From [1]:
AMD Platform Security Processor (PSP) #amdpsp
This is basically AMD's own version of the Intel Management Engine. It has all of the same basic security and freedom issues, although the implementation is wildly different.
The Platform Security Processor (PSP) is built in on all Family 16h + systems (basically anything post-2013), and controls the main x86 core startup. PSP firmware is cryptographically signed with a strong key similar to the Intel ME. If the PSP firmware is not present, or if the AMD signing key is not present, the x86 cores will not be released from reset, rendering the system inoperable.
The PSP is an ARM core with TrustZone technology, built onto the main CPU die. As such, it has the ability to hide its own program code, scratch RAM, and any data it may have taken and stored from the lesser-privileged x86 system RAM (kernel encryption keys, login data, browsing history, keystrokes, who knows!). To make matters worse, the PSP theoretically has access to the entire system memory space (AMD either will not or cannot deny this, and it would seem to be required to allow the DRM "features" to work as intended), which means that it has at minimum MMIO-based access to the network controllers and any other PCI/PCIe peripherals installed on the system.
In theory any malicious entity with access to the AMD signing key would be able to install persistent malware that could not be eradicated without an external flasher and a known good PSP image. Furthermore, multiple security vulnerabilities have been demonstrated in AMD firmware in the past, and there is every reason to assume one or more zero day vulnerabilities are lurking in the PSP firmware. Given the extreme privilege level (ring -2 or ring -3) of the PSP, said vulnerabilities would have the ability to remotely monitor and control any PSP enabled machine. completely outside of the user's knowledge.
Much like with the Intel Boot Guard (an application of the Intel Management Engine), AMD's PSP can also act as a tyrant by checking signatures on any boot firmware that you flash, making replacement boot firmware (e.g. libreboot, coreboot) impossible on some boards. Early anecdotal reports indicate that AMD's boot guard counterpart will be used on most OEM hardware, disabled only on so-called "enthusiast" CPUs.
[1] https://libreboot.org/faq/#amd
you just pasted a wall of text about AMD's use of ARM processors, and not ARM TrustZone, which is what we were talking about.
While AMD's use of ARM processors (and with it, TrustZone) to fashion a security blackbox on your chip is dishonest and terrifying, it is not evidence that TrustZone is what you're saying it is. I invite you to research more into TrustZone, so you'll be less afraid of ARM.
I'm sort of genuinely confused what is happening on your side of this conversation. Your account is too old to be trolling, but it surely seems like it.
Here's the conversation I see:
1. How do they deal with the intel management engine in all intel chips? https://libreboot.org/faq/
2. AMD and ARM have them, as well. It's almost impossible to avoid these hardware backdoors.
3. Cite? and our remarks back and forth.
Who is talking about ARM TrustZone? That wall of text was libre boot's explanation (from the original link) of what AMD and ARM's Intel Management Engine equivalent system is.
your wall of text only explains AMD's management engine. not ARM. again, you should probably go look at the TrustZone documentation. it isn't what you think it is.
further, your "anyone that tells you your emperor is wearing no clothes is trolling" attitude is something HN'ers attempt to avoid.
