All You Ever Wanted to Know about the AMD Platform Security Processor and were Afraid to Emulate - Inside a Deeply Embedded Security Processor

The presentation discusses the security vulnerabilities of AMD CPUs and the PSP emulator that can be used to exploit them.

• The PSP is the root of trust for the whole AMD CPU, and if it is taken over, any security feature is compromised
• The Evil Mate attack can be used to gain access to the PSP by flashing the SPI image onto the main board
• Similar attacks have been found in Intel ME and smartphone trust zones
• The SPI flash is vulnerable to exploits, and there is no rollback prevention for the firmware
• The PSP emulator can be used to run code and examine the UA5 firmware
• The on-chip bootloader is always vulnerable if the CPU is affected
• The Zen 2 firmware structure is similar to the first generation Zen, but with tighter security measures
• The presentation includes a demo of the PSP emulator

The presenter explains that the SPI flash emulator is much faster than the serial port for testing changes, but both are stable during the initialization stage of the off-chip bootloader. They also mention that they reported the security issues they found to AMD, but did not have any further contact regarding their work.

AMDs Zen (and later) CPUs contain the "(Platform) Secure Processor" (PSP) which is an embedded ARM core inside your x86 CPU responsible for initial system bootstrapping. The PSP is running even before the main x86 cores and has full access to the main memory. During system runtime it serves as a trust anchor for features like AMDs "Secure Encrypted Virtualization" feature and recently a generic TEE interface for which there are Linux kernel patches pending currently. The firmware running on the PSP is completely proprietary and there is almost no public documentation available. These are more than enough reasons for us to have a closer look at this system.During the last two years, we reverse engineered several components of the PSP firmware and hardware in order to gain an understanding of the capabilities of this critical component looking for possible security issues. We found multiple security issues that allow us to gain code execution on the PSP.Lately, we developed an emulator for the PSP which enables us to trace the execution of the firmware and to make it easier to develop and test our own code which will later run on the PSP by exploiting found security issues. The emulator is able to run the on-chip and off-chip bootloader that are used to bootstrap the systems. In the emulated setup, it is also possible to put the firmware into a debug mode where signature verifications are disabled, and additional debug output is generated.We'll also present a mode where a stub is running on the physical PSP and takes commands from the emulator to forward hardware accesses from the firmware in order to bootstrap the real system using the firmware running inside the emulator.The emulator and all other developed tools are open source and available on github: https://github.com/PSPReverse