AMD To Expose More PSP Security Information Under Linux, Including State Of CPU Fuses

Written by Michael Larabel in AMD on 30 March 2022 at 07:00 AM EDT. 3 Comments
AMD
Right now under Linux it isn't quick and easy to figure out if the likes of (Transparent) Secure Memory Encryption are enabled and working but a new patch series will more easily expose the security attributes of the AMD Platform Security Processor (PSP) to users on Linux. Among the information to be exposed will also include whether the CPU is fused in the name of tampering prevention.

AMD Linux engineer Mario Limonciello has been working on a patch series for exporting various AMD PSP security attributes under Linux and exposing that information to user-space via sysfs.


Among the information to be exposed via sysfs includes whether the CPU/APU is a fused part to prevent tampering but limits the CPU to working in certain system vendor motherboards (Platform Secure Boot) with effectively vendor-locking that given part. The sysfs information also indicates whether the CPU/APU is unlocked for debugging purposes, the TSME state, whether the PSP is enforcing rollback protection, the status of the Replay Protected Monotonic Counter (RPMC), whether the HSP TPM is acxtivated, and whether RomArmor SPI protection is enforced. This work is only about reporting the state of these various PSP features and doesn't allow altering their value/behavior.

This current patch series allows the ability to detect Secure Memory Encryption (SME) and Transparent Secure Memory Encryption (TSME) too and possibly expanding that in the future so both wouldn't be redundantly enabled at the same time, but now at least the user will know.


The AMD PSP information will be exported under /sys/bus/pci/devices/. This information reporting is being handled by AMD's CCP (Crypto Co-Processor) driver. This patch series thus also now allows the AMD CCP Linux driver to load even for CPUs without SEV/TEE. AMD's Platform Security Processor is the Arm core inserted onto the CPU die with on-chip firmware that is responsible for various security responsibilities on Ryzen and EPYC systems.

For now the patches are on the kernel mailing list while hopefully they will be readied in time for the v5.19 cycle this summer for this useful AMD PSP information reporting.
3 Comments
Related News
GCC 14 Adds "GFX90C" For OpenMP Offloading To APUs With GFX9/Vega Graphics
New AMD Linux Patch Acknowledges More Zen 5 CPU Models
AMD Prepping Fixes & Enhancements For P-State CPUFreq Driver
AMD SEV-SNP Hypervisor Support Nears The Mainline Linux Kernel
AMD Announces Versal Gen 2 Adaptive SoCs - AI Focused & Newer Arm Cores
SolidRun Launches Bedrock R8000 As First Industrial PCs With Ryzen Embedded 8000 Series
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Fedora Linux 40 Available For Download As A Wonderful Upgrade
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"
GNU Portability Library's Tool Rewritten In Python For 8~100x Better Performance
Godot's Vulkan Backend Seeing Better Performance, 10~20% Reduction In Frame Times
GNOME Working To Make Key Rack A Viable Password Manager, Better Printing For Flatpaks
Systemd 256-rc1 Brings A Huge Number Of New Features