Problem Description & Method of Exploitation
Issue: Attacker who already has compromised the security of a system updates flash to corrupt its contents. AMD Secure Processor (PSP) checks do not detect the corruption.
Method: Attacker requires Administrative access
Potential Impact
Attacker can circumvent platform security controls. These changes are persistent following a system reboot.
Planned AMD Mitigation
Firmware patch release through BIOS update. No performance impact is expected.
AMD is working on PSP firmware updates that we plan to release in the coming weeks.
Whatever this “BIOS update” does, it will still not change the existence of a piece of hardware that acts as a persistent and unmodifiable backdoor into the system. If anything, their update will make it even more difficult to get rid of this backdoor, and will make compromise of their master key even more damaging.
Nothing that AMD or Intel do, short of destroying the PSP, ME, and any similar hardware, will constitute true mitigation of their backdoor-ridden platforms.
Whatever this “BIOS update” does, it will still not change the existence of a piece of hardware that acts as a persistent and unmodifiable backdoor into the system. If anything, their update will make it even more difficult to get rid of this backdoor, and will make compromise of their master key even more damaging.
Nothing that AMD or Intel do, short of destroying the PSP, ME, and any similar hardware, will constitute true mitigation of their backdoor-ridden platforms.