![]() Currently, AMD’s practical exposure to sophisticated side-channel attacks or high-level corporate / state espionage is minimal, because Intel commands ~97 percent of the x86 server market and between 80-87 percent of the mobile and desktop markets. There’s an argument to be made that fixing these problems now would ultimately be to AMD’s benefit, not its harm. Even if flaws are found, it’s possible they would ultimately be ARM’s responsibility, depending on exactly what the issue is and where it’s located. This is not to imply that researchers automatically will find flaws in AMD’s PSP implementation. It locates AMD firmware inside UEFI images as part of BIOS updates targeting AMD platforms. PSPTool is a Swiss Army knife for dealing with firmware of the AMD Secure Processor (formerly known as Platform Security Processor or PSP). The PSPTool is intended to allow for a greater examination of AMD firmware than the company has allowed. Proponents of a more open approach have called for Intel and AMD to provide far more information publicly. Closed-source software developers and many hardware companies have often incorporated the principle of security through obscurity into their security systems, reasoning that limiting the available information about a solution will also limit its addressable attack surface. This is scarcely unique to the two x86 manufacturers. And while it’s not clear that there are practical exploits in the wild that make use of these capabilities, their existence and obfuscation are enough to give security white-hats a severe case of heartburn. If you can hack the IME or AMD’s PSP, you can theoretically run code on a computer that’s completely invisible to the end-user. Security researchers have been publicly unhappy with AMD and Intel’s decision to keep details of how these chips operate under wraps because they function in secret, entirely divorced from the operation of the primary CPU or operating system. AMD’s PSP is its equivalent of the Intel Management Engine and has been criticized for many of the same issues as that solution.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |