AMD will not open-source its Platform Security Processor technology

One of the controversial features of AMD's Ryzen is the integrated Platform Security Processor (PSP). This is basically an ARM core with complete access to the entire system. It is somewhat similar to the Management Engine employed by Intel's Core processors, but in some ways it is more powerful. One of the concerns about these features is that they operate "above root" level and are mostly invisible to the computer's operating system so it is hard to figure out what's going on.

In a recent session on Twitch.tv, AMD confirmed they have no plans to open-source PSP to allow general community auditing. However, AMD claims they have independent security firms under contract that are constantly trying to hack PSP. AMD assures there have been no successful attempts so far.

Why is this a bad thing? Well, let's play a theoretical. What happens if a bug is discovered in the PSP, and malware takes control of it? How would you remove it (Answer: you couldn't). How would you know you needed to remove it? (answer, unless it made itself obvious, you also wouldn't). This scenario is obviously not a good one, and is a concern for many who asked AMD to open-source the PSPs code for general community auditing.

AMD has just replied with a big fat "no" on twitch.tv (at the 35m 35s mark in the source link). To be fair, they do point out in the same post that they have independent security firms constantly trying to hack the PSP and none have succeeded to date, but it's still a little disconcerting to think about the "what ifs" in our recent security climate.

Via: TPU