AMD PSP security vulnerability found

Remote code execution exploit found in AMD’s Platform Security Processor (Led Zeppelin anyone?).

Not sure what the implications on the main system are, but security flaws in these OOB management platforms really russle my jimmies.

From: http://seclists.org/fulldisclosure/2018/Jan/12

a specially crafted certificate can lead to a stack overflow

As far as we know, general exploit mitigation technologies (stack cookies,
NX stack, ASLR) are not implemented in the PSP environment.

1 Like

It was only matter of time I guess. What is RMS going to use once his old laptop bites the dust?

He’ll buy another?

Maybe ARM or Power?

The fun part:

Platform Security Processor

(stack cookies,NX stack, ASLR) are not implemented in the PSP environment.
:roll_eyes:

The fix for this rolls into the full Agesa rewrite and is a pretty simple fix.

Part of reason why fTPM was suddenly changed in lots of BIOS releases.
The full overhauled BIOS releases coming out for your mainboards will include this.

TLDR: It’s a really stupid problem introduced by shitty vendor code.

This research focused on vendor specific code that diverged from the TCG
spec.

But please AMD use security concepts on your security processor. :thinking:

Fixed.

3 Likes

Well ARM Trustzone means that you trust everything that runs there right?

Just removing everything is not the solution!
Imagine if we fixed all the problems with people dying by removing people.

Reworking it sounds much better.

I just don’t like malware on my hardware.

I understand that it’s not reasonable, but removing it is the responsible thing to do. Have some hardware to initialize the AMD64 arch and nothing more. The system initializer doesn’t need access to SATA, NVMe, PCIe, networking, etc…

1 Like

Instant Flash - was the attack vector for this. Hence disable fTPM.

2 Likes