AMD Platform Security Processor

Last updated
AMD Platform Security Processor settings in an UEFI configuration screen. InsydeH2O UEFI AMD PSP screenshot.jpg
AMD Platform Security Processor settings in an UEFI configuration screen.

The AMD Platform Security Processor (PSP), officially known as AMD Secure Technology, is a trusted execution environment subsystem incorporated since about 2013 into AMD microprocessors. [1] According to an AMD developer's guide, the subsystem is "responsible for creating, monitoring and maintaining the security environment" and "its functions include managing the boot process, initializing various security related mechanisms, and monitoring the system for any suspicious activity or events and implementing an appropriate response". [2] Critics worry it can be used as a backdoor and is a security concern. [3] [4] [5] AMD has denied requests to open source the code that runs on the PSP. [1]

Contents

Details

The PSP itself represents an ARM core (ARM Cortex-A5) with the TrustZone extension which is inserted into the main CPU die as a coprocessor. The PSP contains on-chip firmware which is responsible for verifying the SPI ROM and loading off-chip firmware from it. In 2019, a Berlin-based security group discovered the off-chip firmware in ordinary UEFI image files (the code that boots up the operating system), which meant that it could be easily analyzed. By using a few hand-written Python-based tools, they found that the off-chip firmware from the SPI ROM contained an application resembling an entire micro operating system. [6] [7] [8] Investigation of a Lenovo ThinkPad A285 notebook's motherboard flash chip (stores UEFI firmware) revealed that the PSP core itself (as a device) is run before the main CPU and that its firmware bootstrapping process starts just before basic UEFI gets loaded. They discovered that the firmware is run inside in the same system's memory space that user's applications do with unrestricted access to it (including MMIO) raising concerns over data safety. [6] [7] [8] Because PSP is the chip that decides whenever the x86 cores will run or not, it is used to implement hardware downcoring, specific cores on the system can be made permanently inaccessible during manufacturing. The PSP also provides a random number generator for the RDRAND instruction [9] and provides TPM services.

Boot process

The PSP is an integral part of the boot process, without which the x86 cores would never be activated.

On-chip phase
Firmware located directly on the PSP chip sets up the ARM CPU, verifies the integrity of the SPI ROM, using various data structures locates the off-chip firmware (AGESA) from the SPI ROM, and copies it over to internal PSP memory.
Off-chip phase
The loaded off-chip modules will initialize DRAM and perform platform initialization. Using the previous data structures the off-chip firmware finds UEFI firmware within the SPI ROM and copies it over to DRAM, it may perform additional verification steps and if the system is deemed secure, it will release the x86 cores from their reset state, thus starting UEFI firmware.

Reported vulnerabilities

In September 2017, Google security researcher Cfir Cohen reported a vulnerability to AMD of a PSP subsystem that could allow an attacker access to passwords, certificates, and other sensitive information; a patch was rumored to become available to vendors in December 2017. [10] [11]

In March 2018, an Israeli IT security company reported a handful of allegedly serious flaws related to the PSP in AMD's Zen architecture CPUs (EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile) that could allow malware to run and gain access to sensitive information. [12] AMD announced firmware updates to handle these flaws. [13] [14] Their validity from a technical standpoint was upheld by independent security experts who reviewed the disclosures, although the high risks claimed by CTS Labs were dismissed, [15] leading to claims that the flaws were published for the purpose of stock manipulation. [16] [17]

See also

Related Research Articles

<span class="mw-page-title-main">AMD</span> American multinational semiconductor company

Advanced Micro Devices, Inc. (AMD) is an American multinational corporation and semiconductor company based in Santa Clara, California, that develops computer processors and related technologies for business and consumer markets.

<span class="mw-page-title-main">Southbridge (computing)</span> One of the two chips in the core logic chipset architecture on a PC motherboard

The southbridge is one of the two chips in the core logic chipset on older personal computer (PC) motherboards, the other being the northbridge. As of 2023, most personal computer devices no longer use a set of two chips, and instead have a single chip acting as the 'chipset', for example Intel's Z790 chipset.

<span class="mw-page-title-main">UEFI</span> Operating system and firmware specification

Unified Extensible Firmware Interface is a specification that defines the architecture of the platform firmware used for booting the computer hardware and its interface for interaction with the operating system. Examples of firmware that implement the specification are AMI Aptio, Phoenix SecureCore, TianoCore EDK II, InsydeH2O. UEFI replaces the BIOS which was present in the boot ROM of all personal computers that are IBM PC compatible, although it can provide backwards compatibility with the BIOS using CSM booting. Intel developed the original Extensible Firmware Interface (EFI) specification. Some of the EFI's practices and data formats mirror those of Microsoft Windows. In 2005, UEFI deprecated EFI 1.10.

coreboot Open-source computer firmware

coreboot, formerly known as LinuxBIOS, is a software project aimed at replacing proprietary firmware found in most computers with a lightweight firmware designed to perform only the minimum number of tasks necessary to load and run a modern 32-bit or 64-bit operating system.

<span class="mw-page-title-main">Multi-chip module</span> Electronic assembly containing multiple integrated circuits that behaves as a unit

A multi-chip module (MCM) is generically an electronic assembly where multiple integrated circuits, semiconductor dies and/or other discrete components are integrated, usually onto a unifying substrate, so that in use it can be treated as if it were a larger IC. Other terms for MCM packaging include "heterogeneous integration" or "hybrid integrated circuit". The advantage of using MCM packaging is it allows a manufacturer to use multiple components for modularity and/or to improve yields over a conventional monolithic IC approach.

System Management Mode is an operating mode of x86 central processor units (CPUs) in which all normal execution, including the operating system, is suspended. An alternate software system which usually resides in the computer's firmware, or a hardware-assisted debugger, is then executed with high privileges.

Insyde Software is a company that specializes in UEFI system firmware and engineering support services, primarily for OEM and ODM computer and component device manufacturers. They are listed on the Gre Tai Market of Taiwan and headquartered in Taipei, with offices in Westborough, Massachusetts, and Portland, Oregon. The company's market capitalization of the company's common shares is currently around $115M.

<span class="mw-page-title-main">AMD APU</span> Series of microprocessors by AMD

AMD Accelerated Processing Unit (APU), formerly known as Fusion, is a series of 64-bit microprocessors from Advanced Micro Devices (AMD), combining a general-purpose AMD64 central processing unit (CPU) and 3D integrated graphics processing unit (IGPU) on a single die.

AMD Generic Encapsulated Software Architecture (AGESA) is a procedure library developed by Advanced Micro Devices (AMD), used to perform the Platform Initialization (PI) on mainboards using their AMD64 architecture. As part of the BIOS of such mainboards, AGESA is responsible for the initialization of the CPU cores, chipset, main memory, and the HyperTransport controller.

AMD Excavator Family 15h is a microarchitecture developed by AMD to succeed Steamroller Family 15h for use in AMD APU processors and normal CPUs. On October 12, 2011, AMD revealed Excavator to be the code name for the fourth-generation Bulldozer-derived core.

<span class="mw-page-title-main">Intel Management Engine</span> Autonomous computer subsystem

The Intel Management Engine (ME), also known as the Intel Manageability Engine, is an autonomous subsystem that has been incorporated in virtually all of Intel's processor chipsets since 2008. It is located in the Platform Controller Hub of modern Intel motherboards.

Zen is the codename for a family of computer processor microarchitectures from AMD, first launched in February 2017 with the first generation of its Ryzen CPUs. It is used in Ryzen, Ryzen Threadripper, and Epyc (server).

<span class="mw-page-title-main">Zen (first generation)</span> 2017 AMD 14-nanometre processor microarchitecture

Zen is the codename for the first iteration in a family of computer processor microarchitectures of the same name from AMD. It was first used with their Ryzen series of CPUs in February 2017. The first Zen-based preview system was demonstrated at E3 2016, and first substantially detailed at an event hosted a block away from the Intel Developer Forum 2016. The first Zen-based CPUs, codenamed "Summit Ridge", reached the market in early March 2017, Zen-derived Epyc server processors launched in June 2017 and Zen-based APUs arrived in November 2017.

<span class="mw-page-title-main">Zen 2</span> 2019 AMD 7-nanometre processor microarchitecture

Zen 2 is a computer processor microarchitecture by AMD. It is the successor of AMD's Zen and Zen+ microarchitectures, and is fabricated on the 7 nm MOSFET node from TSMC. The microarchitecture powers the third generation of Ryzen processors, known as Ryzen 3000 for the mainstream desktop chips, Ryzen 4000U/H and Ryzen 5000U for mobile applications, as Threadripper 3000 for high-end desktop systems, and as Ryzen 4000G for accelerated processing units (APUs). The Ryzen 3000 series CPUs were released on 7 July 2019, while the Zen 2-based Epyc server CPUs were released on 7 August 2019. An additional chip, the Ryzen 9 3950X, was released in November 2019.

<span class="mw-page-title-main">Ryzen</span> AMD brand for microprocessors

Ryzen is a brand of multi-core x86-64 microprocessors designed and marketed by Advanced Micro Devices (AMD) for desktop, mobile, server, and embedded platforms based on the Zen microarchitecture. It consists of central processing units (CPUs) marketed for mainstream, enthusiast, server, and workstation segments and accelerated processing units (APUs) marketed for mainstream and entry-level segments and embedded systems applications.

<span class="mw-page-title-main">Epyc</span> AMD brand for server microprocessors

Epyc is a brand of multi-core x86-64 microprocessors designed and sold by AMD, based on the company's Zen microarchitecture. Introduced in June 2017, they are specifically targeted for the server and embedded system markets.

Transient execution CPU vulnerabilities are vulnerabilities in a computer system in which a speculative execution optimization implemented in a microprocessor is exploited to leak secret data to an unauthorized party. The archetype is Spectre, and transient execution attacks like Spectre belong to the cache-attack category, one of several categories of side-channel attacks. Since January 2018 many different cache-attack vulnerabilities have been identified.

<span class="mw-page-title-main">Zen 4</span> 2022 AMD 5-nanometer processor microarchitecture

Zen 4 is the codename for a CPU microarchitecture designed by AMD, released on September 27, 2022. It is the successor to Zen 3 and uses TSMC's N6 process for I/O dies, N5 process for CCDS, and N4 process for APUs. Zen 4 powers Ryzen 7000 mainstream desktop processors, Ryzen 8000G series mainstream desktop APUs, and Ryzen Threadripper 7000 series HEDT and workstation processors. It is also used in extreme mobile processors, thin & light mobile processors, as well as EPYC 8004/9004 server processors.

References

  1. 1 2 Williams, Rob (2017-07-19). "AMD Confirms It Won't Opensource EPYC's Platform Security Processor Code". This chip is found on most AMD platforms from 2013 on, and behaves much like Intel's Management Engine does [...] The rather blunt realization that PSP wasn't being open sourced came out during a discussion with AMD top brass about EPYC.
  2. "BIOS and Kernel Developer's Guide (BKDG) for AMD Family 16h Models 30h-3Fh Processors" (PDF). AMD. 2016. p. 156.
  3. Martin, Ryan (July 2013). "Expert Says NSA Have Backdoors Built Into Intel And AMD Processors". eteknix.com. Retrieved 2018-01-19.
  4. Claburn, Thomas (2018-01-06), Security hole in AMD CPUs' hidden secure processor code revealed ahead of patches, The Register
  5. Larabel, Michael (2017-12-07). "AMD Reportedly Allows Disabling PSP Secure Processor With Latest AGESA". This built-in AMD Secure Processor has been criticized by some as another possible attack vector...
  6. 1 2 Werling, Christian; Buhren, Robert (24 August 2019), Dissecting the AMD Platform Security Processor , retrieved 2020-07-26
  7. 1 2 Cameran, James (2020-03-06). "Dissecting the AMD Platform Security Processor". SkillsFutureTV Academy. Archived from the original on 2020-07-26. Retrieved 2020-07-26.
  8. 1 2 "Dissecting the AMD Platform Security Processor". YouTube . Archived from the original on 2020-08-11.
  9. "AMD Random Number Generator" (PDF). AMD. 2017-06-27.
  10. Millman, Rene (2018-01-08). "Security issue found in AMD's Platform Security Processor".
  11. Cimpanu, Catalin (2018-01-06). "Security Flaw in AMD's Secure Chip-On-Chip Processor Disclosed Online".
  12. Goodin, Dan (2018-03-13). "A raft of flaws in AMD chips makes bad hacks much, much worse". Ars Technica.
  13. Bright, Peter (2018-03-20). "AMD promises firmware fixes for security processor bugs All bugs require administrative access to exploit". Ars Technica.
  14. Papermaster, Mark (2018-03-21). "Initial AMD Technical Assessment of CTS Labs Research". AMD Community.
  15. Guido, Dan (15 March 2018). ""AMD Flaws" Technical Summary".
  16. Burke, Steve; Lathan, Patrick. "Assassination Attempt on AMD by Viceroy Research & CTS Labs, AMD "Should Be $0"". GamersNexus. Archived from the original on 2019-12-20. Retrieved 2018-09-18.
  17. Zynath Investment. "AMD And CTS Labs: A Story Of Failed Stock Manipulation". Seeking Alpha.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.