AMD平台安全处理器

可信任執行環境子系統

AMD平台安全处理器(英语:AMD Platform Security Processor),公司称其为AMD安全技术(英语:AMD Secure Technology),作为可信执行环境子系统自2013年起引入AMD处理器中[1]。AMD开发人员手册称该系统“能够创建、监测和维持安全环境”和“涵盖了管理启动过程,初始化各种与安全相关的机制、监测系统中的任何可疑活动或事件并妥善处理等功能”[2]。有评论担忧该技术可能暗藏后门并带来安全隐患[3][4][5]。AMD回绝了开源PSP所运行代码的要求[1]

PSP类似英特尔管理引擎[1]

细节

PSP实际是一个处理器内部的ARM处理器[6]

安全记录

谷歌安全研究人员 Cfir Cohen于2017年9月报告了一个PSP带来的AMD产品漏洞,攻击者能借此获取密码、证书和其他敏感资讯;据说有关厂商于2017年12月收到了补丁[7][8]

2018年3月,一家以色列安全技术公司宣称发现了数个在AMD Zen架构处理器上(EPYCRyzen、Ryzen Pro与Ryzen Mobile)由PSP引起、会导致间谍软件运行并获取权限访问敏感资讯的严重漏洞[9]。AMD后来发布了修复漏洞的固件更新[10][11]。 虽然有人认为这些漏洞是为了操纵股票披露的[12][13],CTS实验室所声称的风险仍有争议,但独立安全专家证实了漏洞的存在[14]

参考文献

  1. ^ 1.0 1.1 1.2 Williams, Rob. AMD Confirms It Won't Opensource EPYC's Platform Security Processor Code. 2017-07-19 [2020-01-23]. (原始内容存档于2019-06-03). This chip is found on most AMD platforms from 2013 on, and behaves much like Intel's Management Engine does [...] The rather blunt realization that PSP wasn't being open sourced came out during a discussion with AMD top brass about EPYC. 
  2. ^ BIOS and Kernel Developer's Guide (BKDG) for AMD Family 16h Models 30h-3Fh Processors (PDF). AMD: 156. 2016 [2020-01-23]. (原始内容存档 (PDF)于2018-06-16). 
  3. ^ Martin, Ryan. Expert Says NSA Have Backdoors Built Into Intel And AMD Processors. eteknix.com. July 2013 [2018-01-19]. (原始内容存档于2018-01-19). 
  4. ^ Claburn, Thomas, Security hole in AMD CPUs' hidden secure processor code revealed ahead of patches, The Register, 2018-01-06 [2020-01-23], (原始内容存档于2020-05-19) 
  5. ^ Larabel, Michael. AMD Reportedly Allows Disabling PSP Secure Processor With Latest AGESA. 2017-12-07 [2020-01-23]. (原始内容存档于2009-09-21). This built-in AMD Secure Processor has been criticized by some as another possible attack vector... 
  6. ^ Libreboot FAQ. [2020-01-23]. (原始内容存档于2021-01-21). The PSP is an ARM core with TrustZone technology, built onto the main CPU die. 
  7. ^ Millman, Rene. Security issue found in AMD's Platform Security Processor. 2018-01-08 [2020-01-23]. (原始内容存档于2018-01-26). 
  8. ^ Cimpanu, Catalin. Security Flaw in AMD's Secure Chip-On-Chip Processor Disclosed Online. 2018-01-06 [2020-01-23]. (原始内容存档于2020-11-09). 
  9. ^ Goodin, Dan. A raft of flaws in AMD chips makes bad hacks much, much worse. Ars Technica. 2018-03-13 [2020-01-23]. (原始内容存档于2020-11-25). 
  10. ^ Bright, Peter. AMD promises firmware fixes for security processor bugs All bugs require administrative access to exploit. Ars Technica. 2018-03-20 [2020-01-23]. (原始内容存档于2020-12-10). 
  11. ^ Papermaster, Mark. Initial AMD Technical Assessment of CTS Labs Research. AMD Community. 2018-03-21 [2020-01-23]. (原始内容存档于2020-11-09). 
  12. ^ Burke, Steve. Assassination Attempt on AMD by Viceroy Research & CTS Labs, AMD "Should Be $0". GamersNexus. [2020-01-23]. (原始内容存档于2019-12-20). 
  13. ^ Zynath Investment. AMD And CTS Labs: A Story Of Failed Stock Manipulation. Seeking Alpha. [2020-01-23]. (原始内容存档于2018-03-19). 
  14. ^ Guido, Dan. "AMD Flaws" Technical Summary. [2020-01-23]. (原始内容存档于2021-01-24). 

外部链接