m |
|||
(3 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
{{amd title|Secure Processor (AMD-SP)}}[[File:amd-sp.png|left|100px]] | {{amd title|Secure Processor (AMD-SP)}}[[File:amd-sp.png|left|100px]] | ||
− | '''AMD Secure Processor''' ('''AMD-SP''') formerly '''Platform Security Processor''' ('''PSP''') is a tiny [[microcontroller]] integrated within [[AMD]]'s own chips that provide the necessary functionality needed for remote corporate asset management, dedicated security subsystem, and secure booting. The secure processor runs its own secure [[closed-source]] AMD-signed kernel code and provides the majority of crypto-related functionality for AMD's SoCs including key generation and management, validated boot, and various other AMD secure platform features. | + | '''AMD Secure Processor''' ('''AMD-SP''') formerly '''Platform Security Processor''' ('''PSP''') is a tiny [[microcontroller]] [[coprocessor]] integrated within [[AMD]]'s own chips that provide the necessary functionality needed for remote corporate asset management, dedicated security subsystem, and secure booting. The secure processor runs its own secure [[closed-source]] AMD-signed kernel code and provides the majority of crypto-related functionality for AMD's SoCs including key generation and management, validated boot, and various other AMD secure platform features. |
+ | {{clear}} | ||
+ | == Overview == | ||
+ | Introduced in [[2013]], the AMD-SP is a dedicated security processor incorporated into AMD's processors that provides the infrastructure for the security-related functionalities. Unlike a similar solution by Intel's {{intel|Management Engine|ME}} which is integrated into the chipset, AMD-SP is integrated into AMD's actual microprocessor die. AMD-SP itself is a {{arch|32}} [[ARM]] {{armh|Cortex-A5|l=arch}} core which uses the {{arm|TrustZone}} {{arm|extension}} as the isolated execution environment for their privileged processes and data. | ||
− | == | + | With the introduction of the {{amd|Zen|Zen microarchitecture|l=arch}}, the processor was overhauled to incorporate a large number of additional functionalities. |
− | * | + | |
+ | === Functionalities === | ||
+ | * {{x86|Secure Memory Encryption}} (SME) | ||
+ | * {{x86|Secure Encrypted Virtualization}} (SEV) | ||
+ | * [[Firmware Trusted Platform Module]] (fTPM) | ||
+ | |||
+ | == Vulnerabilities == | ||
+ | * January 3 2018: [http://seclists.org/fulldisclosure/2018/Jan/12 fTPM Remote Code Execution] | ||
+ | |||
+ | == Secure Coprocessors == | ||
+ | {{secure coprocessor see also}} | ||
[[category:amd]] | [[category:amd]] |
Latest revision as of 03:59, 16 March 2018
AMD Secure Processor (AMD-SP) formerly Platform Security Processor (PSP) is a tiny microcontroller coprocessor integrated within AMD's own chips that provide the necessary functionality needed for remote corporate asset management, dedicated security subsystem, and secure booting. The secure processor runs its own secure closed-source AMD-signed kernel code and provides the majority of crypto-related functionality for AMD's SoCs including key generation and management, validated boot, and various other AMD secure platform features.
Overview[edit]
Introduced in 2013, the AMD-SP is a dedicated security processor incorporated into AMD's processors that provides the infrastructure for the security-related functionalities. Unlike a similar solution by Intel's ME which is integrated into the chipset, AMD-SP is integrated into AMD's actual microprocessor die. AMD-SP itself is a 32-bit ARM Cortex-A5 core which uses the TrustZone extension as the isolated execution environment for their privileged processes and data.
With the introduction of the Zen microarchitecture, the processor was overhauled to incorporate a large number of additional functionalities.
Functionalities[edit]
- Secure Memory Encryption (SME)
- Secure Encrypted Virtualization (SEV)
- Firmware Trusted Platform Module (fTPM)
Vulnerabilities[edit]
- January 3 2018: fTPM Remote Code Execution
Secure Coprocessors[edit]
- Intel: Management Engine (ME)
- AMD: Secure Processor (SP)
- Apple: Secure Enclave Processor (SEP)