Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Sunday August 20 2017, @12:07PM   Printer-friendly
from the TLA-Approved? dept.

Submitted via IRC for TheMightyBuzzard

Since the launch of AMD Ryzen, a small piece of hardware that handles basic memory initialization as well as many security functions has been the center of some controversy. Called the Platform Security Processor (the "PSP" for short) it is essentially an arm core with complete access to the entire system. Its actions can be considered "above root" level and are for the most part invisible to the OS. It is similar in this regard to Intel's Management Engine, but is in some ways even more powerful.

Why is this a bad thing? Well, let's play a theoretical. What happens if a bug is discovered in the PSP, and malware takes control of it? How would you remove it (Answer: you couldn't). How would you know you needed to remove it? (answer, unless it made itself obvious, you also wouldn't). This scenario is obviously not a good one, and is a concern for many who asked AMD to open-source the PSPs code for general community auditing.

Bit late to the reporting but we haven't covered it yet, so here it is. And I was so looking forward to a new desktop too. Guess this one will have to stay alive until ARM becomes a viable replacement.

Source: https://www.techpowerup.com/235313/amd-confirms-its-platform-security-processor-code-will-remain-closed-source

Previous:
The Intel Management Engine, and How it Stops Screenshots
Intel x86 Considered Harmful
Of Intel's Hardware Rootkit
Intel Management Engine Partially Defeated
EFF: Intel's Management Engine is a Security Hazard
Malware uses Intel AMT feature to steal data, avoid firewalls


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Insightful) by Anonymous Coward on Sunday August 20 2017, @04:32PM (1 child)

    by Anonymous Coward on Sunday August 20 2017, @04:32PM (#556713)

    ARM is not viable because TrustZone does the...
    same as the PSP, it has a stage 0 bootloader burned into the SoC on all modern ARM processors that either completely disables the TrustZone support (rendering you unable to use it for your own purposes, as well as unable to load OEM support for it in relation to apps that require it for DRM purposes) or enables it, but only with OEM signed images and thus leaves you unable to run your own code inside it, same as the problem with AMD's PSP and Intel's ME implementations.

    Having said all this: If VIA Technologies wasn't a bunch of mismanaged retards, they have the perfect opportunity here to reenter the PC market, make end to end open systems (big if since their shit is closed source because of all the patent violations they have, even after all their 'patent licensing/covenants', they could easily coup 1-5 percent of the PC market so long as their hardware supported 16+ gigs of ram and ~3ghz+ clockrates. There are quite a few people who would take 2012 era performance if they could ensure pre-ME levels of information security (which may or may not be a mistaken belief, but given that we are down to 3 hardware manufacturers for all PC hardware in the world, all basically beholden to the US Government and affiliated foreign intelligence agencies and a notoriously long lived agenda of backdooring hardware or software all in the name of 'security', this isn't a far fetched concern to have.

    Sadly as they haven't produced a new design in 5 years and charge 400+ dollars for itx or smaller embedded computers without even ECC support, I can't see them getting something to market before x86 has finally lost its relevance to the market.

    Starting Score:    0  points
    Moderation   +2  
       Insightful=1, Informative=1, Total=2
    Extra 'Insightful' Modifier   0  

    Total Score:   2  
  • (Score: 2) by vux984 on Sunday August 20 2017, @07:39PM

    by vux984 (5045) on Sunday August 20 2017, @07:39PM (#556766)

    There are quite a few people who would take 2012 era performance if they could ensure pre-ME levels of information security

    I don't think it's anywhere near the 1-5% range though. Take the people who use linux on the desktop, and then from that group take the people who would sacrifice power consumption, performance, etc, etc for the added possible security. There are lots of reasons to use linux and better/knowable security from the silicon up thanks to more openness is just one of them. You are looking at maybe 0.05% to 0.1%.