AMD Confirms its Platform Security Processor Code will Remain Closed-Source

[R-T-B]

Since the launch of AMD Ryzen, a small piece of hardware that handles basic memory initialization as well as many security functions has been the center of some controversy. Called the Platform Security Processor (the "PSP" for short) it is essentially an arm core with complete access to the entire system. Its actions can be considered "above root" level and are for the most part invisible to the OS. It is similar in this regard to Intel's Management Engine, but is in some ways even more powerful.

Why is this a bad thing? Well, let's play a theoretical. What happens if a bug is discovered in the PSP, and malware takes control of it? How would you remove it (Answer: you couldn't). How would you know you needed to remove it? (answer, unless it made itself obvious, you also wouldn't). This scenario is obviously not a good one, and is a concern for many who asked AMD to open-source the PSPs code for general community auditing.




AMD has just replied with a big fat "no" on twitch.tv (at the 35m 35s mark in the source link). To be fair, they do point out in the same post that they have independent security firms constantly trying to hack the PSP and none have succeeded to date, but it's still a little disconcerting to think about the "what ifs" in our recent security climate.

AMD may have several good reasons for not open-sourcing the PSP. Maybe they don't own all the intellectual property and some is licensed. Maybe they don't want to give up some significant R&D to Intel. Still, you had certainly better hope the security testing firm they hire is good. You don't want the bad guys discovering this kind of bug before the good guys do.

View at TechPowerUp Main Site

 

[Jism]

Hacking your CPU is sooo 2017.

 

[Joss]

Maybe they don't own all the intellectual property and some is licensed. Maybe they don't want to give up some significant R&D to Intel

Maybe they're collecting user information ...

 

[Steevo]

Maybe they're collecting user information ...

The issue with that is anybody with a good firewall is able to see connections to and from everything on their Network to the worldwide internet so even if the processor collected some user information it would still have to make that connection so that isn't happening

 

[R-T-B]

Maybe they're collecting user information ...

The issue with that is anybody with a good firewall is able to see connections to and from everything on their Network to the worldwide internet so even if the processor collected some user information it would still have to make that connection so that isn't happening

Not likely due to Steevo's post. Even an encrypted connection would be suspicious and get noticed.

 

[0x4452]

A firewall is part of the OS. This core runs above / independently of the OS...

 

[FordGT90Concept]

So...down the rabbit hole: AMD Secure Processor leverages ARM TrustZone. That leads to GlobalPlatform which forms the foundation of a Trusted Execution Environment (as well as certifies it). After reading all of that, I'm more confused. I wonder if there's an example of widely used software that uses IME/ASP/TZ. It would probably help me make more sense of it.

That said, I think enabling "secure boot" in your motherboard enables the use of the "secure world" subprocessor. Nope, secure boot is an UEFI feature that doesn't even require a Trusted Platform Module. That said, it apparently requires the processor's no-execute (NX) bit support.

A firewall is part of the OS. This core runs above / independently of the OS...

Hardware firewall, like a router. The whole point of security processors is to be able to create a trusted environment which includes networking. If you're deliberately using the "secure world," network traffic from it is expected.

 

[bencrutz]

A firewall is part of the OS. This core runs above / independently of the OS...

external dedicated firewall hardware such as fortigate

 

[R-T-B]

A firewall is part of the OS. This core runs above / independently of the OS...

Not a hardware firewall.

That said, I think enabling "secure boot" in your motherboard enables the use of the "secure world" subprocessor.

Actually, there's no way around it turning on. It's literally the first thing in a Ryzen CPU to power on, and handles initial memory setup for starters. Turning it off (at least according to AMD) would break everything.

 

[DeathtoGnomes]

Cry wolf. That what this article does. I think AMD should keep it closed source, for now, until late next year maybe.

 

[FordGT90Concept]

It's a lose-lose situation. If they open source it and a vulnerability is discovered, all of the processors out there already are vulnerable to attack. If they don't open source it, it might be a ticking time bomb. Here's hoping AMD has a contingency plan should an exploit be created.


It sounds to me like they deferred to ARM's expertise on the matter.

 

[Anggoro]

external dedicated firewall hardware such as fortigate

Exactly. But not everyone has external dedicated firewall.

I don't think open sourcing it is a good move as a whole. It's for security purpose, the less people know the better.

@bencrutz: Is this om ben?

 

[R-T-B]

Exactly. But not everyone has external dedicated firewall.

It only takes one to report the chip spying on you.

Cry wolf. That what this article does. I think AMD should keep it closed source, for now, until late next year maybe.

I don't think open sourcing it is a good move as a whole. It's for security purpose, the less people know the better.

I can think of many reasons to leave it closed source, none of them relate to security though. "Security through obscurity" is a failure, and an exploitation waiting to happen, frankly.

And this article does not intend to "cry wolf," only report the facts of the matter.

 

[jigar2speed]

Shouldn't security protocols be kept completely private ? Why would AMD want to expose this to public and make it more vulnerable ? This article is not making sense.

BTW, i work for a IT security company, there is no way my company would let anyone know the source code of our product.

 

[Steevo]

Hardware firewalls can be had for less than $200, and almost all newer routers have connection monitoring and can create and email reports to you of every connection, bytes sent, DNS lookups.

They should keep the source code closed, as even if an exploit is found, it would have to make it past firewalls and have to get onto a system to execute and raise it's privilege level on the OS without being noticed, which while possible, is somewhat improbable if good security practices are in place.

 

[RejZoR]

If you're so paranoid, you'd be living in a forest, far from any civilization or technology... Why is no one so paranoid about Intel security stuff that isn't open source either? The double standards yo...

 

[TheLostSwede]

If you're so paranoid, you'd be living in a forest, far from any civilization or technology... Why is no one so paranoid about Intel security stuff that isn't open source either? The double standards yo...

That's not true, TPU covered the Intel issues not to long ago - https://www.techpowerup.com/232947/intel-patches-remote-execution-flaw-on-its-cpus-active-since-2008

 

[Anggoro]

It only takes one to report the chip spying on you.






I can think of many reasons to leave it closed source, none of them relate to security though. "Security through obscurity" is a failure, and an exploitation waiting to happen, frankly...

What I meant is when there's something that can be fixed by having external firewall, not everyone has one. Means even if everyone knows where the exploit is, not everyone can be safe from it since not everyone has external firewall. Security through obscurity (I mean as keeping it closed source) is, IMHO, the more realistic approach. They have someone looking for the bugs, and making it closed source lessen the probability of people discovering it. If they find the problem, they usually can give firmware update addressing it, while keeping it closed source, right?
or I'm missing point(s)?

 

[Vayra86]

You don't want the bad guys discovering this kind of bug before the good guys do.

The irony is that the 'good guys' made the actual exploits that have been so destructive in the past couple years, backdoors even in hardware up to USB dongles and yes also (Intel) CPUs.

And to those that say 'better keep it closed'... that was also 'security through obscurity'. We are living in a world today that proves how bad that works.

http://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers

 

[Exceededgoku]

Exactly. But not everyone has external dedicated firewall.

I don't think open sourcing it is a good move as a whole. It's for security purpose, the less people know the better.

@bencrutz: Is this om ben?

Actually, I believe we all would. Any basic ISP provided router has basic firewall functions.

It also takes all of 5 minutes to setup a PfSense or VyOS box with snort IDS/IPS installed.

Most of the time a good firewall protects absolutely everything on your network, no matter how insecure (run all the Window XP machines you want! - I don't actually think this is a good get out of jail card...).

 

[HopelesslyFaithful]

or......the NSA has done what it has done in the past with Intel and RDRAND and has a backdoor/crippled the security so they can hack computers easier.....

https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013–present)#September
https://en.wikipedia.org/wiki/RdRand

The irony is that the 'good guys' made the actual exploits that have been so destructive in the past couple years, backdoors even in hardware up to USB dongles and yes also (Intel) CPUs.

And to those that say 'better keep it closed'... that was also 'security through obscurity'. We are living in a world today that proves how bad that works.

http://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers

yep thank the US government for the current Ransomware issues.......

Shouldn't security protocols be kept completely private ? Why would AMD want to expose this to public and make it more vulnerable ? This article is not making sense.

BTW, i work for a IT security company, there is no way my company would let anyone know the source code of our product.

thats a stupid idea because it allows government to circumvent natural rights and cause.....all the stuff Snowden/Binney/schreiner talked about and the most recent Ransomware issues........

 

[Shihab]

Hardware firewalls can be had for less than $200, and almost all newer routers have connection monitoring and can create and email reports to you of every connection, bytes sent, DNS lookups.

They should keep the source code closed, as even if an exploit is found, it would have to make it past firewalls and have to get onto a system to execute and raise it's privilege level on the OS without being noticed, which while possible, is somewhat improbable if good security practices are in place.

I assume you were offline during the WannCry/Petya fiasco...

 

[Deleted member 67555]

OMG!
This actually makes some stupid TV techno babble make sense!

Maybe the writers for Arrow know something we don't...yet

 

[bencrutz]

Exactly. But not everyone has external dedicated firewall.

true, but if the cpu are collecting and transmitting data, it wouldn't take long before someone (with hardware firelwall) noticing it

@bencrutz: Is this om ben?

whoaaa, identify yourself!!!!