What is it?
AMD’s Platform Security Processor (PSP) is a misprocessing chip based on the ARM TrustZone technology. It’s been incorporated into AMD chips since 2013 including their latest realised architecture codenamed ZEN. Its job is simple, to ensure the secure operations of hardware level processes. It’s essentially the bouncer to the club that is the Central Processing Units (CPU), not only being responsible for who goes in, but also maintaining and managing various security processes, as well as keeping an eye out for any suspicious activity and implementing the appropriate response.
So, AMD’s chips must be well protected then…maybe not.
In recent months, a particularly concerning security vulnerability has been discovered that has the potential to be disastrous to a system that is exploited. This well-known vulnerability is dubbed “Spectre” and has two variants, labelled “Meltdown” and “Foreshadow”. This article will focus on Spectre and Meltdown as AMD claims that their CPUs are not susceptible to Foreshadow.
In summary, Spectre, and all variants (Meltdown and Foreshadow), allows an attacker to access data stored in RAM (memory) that they would usually be prohibited to access as they don’t have correct privileges, such as passwords, Bitlocker keys etc.
They do this by taking advantage of speculative execution within CPUs, hence the name, Spectre. Speculative execution exploit is possible because of a few things; for code to be executed it needs the necessary permissions to access parts of the computer’s memory, so the CPU must check the memory bounds of the code which takes time, so while the CPU is bounds checking it also starts accessing out of bounds data that it speculates will be in bounds. An attacker can then have their code executed and access data that being given to it in speculation that the code has the correct privileges.
Meltdown works by taking advantage of a slightly different speculative execution process. Say an application needs to have access to various levels of privilege data, high and low. To isolate the high and low privilege data there will be a table map to distinguish between the two and allow the CPU quick switching between modes. The flaw is when the software attempts to access high privilege data while in a low privilege mode, the process to check whether or not this is allowed may be delayed, which is a window of opportunity to access restricted data.
What are the Concerns?
In September of 2017, a researcher at Google Project Zero named Cfir Cohen, reported a security vulnerability to AMD regarding a sub system in the PSP. The nature of this vulnerability would allow attackers to access sensitive information in the system memory. It was said that AMD had released a patch for this in December 2017, however, in January of 2018 the Spectre and Meltdown vulnerabilities were released and it was shown to affect both platforms.
While AMD and Intel have been working with Microsoft to patch the vulnerabilities, it’s proving difficult, as the flaws exist at a hardware level, without creating a new CPU architecture, it’s near impossible to completely mitigate them. The good news for AMD users is that they are not affected by Meltdown, and AMD originally claimed that there is a near-zero chance of Spectre being able to be exploited on their platform. This changed shortly after as AMD said that Spectre may pose a threat.
There has been a number of Windows patches that claimed to fix the issue in January 2018 for Intel users, however the updates didn’t work so well for some AMD users and ended up bricking the Windows 10 OS. Microsoft has since fixed these issues and are continuing to issue updates to protect against Spectre and Meltdown.
A concern a lot of AMD users are having is with the PSP, as this seems to be where the vulnerability resides. They have asked AMD to provide an option to disable the PSP and perhaps completely mitigate the chance of Spectre affecting the system at all. AMD listened and with the following Generic Encapsulation Software Architecture (AGESA) update, there is an option to disable it. It may seem unusual to disable the system that is there to protect, but in this case, it could be causing more harm than good. There is some controversy however, that AMD cannot completely switch off the PSP and it still runs during the boot up process, although these claims are yet to be confirmed.
Yes, there are still security concerns regarding the Spectre and Meltdown vulnerabilities, and while Microsoft, Intel and AMD are working to mitigate these flaws, it is unknown whether or not the platforms affected will be completely fixed or at what performance cost. The new generation of CPUs will hope to have been secured against these vulnerabilities. For the time being, all users should make sure they keep their systems up to date with patches from Microsoft as well as from their hardware vendors for the system BIOS.