Submitted via IRC for TheMightyBuzzard
AMD has fixed, but not yet released BIOS/UEFI/firmware updates for the general public for a security flaw affecting the AMD Secure Processor.
[...] Cfir Cohen, a security researcher with the Google Cloud Security Team, says he discovered a vulnerability in the Trusted Platform Module (TPM) of the AMD Secure Processor. The TPM is a component to store critical system data such as passwords, certificates, and encryption keys, in a secure environment and outside of the more easily accessible AMD cores.
"Through manual static analysis, we've found a stack-based overflow in the function EkCheckCurrentCert," Cohen says. The researcher claims that an attacker could use specially-crafted EK certificates to get remote code execution rights on the AMD Secure Processor, allowing him to compromise its security.
Cohen said that some basic mitigation techniques such as "stack cookies, NX stack, ASLR" were not implemented in AMD's Secure Processor, making exploitation trivial.
takyon: This bug is unrelated to Meltdown and Spectre. And you might be interested in this:
Source: Security Flaw in AMD's Secure Chip-On-Chip Processor Disclosed Online
(Score: 5, Interesting) by jmorris on Sunday January 07 2018, @07:36PM (1 child)
It isn't the exploit that is the problem here. It is the fact it exists in its current form. If you don't have the capability to control a thing you should not permit it into your life, or at minimum it should be walled off. Both the PSP and the ME fail that test. UEFI usually passes because you CAN delete the default keys and install your own. On the only machine, so far, where I'm using it I left the UEFI key in place because Fedora uses it doesn't change the fact I would disable Secure Boot entirely if that BIOS option didn't exist. You should also insist on that, because if we all do so we probably won't ever have to exercise the option.
Good to see AMD moving toward the side of sanity and liberty by offering a disable option. Better would be to totally document the damned thing, open source the software in it and offer a way to rekey it to allow deploying rebuilt firmware. If they did that 99% of users would keep the AMD supplied software because it could be trusted. And it would be better because of that 1% who were innovating and making it better.
(Score: 2) by frojack on Sunday January 07 2018, @08:38PM
Well there's the Reverend Jim Jones prescription if I ever saw one.
So you are the end of the JMorris linage then?
No, you are mistaken. I've always had this sig.