AMD To Expose More PSP Security Information Under Linux, Including State Of CPU Fuses

Written by Michael Larabel in AMD on 30 March 2022 at 07:00 AM EDT. 3 Comments
AMD
Right now under Linux it isn't quick and easy to figure out if the likes of (Transparent) Secure Memory Encryption are enabled and working but a new patch series will more easily expose the security attributes of the AMD Platform Security Processor (PSP) to users on Linux. Among the information to be exposed will also include whether the CPU is fused in the name of tampering prevention.

AMD Linux engineer Mario Limonciello has been working on a patch series for exporting various AMD PSP security attributes under Linux and exposing that information to user-space via sysfs.


Among the information to be exposed via sysfs includes whether the CPU/APU is a fused part to prevent tampering but limits the CPU to working in certain system vendor motherboards (Platform Secure Boot) with effectively vendor-locking that given part. The sysfs information also indicates whether the CPU/APU is unlocked for debugging purposes, the TSME state, whether the PSP is enforcing rollback protection, the status of the Replay Protected Monotonic Counter (RPMC), whether the HSP TPM is acxtivated, and whether RomArmor SPI protection is enforced. This work is only about reporting the state of these various PSP features and doesn't allow altering their value/behavior.

This current patch series allows the ability to detect Secure Memory Encryption (SME) and Transparent Secure Memory Encryption (TSME) too and possibly expanding that in the future so both wouldn't be redundantly enabled at the same time, but now at least the user will know.


The AMD PSP information will be exported under /sys/bus/pci/devices/. This information reporting is being handled by AMD's CCP (Crypto Co-Processor) driver. This patch series thus also now allows the AMD CCP Linux driver to load even for CPUs without SEV/TEE. AMD's Platform Security Processor is the Arm core inserted onto the CPU die with on-chip firmware that is responsible for various security responsibilities on Ryzen and EPYC systems.

For now the patches are on the kernel mailing list while hopefully they will be readied in time for the v5.19 cycle this summer for this useful AMD PSP information reporting.
3 Comments
Related News
AMD Posts QDMA Linux Driver For Review
AMD EDAC Linux Driver Being Extended To Support Ryzen 7000 Series CPUs
AMD CPU "k10temp" Linux Driver Updated To Report Negative Temperatures
AMD Launches Ryzen 7020 C-Series - Continues Pushing Zen 2 For Chromebooks
AMD Has A One-Liner To Help Speed Up Linux System Resume Time
New Patches Extend AMD EDAC Linux Driver For Data Center GPUs
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
AMD Has A One-Liner To Help Speed Up Linux System Resume Time
CodeWeavers Now Controlled By An Employee Ownership Trust
LLVM's libc Gets Much Faster memcpy For RISC-V
Intel Publishes "X86-S" Specification For 64-bit Only Architecture
Podman Desktop 1.0 Released As An Alternative To Docker Desktop
KDE Begins Laying The Groundwork For HDR Support, Wayland Color Management
Mesa "Terakan" Driver Aims To Provide Vulkan Support For Old Radeon HD 6000 Series
Those Using The XFS File-System Will Want To Avoid Linux 6.3 For Now