About AMD TrustZone, AMD Platform Security Processor (PSP), AMD Secure Technology

Tags: amd trustzone, amd psp, amd secure technology
Last update: jun 2018

Technological overview

ARM, originally Acorn RISC Machine, is a set of architectures for computer processors. In 2004 ARM developed TrustZone – an optional extension for processors which provide a secure execution environment (source 01). In 2012 AMD announced the integration of ARM’s TrustZone into their first Accelerated Processing Units (APU). Similar to the integration of the Intel Management Engine (link) those extension is also placed close to the CPU (source 02). This implementation has been renamed to the “AMD Platform Security Processor” (PSP) (source 03).

The PSP is called “dedicated security subsystem integrated within APU”. It provides an Trusted Exection Environment, Secure Boot, Cryptographic acceleration and TPM functionality. The hardware characteristics are as follows:

  • dedicated 32bit microcontroller (ARM with TrustZone technology)
  • isolated ROM & SRAM on the CPU
  • access to the memory and resources of the computer system
  • secure storage for firmware and data
  • special cryptographic processor
  • implementation of
    • RSA 1024, 2048, 4096 bit
    • SHA, SHA-224, SHA256
    • ECC
    • AES engine (ECB, CBC, CFB, OFB, CTR, CMAC, XTS-AES128)

In the end PSP’s functionality is pretty similar to Intel’s ME. Allowing 3rd parties to completely enforce policies, monitor integrity and manage audit & assets.

This subsystem operates with a licensed Trustonic TEE security kernel.

Interim conclusion

The computer is running AMD Secure Technology all the time. Invisible. Even if the PC is powered off. But wait, is that a problem? People who are keen on security and try to avoid risks are noticing it immediately: If there is an underlying second operating system – do we have control over it? How secure is this at all? Is there a way to disable AMD PSP / AMD Secure Technology?

Documentation

To Answer those questions we need to check out if there is a sufficient documentation out there which allows to comprehend all mechanisms and we need to watch out for possible security flaws.

AMD PSP / AMD Secure Technology has been mentioned in chapter 2.14 of the BIOS and Kernel Developer’s Guide for AMD Familiy 16h Models 30h-3Fh for the first time. On page 156 you can find just a very brief summary of this technology.

Neither is there a hint how to disable those functionality in total or in parts, nor is the source code availabe to the public.

So as far as we know AMD PSP / AMD Secure Technology can’t be disabled at all. The AMD Secure Technology is integrated into all intel desktop, mobile and server systems since 2014.

Security vulnerabilities and exploits

Also in AMD PSP vulnerabilities have been found. It was possible to craft a certificate to get code execution rights on the AMD Secure Processor and to infiltrate AMD’s security subsystem (source 04).

This management engine is definitely running. The lack of an ordinary documentation leads inevitable to security holes which represent a not only potentional but and proven risk to data and computer security.

Is there a solution to this?

  • Vendor updates: There is no known method to fix vulnerabilities except updating the AMD Secure Technlology firmware by the vendor/oem.
  • Trying to deactivate AMD Secure Technology: Some vendors like Asrock and Gigabyte have implemented a switch called “BIOS PSP Support” into their UEFI BIOS. Unfortunately there is no description what this switch acutally does.
  • Buying hardware without this technology: Please refer to CPU and system alternatives without Intel ME iAMT and AMD PSP / Secure Technology.

Sources

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *