7 Replies Latest reply on Apr 21, 2017 5:05 AM by kharg

    Open Source PSP for coreboot/libreboot

    leahtwoskin

      In the recent AMD Reddit AMA, one of the questions asked was about releasing Platform Security Processor (PSP) source code. I want to put it out there that releasing the PSP source code and allowing people to install and use coreboot/libreboot on AMD processors is very desirable. Certainly, the number of people that *would* do it is rather small, but the number of people that *can* do it is, currently, even smaller. Another possible plus to being able to more finely control PSP source code is the ability to make it do nothing, which will allow people to market modified versions of the PSP code as being privacy- or security-focused.

        • Re: Open Source PSP for coreboot/libreboot
          shiftee

          I think a lot of security oriented organisations might do this if it was an option at purchase time.

          Regardless it's a great idea for winning community trust

          • Re: Open Source PSP for coreboot/libreboot
            lorenzo

            If this happens, I will only buy AMD in the future. And since I am basically responsible for the PC builds of family and friends, they'll go AMD as well

            • Re: Open Source PSP for coreboot/libreboot
              fturco

              I promise I will ditch Intel and start buying AMD products instead if AMD begins to help Coreboot/Libreboot developers.

              • Re: Open Source PSP for coreboot/libreboot
                habs

                I'd also like to express my support for freeing the PSP firmware code, or allowing the ability to disable it. I am ecstatic about the recent developments in this area, and as a daily Libreboot user, I would certainly switch to AMD products and tell all of my friends to do the same if this change were to be implemented.

                 

                Some convincing reasons for the change can be found here:

                https://www.reddit.com/r/Amd/comments/5x4hxu/we_are_amd_creators_of_athlon_radeon_and_other/def5h1b/

                 

                Thank you for considering this!

                • Re: Open Source PSP for coreboot/libreboot
                  fenrir

                  People started to value their privacy like never before, especially after the launch of Win 10, and Linux became more friendly and powerfull because many companies embraced the opensource software.

                  Times change and you have to evolve and change with it, AMD. Ryzen was just the first step.

                  Please do not go downhill again.

                  • Re: Open Source PSP for coreboot/libreboot
                    captainkitten

                    It is true that the coreboot/libreboot market may look like a niche. But the truth is that it can only be a niche at this time, as there is little alternative. And it appears that people don't want it to be a niche any more, they want choices.

                     

                    I remember back when the first 3D cards came out, and I thought "why all the fuss with 3D? Almost no game uses 3D! There is no market for this." But once that door was opened, more people started to learn and care about 3D games.

                     

                    If AMD supports coreboot/libreboot, then it will open that door, it will generate more interest, and will sail that wave. I'm all for it!

                    • Re: Open Source PSP for coreboot/libreboot
                      kharg

                      I want to start by saying that I would be very happy if AMD decided to steer in a more open direction, as would many others. I would be pleased by nothing more than to find out I could purchase a CPU which I could control instead of only CPU's which directly control me.

                      I found a reply while looking into this topic that I think is very important.

                       

                      "Hello!? Releasing the source code would NOT change the fundamental problem with the PSP! It will still remain a black box under the control of the manufacturer! The problem is not the obfuscation of the source code, it is a much deeper platform architecture issue.

                      The PSP is a universal computer with it's own CPU, RAM, ROM, clock etc, that can run whatever software AMD wants it to run, hidden from the user. It could load software anytime without you even noticing. AMD controls the PSP by using unique cryptographic keys which are burnt into each PSP.

                      As the Intel IME engineer Xiaoyu Ruan wrote in his book "Platform Embedded Security Technology Revealed", the security architecture of the IME does not rely on security through obscurity, it relies much more on the burnt in cryptographic keys and it's architecture. The designers of the IME took into account that the firmware might be unscrambled and realeased by somebody, so they designed it in a way that this would not compromise it.

                      Even if you have it's source code (it's OS so to speak), there is no way for the user to tell what software it has loaded into memory and what it is doing at the moment (since it is a universal computer in its own right which offers no interface to the user). It is a parallel world on the platform the user has no access to (while the PSP has fully privileged access to all the users resources).

                      So the only real way to support Coreboot/Libreboot would be to remove the PSP completely (which is probably not possible, since it became an integral part of the system) or to offer the option to disable it and/or feed it with one's own cryptographic keys."

                       

                      https://news.ycombinator.com/item?id=13781408

                       

                       

                      So this is an issue much deeper than source code. This is about control over the users systems and right now, these PSP (and IME) modules own these systems. If AMD shows dedication to user freedom they will clench a market that so badly needs to be served today in 2017. Please, AMD, listen to our voices and see what could be created.

                       

                      ps, it is also very possible that AMD isn't "allowed" to offer user freedom in which case AMD should be moral and cease operations entirely.