(stack cookies,NX stack, ASLR) are not implemented in the PSP environment.
The fix for this rolls into the full Agesa rewrite and is a pretty simple fix.
Part of reason why fTPM was suddenly changed in lots of BIOS releases.
The full overhauled BIOS releases coming out for your mainboards will include this.
TLDR: It’s a really stupid problem introduced by shitty vendor code.
This research focused on vendor specific code that diverged from the TCG
spec.
But please AMD use security concepts on your security processor.
I understand that it’s not reasonable, but removing it is the responsible thing to do. Have some hardware to initialize the AMD64 arch and nothing more. The system initializer doesn’t need access to SATA, NVMe, PCIe, networking, etc…