AMD平台安全处理器
可信任執行環境子系統
AMD平台安全处理器(英語:AMD Platform Security Processor),公司称其为AMD安全技术(英語:AMD Secure Technology),作为可信执行环境子系统自2013年起引入AMD处理器中[1]。AMD开发人员手册称该系统“能够创建、监测和维持安全环境”和“涵盖了管理启动过程,初始化各种与安全相关的机制、监测系统中的任何可疑活动或事件并妥善处理等功能”[2]。有评论担忧该技术可能暗藏后门并带来安全隐患[3][4][5]。AMD回绝了开源PSP所运行代码的要求[1]。
细节
编辑安全记录
编辑谷歌安全研究人员 Cfir Cohen于2017年9月报告了一个PSP带来的AMD产品漏洞,攻击者能借此获取密码、证书和其他敏感信息;据说有关厂商于2017年12月收到了补丁[7][8]。
2018年3月,一家以色列安全技术公司宣称发现了数个在AMD Zen架构处理器上(EPYC、Ryzen、Ryzen Pro与Ryzen Mobile)由PSP引起、会导致间谍软件运行并获取权限访问敏感信息的严重漏洞[9]。AMD后来发布了修复漏洞的固件更新[10][11]。 虽然有人认为这些漏洞是为了操纵股票披露的[12][13],CTS实验室所声称的风险仍有争议,但独立安全专家证实了漏洞的存在[14]。
参考文献
编辑- ^ 1.0 1.1 1.2 Williams, Rob. AMD Confirms It Won't Opensource EPYC's Platform Security Processor Code. 2017-07-19 [2020-01-23]. (原始内容存档于2019-06-03).
This chip is found on most AMD platforms from 2013 on, and behaves much like Intel's Management Engine does [...] The rather blunt realization that PSP wasn't being open sourced came out during a discussion with AMD top brass about EPYC.
- ^ BIOS and Kernel Developer's Guide (BKDG) for AMD Family 16h Models 30h-3Fh Processors (PDF). AMD: 156. 2016 [2020-01-23]. (原始内容存档 (PDF)于2018-06-16).
- ^ Martin, Ryan. Expert Says NSA Have Backdoors Built Into Intel And AMD Processors. eteknix.com. July 2013 [2018-01-19]. (原始内容存档于2018-01-19).
- ^ Claburn, Thomas, Security hole in AMD CPUs' hidden secure processor code revealed ahead of patches, The Register, 2018-01-06 [2020-01-23], (原始内容存档于2020-05-19)
- ^ Larabel, Michael. AMD Reportedly Allows Disabling PSP Secure Processor With Latest AGESA. 2017-12-07 [2020-01-23]. (原始内容存档于2009-09-21).
This built-in AMD Secure Processor has been criticized by some as another possible attack vector...
- ^ Libreboot FAQ. [2020-01-23]. (原始内容存档于2021-01-21).
The PSP is an ARM core with TrustZone technology, built onto the main CPU die.
- ^ Millman, Rene. Security issue found in AMD's Platform Security Processor. 2018-01-08 [2020-01-23]. (原始内容存档于2018-01-26).
- ^ Cimpanu, Catalin. Security Flaw in AMD's Secure Chip-On-Chip Processor Disclosed Online. 2018-01-06 [2020-01-23]. (原始内容存档于2020-11-09).
- ^ Goodin, Dan. A raft of flaws in AMD chips makes bad hacks much, much worse. Ars Technica. 2018-03-13 [2020-01-23]. (原始内容存档于2020-11-25).
- ^ Bright, Peter. AMD promises firmware fixes for security processor bugs All bugs require administrative access to exploit. Ars Technica. 2018-03-20 [2020-01-23]. (原始内容存档于2020-12-10).
- ^ Papermaster, Mark. Initial AMD Technical Assessment of CTS Labs Research. AMD Community. 2018-03-21 [2020-01-23]. (原始内容存档于2020-11-09).
- ^ Burke, Steve. Assassination Attempt on AMD by Viceroy Research & CTS Labs, AMD "Should Be $0". GamersNexus. [2020-01-23]. (原始内容存档于2019-12-20).
- ^ Zynath Investment. AMD And CTS Labs: A Story Of Failed Stock Manipulation. Seeking Alpha. [2020-01-23]. (原始内容存档于2018-03-19).
- ^ Guido, Dan. "AMD Flaws" Technical Summary. [2020-01-23]. (原始内容存档于2021-01-24).
外部链接
编辑- https://www.amd.com/en/technologies/security(页面存档备份,存于互联网档案馆) 官方网站介绍页面(英文)
- https://www.amd.com/zh-hans/technologies/security(页面存档备份,存于互联网档案馆) 官方网站介绍页面(中文)