Releasing the PSP source code would AFAIK not change a thing. While it might be an interesting read, the PSP (i.e. AMD) would still remain in control of the platform. The PSP does NOT rely on code obfuscation. It is a much deeper architectural problem with he PSP, than the fact that it holds a binary blob.
The designer of the Intel Management Engine (the mother of the PSP) Xiaoyu Ruan wrote in his book "Platform Embedded Security Technology Revealed" in chapter 4:
"By design, the firmware binary should not contain secrets, and hence it is not encrypted or obfuscated in any form. Note that lossless compression may be applied to the code. The firmware binary, in its compression form, is stored on SPI flash in cleartext. At runtime, the code segment is not encrypted when it is paged out to DRAM. Admittedly, advanced hackers have successfully reverse-engineered and disassembled the engine’s firmware binary. However, knowledge of source code is not deemed a harmful threat, because no secrets or keys are ever hardcoded in the code, and the architecture and robustness of the engine does not rely on security through obscurity."
Further in chapter 11:
"Hardware root of trust: Binary code and the data of firmware components are stored in the flash memory in the clear. Encryption is not used because the security architecture does not rely on security through obscurity. The concept of hardware root of trust contains two folds: first, the root of trust for integrity is a hardware ROM (read-only memory). Unlike the firmware in the flash memory, the binary of ROM by design is not available externally. Although, even if the code of ROM is leaked, the security of the engine should not be impacted; second, the EPID (enhanced privacy identification; see Chapter 5 for details) private key and other chipset keys are burned into the engine’s security fuse block in Intel’s factory. These keys comprise the root of trust for confidentiality and privacy for the engine."
So IMHO AMD should be asked to produce a chip without the PSP. Or offer the possibility to disable it. As long as there is a PSP on the system it cannot be fully controlled by the user, even if it's source code should be known. It is a small autonomous computer with it's own CPU, RAM, ROM, clock etc that has fully privileged access to the systems components and can load and run code anytime (so it can run other code than the firmware source code).
Nevertheless I do see that there is a good side to these kinds of petitions and requests. AMD feels that there is interest in the subject.
I would say what you did is to "neutralize" the ME firmware part in the flash BIOS. But this is only firmware that the ME loads additionally to load applications like e.g. AMT.
The ME has it's own internal ROM containing it's very own firmware which is inaccessible and can not be modified.
So what you have is libreboot running on top of a still functional IME. All you gained is, that you got your BIOS of choice installed, and to remove some ME apps from the flash image. Correct me if I am wrong.
Yes right, we were. But we were able to install our own firmware before there was the IME.
And it has also changed in the sense that the IME is a full fledged autonomous universal computer which has it's own RAM, ROM, clock etc. It is not just some very specific chip with hard-coded functionality, no, it can e.g. load and run Java applets. So it is a very powerful moving target which can be used for whatever it is programmed to. Rootkit researcher Joanna Rutkowska called it the perfect rootkitting infrastructure.
You are right, also before IME/PSP we trusted the manufacturer to some extent.
But the IME/PSP is intentionally and officially implementing an architecture which ensures that the manufacturer has ultimate control on the platform, and can run any code it pleases anytime on your computer. It runs at the deepest level (below OS, BIOS, VTd, SMM), and has maximum privileges on the platform. It runs all the time, so even as you have your computer switched off.
Have a look at Intel Anti Theft Technology for example.
It utilizes the IME. It shows that the IME is able to completely take control away from you. It can be triggered while the computer is switched off by sending it a specific packet over 3G network. And while activated you cannot switch it on anymore and it does whatever it pleases, like continuously sending location data to Intel servers across whatever network it manages to get hold of. Nothing you could do about it.
Less spectacular is the problem that CoreBoot/LibreBoot are facing. It is not possible to install the firmware you wish, because the IME is more powerful than you on the platform and does not allow you to do so.
So you have a second computer sitting inside your computer which has full access to your resources and the manufacturer is controlling what it is doing.
So while we were maybe speculating about trusting the CPU manufacturer before, now we have no choice anymore. We have to trust him, he is the boss on the platform.
Yes right, but the gm45 chipset is a core2Duo chipset. And the X220 features Sandy Bridge (2011).
While it is possible to mess around with older implementations of the IME it is pretty much impossible with recent versions. It sits now on the CPU die and is inaccessible.
An it is only removing the ME blob in the system's flash memory. The ME has also it's own internal ROM which contains firmware which cannot be altered or read.
Well, you are right that it is slightly heavy handed. I also thought that a lot of the higher level stuff in it might still be valid.
But at the fundamental level the battle is lost, you will never own your (x86 based) PC as long as there is an IME/PSP in it.
Concerning the introduction of the IME/PSP, it says already in the first link that I provided: "All post-2013 (AMD) and virtually all post-2009 (Intel) systems".
I think we are very far from neutralizing the IME. Earlier implementations can be manipulated to some degree (not "neutralized" though), but recent versions are rather fool proof.
The book is written by one of the engineers of the IME. While it might not discuss introduction dates it discusses pretty much everything else and is THE reference when studying the IME :)
The game changed fundamentally with the introduction of the Intel Management Engine (or the AMD Platform Security Processor) on the x86 platform. The system is now "deep pwned" as described in point 3.1.1 of the article. The manufacturer has ultimate control of the platform, the user has been disowned.
Ruan writes in his book in chapter 4 "The Engine: Safeguarding Itself before Safeguarding Others":
"In addition, there is a basic guideline for realizing security: Never rely on security through obscurity. When designing security hardening features for the engine, it is always assumed that all firmware source code and internal architecture documentation may be obtained by attackers. The engine’s security design principle is to harden the product by applying proven cryptography and security primitives, rather than rely on hiding secrets in the code or documents."
So they cast their secrets in silicon I guess, which would be incomparably harder to recover.
That reddit post was mine. I just created a new account there, but somehow my comment doesn't show up, no idea why. But fortunately there is HN :)
I would not call it an enterprise security solution. It is also very much aimed at the ordinary user's machine. It is important for DRM (the infamous TPM chip is now basically an app running inside the IME/PSP). Decryption of DRM content takes place inside the IME and it is presented using a protected media path. So the content industry wants to have that on your computer.
Intel also tries to market it by offering security solutions like 'Intel Anti Theft Technology' or its 'True Key' App which utilizes the IME. It makes your machine uniquely identifiable and it should serve as a store for all your secrets (like biometrics, passwords etc).
Intel is also opening the IME up for third parties to create software for it. So your bank might e.g. run it's software inside the (considered safe and secure) IME. But of course such software has to be signed by Intel before.
Ruan even hints in his book at the possibility that one day the IME might become just as powerful as the user system. So it would be possible to run e.g. a game completely inside the IME, absolutely safe from the malicious user who might try to copy it. All you get is the output on the screen and the speakers. So the (considered unsafe) ordinary user space would just remain for running and storing trivial tasks and information. Everything else runs hidden away from you.
And all of this is supposedly for your own good and security. I would call it a dual use technology which (dis)owns the user.
"Hello!? Releasing the source code would NOT change the fundamental problem with the PSP! It will still remain a black box under the control of the manufacturer! The problem is not the obfuscation of the source code, it is a much deeper platform architecture issue.
The PSP is a universal computer with it's own CPU, RAM, ROM, clock etc, that can run whatever software AMD wants it to run, hidden from the user. It could load software anytime without you even noticing. AMD controls the PSP by using unique cryptographic keys which are burnt into each PSP.
As the Intel IME engineer Xiaoyu Ruan wrote in his book "Platform Embedded Security Technology Revealed", the security architecture of the IME does not rely on security through obscurity, it relies much more on the burnt in cryptographic keys and it's architecture. The designers of the IME took into account that the firmware might be unscrambled and realeased by somebody, so they designed it in a way that this would not compromise it.
Even if you have it's source code (it's OS so to speak), there is no way for the user to tell what software it has loaded into memory and what it is doing at the moment (since it is a universal computer in its own right which offers no interface to the user). It is a parallel world on the platform the user has no access to (while the PSP has fully privileged access to all the users resources).
So the only real way to support Coreboot/Libreboot would be to remove the PSP completely (which is probably not possible, since it became an integral part of the system) or to offer the option to disable it and/or feed it with one's own cryptographic keys.
IMHO it stays an uncontrollable risk as long as there is an PSP on the platform (likewise the IME on Intel platforms). The source code doesn't make a difference. The only advantage of releasing the source would be, that it could be checked for potential security risks to avoid hostile takeovers of the PSP (which would be a true disaster).
So don't be naive, don't believe this hype."
To further answer your question (as far as I am able to do that), if the PSP is _completely laid open, it would not change its fundamental design, and it would not allow you to put your own firmware. It would be necessary to know its burnt in and unique cryptographic keys, to be able to load your own firmware/software. I would say those cryptographic keys are the crown jewels of the PSP (or IME), which allow you to take control of the PSP. And those are (hopefully) only known to the manufacturer and will not be released with the source code ;)
This is a futile discussion. It would not make any difference if AMD released the PSP source code. The problem with the PSP is not it's firmware, it is a much deeper fundamental architectural problem as outlined in (unfortunately dead link) https://www.reddit.com/r/linux/comments/5x5xl3/amd_to_consid...
If AMD would release the source code, the PSP would still remain a black box controlled by the manufacturer. It is an autonomous universal computer (with it's own CPU, RAM, ROM, clock...) which can load/run anytime any software AMD wants it to. There is no way for the user to tell what software it is running at the moment and what it is doing on the platform. It has fully privileged access to the users resources while it offers no interface for the user (only a very minimal low level interface).
So the fundamental problem is, that it takes the control of the platform away from the user, the manufacturer is ultimately in control on the platform. This is what goes against the philosophy of Coreboot/Libreboot (of being completely in control of the platform), not simply the encrypted PSP firmware blob.
Knowing that blob would not compromise the PSP and would not give the control back to the user.
The ME is basically an independent universal computer in its own right, it comes with its own clock, RAM, CPU etc...
It is like a Matryoshka doll sitting inside the Intel CPU of your computer. Therefore, yes, it can contain all of that. For further details see my other two posts.
The IME is basically a second computer inside your computer, running as the most privileged component on the platform. It has privileged access to all components of the system, and runs as long as the computer is plugged in or has battery (even if it the computer is switched off). It is under the control of Intel, they decide what the IME does, and it can use the NIC as it pleases, unnoticeable for the host system. It can not be disabled, switched off or removed. The rootkit researcher Rutkowska described it as "an ideal rootkiting infrastructure".
True Key makes use of the Intel Management Engine (IME). It gives a hint at what Intel is up to with the IME. One of the intended uses is "identity protection", storing secrets like e.g. biometric data in the realm of the IME, and to ultimately get rid of passwords.
Considering the security concerns regarding the IME, I doubt that it is a good idea to hand your passwords over to Intel (ME). At least I don't want to support this technology by using apps that utilize the IME.
To read up on the IME there is a free book by one of the developers on it...
And by the way, he also suggests in his blog post that Ghostery and Adblock Plus might as well sell browser histories as WOT does. There might be even more.
Here is the blog entry of the Journalist Mike Kuketz, explaining in detail how he uncovered the fraud, unfortunately only in German. This includes samples of the questionable GET and POST Requests, as well as a link to a commit to the WOT sources on GitHub, which introduced the necessary changes ...
https://en.wikipedia.org/wiki/Phage_therapy
It is practiced since the 20ies in Tiblisi Georgia. TED talk about it:
https://www.youtube.com/watch?v=sjH6m5VuR6I
So it is not all doomsday.