy an Intel CPU so I can have good single-thread performance for my emulators. If I can find room in my budget to buy two, I'll put a pre-PSP Opteron on my work desk and an Intel in my gaming nook. Either way, I'll make use of me_cleaner on the Intel chip.

did you miss comment telling you that psp can be disabled?

Given that, AFAIR, my ThinkPad BIOS had an option to enable/disable Intel ME feature(s), and a prior message here with supported docuementation that Motherboard manufacturers control Intel ME, wouldn't the onus fall on OEM companies rather than on Intel or AMD to provide this within the BIOS?


Alternatively, based on https://www.theinquirer.net/inquirer...owered-laptops, Purism's use of coreboot has allowed them to devise a method to disable Intel ME entirely.

News flash: it can't be disabled. Try not to believe every "fact" you hear online. AMD's own manuals show the PSP must run even before the system can start up its main (i.e. "user") x86 cores.

azdaha same with the ME. Sorry. Purism was wrong on this and they've said so publicly. me must run or no boot! :-)