Another security issue with processors, AMD corrects leaky fTPM in the PSP system

SmallFormFactor.net ) '>
Chipset Promontory Generation 300 [Source: SmallFormFactor.net )

On New Year's Eve, but in the beginning of the year he was totally upset with unqualified processor failures Meltdown (especially Intel) and Specter (affecting the vast majority of modern CPUs). But it looks like the turn of 2018 was all about the hardware security bugs. The firewall has also found problems with AMD's PSP subsystems, which are similar to the widely-unpopular MEUs of Intel (where have been found vulnerabilities last year )

The PSP and the AMD Secure Processor are also on the front line of some of the previous APUs (Kabini, Kaveri, Carrizo / Bristol Ridge), a full unit platform controller, and also provide some security features on ARM Trustzone technology. One of them is the implementation of TPM 2.0, the so-called “firmware TPM” and fTPM, which you can turn on in the BIOS. A security error has been detected while running fTPM. If your TPM abbreviation does not bother you, it's a Trusted Platform Module, a component that is now primarily a Windows BitLocker hard disk encryption storage key

Static Analysis Our security research team has the potential stack overflow in the function of processing security certificates. This means that special characters with specially modified certificates could cause misconduct and misuse the insertion of a proprietary malicious code on the PSP level (with full privileged access) Accessing the hardware of the computer). This investigator verified the ARM emulator that triggered the function.

The dedication of this artist would probably not be great, because Ü The ability of remote subscribers to get such false certificates up to TPM are limited.

fTPM supports cast boards for Ryzen

The error was unveiled at the end of the session and now it was published on the expiration of the p Time set 90 days. During this time AMD eliminated the weakness, the patch available should be from December 7. Because of the core of the firmware, the patch must be distributed through the BIOS update (UEFI) from the motherboard and notebook manufacturer. From the available information, it is not entirely clear how large a part of the products will need it. PSP has APU Kabini a Kaveri and new plus Ryzen (FX not). However, it is only necessary to repair this problem if the board is accessing the fTPM function, which should be mainly (or only possible) for the files.

 The AMD Secure Processor is a separate subsystem like Intel ME. It has greater privileges than the system itself
The AMD Secure Processor is a separate subsystem like Intel ME. It has more privileges than the system itself

If you have a computer with a Ryzen, take a look at the BIOS update. Whether this patch will be directly listed in the newsletters to make sure that you have received it, a great deal. Plate makers should be able to release new BIOSs due to updates for Spectrum security issues, and also due to the support of the new APU Ryzen processors, which will probably be released this quarter. Correction could, therefore, happen with some of these common updates. An alternative way to ensure this mishy place is to disable PSPs or disable its interface. This option begins to appear in AM4 platform BIOS

Comments are closed.