- Joined
- Aug 20, 2007
- Messages
- 21,529 (3.40/day)
System Name | Pioneer |
---|---|
Processor | Ryzen R9 9950X |
Motherboard | GIGABYTE Aorus Elite X670 AX |
Cooling | Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans... |
Memory | 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30 |
Video Card(s) | XFX RX 7900 XTX Speedster Merc 310 |
Storage | Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs |
Display(s) | 55" LG 55" B9 OLED 4K Display |
Case | Thermaltake Core X31 |
Audio Device(s) | TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED |
Power Supply | FSP Hydro Ti Pro 850W |
Mouse | Logitech G305 Lightspeed Wireless |
Keyboard | WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps |
Software | Gentoo Linux x64 / Windows 11 Enterprise IoT 2024 |
Since the launch of AMD Ryzen, a small piece of hardware that handles basic memory initialization as well as many security functions has been the center of some controversy. Called the Platform Security Processor (the "PSP" for short) it is essentially an arm core with complete access to the entire system. Its actions can be considered "above root" level and are for the most part invisible to the OS. It is similar in this regard to Intel's Management Engine, but is in some ways even more powerful.
Why is this a bad thing? Well, let's play a theoretical. What happens if a bug is discovered in the PSP, and malware takes control of it? How would you remove it (Answer: you couldn't). How would you know you needed to remove it? (answer, unless it made itself obvious, you also wouldn't). This scenario is obviously not a good one, and is a concern for many who asked AMD to open-source the PSPs code for general community auditing.
AMD has just replied with a big fat "no" on twitch.tv (at the 35m 35s mark in the source link). To be fair, they do point out in the same post that they have independent security firms constantly trying to hack the PSP and none have succeeded to date, but it's still a little disconcerting to think about the "what ifs" in our recent security climate.
AMD may have several good reasons for not open-sourcing the PSP. Maybe they don't own all the intellectual property and some is licensed. Maybe they don't want to give up some significant R&D to Intel. Still, you had certainly better hope the security testing firm they hire is good. You don't want the bad guys discovering this kind of bug before the good guys do.
View at TechPowerUp Main Site
Why is this a bad thing? Well, let's play a theoretical. What happens if a bug is discovered in the PSP, and malware takes control of it? How would you remove it (Answer: you couldn't). How would you know you needed to remove it? (answer, unless it made itself obvious, you also wouldn't). This scenario is obviously not a good one, and is a concern for many who asked AMD to open-source the PSPs code for general community auditing.
AMD has just replied with a big fat "no" on twitch.tv (at the 35m 35s mark in the source link). To be fair, they do point out in the same post that they have independent security firms constantly trying to hack the PSP and none have succeeded to date, but it's still a little disconcerting to think about the "what ifs" in our recent security climate.
AMD may have several good reasons for not open-sourcing the PSP. Maybe they don't own all the intellectual property and some is licensed. Maybe they don't want to give up some significant R&D to Intel. Still, you had certainly better hope the security testing firm they hire is good. You don't want the bad guys discovering this kind of bug before the good guys do.
View at TechPowerUp Main Site