• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

AMD Confirms its Platform Security Processor Code will Remain Closed-Source

Joined
Aug 20, 2007
Messages
21,529 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Since the launch of AMD Ryzen, a small piece of hardware that handles basic memory initialization as well as many security functions has been the center of some controversy. Called the Platform Security Processor (the "PSP" for short) it is essentially an arm core with complete access to the entire system. Its actions can be considered "above root" level and are for the most part invisible to the OS. It is similar in this regard to Intel's Management Engine, but is in some ways even more powerful.

Why is this a bad thing? Well, let's play a theoretical. What happens if a bug is discovered in the PSP, and malware takes control of it? How would you remove it (Answer: you couldn't). How would you know you needed to remove it? (answer, unless it made itself obvious, you also wouldn't). This scenario is obviously not a good one, and is a concern for many who asked AMD to open-source the PSPs code for general community auditing.




AMD has just replied with a big fat "no" on twitch.tv (at the 35m 35s mark in the source link). To be fair, they do point out in the same post that they have independent security firms constantly trying to hack the PSP and none have succeeded to date, but it's still a little disconcerting to think about the "what ifs" in our recent security climate.

AMD may have several good reasons for not open-sourcing the PSP. Maybe they don't own all the intellectual property and some is licensed. Maybe they don't want to give up some significant R&D to Intel. Still, you had certainly better hope the security testing firm they hire is good. You don't want the bad guys discovering this kind of bug before the good guys do.

View at TechPowerUp Main Site
 
Joined
Sep 10, 2014
Messages
626 (0.17/day)
Maybe they don't own all the intellectual property and some is licensed. Maybe they don't want to give up some significant R&D to Intel
Maybe they're collecting user information ...
 
Joined
Nov 4, 2005
Messages
12,006 (1.72/day)
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs, 24TB Enterprise drives
Display(s) 55" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.
Maybe they're collecting user information ...
The issue with that is anybody with a good firewall is able to see connections to and from everything on their Network to the worldwide internet so even if the processor collected some user information it would still have to make that connection so that isn't happening
 
Joined
Aug 20, 2007
Messages
21,529 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Maybe they're collecting user information ...
The issue with that is anybody with a good firewall is able to see connections to and from everything on their Network to the worldwide internet so even if the processor collected some user information it would still have to make that connection so that isn't happening

Not likely due to Steevo's post. Even an encrypted connection would be suspicious and get noticed.
 
Joined
Apr 3, 2013
Messages
105 (0.02/day)
Processor Intel Xeon E5-1650 v2
Motherboard ASUS P9X79
Video Card(s) NVIDIA GTX 1080 FE
Display(s) ASUS PG43UQ
VR HMD Valve Index
Software Windows 7
A firewall is part of the OS. This core runs above / independently of the OS...
 

FordGT90Concept

"I go fast!1!11!1!"
Joined
Oct 13, 2008
Messages
26,259 (4.44/day)
Location
IA, USA
System Name BY-2021
Processor AMD Ryzen 7 5800X (65w eco profile)
Motherboard MSI B550 Gaming Plus
Cooling Scythe Mugen (rev 5)
Memory 2 x Kingston HyperX DDR4-3200 32 GiB
Video Card(s) AMD Radeon RX 7900 XT
Storage Samsung 980 Pro, Seagate Exos X20 TB 7200 RPM
Display(s) Nixeus NX-EDG274K (3840x2160@144 DP) + Samsung SyncMaster 906BW (1440x900@60 HDMI-DVI)
Case Coolermaster HAF 932 w/ USB 3.0 5.25" bay + USB 3.2 (A+C) 3.5" bay
Audio Device(s) Realtek ALC1150, Micca OriGen+
Power Supply Enermax Platimax 850w
Mouse Nixeus REVEL-X
Keyboard Tesoro Excalibur
Software Windows 10 Home 64-bit
Benchmark Scores Faster than the tortoise; slower than the hare.
So...down the rabbit hole: AMD Secure Processor leverages ARM TrustZone. That leads to GlobalPlatform which forms the foundation of a Trusted Execution Environment (as well as certifies it). After reading all of that, I'm more confused. I wonder if there's an example of widely used software that uses IME/ASP/TZ. It would probably help me make more sense of it.

That said, I think enabling "secure boot" in your motherboard enables the use of the "secure world" subprocessor. Nope, secure boot is an UEFI feature that doesn't even require a Trusted Platform Module. That said, it apparently requires the processor's no-execute (NX) bit support.

A firewall is part of the OS. This core runs above / independently of the OS...
Hardware firewall, like a router. The whole point of security processors is to be able to create a trusted environment which includes networking. If you're deliberately using the "secure world," network traffic from it is expected.
 
Joined
Jun 23, 2011
Messages
396 (0.08/day)
System Name potato
Processor Ryzen 9 5950X
Motherboard MSI MAG B550 Tomahawk
Cooling Custom WC Loop
Memory 2x16GB G.Skill Trident Z Neo 3600
Video Card(s) RTX3090
Storage 512GB, 2TB NVMe + 2TB SATA || 32TB spinning rust
Display(s) XIAOMI Curved 34" 144Hz UWQHD
Case be quiet dark base pro 900
Audio Device(s) Edifier R1800T, Logitech G733
Power Supply Corsair HX1000
Mouse Logitech G Pro
Keyboard Logitech G913
Software win 11 amd64
A firewall is part of the OS. This core runs above / independently of the OS...
external dedicated firewall hardware such as fortigate :slap:
 
Joined
Aug 20, 2007
Messages
21,529 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
A firewall is part of the OS. This core runs above / independently of the OS...

Not a hardware firewall.

That said, I think enabling "secure boot" in your motherboard enables the use of the "secure world" subprocessor.

Actually, there's no way around it turning on. It's literally the first thing in a Ryzen CPU to power on, and handles initial memory setup for starters. Turning it off (at least according to AMD) would break everything.
 
Joined
Jul 16, 2014
Messages
8,215 (2.16/day)
Location
SE Michigan
System Name Dumbass
Processor AMD Ryzen 7800X3D
Motherboard ASUS TUF gaming B650
Cooling Artic Liquid Freezer 2 - 420mm
Memory G.Skill Sniper 32gb DDR5 6000
Video Card(s) GreenTeam 4070 ti super 16gb
Storage Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Steeseries Esports Wireless
Keyboard Corsair K100
Software windows 10 H
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
Cry wolf. That what this article does. I think AMD should keep it closed source, for now, until late next year maybe.
 

FordGT90Concept

"I go fast!1!11!1!"
Joined
Oct 13, 2008
Messages
26,259 (4.44/day)
Location
IA, USA
System Name BY-2021
Processor AMD Ryzen 7 5800X (65w eco profile)
Motherboard MSI B550 Gaming Plus
Cooling Scythe Mugen (rev 5)
Memory 2 x Kingston HyperX DDR4-3200 32 GiB
Video Card(s) AMD Radeon RX 7900 XT
Storage Samsung 980 Pro, Seagate Exos X20 TB 7200 RPM
Display(s) Nixeus NX-EDG274K (3840x2160@144 DP) + Samsung SyncMaster 906BW (1440x900@60 HDMI-DVI)
Case Coolermaster HAF 932 w/ USB 3.0 5.25" bay + USB 3.2 (A+C) 3.5" bay
Audio Device(s) Realtek ALC1150, Micca OriGen+
Power Supply Enermax Platimax 850w
Mouse Nixeus REVEL-X
Keyboard Tesoro Excalibur
Software Windows 10 Home 64-bit
Benchmark Scores Faster than the tortoise; slower than the hare.
It's a lose-lose situation. If they open source it and a vulnerability is discovered, all of the processors out there already are vulnerable to attack. If they don't open source it, it might be a ticking time bomb. Here's hoping AMD has a contingency plan should an exploit be created.


It sounds to me like they deferred to ARM's expertise on the matter.
 
Joined
May 11, 2012
Messages
32 (0.01/day)
Location
Indonesia
System Name Ephraim
Processor i5-3470
Motherboard Asus H61
Cooling Phanteks PH-TC14PE
Memory 8 GB Team DDR3
Video Card(s) MSI GTX960 Tiger Edition
external dedicated firewall hardware such as fortigate :slap:
Exactly. But not everyone has external dedicated firewall.

I don't think open sourcing it is a good move as a whole. It's for security purpose, the less people know the better.

@bencrutz: Is this om ben?
 
Joined
Aug 20, 2007
Messages
21,529 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Exactly. But not everyone has external dedicated firewall.
It only takes one to report the chip spying on you.

Cry wolf. That what this article does. I think AMD should keep it closed source, for now, until late next year maybe.

I don't think open sourcing it is a good move as a whole. It's for security purpose, the less people know the better.


I can think of many reasons to leave it closed source, none of them relate to security though. "Security through obscurity" is a failure, and an exploitation waiting to happen, frankly.

And this article does not intend to "cry wolf," only report the facts of the matter.
 
Joined
Mar 6, 2012
Messages
569 (0.12/day)
Processor i5 4670K - @ 4.8GHZ core
Motherboard MSI Z87 G43
Cooling Thermalright Ultra-120 *(Modded to fit on this motherboard)
Memory 16GB 2400MHZ
Video Card(s) HD7970 GHZ edition Sapphire
Storage Samsung 120GB 850 EVO & 4X 2TB HDD (Seagate)
Display(s) 42" Panasonice LED TV @120Hz
Case Corsair 200R
Audio Device(s) Xfi Xtreme Music with Hyper X Core
Power Supply Cooler Master 700 Watts
Shouldn't security protocols be kept completely private ? Why would AMD want to expose this to public and make it more vulnerable ? This article is not making sense.

BTW, i work for a IT security company, there is no way my company would let anyone know the source code of our product.
 
Joined
Nov 4, 2005
Messages
12,006 (1.72/day)
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs, 24TB Enterprise drives
Display(s) 55" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.
Hardware firewalls can be had for less than $200, and almost all newer routers have connection monitoring and can create and email reports to you of every connection, bytes sent, DNS lookups.

They should keep the source code closed, as even if an exploit is found, it would have to make it past firewalls and have to get onto a system to execute and raise it's privilege level on the OS without being noticed, which while possible, is somewhat improbable if good security practices are in place.
 
Joined
Oct 2, 2004
Messages
13,791 (1.87/day)
If you're so paranoid, you'd be living in a forest, far from any civilization or technology... Why is no one so paranoid about Intel security stuff that isn't open source either? The double standards yo...
 

TheLostSwede

News Editor
Joined
Nov 11, 2004
Messages
17,758 (2.42/day)
Location
Sweden
System Name Overlord Mk MLI
Processor AMD Ryzen 7 7800X3D
Motherboard Gigabyte X670E Aorus Master
Cooling Noctua NH-D15 SE with offsets
Memory 32GB Team T-Create Expert DDR5 6000 MHz @ CL30-34-34-68
Video Card(s) Gainward GeForce RTX 4080 Phantom GS
Storage 1TB Solidigm P44 Pro, 2 TB Corsair MP600 Pro, 2TB Kingston KC3000
Display(s) Acer XV272K LVbmiipruzx 4K@160Hz
Case Fractal Design Torrent Compact
Audio Device(s) Corsair Virtuoso SE
Power Supply be quiet! Pure Power 12 M 850 W
Mouse Logitech G502 Lightspeed
Keyboard Corsair K70 Max
Software Windows 10 Pro
Benchmark Scores https://valid.x86.fr/yfsd9w
Joined
May 11, 2012
Messages
32 (0.01/day)
Location
Indonesia
System Name Ephraim
Processor i5-3470
Motherboard Asus H61
Cooling Phanteks PH-TC14PE
Memory 8 GB Team DDR3
Video Card(s) MSI GTX960 Tiger Edition
It only takes one to report the chip spying on you.






I can think of many reasons to leave it closed source, none of them relate to security though. "Security through obscurity" is a failure, and an exploitation waiting to happen, frankly...
What I meant is when there's something that can be fixed by having external firewall, not everyone has one. Means even if everyone knows where the exploit is, not everyone can be safe from it since not everyone has external firewall. Security through obscurity (I mean as keeping it closed source) is, IMHO, the more realistic approach. They have someone looking for the bugs, and making it closed source lessen the probability of people discovering it. If they find the problem, they usually can give firmware update addressing it, while keeping it closed source, right?
or I'm missing point(s)?
 
Joined
Sep 17, 2014
Messages
22,638 (6.04/day)
Location
The Washing Machine
System Name Tiny the White Yeti
Processor 7800X3D
Motherboard MSI MAG Mortar b650m wifi
Cooling CPU: Thermalright Peerless Assassin / Case: Phanteks T30-120 x3
Memory 32GB Corsair Vengeance 30CL6000
Video Card(s) ASRock RX7900XT Phantom Gaming
Storage Lexar NM790 4TB + Samsung 850 EVO 1TB + Samsung 980 1TB + Crucial BX100 250GB
Display(s) Gigabyte G34QWC (3440x1440)
Case Lian Li A3 mATX White
Audio Device(s) Harman Kardon AVR137 + 2.1
Power Supply EVGA Supernova G2 750W
Mouse Steelseries Aerox 5
Keyboard Lenovo Thinkpad Trackpoint II
VR HMD HD 420 - Green Edition ;)
Software W11 IoT Enterprise LTSC
Benchmark Scores Over 9000
You don't want the bad guys discovering this kind of bug before the good guys do.

The irony is that the 'good guys' made the actual exploits that have been so destructive in the past couple years, backdoors even in hardware up to USB dongles and yes also (Intel) CPUs.

And to those that say 'better keep it closed'... that was also 'security through obscurity'. We are living in a world today that proves how bad that works.

http://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers
 
Joined
Mar 26, 2006
Messages
517 (0.08/day)
Location
Stamford, UK
System Name The Money Sink
Processor Intel i7-5960X at 4.60Ghz
Motherboard MSI X99A Godlike
Cooling Custom watercooling loop, single D5 -> CPU, dual D5 -> GPU's
Memory 64GB DDR4-3000
Video Card(s) 2 x 1080Ti @ Stock for the moment (40oC LOAD)
Storage 960GB Mushkin Scorpion Deluxe and 2 x 512GB M.2 SSD RAID0
Display(s) Dual Curved LG 34" Display
Power Supply EVGA 1600W G2
Software Windows 10
Benchmark Scores ALOT
Exactly. But not everyone has external dedicated firewall.

I don't think open sourcing it is a good move as a whole. It's for security purpose, the less people know the better.

@bencrutz: Is this om ben?

Actually, I believe we all would. Any basic ISP provided router has basic firewall functions.

It also takes all of 5 minutes to setup a PfSense or VyOS box with snort IDS/IPS installed.

Most of the time a good firewall protects absolutely everything on your network, no matter how insecure (run all the Window XP machines you want! - I don't actually think this is a good get out of jail card...).
 
Joined
Oct 7, 2013
Messages
344 (0.08/day)
or......the NSA has done what it has done in the past with Intel and RDRAND and has a backdoor/crippled the security so they can hack computers easier.....

https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013–present)#September
https://en.wikipedia.org/wiki/RdRand

The irony is that the 'good guys' made the actual exploits that have been so destructive in the past couple years, backdoors even in hardware up to USB dongles and yes also (Intel) CPUs.

And to those that say 'better keep it closed'... that was also 'security through obscurity'. We are living in a world today that proves how bad that works.

http://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers

yep thank the US government for the current Ransomware issues.......:banghead:

Shouldn't security protocols be kept completely private ? Why would AMD want to expose this to public and make it more vulnerable ? This article is not making sense.

BTW, i work for a IT security company, there is no way my company would let anyone know the source code of our product.

thats a stupid idea because it allows government to circumvent natural rights and cause.....all the stuff Snowden/Binney/schreiner talked about and the most recent Ransomware issues........:slap:
 
Joined
Jan 10, 2011
Messages
1,451 (0.29/day)
Location
[Formerly] Khartoum, Sudan.
System Name 192.168.1.1~192.168.1.100
Processor AMD Ryzen5 5600G.
Motherboard Gigabyte B550m DS3H.
Cooling AMD Wraith Stealth.
Memory 16GB Crucial DDR4.
Video Card(s) Gigabyte GTX 1080 OC (Underclocked, underpowered).
Storage Samsung 980 NVME 500GB && Assortment of SSDs.
Display(s) ViewSonic VA2406-MH 75Hz
Case Bitfenix Nova Midi
Audio Device(s) On-Board.
Power Supply SeaSonic CORE GM-650.
Mouse Logitech G300s
Keyboard Kingston HyperX Alloy FPS.
VR HMD A pair of OP spectacles.
Software Ubuntu 24.04 LTS.
Benchmark Scores Me no know English. What bench mean? Bench like one sit on?
Hardware firewalls can be had for less than $200, and almost all newer routers have connection monitoring and can create and email reports to you of every connection, bytes sent, DNS lookups.

They should keep the source code closed, as even if an exploit is found, it would have to make it past firewalls and have to get onto a system to execute and raise it's privilege level on the OS without being noticed, which while possible, is somewhat improbable if good security practices are in place.

I assume you were offline during the WannCry/Petya fiasco...
 
D

Deleted member 67555

Guest
OMG!
This actually makes some stupid TV techno babble make sense!

Maybe the writers for Arrow know something we don't...yet
 
Joined
Jun 23, 2011
Messages
396 (0.08/day)
System Name potato
Processor Ryzen 9 5950X
Motherboard MSI MAG B550 Tomahawk
Cooling Custom WC Loop
Memory 2x16GB G.Skill Trident Z Neo 3600
Video Card(s) RTX3090
Storage 512GB, 2TB NVMe + 2TB SATA || 32TB spinning rust
Display(s) XIAOMI Curved 34" 144Hz UWQHD
Case be quiet dark base pro 900
Audio Device(s) Edifier R1800T, Logitech G733
Power Supply Corsair HX1000
Mouse Logitech G Pro
Keyboard Logitech G913
Software win 11 amd64
Exactly. But not everyone has external dedicated firewall.
true, but if the cpu are collecting and transmitting data, it wouldn't take long before someone (with hardware firelwall) noticing it

@bencrutz: Is this om ben?
whoaaa, identify yourself!!!! :roll:
 
Top