So let me ask you this, where do you think the code that the PSP runs comes from? What is it? It's basically ARM binaries. As in 1s and 0s that take up some amount of capacity. You can't just wipe everything. It had to have been written somewhere. And that fact alone most definitely makes this detectable.

People like you and me are a drop in the ocean as compared with the big IT departments that buys computers in 100k bulk per set. Also putting "secure XXX" on the box sells more items, few people know what these things are.

Where you two did confuse each other is that if PSP or IME was fused off then the entire CPU would be dead so Intel and AMD cannot do this like they can with dead cores, reduced ram and/or cpu speed and so on.

They already do fabricate different dies for different products. I really dont understsnd your position. Dies can infact change from mobile to desktop to server. Sometimes dies get reused such that a desktop chip ends up in a server. However that foesn't mean that unique server dies dont exist.

When it comes to mass produced chips economics pretty much demands custom dies per product. Case in point Apples A series chips wherethe X variants are obviously different dies than the non X variants.

In the end every square mm of space costs money. Fusing off functionality is more about managing defects than anything ekse.

If I replace "Ryzen" with "Core i7", and "AMD" with "Intel", would this also not be a gaping security hole for the blue team?

Physical access for hardware is game over, whether it's AMD or Intel. I would not be surprised if firmware-level exploits for Intel ME exist, and if government or large agencies intercept shipments of Intel boards and embed Intel ME malware before sending it on. Does this then not warrant the same level of fearmongering for Intel, or should AMD be singled out for reasons other than "we want to short its stock"?

In fact it's an other way around. Intel was criticized for IME almost on daily basis for few good years now. Almost each bug discovered in IME (if not all) required admin or physical access to hardware, which didn't stop anyone from attacking Intel and didn't stop Intel from taking these bugs seriously. At the same time AMD somehow managed to stay under the radar with it's security solution. But once bugs, similar to Intel's bugs, were discovered it suddenly became non-critical, and the whole blame was directed to the the company discovered the bugs. Can't you see any bias here...?

They did discover vulnerabilities. The fact that to exploit them you need to use other vulnerabilities does not make any subsequent vulnerability not a vulnerability.

What they did is blow pretty low-danger vulnerabilities out of proportion.

When the first flaw in the PSP was discovered in January, no one blamed the company which discovered it, and AMD did receive the same kind of flak Intel had been receiving before. It's just that the discovery of the first flaw was made by a reputable company that followed the industry standards of disclosure. Said company also didn't blow the discovered vulnerability out of proportion or do any of the other scummy things CTS Labs and Viceroy did.

So there's no bias here. There's just two very, very scummy companies (CTS and Viceroy), that's why the reaction to these flaws is so very different.

True, but their were actually people on the internet who kept dismissing this as fake news and asking the site they replied on to delete the CTS-Labs news.

I am so tempted now Will wait until the next AMD hoopla :P

Physical access for hardware could be game over, but their could also be ways to reset it. Physical access to PSP, on the other hand, is not resettable and people can do stuff remotely after successfully exploiting this. One-time access to physical hardware, besides the reset part, means you can only do something to the computer once, but once the computer is reset, you have no access anymore. That's why the PSP exploit is way worse when there's physical access to hardware, 'cause you can do more damage over a long period of time.

Besides, it's worse for second-hand hardware. If you want to be sure that there's nothing left on the second-hand system, you can reinstall the OS, reset the BIOS, etc. But how do you know if the PSP has been exploited or not (besides the fact that you can't reset it)? Trust level for second-hand hardware = 0 thanks to this. And the same goes for Intel ME.