Platform Insecurity Processor —

AMD promises firmware fixes for security processor bugs

All bugs require administrative access to exploit.

AMD's Ryzen die. Threadripper has two of these in a multi-chip module. Epyc has four of them.
Enlarge / AMD's Ryzen die. Threadripper has two of these in a multi-chip module. Epyc has four of them.

AMD has responded to the reports last week of a range of security flaws affecting its Platform Security Processor (PSP) and chipset. The company acknowledges the bugs and says that, in coming weeks, it will have new firmware available to resolve the PSP bugs. These firmware fixes will also mitigate the chipset bugs.

Israeli firm CTS identified four separate flaw families, naming them Masterkey (affecting Ryzen and Epyc processors), Ryzenfall (affecting Ryzen, Ryzen Pro, and Ryzen Mobile), Fallout (hitting only Epyc), and Chimera (applying to Ryzen and Ryzen Pro systems using the Promonotory chipset).

Masterkey, Ryzenfall, and Fallout are all problems affecting the Platform Security Processor (PSP), a small ARM core that's integrated into the chips to provide certain additional features such as a firmware-based TPM security module. The PSP has its own firmware and operating system that runs independently of the main x86 CPU. Software running on the x86 CPU can access PSP functionality using a device driver, though this access is restricted to administrator/root-level accounts. The PSP is also typically not exposed to guest virtual machines, so virtualized environments will typically be protected.

In theory, the PSP is able to keep secrets even from the x86 CPU; this ability is used for the firmware TPM capability, for example. However, the Ryzenfall and Fallout bugs enable an attacker to run untrusted, attacker-controlled code on the PSP. This attacker code can disclose the PSP's secrets, undermining the integrity of the firmware TPM, AMD's encrypted virtual memory, and various other platform features.

The Masterkey bug is worse; the PSP does not properly verify the integrity of its firmware. A system that enabled a malicious firmware to be flashed could have a malicious PSP firmware permanently installed, persisting across reboots.

The Chimera bug affects a chipset found in many, but not all, Ryzen systems. The chipset includes its own embedded processor and firmware, and flaws in these mean that an attacker can again run untrusted, attacker-controlled code on the chipset. CTS said that these flaws represent a backdoor, deliberately inserted to enable systems to be attacked, but offered no justification for this claim. As with the PSP flaws, exploiting this requires administrator access to a system.

AMD's response today agrees that all four bug families are real and are found in the various components identified by CTS. The company says that it is developing firmware updates for the three PSP flaws. These fixes, to be made available in "coming weeks," will be installed through system firmware updates. The firmware updates will also mitigate, in some unspecified way, the Chimera issue, with AMD saying that it's working with ASMedia, the third-party hardware company that developed Promontory for AMD, to develop suitable protections. In its report, CTS wrote that, while one CTS attack vector was a firmware bug (and hence in principle correctable), the other was a hardware flaw. If true, there may be no effective way of solving it.

The nature of these problems does not seem substantially different from an earlier PSP flaw publicized in January; that flaw concerned the firmware TPM and, again, allowed the execution of attacker-controlled code on the PSP. That bug appeared to receive little fanfare or attention. Neither do they seem to be significantly different from the numerous flaws that have been found in Intel's equivalent to PSP, the Management Engine (ME). Indeed, some of the Intel ME bugs are rather worse, as they can in some situations be exploited remotely.

The striking thing about the bugs was not their existence but rather the manner of their disclosure. CTS gave AMD only 24 hours notice before its public announcement that it had found the flaws. Prior to reporting the problems to AMD, CTS also shared the bugs, along with proofs of concept attacks, with security firm Trail of Bits so that Trail of Bits could validate that the bugs were real and could be exploited the way that CTS described. While the computer security industry has no fixed, rigid procedure for disclosing bugs to vendors, a 90-day notice period is far more typical.

This short notice period led Linux creator Linus Torvalds to say that CTS' report "looks more like stock manipulation than a security advisory."

This perception wasn't helped when short-seller Viceroy Research (which claims to have no relationship with CTS) said that the flaws were "fatal" to AMD, that its share price should drop to $0, and that the company should declare bankruptcy. Such a valuation is obviously absurd: access to the PSP seems to be non-essential (some Ryzen firmware allows access to be disabled, albeit at the loss of some functionality), its flaws can be repaired with a firmware update, and the flaws can only be exploited by an attacker with superuser access to the system. To suggest that such bugs should not merely hurt AMD's share price, but drive the company out of business entirely, with nothing salvageable from the Zen architecture, AMD's x86 license, its long-term contracts with Microsoft and Sony, or its GPU architecture, plainly has no possible factual justification.

Channel Ars Technica