3 Jan
2024
3 Jan
'24
10:37 p.m.
On Wed, Jan 03, 2024 at 10:56:14AM -0500, Dan Cross wrote:
Sadly the situation is even more complex than this.
Consider AMD's EPYC processors: before the x86 cores start up, the PSP
(Platform Security Processor) starts up and does a lot of
pre-pre-initialization: it does DRAM timing training, for instance.
It's also responsible for loading the x86 payload out of the local
flash and setting up the x86 environment so that when those cores come
out of reset, they're running whatever was loaded (for instance, they
can load %cs on the BSC so that it starts somewhere other than the
architecturally-defined segment right below 4GiB). While cool in some
ways ("I don't have to train DRAM? Score!") the PSP is embedded in the
SoC and the firmware is a signed blob you get from AMD. I know there's
an ARM Cortex-A5 in there, but don't know much more about it and even
if I did, I have no way to generate signed images for it. :-/
The point is, even if you've got a completely open stack running on
x86 from the reset vector, there's almost certainly something else
somewhere that's not open (yet).
Or there's something running on a completely different x86 core with
unpatched securiy bugs in the Minix and Apache cores that you can't
even disable (unless you are the National Security Agency).... Sadly,
Intel refuses to make it available the magic bits to disable the Intel
ME to anyone else. :-(
- Ted