The presentation discusses the security vulnerabilities of AMD CPUs and the PSP emulator that can be used to exploit them.
- The PSP is the root of trust for the whole AMD CPU, and if it is taken over, any security feature is compromised
- The Evil Mate attack can be used to gain access to the PSP by flashing the SPI image onto the main board
- Similar attacks have been found in Intel ME and smartphone trust zones
- The SPI flash is vulnerable to exploits, and there is no rollback prevention for the firmware
- The PSP emulator can be used to run code and examine the UA5 firmware
- The on-chip bootloader is always vulnerable if the CPU is affected
- The Zen 2 firmware structure is similar to the first generation Zen, but with tighter security measures
- The presentation includes a demo of the PSP emulator
The presenter explains that the SPI flash emulator is much faster than the serial port for testing changes, but both are stable during the initialization stage of the off-chip bootloader. They also mention that they reported the security issues they found to AMD, but did not have any further contact regarding their work.