AMD平台安全處理器

可信任執行環境子系統

AMD平台安全處理器(英語:AMD Platform Security Processor),公司稱其為AMD安全技術(英語:AMD Secure Technology),作為可信執行環境子系統自2013年起引入AMD處理器中[1]。AMD開發人員手冊稱該系統「能夠建立、監測和維持安全環境」和「涵蓋了管理啟動過程,初始化各種與安全相關的機制、監測系統中的任何可疑活動或事件並妥善處理等功能」[2]。有評論擔憂該技術可能暗藏後門並帶來安全隱患[3][4][5]。AMD回絕了開源PSP所執行代碼的要求[1]

PSP類似英特爾管理引擎[1]

細節

編輯

PSP實際是一個處理器內部的ARM處理器[6]

安全記錄

編輯

谷歌安全研究人員 Cfir Cohen於2017年9月報告了一個PSP帶來的AMD產品漏洞,攻擊者能藉此取得密碼、憑證和其他敏感資訊;據說有關廠商於2017年12月收到了修補程式[7][8]

2018年3月,一家以色列安全技術公司宣稱發現了數個在AMD Zen架構處理器上(EPYCRyzen、Ryzen Pro與Ryzen Mobile)由PSP引起、會導致間諜軟體執行並取得權限訪問敏感資訊的嚴重漏洞[9]。AMD後來發布了修復漏洞的韌體更新[10][11]。 雖然有人認為這些漏洞是為了操縱股票披露的[12][13],CTS實驗室所聲稱的風險仍有爭議,但獨立安全專家證實了漏洞的存在[14]

參考文獻

編輯
  1. ^ 1.0 1.1 1.2 Williams, Rob. AMD Confirms It Won't Opensource EPYC's Platform Security Processor Code. 2017-07-19 [2020-01-23]. (原始內容存檔於2019-06-03). This chip is found on most AMD platforms from 2013 on, and behaves much like Intel's Management Engine does [...] The rather blunt realization that PSP wasn't being open sourced came out during a discussion with AMD top brass about EPYC. 
  2. ^ BIOS and Kernel Developer's Guide (BKDG) for AMD Family 16h Models 30h-3Fh Processors (PDF). AMD: 156. 2016 [2020-01-23]. (原始內容存檔 (PDF)於2018-06-16). 
  3. ^ Martin, Ryan. Expert Says NSA Have Backdoors Built Into Intel And AMD Processors. eteknix.com. July 2013 [2018-01-19]. (原始內容存檔於2018-01-19). 
  4. ^ Claburn, Thomas, Security hole in AMD CPUs' hidden secure processor code revealed ahead of patches, The Register, 2018-01-06 [2020-01-23], (原始內容存檔於2020-05-19) 
  5. ^ Larabel, Michael. AMD Reportedly Allows Disabling PSP Secure Processor With Latest AGESA. 2017-12-07 [2020-01-23]. (原始內容存檔於2009-09-21). This built-in AMD Secure Processor has been criticized by some as another possible attack vector... 
  6. ^ Libreboot FAQ. [2020-01-23]. (原始內容存檔於2021-01-21). The PSP is an ARM core with TrustZone technology, built onto the main CPU die. 
  7. ^ Millman, Rene. Security issue found in AMD's Platform Security Processor. 2018-01-08 [2020-01-23]. (原始內容存檔於2018-01-26). 
  8. ^ Cimpanu, Catalin. Security Flaw in AMD's Secure Chip-On-Chip Processor Disclosed Online. 2018-01-06 [2020-01-23]. (原始內容存檔於2020-11-09). 
  9. ^ Goodin, Dan. A raft of flaws in AMD chips makes bad hacks much, much worse. Ars Technica. 2018-03-13 [2020-01-23]. (原始內容存檔於2020-11-25). 
  10. ^ Bright, Peter. AMD promises firmware fixes for security processor bugs All bugs require administrative access to exploit. Ars Technica. 2018-03-20 [2020-01-23]. (原始內容存檔於2020-12-10). 
  11. ^ Papermaster, Mark. Initial AMD Technical Assessment of CTS Labs Research. AMD Community. 2018-03-21 [2020-01-23]. (原始內容存檔於2020-11-09). 
  12. ^ Burke, Steve. Assassination Attempt on AMD by Viceroy Research & CTS Labs, AMD "Should Be $0". GamersNexus. [2020-01-23]. (原始內容存檔於2019-12-20). 
  13. ^ Zynath Investment. AMD And CTS Labs: A Story Of Failed Stock Manipulation. Seeking Alpha. [2020-01-23]. (原始內容存檔於2018-03-19). 
  14. ^ Guido, Dan. "AMD Flaws" Technical Summary. [2020-01-23]. (原始內容存檔於2021-01-24). 

外部連結

編輯