Announcement

Collapse
No announcement yet.

AMD PSP Affected By Vulnerability

Collapse
X
Collapse
 
  • Page of 9
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 9 template Next
  • #11
    Originally posted by artivision View Post

    If someone knows, is there anything like ARM Trustzone (DRM obfuscation) inside Intel and AMD processors? Also AMD said years before that they will have enthusiast platform without all this stuff, there is no point deactivate them if some day half the web pressures you to reactivate it (in order to have access). Also is there anyone European who thinks that this is the time for legal action?
    arm trustzone is inside amd PSP.
    and as an european i dont see any legal action to do, but if anything can be done it will be known by the FSF
    • Likes 2

    Comment

    • #12
      Originally posted by artivision View Post
      If someone knows, is there anything like ARM Trustzone (DRM obfuscation) inside Intel and AMD processors?
      AMD PSP is an ARM processor with TrustZone, embedded in the CPU die.

      Also AMD said years before that they will have enthusiast platform without all this stuff, there is no point deactivate them if some day half the web pressures you to reactivate it (in order to have access).
      End-user configuration options are a thing. Just as I can enable or disable VT-x or SecureBoot or whatever, I should be able to enable/disable this "security" feature. As simple as that.

      Also is there anyone European who thinks that this is the time for legal action?
      Still too soon. Given current trends we are looking at least to a few years and a few more vulns being discovered.
      • Likes 7

      Comment

      • #13
        At least on my Gigabyte B350 board the fTPM is disabled by default. It got an update last month which opened up a whole new menu of AMD stuff which I haven't had time to properly look through, it'll be interesting to see what I can mess with there.
        • Likes 1

        Comment

        • #14
          Originally posted by oooverclocker View Post
          I am completely intolerant to security risks
          How are you using a modern computer that's filled with firmware-driven CPUs with DMA? All of your peripherals like NICs, HDD/SSDs have ROM and RAM with powerful embedded CPUs. Unless you have a rare board with correctly working IOMMU all of them can compromise your computer. There have been attacks on the HDD firmware and they found that you can pretty much run anything you want there (https://spritesmods.com/?art=hddhack). Network cards have been compromised a number of times (like http://esec-lab.sogeti.com/static/pu...rse_slides.pdf).

          All in all modern computers are so complex that they've become sophisticated clusters of different architectures, firmwares and black boxes. All of them developed with cost-cutting measures usually sacrificing security. And it's going to get worse as time goes on
          • Likes 11

          Comment

          • #15
            We really need open hardware... All these security issues are way too much.
            • Likes 10

            Comment

            • #16
              Originally posted by cb88 View Post
              ARM Trustzone that AMD licenses is actually good... as it is a product ARM sells entirely on the basis of it's security...
              And Intel wants us to be convinced that ME is secure. There have been successful attacks on TrustZone (like https://blog.acolyer.org/2017/09/21/...gy-management/) as well.

              • Likes 4

              Comment

              • #17
                I find it funny that so many want to blame big government for these management engines. From what I've seen the demand comes from big industry, specifically big IT teams too lazy to walk over to a server to hit the reset button.

                For the hard working IT team members that do get off their asses from time to time im sorry but the general laziness and the desire for remote management has driven these features into these processors. That is server side lets not even get into the crap the corporate world installs on user machines. The more im exposed to the world of the IT worker the less impressed i am.

                So while some blame goes with the chip manufactures it is really the big technology firms that have screwed over the industry with their demands for remote (lazy) management of their computing machinery.
                • Likes 1

                Comment

                • #18
                  Originally posted by davidbepo View Post
                  in the latest agesa there is an option to disable PSP so dont worry
                  Doesn't work that way. The PSP is still active and still a threat, because PSP is integral to platform startup; a single UEFI exploit that might be relatively harmless on its own can inject a persistent rootkit affecting the OS and hypervisor via this kind of issue. And the upgrade won't protect against that either; the PSP on these systems is permanently vulnerable to a downgrade attack, also potentially via UEFI.

                  This is nothing short of the complete breakage of the AMD platform security model, and one I predicted would happen as soon as the PSP was made mandatory. The whole concept of a "God-mode" processor with full system access and signed magic firmware is flawed; this was just a matter of time.
                  • Likes 7

                  Comment

                  • #19
                    Originally posted by R41N3R View Post
                    We really need open hardware... All these security issues are way too much.
                    Openness is good but not a silver bullet. How long did it take for all those "eyes that look at the code" to notice Shellshock in Bash or Heartbleed in OpenSSL?

                    Security is a constant process that in the eyes of businesses has no tangible benefits yet generates costs. If it's done correctly nothing happens. If it's done badly then you have a chance for bad things to happen. It's easier to just not care about security until you get compromised... sadly.

                    • Likes 3

                    Comment

                    • #20
                      Originally posted by R41N3R View Post
                      We really need open hardware... All these security issues are way too much.
                      The problem is we as individuals have little influence here. The big corporations are the drivers for this technology. It is no surprise at all that a Google researcher found this issue as they have some of the most massive server farms out there. Remote management is very important to them and many other similar technology firms.

                      So how does one create influence when you might have one or a couple of servers deployed and Google (and many others) have tens of thousands of servers deployed. You would have to get a 100,000 IT professionals to band together to demand a removal of this tech. Even if you could get a 100,000 to agree to the need you would still have to overcome the massive influence of the corporate world that does give a damn about your server rack with 3 machines in it.

                      Comment

                      Previous 1 2 3 4 5 9 template Next
                      Working...
                      X