nemozone

The AMD Platform Security Processor (PSP) is a trusted execution environment that has been integrated into AMD microprocessors since around 2013. Its purpose is to enhance the security of the system by creating, monitoring, and managing a secure environment. The PSP performs a variety of security-related functions, including managing the boot process, initializing security mechanisms, and monitoring the system for suspicious activity or events.

By default, the PSP is not disabled as it is essential for the x86 initialization and memory training processes required for the system to boot. However, the latest AGESA update has added an option to disable the PSP through the UEFI/BIOS settings, which some users have reported seeing as “BIOS PSP Support – Disabled”.

While the PSP has been praised for its security features, it has also faced criticism as a potential attack vector due to its closed-source nature. In 2018, a security company reported several serious vulnerabilities related to the PSP in AMD's Zen architecture CPUs, which could allow malware to run and access sensitive information. However, AMD released firmware updates to address these vulnerabilities, and they were independently reviewed and deemed adequate by security experts.

It's worth mentioning that the impact of the PSP on Linux systems is currently unclear. Some users have reported that the PSP can cause compatibility issues with Linux, while others have stated that they have not experienced any issues. The PSP is not well documented, and its impact on Linux systems is an area that requires further investigation.

In conclusion, the AMD Platform Security Processor is a crucial component of the security infrastructure of AMD microprocessors and is not disabled by default. However, users have the option to disable it through the UEFI/BIOS settings with the latest AGESA update. The impact of the PSP on Linux systems is not well understood and requires further investigation.

Citations :

1. https://news.ycombinator.com/item?id=28480171#:~:text=You%20cannot%20disable%20PSP%20as%20it%20is%20responsible%20for%20x86%20initialization.&text=Right.,it%20just%20wouldn't%20boot.

2. https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor#:~:text=The%20AMD%20Platform%20Security%20Processor,about%202013%20into%20AMD%20microprocessors.

3. https://community.amd.com/t5/processors/backdoor-inside-amd-platform-security-processor/td-p/212572

4. https://hardwaresfera.com/en/articulos/tpm-2-0-ptt-psp-necesitas-saber/#:~:text=PSP%2C%20the%20TPM%20protocol%20in%20AMD%20CPUs&text=For%20practical%20purposes%20for%20the,with%20the%20TPM%20security%20protocol.

5. https://therecord.media/amd-cpu-driver-bug-can-break-kaslr-expose-passwords/#:~:text=Also%20known%20as%20a%20trusted,a%20kernel%20driver%20named%20amdsps.

6. https://www.phoronix.com/news/AMD-PSP-Disable-Option

7. https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor

8. https://forums.tomshardware.com/threads/amd-psp-disable.3753992/ 9. https://doc.coreboot.org/soc/amd/psp_integration.html