In AMD's AMA here, they say they will seriously consider releasing their Platform Security Processor (PSP) source code. This is their equivalent of the Intel Management Engine and would make AMD processors compatible with coreboot/libreboot.
This would be massive. It would make it possible to have a truly open-source machine, with all the security and privacy benefits that entails. At the moment secure boot relies primarily on aging Intel processors from nearly a decade ago.
In 2011, AMD began supporting coreboot, but stopped in 2013 and introduced the PSP. Why? Because they didn't think it was economically worthwhile.
Don't let that happen again! Let's tell AMD there is demand for this. Get into that thread and comment. And – more importantly – message them! If you're reading this after the AMA has ended, contact them anyway!
AMD's contact page (You can find details on AMD in your country)
You can also reach them on Facebook.
Related Stories
AMD Secure Technology PSP Firmware Now Explorable, Thanks to Researcher's Tool
A security researcher this week released the PSPtool, a software tool that "aims to lower the entry barrier for looking into the code running" on the AMD Platform Security Processor (PSP), officially known as AMD Secure Technology, and other AMD subsystems. The PSP serves similar functions to those of Intel's Management Engine (ME) processor. However, just like the Intel ME, the secretive and undocumented nature of the chip worries security and privacy advocates.
The researcher going by the online name of cwerling described the PSPTool as a "Swiss Army knife" for dealing with the AMD PSP's firmware. The tool is based on reverse-engineering efforts of AMD's proprietary file system that the company uses to pack firmware blobs into UEFI firmware images.
Usually, all firmware blobs can be parsed by another software program called the UEFITool. However, in this case AMD's firmware files are located in padding volumes that can't be parsed by the UEFITool. This is the reason for the PSPTool, which can locate the PSP firmware within UEFI images and parse it. Through this tool, more researchers can look into what their local PSP chip is doing to their computers, as its actions are normally hidden from the operating system or the main processor.
Previously: AMD to Consider Coreboot/Libreboot Support
AMD Confirms its Platform Security Processor Code will Remain Closed-Source
Related: Intel Management Engine Partially Defeated
EFF: Intel's Management Engine is a Security Hazard\
Disabling Intel ME 11 Via Undocumented Mode
Intel Management Engine Critical Firmware Update
HP Chip Protects Intel's Management Engine
Libreboot Sees First New Release In Nearly 5 Years, Supports More Old Motherboards
Libreboot as the Coreboot downstream focused on providing a fully open-source BIOS/firmware replacement without any black boxes / binary blobs is out with a new release. The prior tagged release of Libreboot was all the way back in 2016 while has now been succeeded by a new release albeit in testing form.
Libreboot 20210522 allows more Intel GM45 / X3X era hardware to work with this fully open-source alternative to proprietary BIOS/UEFI firmware. New boards supported by this Libreboot release include the Acer G43T-AM3, Lenovo ThinkPad R500, Lenovo ThinkPad X301, and Intel G43T-AM3. Yeah, it's quite hard in 2021 to get excited about Socket 775 motherboards or 45nm Penryn laptops. Libreboot is largely limited to supporting these outdated platforms due to its focus on being fully open-source and not using any Intel FSP binaries, etc.
Previously: Replace your Proprietary BIOS with Libreboot
AMD to Consider Coreboot/Libreboot Support
Libreboot Applies to Rejoin GNU
(Score: 2) by Dunbal on Saturday March 04 2017, @05:14PM
Just another reason to drop Intel.
(Score: 1, Informative) by Anonymous Coward on Saturday March 04 2017, @05:33PM (3 children)
I logged in to reddit and up-voted that comment. It is currently the top-voted comment on the thread with over 4000 upvotes (and 4x golds).
Its really the least any of us can do. If you don't have a reddit account you can create one without anything fancy, no email, no phone number, just a captcha.
(Score: 1) by Scruffy Beard 2 on Saturday March 04 2017, @05:39PM (2 children)
Brigading is against the TOU.
(Score: 0) by Anonymous Coward on Saturday March 04 2017, @05:44PM
The brigading rule is bullshit.
(Score: 1, Informative) by Anonymous Coward on Saturday March 04 2017, @05:49PM
(1) Brigading isn't against the TOU [reddit.com]
(2) Vote manipulation is against the TOU, but showing your support for an idea does not qualify. [zendesk.com]
(Score: 1, Touché) by Anonymous Coward on Saturday March 04 2017, @06:31PM
If they were doing things correctly, then there wouldn't even be a need to get AMD's opinion on the matter.
(Score: 0) by Anonymous Coward on Saturday March 04 2017, @10:48PM (3 children)
Blogger and Linux advocate Robert Pogson has shifted toward an ARM processor for his server [google.com] (which also serves as his desktop computer).
Have any Soylentils considered|investigated|adopted this notion?
Using Coreboot/Libreboot?
-- OriginalOwner_ [soylentnews.org]
(Score: 2) by Pino P on Sunday March 05 2017, @01:04AM (2 children)
ARM has TrustZone, and at least one anonymous contributor on the green site is under the impression that TrustZone will be used to deny a device's owner the ability to run free software on that device:
Source [slashdot.org]
(Score: 2) by Scruffy Beard 2 on Sunday March 05 2017, @06:53AM (1 child)
ARM appears to let you compile your own code for the TEE. They even provide an open source reference implementation.
Source [arm.com]
(Score: 2) by Pino P on Monday March 06 2017, @01:20AM
I think the fear is that it will become commonplace for manufacturers to sell devices where only the manufacturer, not the device's owner, holds the TEE keys.
(Score: 2) by Chromium_One on Saturday March 04 2017, @11:35PM (4 children)
Good news, make the entire stack auditable. That said, that's only my third choice to be blunt.
First would be product segmentation - JUST DON'T FUCKING INCLUDE THIS SHIT on products for home use. There is very little real use case outside the datacenter.
Second would be a hardware disable switch on the CPU package.
Third would be as mentioned above, though it really should be in conjunction with either of the other options.
When you live in a sick society, everything you do is wrong.
(Score: 3, Interesting) by Scruffy Beard 2 on Sunday March 05 2017, @06:58AM (3 children)
The excuse in the consumer space id that "premium content" needs DRM.
I Double-dare Netflix to refuse to stream 4k if AMD/Intel , MIcrosoft/Apple don't cooperate.
For a while Apple machines could author, but not play back Blu-ray because they failed to implement the "protected media path"
(Score: 0) by Anonymous Coward on Sunday March 05 2017, @06:45PM
I Triple-Dog-Dare Netflix!
(Score: 2) by Chromium_One on Sunday March 05 2017, @08:56PM (1 child)
Uhm, no.
IME / PSP is all about the remote administration.
You're talking about TPM and such, which is whole 'nother ball of wax.
When you live in a sick society, everything you do is wrong.
(Score: 2) by Chromium_One on Sunday March 05 2017, @09:15PM
Had to check myself here - looks like I'm failing the AMD version of Buzzword Bingo. On a bit of poking it seems the hardware functions for PSP include what would be IME and TPM on Intel. Well that's ... gonna be more efficient overall. Again I say though, the remote management tools have little real use case for home users.
Yeah, I can see Netflix, iTunes, etc. caring. Can make a usage case on key storage for encrypted local storage, but again, probably not a lot more home users with a real use case than would be for the remote management tools.
When you live in a sick society, everything you do is wrong.
(Score: 0) by Anonymous Coward on Sunday March 05 2017, @07:49PM
closed source back doors (for whatever reason) are not sustainable long term. People are starting to wake up due to the internet. Get on the right side of history now. The sooner you do, the more you will benefit.