On-chip phase Firmware located directly on the PSP chip sets up the ARM CPU, verifies the integrity of the SPI ROM and using various data structures locates the off-chip firmware and copies it over to internal PSP memory. The PSP is an integral part of the boot process, without it the x86 cores would never be activated.
AMD PSP 3.0 DEVICE GENERATOR
The PSP also provides a random number generator for the RDRAND instruction and provides TPM services. Because PSP is the chip that decides whenever the x86 cores will run or not, it is used to implement hardware downcoring, specific cores on the system can be made permanently inaccessible during manufacturing. They discovered that the firmware is run inside in the same system's memory space that user's applications do with unrestricted access to it (including MMIO) raising concerns over data safety. Investigation of a Lenovo ThinkPad A285 notebook's motherboard flash chip (stores UEFI firmware) revealed that the PSP core itself (as a device) is run before the main CPU and that its firmware bootstrapping process starts just before basic UEFI gets loaded. By using a few hand-written Python-based tools, they found that the off-chip firmware from the SPI ROM contained an application resembling an entire micro operating system.
AMD PSP 3.0 DEVICE CODE
In 2019, a Berlin based security group discovered the off-chip firmware in ordinary UEFI image files (the code that boots up the operating system), which meant that it could be easily analyzed. The PSP contains on-chip firmware which is responsible for verifying the SPI ROM and loading off-chip firmware from it.
The PSP itself represents an ARM core with the TrustZone extension which is inserted into the main CPU die as a coprocessor.
0 kommentar(er)
