Return to Level1Techs.com

AMD TrustZone. Privacy respecting?

Sooo. I’ve been doing some research in my quest to being more open source and living a Linux only system, with little usage of Windows, but not abandoning it. Intel ME. Its know for having a lot of criticism because of legitimate privacy concerns and vulnerabilities that have affected many production servers in the past.
Sooo… for performance and because of better open source support, I’ve been strongly leaning towards going FULL AMD(within a year). Of course, going through the rabbit hole of being on a fully open source system isn’t possible yet, I know. AMD just plays better with open source, which is a bonus in my book.
Side tracking…aaaand AMD Trust Zone. I don’t know much of it but from what I read, its AMD’s equivalent to ME. But to what extent? Can anyone shed some light for me? What do you think about it? Do I misunderstand it? Appreciate enlightenment! :slight_smile:

I haven’t looked too closely, but have been running AMD again since Zen1, and trust it, bugs and all.

I think this gives some insight into things you already know
But nothing useful there, regarding disabling PSP

2 Likes

PSP is basically AMD’s equivalent of the Intel ME. There was talk about opensourcing the PSP, but that never materialized. Essentially think of it like the ARM co processor in the PS4. IT handles low level things even when the system is off.

While I am a fan of F/LOSS, and AMD, Intel actually plays better with OpenSource due to the sheer fact that they Make magnitudes more contributions than AMD. AMD is quite small compared to Intel but yet are able to benefit on the CPU side due to the sharing of x86 and x86_64 Licenses.

I am currently on a full AMD Poor Dozer build right now (990FX). Waiting Zen 3 on mobile first. Then a Zen3 or 3+ Desktop

4 Likes

Well, saying Intel plays better is not quite right; quantity of code to work with their proprietary systems is also the tactic Microsoft uses. Doesn’t mean they are embracing Openness themselves, just that their proprietary code causes conflicts that harm their customers, so they have to put a lot of work in, which would not be needed if they were more open.
But it is a policy they chose, and ARM is pretty open, but still an edge case. What can you do‽

2 Likes

And sorry @RainSage for derailing the thread.
The PSP and ME chip components are security risks, but not so much a privacy concern.

Or, all security risks are privacy concerns, I guess.
Like, secure things can leak private data, but still be secure. Insecure things are insecure

So Intel ME and AMD PSP are not entirely the same thing and are difficult to compare.

Tl;dr - AMD PSP is not really comparable to Intel ME, but if you did it’s more trustworthy due to it not having a remote management solution.

The AMD PSP is defined as a trusted execution environment (TEE) with the more direct Intel equivalent being Intel Software Guard Extensions (SGX). The TEE is meant to be a separate enclave on the CPU to run code with the hardware guarantee the information is protected. Signal talks about how Intel SGX can confirm that the code running on a remote server is the code the client expects.

Intel ME is the overarching technology that manages Intel SGX (well, SGX isn’t officially a “module” under ME, but without ME SGX breaks so…). When people are worried about Intel ME, they are mostly talking about Intel Active Management Technology which has to do with enterprise device management. AMD PSP doesn’t have that functionality (that I’m aware of). Intel ME also has other functionality from it’s “modules” that aren’t really security related.

TEE is a good thing for hardware security so it shouldn’t concern you when you’re looking at FOSS solutions, but I can certainly understand why you would be worried about Intel ME going beyond that.

2 Likes