|
|
Log in / Subscribe / Register

Numerous vulnerabilities in AMD processors

Numerous vulnerabilities in AMD processors

Posted Mar 13, 2018 18:42 UTC (Tue) by CodeAsm (guest, #101413)
Parent article: Numerous vulnerabilities in AMD processors

My twitter feed and /g/ (srry ppl) is claiming that they (CTS Labs) are trying to get people to sell AMD stock. Jake Williams on twitter: "Are you kidding me? Okay, this is the overhype statement of the year. @viceroyresearch is making statements that are completely over the top."

and Arrigo Triulzi @cynicalsecurity posted a nice list of whats potencialy wrong with their paper here: https://twitter.com/cynicalsecurity/status/97359569790270...

1) MASTERKEY: if you allow unauthorised BIOS updates you are screwed. Threat level: No shit, Sherlock! 2) RYZENFALL: again, loading unauthorised code on the Secure Processor as admin. Threat level: No shit, Sherlock!

So I wonder, how far do we need to spread these before AMD can respond? within 24 hours? I hope ... im right, and not wrong. for AMD users and AMD.

to post comments

Numerous vulnerabilities in AMD processors

Posted Mar 13, 2018 19:06 UTC (Tue) by CodeAsm (guest, #101413) [Link]

http://ir.amd.com/news-releases/news-release-details/view...
Looks like they had no idea? ofcourse they will investigate it, but ... no warning before releasing? A very slick website, interviews and animations and AMD had no idea? WE had no idea?

Numerous vulnerabilities in AMD processors

Posted Mar 13, 2018 20:47 UTC (Tue) by Sesse (subscriber, #53779) [Link]

Loading unauthorized code on the SP as admin is actually a big deal. It means you can defeat things like Secure Boot, and by extension, BitLocker.

Numerous vulnerabilities in AMD processors

Posted Mar 14, 2018 4:54 UTC (Wed) by luto (subscriber, #39314) [Link]

> 1) MASTERKEY: if you allow unauthorised BIOS updates you are screwed.

Depending on whether whatever AMD's equivalent of Boot Guard is enabled, write access to the BIOS chip shouldn't be exploitable for anything other than a secure boot bypass and control over CPL0 and up. MASTERKEY (if the vulnerability is for real) gives SMM privilege. The degree to which this is a problem is admittedly rather dubious.

> 2) RYZENFALL: again, loading unauthorised code on the Secure Processor as admin. Threat level: No shit, Sherlock!

I disagree. The whole point of the PSP is that it should *not* be tamperable with as admin. This allows whatever TPM-like features it emulates to be compromised, SEV to be compromised, etc. OTOH, SEV is thoroughly insecure be design anyway, at least in current revisions.

I personally have no idea why MS and other users consider an emulated TPM to be a TPM at all for purposes of MS/Windows logo requirements, etc.

Numerous vulnerabilities in AMD processors

Posted Mar 15, 2018 0:25 UTC (Thu) by flussence (guest, #85566) [Link]

This smear attack is already backfiring spectacularly. The news that someone's defeated the PSP only makes me *more* interested in buying a Ryzen now.

Previously, and paradoxically, you had to buy an *Intel* if you wanted an x86 that's so pitifully insecure that there were trivial automated white-hat tools to remove its known backdoors (me-cleaner etc.). The AMD PSP was considered airtight enough to be an actual threat to security (no user serviceable parts, but still IoT-on-a-chip garbage) but now the cat's been let out of the bag, there'll likely be enough eyeballs on the hardware to fix the problem.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds