AMD Confirms It Won't Opensource EPYC's Platform Security Processor Code
Ever since AMD launched its Ryzen processors for the desktop, many security conscious users have pleaded with the company to open source its PSP - no, not the portable console, but rather its "Platform Security Processor". This chip is found on most AMD platforms from 2013 on, and behaves much like Intel's Management Engine does: it offers simple low-level access to the computer.
Both AMD and Intel share the same message about these unique chips; they are there to keep us protected. Because the OS can't see what the PSP or IME is doing, though, the user will likewise be oblivious to the chip's actions. That might not matter much if the chip keeps our machine more secure. However, what happens if an attacker breaks through the PSP's defenses? Users would never know. Security by obscurity isn't necessarily a good thing.
For that reason, AMD fans have been adamant about keeping on top of the company, to get an answer one way or another about whether or not PSP would be open-sourced. AMD CEO, Dr. Lisa Su gave some hope that something would be done when she said she'd discuss things internally as the result of a recent reddit AMA question. Ultimately, though, it turns out that AMD is not opening up the PSP, and we're just going to have to deal with it.
The rather blunt realization that PSP wasn't being open sourced came out during a discussion with AMD top brass about EPYC. You can see and listen in on the discussion here in the embed below, or on Twitch ( scrub to the 35:35 mark). In it, AMD's Scott Aylor and Forrest Norrod give us the news, but do their best to soften the blow.
To instill some confidence in its greatest skeptics, Aylor and Norrod said that AMD employs third-party security teams to keep beating away at its PSP, which has been ongoing since the start of the year. Further, some OEM partners have also decided to deploy their own testing. So all told, PSP is dealing with some hard hits, and thus far has held up.
That still might not be enough for everyone, but the reality is, as you can imagine, AMD surely has its reasons for not opening the PSP. It could be third-party code, or the simple fact that it wouldn't want to cough up information that could give competitors or hackers any edge. Ideally, users should be able to disable the PSP entirely, but that's not likely to happen either.