More Intel ME Funny Business - Hardware Fuse lockout on Intel ME Downgrades

Sorry it’s El-Reg , but it’s as valid as any other source on this.

Please read and discuss.

As a side note. If you’re thinking AMD is better. I’ve recently been doing some Firmware archaeology.

Every AMD CPU from 2013 onwards essentially has the PSP. It cannot be removed, it cannot be disabled, and it has full access to the x86 cores and all of the system components. ALL OF THEM.

It’s not using all of the access, but it totally could.

The code for the PSP is stored in rewriteable firmware storage and anyone with access to the AMD signing key can run their code at the highest possible privilege level on the entire system.

As long as they don’t share their key with anyone who asks/compels them to provide it. Or it was generated using weak primes, or something silly like that. They wouldn’t do that, would they?

Or you find a firmware 0-day that allows you to inject code into the right places without the need for signing. :wink:

Yeah true… I know people say any system or piece of code will be exploited given enough time, and that doesn’t seem possible. But, my mind has been blown many times by what security researches manage to pull off. Wizards truly do exist.

1 Like

Yeah, it’s all very scary. Good thing I still have my AM3+ stuff.

I just realized that I have the AMD PSP disabled on my Lenovo 720s. So, that is a thing now.

They introduced that recently when there was some security issue (can’t remember what it was exactly), it was just a few weeks back I think.

1 Like

Yeah, but just because something has a feature doesn’t mean a laptop maker will actually let you do stuff with it. So I thought this might be interesting. :wink:

well yeah, true, especially for laptops.

But a lot of the (more or less) recent motherboards have also been updated so

is technically not correct either.

This is what happens when you heathens don’t use RISC. What have I been telling you for 4 years.

/s

coughsecurity through obscuritycough

:smiley:

1 Like

I stand by my initial statement.
The PSP is responsible for early power-on init and unlocking the x86 cores. What the BIOS option does is not disabling the PSP.

Its only ceasing communications between the PSP’s IO interfaces used by Kernel/Firmware.

Its still running in the background as before you just stop being able to talk to it via the PCI-e, or MMIO mailbox interfaces.

PS: @wolfleben what did you edit here?

Tech News and Policy isn’t suppose a general tech news area. Instead general tech news topics go to the appropriate category with the tag of news.

See here for more information:

There is nothing wrong with the thread. I’ll be moving any new general tech news thread to an appropriate area. I also moved any general tech news thread of the past three months.

1 Like

That makes sense. So just some general forum housekeeping.

Thank you!

1 Like