News AMD Secure Technology PSP Firmware Now Explorable, Thanks to Researcher's Tool

bit_user

Splendid
Ambassador
we’re likely not going back to a world of obscurity in regards to how microprocessors work and what they do to our PCs in the background.
Only by virtue of customers demanding it.

There's really nothing preventing AMD (or anyone else) from using hardware encryption to encrypt the image and have the PSP decrypt it on-the-fly. All that happened here is that AMD just didn't do a very good job of hiding it.

Of course, there's a risk that someone (probably government-backed) with an electron microscope and a bit of patience could somehow extract the hardware encryption key. So, we really come back to the point that the real problem with obscurity by security is that there's no such thing as complete obscurity.
 
Only by virtue of customers demanding it.

There's really nothing preventing AMD (or anyone else) from using hardware encryption to encrypt the image and have the PSP decrypt it on-the-fly. All that happened here is that AMD just didn't do a very good job of hiding it.

Of course, there's a risk that someone (probably government-backed) with an electron microscope and a bit of patience could somehow extract the hardware encryption key. So, we really come back to the point that the real problem with obscurity by security is that there's no such thing as complete obscurity.

Agree all obscurity does is allow for those with a lot of resources to figure a way around the security and they certainly are not inclined to share this with the vendor. However both Intel and AMD will not release the code for the PSP / IME which is sad. They should release the code because a secure system must be secure even if every detail is known by untrusted individuals or organizations.
 

bit_user

Splendid
Ambassador
However both Intel and AMD will not release the code for the PSP / IME which is sad. They should release the code because a secure system must be secure even if every detail is known by untrusted individuals or organizations.
Well, it looks like the cat is out of the bag. The article implies that researchers (and hackers) now have access to the PSP machine code, on AMD's current gen processors.

I wonder to what extent AMD is actually prevented from sharing it, given that it's based on ARM's TrustZone (IIRC). So, unless they re-implement the firmware from scratch, they might not have the option to share it.
 

ASK THE COMMUNITY