Overview
Explore the inner workings and security implications of AMD's Platform Security Processor (PSP) in this 57-minute conference talk from the 36th Chaos Communication Congress. Dive into the proprietary firmware structure, extraction techniques, and component replacement methods for the PSP. Learn how to observe the PSP during boot and gain access to hidden debug output. Examine the PSP's interactions with other CPU components like the DRAM controller and System Management Unit. Discover methods for running custom firmware on the PSP and utilize a toolchain for building custom applications. Gain insights into reverse-engineering deeply embedded systems, understand the PSP firmware's proprietary filesystem, and explore potential ways to regain trust in AMD CPUs despite the PSP's sensitive nature.
Syllabus
Intro
Trust
Knowing
Control
Recap
Boot Process
System Management Network
Debugging Strings
Exploring System Management Network
PSP Code Repository
Boot Directory
MD Public Key
Epic Bootloader
Security Issues
Questions
PSP Firmware
Vulnerable Firmware
X86 API
Open Source Firmware
Block PSP from Linux or BSD
How long did it take
Did we glitch the PSP
Taught by
media.ccc.de