AMD Platform Security Processor: Difference between revisions

(4 intermediate revisions by 3 users not shown)

Line 6:

|Category=Surveillance, Security, Hardware, Computers, Firmware

|Description=An autonomous chip running closed-source code with full system access, found on most AMD platforms.

}}

|Logo=AMD logo.svg|Website=https://www.amd.com/en.html}}

~~{{Ph-C-Int~~}}

==~~Consumer~~-~~impact summary~~==

The '''[[AMD]] Platform Security Processor (PSP)''', also known as the '''AMD Secure Processor''', is an autonomous processor embedded on most modern AMD CPU's since 2013. The PSP has full access to memory and is capable of running without the main CPU cores being active.<ref>{{Cite web |last=Eichner |first=Alexander |last2=Buhren |first2=Robert |date=2020-08-05 |title=All you ever wanted to know about the AMD Platform Security Processor and were afraid to emulate |url=https://i.blackhat.com/USA-20/Wednesday/us-20-Buhren-All-You-Ever-Wanted-To-Know-About-The-AMD-Platform-Security-Processor-And-Were-Afraid-To-Emulate.pdf |url-status=live |access-date=2026-02-04 |website=blackhat.com |archive-url=https://web.archive.org/web/20260215213932/https://i.blackhat.com/USA-20/Wednesday/us-20-Buhren-All-You-Ever-Wanted-To-Know-About-The-AMD-Platform-Security-Processor-And-Were-Afraid-To-Emulate.pdf |archive-date=15 Feb 2026}}</ref>

~~{{Ph~~-C-~~CIS~~}}

==~~Incidents~~==

AMD has not provided much information about the PSP, but several features are know, including:<ref name=":0">{{Cite web |date=2023-04-17 |title=Reversing the AMD Secure Processor (PSP) |url=https://dayzerosec.com/blog/2023/04/17/reversing-the-amd-secure-processor-psp.html |url-status=live |archive-url=https://web.archive.org/web/20260112172321/https://dayzerosec.com/blog/2023/04/17/reversing-the-amd-secure-processor-psp.html |archive-date=2026-01-12 |access-date=2026-02-04 |website=dayzerosec.com}}</ref>

~~{{Ph~~-C-~~Inc}}~~

~~This is a list of all consumer~~-~~protection incidents related to this product~~. ~~Any incidents not mentioned here can be found in the [[~~:~~Category~~:~~{{PAGENAME}}~~|~~{{PAGENAME~~}} ~~category]].~~

~~===Example incident one~~ (~~''date''~~)~~===~~

*CPU initialization

~~{{Main|link to the main CR Wiki article}}~~

*Hardware-accelerated cryptography

~~Short summary~~ of the ~~incident (could~~ be the ~~same as~~ the ~~summary preceding~~ the ~~article)~~.

*Hardware/software integrity verification ([[wikipedia:Trusted_Platform_Module|TPM]])

===~~Example incident two (~~'~~'date'')~~===

*Facilitating Secure Encrypted Virtualization ([https://www.amd.com/en/developer/sev.html SEV])

...

There is no official way of disabling the PSP. Since it has responsibilities during the boot sequence, it is likely to be impossible to remove the PSP entirely without breaking the system.<ref name=":0" /> Around 2018, some users reported seeing a BIOS option to disable the PSP. <ref>{{Cite web |last=Cimpanu |first=Catalin |date=2018-01-06 |title=Security Flaw in AMD's Secure Chip-On-Chip Processor Disclosed Online |url=https://www.bleepingcomputer.com/news/security/security-flaw-in-amds-secure-chip-on-chip-processor-disclosed-online/ |url-status=live |archive-url=https://web.archive.org/web/20251219104119/https://www.bleepingcomputer.com/news/security/security-flaw-in-amds-secure-chip-on-chip-processor-disclosed-online/ |archive-date=2025-12-19 |access-date=2026-02-04 |website=BleepingComputer}}</ref>

==Concerns==

AMD has denied requests to open-source the software running on the PSP.<ref>{{Cite web |last=Williams |first=Rob |date=19 Jul 2017 |title=AMD Confirms It Won't Opensource EPYC's Platform Security Processor Code |url=https://hothardware.com/news/amd-confirms-it-will-not-be-opensourcing-epycs-platform-security-processor-code |url-status=live |archive-url=https://web.archive.org/web/20251123014437/https://hothardware.com/news/amd-confirms-it-will-not-be-opensourcing-epycs-platform-security-processor-code |archive-date=2025-11-23 |access-date=2026-02-04 |website=HotHardware}}</ref> This means that the inner workings of the PSP cannot be independently verified and bug-fixing can only be performed by AMD. This is an example of [[Security through obscurity|"security through obscurity"]], which has been criticized for taking away consumer rights.

Some have accused the AMD PSP of having a backdoor because of its closed nature, full system access, and AMD's secrecy and unwillingness to make the code public.<ref>{{Cite web |date=15 Mar 2021 |title=Every modern computer has a backdoor |url=https://www.sysjolt.com/2021/every-modern-computer-has-a-backdoor/ |url-status=live |access-date=2026-02-04 |website=sysjolt.com |archive-url=https://web.archive.org/web/20260215213945/https://www.sysjolt.com/2021/every-modern-computer-has-a-backdoor/ |archive-date=15 Feb 2026}}</ref>

==Vulnerabilities==

There have been several vulnerabilities related to AMD's PSP.

{| class="wikitable"

!Date

!Vulnerability

!CVE

|-

|2020

|Incorrect BIOS image length validation by the PSP might cause arbitrary code execution.

|[https://nvd.nist.gov/vuln/detail/CVE-2020-12944 CVE-2020-12944]

|-

|2020

|Due to a vulnerability in the PSP, an attacker can modify registers and possibly bypass ROM protections.

|[https://nvd.nist.gov/vuln/detail/CVE-2020-12961 CVE-2020-12961]

|-

|2021

|Insufficient verification of image decrypted by PSP may lead to arbitrary code execution.

|[https://nvd.nist.gov/vuln/detail/CVE-2021-26315 CVE-2021-26315]

|-

|2021

|Using the PSP, low-privilege users are able to send driver requests, allowing data leakage.

|[https://nvd.nist.gov/vuln/detail/CVE-2021-26333 CVE-2021-26333]

|-

|2021

|Insufficient address validation in PSP firmware may lead to arbitrary code execution.

|[https://nvd.nist.gov/vuln/detail/CVE-2021-46771 CVE-2021-46771]

|}

==See also==

~~{{Ph-C-SA}}~~

*[[AMD]]

*[[Intel Management Engine]]

==References==

@@ Line 6: / Line 6: @@
 |Category=Surveillance, Security, Hardware, Computers, Firmware
 |Description=An autonomous chip running closed-source code with full system access, found on most AMD platforms.
-}}
+|Logo=AMD logo.svg|Website=https://www.amd.com/en.html}}
-{{Ph-C-Int}}
-==Consumer-impact summary==
+The '''[[AMD]] Platform Security Processor (PSP)''', also known as the '''AMD Secure Processor''', is an autonomous processor embedded on most modern AMD CPU's since 2013. The PSP has full access to memory and is capable of running without the main CPU cores being active.<ref>{{Cite web |last=Eichner |first=Alexander |last2=Buhren |first2=Robert |date=2020-08-05 |title=All you ever wanted to know about the AMD Platform Security Processor and were afraid to emulate |url=https://i.blackhat.com/USA-20/Wednesday/us-20-Buhren-All-You-Ever-Wanted-To-Know-About-The-AMD-Platform-Security-Processor-And-Were-Afraid-To-Emulate.pdf |url-status=live |access-date=2026-02-04 |website=blackhat.com |archive-url=https://web.archive.org/web/20260215213932/https://i.blackhat.com/USA-20/Wednesday/us-20-Buhren-All-You-Ever-Wanted-To-Know-About-The-AMD-Platform-Security-Processor-And-Were-Afraid-To-Emulate.pdf |archive-date=15 Feb 2026}}</ref>
-{{Ph-C-CIS}}
-==Incidents==
+AMD has not provided much information about the PSP, but several features are know, including:<ref name=":0">{{Cite web |date=2023-04-17 |title=Reversing the AMD Secure Processor (PSP) |url=https://dayzerosec.com/blog/2023/04/17/reversing-the-amd-secure-processor-psp.html |url-status=live |archive-url=https://web.archive.org/web/20260112172321/https://dayzerosec.com/blog/2023/04/17/reversing-the-amd-secure-processor-psp.html |archive-date=2026-01-12 |access-date=2026-02-04 |website=dayzerosec.com}}</ref>
-{{Ph-C-Inc}}
-This is a list of all consumer-protection incidents related to this product. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].
-===Example incident one (''date'')===
+*CPU initialization
-{{Main|link to the main CR Wiki article}}
+*Hardware-accelerated cryptography
-Short summary of the incident (could be the same as the summary preceding the article).
+*Hardware/software integrity verification ([[wikipedia:Trusted_Platform_Module|TPM]])
-===Example incident two (''date'')===
+*Facilitating Secure Encrypted Virtualization ([https://www.amd.com/en/developer/sev.html SEV])
-...
+There is no official way of disabling the PSP. Since it has responsibilities during the boot sequence, it is likely to be impossible to remove the PSP entirely without breaking the system.<ref name=":0" /> Around 2018, some users reported seeing a BIOS option to disable the PSP. <ref>{{Cite web |last=Cimpanu |first=Catalin |date=2018-01-06 |title=Security Flaw in AMD's Secure Chip-On-Chip Processor Disclosed Online |url=https://www.bleepingcomputer.com/news/security/security-flaw-in-amds-secure-chip-on-chip-processor-disclosed-online/ |url-status=live |archive-url=https://web.archive.org/web/20251219104119/https://www.bleepingcomputer.com/news/security/security-flaw-in-amds-secure-chip-on-chip-processor-disclosed-online/ |archive-date=2025-12-19 |access-date=2026-02-04 |website=BleepingComputer}}</ref>
+==Concerns==
+AMD has denied requests to open-source the software running on the PSP.<ref>{{Cite web |last=Williams |first=Rob |date=19 Jul 2017 |title=AMD Confirms It Won't Opensource EPYC's Platform Security Processor Code |url=https://hothardware.com/news/amd-confirms-it-will-not-be-opensourcing-epycs-platform-security-processor-code |url-status=live |archive-url=https://web.archive.org/web/20251123014437/https://hothardware.com/news/amd-confirms-it-will-not-be-opensourcing-epycs-platform-security-processor-code |archive-date=2025-11-23 |access-date=2026-02-04 |website=HotHardware}}</ref> This means that the inner workings of the PSP cannot be independently verified and bug-fixing can only be performed by AMD. This is an example of [[Security through obscurity|"security through obscurity"]], which has been criticized for taking away consumer rights.
+Some have accused the AMD PSP of having a backdoor because of its closed nature, full system access, and AMD's secrecy and unwillingness to make the code public.<ref>{{Cite web |date=15 Mar 2021 |title=Every modern computer has a backdoor |url=https://www.sysjolt.com/2021/every-modern-computer-has-a-backdoor/ |url-status=live |access-date=2026-02-04 |website=sysjolt.com |archive-url=https://web.archive.org/web/20260215213945/https://www.sysjolt.com/2021/every-modern-computer-has-a-backdoor/ |archive-date=15 Feb 2026}}</ref>
+==Vulnerabilities==
+There have been several vulnerabilities related to AMD's PSP.
+{| class="wikitable"
+!Date
+!Vulnerability
+!CVE
+|-
+|2020
+|Incorrect BIOS image length validation by the PSP might cause arbitrary code execution.
+|[https://nvd.nist.gov/vuln/detail/CVE-2020-12944 CVE-2020-12944]
+|-
+|2020
+|Due to a vulnerability in the PSP, an attacker can modify registers and possibly bypass ROM protections.
+|[https://nvd.nist.gov/vuln/detail/CVE-2020-12961 CVE-2020-12961]
+|-
+|2021
+|Insufficient verification of image decrypted by PSP may lead to arbitrary code execution.
+|[https://nvd.nist.gov/vuln/detail/CVE-2021-26315 CVE-2021-26315]
+|-
+|2021
+|Using the PSP, low-privilege users are able to send driver requests, allowing data leakage.
+|[https://nvd.nist.gov/vuln/detail/CVE-2021-26333 CVE-2021-26333]
+|-
+|2021
+|Insufficient address validation in PSP firmware may lead to arbitrary code execution.
+|[https://nvd.nist.gov/vuln/detail/CVE-2021-46771 CVE-2021-46771]
+|}
 ==See also==
-{{Ph-C-SA}}
+*[[AMD]]
+*[[Intel Management Engine]]
 ==References==