AMD平台安全處理器
可信任執行環境子系統
AMD平台安全處理器(英語:AMD Platform Security Processor),公司稱其為AMD安全技術(英語:AMD Secure Technology),作為可信執行環境子系統自2013年起引入AMD處理器中[1]。AMD開發人員手冊稱該系統「能夠建立、監測和維持安全環境」和「涵蓋了管理啟動過程,初始化各種與安全相關的機制、監測系統中的任何可疑活動或事件並妥善處理等功能」[2]。有評論擔憂該技術可能暗藏後門並帶來安全隱患[3][4][5]。AMD回絕了開源PSP所執行代碼的要求[1]。
細節
編輯安全記錄
編輯谷歌安全研究人員 Cfir Cohen於2017年9月報告了一個PSP帶來的AMD產品漏洞,攻擊者能藉此取得密碼、證書和其他敏感資訊;據說有關廠商於2017年12月收到了修補程式[7][8]。
2018年3月,一家以色列安全技術公司宣稱發現了數個在AMD Zen架構處理器上(EPYC、Ryzen、Ryzen Pro與Ryzen Mobile)由PSP引起、會導致間諜軟件執行並取得權限訪問敏感資訊的嚴重漏洞[9]。AMD後來發佈了修復漏洞的韌體更新[10][11]。 雖然有人認為這些漏洞是為了操縱股票披露的[12][13],CTS實驗室所聲稱的風險仍有爭議,但獨立安全專家證實了漏洞的存在[14]。
參考文獻
編輯- ^ 1.0 1.1 1.2 Williams, Rob. AMD Confirms It Won't Opensource EPYC's Platform Security Processor Code. 2017-07-19 [2020-01-23]. (原始內容存檔於2019-06-03).
This chip is found on most AMD platforms from 2013 on, and behaves much like Intel's Management Engine does [...] The rather blunt realization that PSP wasn't being open sourced came out during a discussion with AMD top brass about EPYC.
- ^ BIOS and Kernel Developer's Guide (BKDG) for AMD Family 16h Models 30h-3Fh Processors (PDF). AMD: 156. 2016 [2020-01-23]. (原始內容存檔 (PDF)於2018-06-16).
- ^ Martin, Ryan. Expert Says NSA Have Backdoors Built Into Intel And AMD Processors. eteknix.com. July 2013 [2018-01-19]. (原始內容存檔於2018-01-19).
- ^ Claburn, Thomas, Security hole in AMD CPUs' hidden secure processor code revealed ahead of patches, The Register, 2018-01-06 [2020-01-23], (原始內容存檔於2020-05-19)
- ^ Larabel, Michael. AMD Reportedly Allows Disabling PSP Secure Processor With Latest AGESA. 2017-12-07 [2020-01-23]. (原始內容存檔於2009-09-21).
This built-in AMD Secure Processor has been criticized by some as another possible attack vector...
- ^ Libreboot FAQ. [2020-01-23]. (原始內容存檔於2021-01-21).
The PSP is an ARM core with TrustZone technology, built onto the main CPU die.
- ^ Millman, Rene. Security issue found in AMD's Platform Security Processor. 2018-01-08 [2020-01-23]. (原始內容存檔於2018-01-26).
- ^ Cimpanu, Catalin. Security Flaw in AMD's Secure Chip-On-Chip Processor Disclosed Online. 2018-01-06 [2020-01-23]. (原始內容存檔於2020-11-09).
- ^ Goodin, Dan. A raft of flaws in AMD chips makes bad hacks much, much worse. Ars Technica. 2018-03-13 [2020-01-23]. (原始內容存檔於2020-11-25).
- ^ Bright, Peter. AMD promises firmware fixes for security processor bugs All bugs require administrative access to exploit. Ars Technica. 2018-03-20 [2020-01-23]. (原始內容存檔於2020-12-10).
- ^ Papermaster, Mark. Initial AMD Technical Assessment of CTS Labs Research. AMD Community. 2018-03-21 [2020-01-23]. (原始內容存檔於2020-11-09).
- ^ Burke, Steve. Assassination Attempt on AMD by Viceroy Research & CTS Labs, AMD "Should Be $0". GamersNexus. [2020-01-23]. (原始內容存檔於2019-12-20).
- ^ Zynath Investment. AMD And CTS Labs: A Story Of Failed Stock Manipulation. Seeking Alpha. [2020-01-23]. (原始內容存檔於2018-03-19).
- ^ Guido, Dan. "AMD Flaws" Technical Summary. [2020-01-23]. (原始內容存檔於2021-01-24).
外部連結
編輯- https://www.amd.com/en/technologies/security(頁面存檔備份,存於互聯網檔案館) 官方網站介紹頁面(英文)
- https://www.amd.com/zh-hans/technologies/security(頁面存檔備份,存於互聯網檔案館) 官方網站介紹頁面(中文)