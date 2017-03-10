Message For AMD: Open PSP Will Improve Security, Hinder Intel 17
futuristicrabbit writes: AMD has faced calls from Edward Snowden, Libreboot and the Reddit community to release the source code to the AMD Secure Processor (PSP), a network-capable co-processor which some believe has the capacity to act as a backdoor. Opening the PSP would not only have security benefits, but would provide AMD with a competitive advantage against rival chipmaker Intel. Lisa Su, the CEO of AMD, is reportedly seriously considering the change, and the community is working hard to make sure she makes the right decision. In an AMD AMA post via Reddit, user 1n5aN1aC provided several arguments for why the company should release the PSP source code to the Coreboot / Libreboot project (or publicly). The arguments center around security, economic incentives, advertising, brand perception, and mindshare. AMD replied: "Thanks for the inquiry. Currently we do not have plans to release source code but you make a good argument for reasons to do so. We will evaluate and find a way to work with security vendors and the community to everyone's benefit." The product manager for AMD, AMD_james, continued in response to a follow-up comment that claims AMD is "not considering it all but only want to appease the potential buyers." AMD_james replied: "Thanks for the feedback. Please believe me that this has CEO level attention and AMD is investigating the steps and resources necessary to support this. It is not the work of a minute, so please bear with us as we define what we can do." What are your arguments for (or against) the idea of AMD releasing the source code to the AMD Secure Processor?
In the GPU arena, AMD has been pretty active in contributing the the GPU drivers, to the point newer cards can game nicely Linux systems with the in-kernel drivers.
Perhaps a similar thought-pattern will apply to other products.
In the GPU arena, AMD has been pretty active in contributing the the GPU drivers, to the point newer cards can game nicely Linux systems with the in-kernel drivers. Perhaps a similar thought-pattern will apply to other products.
If I remember correctly even there they have some firmware that runs on the GPU that is closed source. It could have been on a ROM/EPROM, but it's loaded by the driver. Truth is, if you don't trust the hardware it doesn't matter. You could have a magic number trigger like
mov ax, 0xDEADBEEF
mov bx, 0xABCD1234
mov cx, 0xC1AC0D35
mov dx, 0xN5AC0D3S
nop
And that would brick it or enable a secret spy mode. The only way you could validate that the CPU only does exactly what it's advertised to do would be to put it und
Frankly, it would change my buying behavior if they did this. Until then, all things being equal, i'm plenty happy with my new Xeon-based laptop.
Mine too, probably. I've gotten interested in Qubes, and I can see where having the security/management firmware for the processor open and auditable would be a good fit for increasing overall system varefiability, reducing the need for trust.
I agree with you that this will matter only once AMD actually delivers. But my conclusion is the opposite: instead of buying certain to be backdoored Intel, my next laptop will be a Pinebook, using entirely free software with no firmware blobs, in control of the machine from the moment ROM code loads and jumps to the SPL.
I don't care much about customer's servers, as they don't carry my data -- I do mention the issues but don't force anyone to pander to what I consider reasonable.
On my home primary desktop
Pros: it'd increase security (review), be what some customers want, give AMD an edge against Intel at no monetary cost.
Con: it's against express wishes of US three letter agencies who want their backdoors
So... no.
Is the premise that the C-levels at AMD are going to read
/. to discover whether open source security code is safer than closed source security code? Some of us bill by the hour for regurgitating established factual non-opinion-based security information. Hell, some of us are even salaried to do it. What's in it for us?
For some random package, open source is not necessarily more secure (no one bothers to review). Same for even high profile targets that are too big to humanly review (browsers) although available source already gives quite an edge. But the PSP code is really small, and has a horde of researches salivating at the thought of taking a look.
Good stuff, KB, but you did start chasing the carrot! If I wind you up by disagreeing, will you do more security consulting for free?
Some of those researchers are paid per paper. Others are sponsored by their companies and/or governments -- those 6500 core-years Google used for SHA1 collision weren't exactly free. Thus, there's a non-negligible number of paid people doing this work.
And no, I don't do security (beyond the "common"-sense).
Given the market conditions -processor companies depending on large payouts from 3 letter agencies for backdoors to be able to create chips at a cost that will sell- AMD does not have a choice. If it releases and loses its govt subsidies , Intel will eat it alive.
If they open it up, Intel will be the loser.
No one trusts Intel ME.
I'd prefer it to be open. I'd argue for that, pay for it, vote with my wallet, etc.
If they open it up, Intel will be the loser.
No one trusts Intel ME.
But does that matter? They have an effective monopoly (or duopoly) in the desktop and server space.
If they open it up, assuming no other changes, companies are still going to buy Intel by a large margin. Most people will continue to buy Intel, even if they are aware of the ME risk. You and I are likely to still buy it, cause when you get a great deal on a little NUC for the living room, we get it.
Maybe you won't cave, but ple
Ideally the thing wouldn't exist.
The only functions of these things (Intel's is called the Management Engine) are backdoors and DRM.
At the high end enterprise level they can be used for remote configuration and asset tracking, but:
They don't prevent theft. Despite bold claims, they don't actually result in recovering stolen shit either. I'm sure they have a handful of cases to point to, but recovery is rare. If you care about security you're using physical locks to keep things from walking away and encryption for when someone is determined.
No one remotely configures workstations at a low level. You buy them, image them, and hand them off. BIOS updates? Are you kidding me? For servers, various proprietary solutions exist built on top of open standards. Remote configuration is a big deal here, but we don't need an embedded, all-powerful black box to do it. The dumbest, cheapest (free) IPMI implementation can handle getting power status, rebooting, and piping BIOS over serial (and serial over LAN). And it can be turned the fuck off.
But AMD won't be removing it, so they could at least allow binary blobs to be loaded which disable functionality. (Or give us a config option or jumper to do the same.)
Asking them to open source the whole damn thing and hand over signing keys is asking for the moon. It would be great, sure. But I'd settle for the much more reasonable "disable to a fair degree of certainty" option.