User:JM01085758/psp

From Gentoo Wiki
Jump to:navigation Jump to:search
This article is a work in progress; treat its contents with caution - JM01085758 (talk | contribs).

Platform Security Processor

The AMD Platform Security Processor (PSP) is a 32-bit embedded ARM core running proprietary firmware which forms the basis of the hardware root of trust for AMD processors since 2013.

Since 2017, AGESA updates have made it possible to disable the PSP,[1] but implementation of this is dependent on motherboard vendors.

A talk (All you ever wanted to know about the AMD Platform Security Processor and were afraid to emulate...) was given at Black Hat 2020 about emulating the PSP:

It gives an overview of its role in the boot process, address spaces, and various approaches to emulation that were tried. Their code is available at the PSPReverse repository.

Vulnerabilities

fTPM remote code execution

In 2018, a stack-based overflow was discovered that could allow remote code execution using a specially-crafted endorsement key. According to the disclosure at the time, "As far as we know, general exploit mitigation technologies (stack cookies, NX stack, ASLR) are not implemented in the PSP environment."[2]

Voltage glitching attack

Since 2021, a voltage glitching attack[3][4] against Secure Encrypted Virtualization on Zen 3 and earlier processors enables execution of custom payloads and derivation of valid endorsement keys for any firmware version. This can be used to unlock otherwise paywalled features on Tesla vehicles.[5] While the initial hardware attack requires physical access, key extraction can later be done remotely.[6]

See also

External resources

References