AMD Platform Security Processor
| Basic Information | |
|---|---|
| Release Year | 2013 |
| Product Type | Surveillance, Security, Hardware, Computers, Firmware |
| In Production | Yes |
| Official Website | https://www.amd.com/en.html |
The AMD Platform Security Processor (PSP), also known as the AMD Secure Processor, is an autonomous processor embedded on most modern AMD CPU's since 2013. The PSP has full access to memory and is capable of running without the main CPU cores being active.[1]
AMD has not provided much information about the PSP, but several features are know, including:[2]
- CPU initialization
- Hardware-accelerated cryptography
- Hardware/software integrity verification (TPM)
- Facilitating Secure Encrypted Virtualization (SEV)
There is no official way of disabling the PSP. Since it has responsibilities during the boot sequence, it is likely to be impossible to remove the PSP entirely without breaking the system.[2] Around 2018, some users reported seeing a BIOS option to disable the PSP. [3]
Concerns
AMD has denied requests to open-source the software running on the PSP.[4] This means that the inner workings of the PSP cannot be independently verified and bug-fixing can only be performed by AMD. This is an example of "security through obscurity", which has been criticized for taking away consumer rights.
Some have accused the AMD PSP of having a backdoor because of its closed nature, full system access, and AMD's secrecy and unwillingness to make the code public.[5]
Vulnerabilities
There have been several vulnerabilities related to AMD's PSP.
| Date | Vulnerability | CVE |
|---|---|---|
| 2020 | Incorrect BIOS image length validation by the PSP might cause arbitrary code execution. | CVE-2020-12944 |
| 2020 | Due to a vulnerability in the PSP, an attacker can modify registers and possibly bypass ROM protections. | CVE-2020-12961 |
| 2021 | Insufficient verification of image decrypted by PSP may lead to arbitrary code execution. | CVE-2021-26315 |
| 2021 | Using the PSP, low-privilege users are able to send driver requests, allowing data leakage. | CVE-2021-26333 |
| 2021 | Insufficient address validation in PSP firmware may lead to arbitrary code execution. | CVE-2021-46771 |
See also
References
- ↑ Eichner, Alexander; Buhren, Robert (2020-08-05). "All you ever wanted to know about the AMD Platform Security Processor and were afraid to emulate" (PDF). blackhat.com. Archived (PDF) from the original on 15 Feb 2026. Retrieved 2026-02-04.
- ↑ 2.0 2.1 "Reversing the AMD Secure Processor (PSP)". dayzerosec.com. 2023-04-17. Archived from the original on 2026-01-12. Retrieved 2026-02-04.
- ↑ Cimpanu, Catalin (2018-01-06). "Security Flaw in AMD's Secure Chip-On-Chip Processor Disclosed Online". BleepingComputer. Archived from the original on 2025-12-19. Retrieved 2026-02-04.
- ↑ Williams, Rob (19 Jul 2017). "AMD Confirms It Won't Opensource EPYC's Platform Security Processor Code". HotHardware. Archived from the original on 2025-11-23. Retrieved 2026-02-04.
- ↑ "Every modern computer has a backdoor". sysjolt.com. 15 Mar 2021. Archived from the original on 15 Feb 2026. Retrieved 2026-02-04.