Announcement

Collapse
No announcement yet.

Linux 5.6 Adds TEE For AMD's Secure Processor To Run "Trusted Applications" On Raven APUs

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux 5.6 Adds TEE For AMD's Secure Processor To Run "Trusted Applications" On Raven APUs

    Phoronix: Linux 5.6 Adds TEE For AMD's Secure Processor To Run "Trusted Applications" On Raven APUs

    Last month I wrote about AMD working on TEE driver support to load "trusted applications" onto the AMD Secure Processor under Linux. That work is now queued for introduction with Linux 5.6 and wired through for Raven Ridge APUs...

    http://www.phoronix.com/scan.php?pag...AMD-Secure-TEE

  • #2
    Considering AMD financial state for almost a decade it is no surprise that they focus on kernel work they are likely getting paid for. If the good fortunes they have experienced for the last year or so continue, then we might expect wider open source support. We should be happy that Google is helping them out, every little bit keeps AMD in business.

    Comment


    • #3
      I hate this HDCP and DRM stuff, and it looks like every year it is getting more and more. This is really worrisome.

      Comment


      • #4
        Originally posted by uid313 View Post
        I hate this HDCP and DRM stuff, and it looks like every year it is getting more and more. This is really worrisome.
        Commercialism and capitalism at it's "finest". People want to watch Netflix et al on Linux, so you have DRM. There's no room for compromise there.

        I think we need more tools to block "trusted" applications from running in "secure" enclaves like this. My laptop has a firmware tick mark to disable Intel's SGX, but I'm reasonably sure not all PCs have that option. Is there a kernel boot time kernel option to disable SGX and AMD's equivalent? If not, that's certainly a security nightmare waiting to happen. Malicious programs can use "secure enclaves" just as easily as the person at the keyboard.

        Comment


        • #5
          It's just for the media/content mafia. They "require" fTPM so everything stays encrypted from end to end, so the media stream can't be intercepted / read in cleartext at any time. (I wish they'd have done this lot of work when it comes to "official state/public office<->citizen e-mail" systems, where gov's just wouldn't want end-to-end encryption... you wonder why.)
          Nobody else would think an unauditable blackbox is a good place to offload your encryption workload.
          Acceleration or not, it's not like some universal programmable bare "metal" (half-metal) unit that will just calculate, it's a whole black box system with a complete OS that will swallow your sensitive data, keys, whatever and do something you can't see or know with it and then spit it back out.
          Thanks, but no thanks!
          Stop TCPA, stupid software patents and corrupt politicians!

          Comment


          • #6
            I'm not that sure how all this CPU firmware & microcode works, but after being reminded of TEE tech (both AMD and Intel) by this article I'm now wondering:

            If these not-widely-audited, closed, secret "secure processors" within modern AMD64 instruction set CPUs can have third party code loaded into them using standard OS interfaces accessible merely by a process running with the right privileges and these "secure processors" can bypass all Kernel security/privilege systems to access hardware more directly then surely a malware writer (think a bit bigger than a teenager in mum's basement), could write extremely powerful malware that the kernel is completely blind to that is made to run on the "secure processor" using the TEE interfaces as an entry point.

            Comment


            • #7
              Hopefully kernel 5.6 fixes the trash stability of Raven Ridge that began with 5.4. Full system lockups, fine on 5.3.

              Comment

              Working...
              X