Skip to main content

AMD Secure Technology PSP Firmware Now Explorable, Thanks to Researcher's Tool

(Image credit: Andreas Merchel/Shutterstock)

A security researcher this week released the PSPtool, a software tool that “aims to lower the entry barrier for looking into the code running" on the AMD Platform Security Processor (PSP), officially known as AMD Secure Technology, and other AMD subsystems. The PSP serves similar functions to those of Intel’s Management Engine (ME) processor. However, just like the Intel ME, the secretive and undocumented nature of the chip worries security and privacy advocates.

PSPTool for AMD Computers

The researcher going by the online name of cwerling described the PSPTool as a “Swiss Army knife” for dealing with the AMD PSP’s firmware. The tool is based on reverse-engineering efforts of AMD’s proprietary file system that the company uses to pack firmware blobs into UEFI firmware images.

Usually, all firmware blobs can be parsed by another software program called the UEFITool. However, in this case AMD’s firmware files are located in padding volumes that can’t be parsed by the UEFITool. This is the reason for the PSPTool, which can locate the PSP firmware within UEFI images and parse it. Through this tool, more researchers can look into what their local PSP chip is doing to their computers, as its actions are normally hidden from the operating system or the main processor.

What Is the Purpose of a PSP?

AMD Secure Technology is a trusted execution environment that has been integrated into AMD’s processors since 2013. It uses an Arm processor, as well as Arm’s TrustZone software solution, which separates some security-sensitive operations from the main processor and operating system.

There are some clear security benefits to this security technology, including being able to store biometric information or encryption private keys in that secure domain. However, perhaps an even more important role from AMD’s perspective was the enabling of Digital Rights Management (DRM). If DRM solutions are implemented in this separated subsystem, it's more difficult for users to disable them.

Others also believe that the PSP could enable NSA backdoors. The suspicion may not be completely without merit, as Intel’s similar technology, the Management Engine was found to have an undocumented mode that was specifically developed for the NSA. As these subsystems are kept mostly undocumented and their operations secret from the user, we may still not know the full extent of these chip’s operations.

The good news is that security researchers are starting to investigate much more thoroughly everything that goes inside modern chips and their firmware. This is how we learned about Meltdown, Spectre, Foreshadow and the latest MDS flaws, too.

Previous Intel ME and AMD PSP vulnerabilities were also discovered by such researchers, and similar discoveries are likely to come in the future. If Intel or AMD had ever built any tools or left any security holes that could allow intelligence agencies to hack into any computer they want, now may be a good time to remove or close them. Because we’re likely not going back to a world of obscurity in regards to how microprocessors work and what they do to our PCs in the background.

Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.