And just like that, my dilemma of which platform to choose for my next upgrade vanished.

Just get a compatible motherboard. Gigabytes need a modded bios, ASRock works fine, no info on Asus,Biostar and MSi

I'm buying amd like this holiday season. Fuck yeah!

Unfortunately not the case. It is still there... alive and kicking after the POST. :(

Doing my computing on ARM - voting with my money and I say a gigantor NO on this PSP and IME. Geez, this sux!

... and people wonder why only PC gamers and the corporates are left using the desktop.

But can it run Libreboot?

Even if true, AGESA is proprietary again since 2014. So, no, it can't.

I've contacted AMD about this, and hopefully they'll have an answer for me tomorrow about this.

But if this is the case, and its widespread, then it should be a no-brainer for a lot of security types who worry about this sort of thing. Especially Google.

The wording on that option makes it fairly clear this just turns off AGESA's interaction with the still-active PSP. It explicitly calls out the "BIOS" PSP driver as the item being affected, and then lists features that won't work if the "BIOS" isn't allowed to talk to the (still active) PSP.

I'd bet this was introduced as a recovery option if the firmware's PSP driver doesn't work for some reason, not as a security measure.

Just a word of caution...BEST case is that the PSP still runs during boot but is somehow shut off after the BIOS loads. Worst case: AMD is simply making the BIOS not talk to the still active and still dangerous PSP. The fact that I can't seem to find any official technical information (or even any technical information at all) on this is disturbing.

Even in the best case scenario, the PSP is still active and still has control of your machine for at least a limited time window. Also, there would be no way to know that it was truly deactivated short of AMD releasing the source code showing that it does in fact shut down. If it shuts down then theoretically there should be no AMD / third party IP required, so AMD should be able to release stripped-down source code and binaries sans the third party IP. If they aren't willing to do that, don't just blindly take a nebulous BIOS option as evidence of security.

AFAICT, AGESA has to bootstrap the ARM TrustZone. If it's disabled, it hopefully simply isn't booted. Or, perhaps, the CPU would prevent PSP from accessing memory, effectively disabling it (and all of ring < 0 code, in fact).

We can now disable PSP on AMD?

This is big news, right?

We don't know what the switch really does.

Disabling it is a good start. The next step is removing all vestiges of it now. We can also disable IME, and most of the current work going on is more about removing it after it has been disabled.

In any event I am happy AMD has taken this step. The less bullshit we all have to deal with, the better.

Id bet they only did it to counter Intel becoming more appealing to security and privacy conscious people recently with the IME disabling topics.

Wait, this this just implement or long time ago? Why is this not bigger news?

Somewhat new, 1-2 weeks old. Maybe no one noticed.

Hi, I posted the original screenshot.

It's big news if, and only if, it turns PSP fully off. That's an open question. On the other thread /u/CataclysmZA said they are asking AMD for clarification.

Hi there, thanks for posting. Could you provide an image in better quality or tell us what's behind the QR code? Is there specific info about this setting or just the usual board/firmware manual?

Holy crap yeees, omfg thanks AMD I knew you were the MVPs. Quick! Let me order one or two more 3x2m Lisa Su posters for my bedroom.

Don't get too excited. We won't know for a while exactly "what" is being disabled. The PSP could be still active but just "uninteractable".

I'm cautiously optimistic, since I have my doubts that the NSA would allow such thing.

Then again, could be just a switch, does nothing but make us feel good, thinking is off, like some of the switches in W10.

But I do hope that I'm wrong and it really does what it says.

r/outoftheloop

Also for /u/SaltyBalty98
The PSP is a secret CPU inside of every new AMD CPU that you cannot access that runs unknown code that can access your whole PC. That means for example that if it is hacked, your entire PC is fucked.

Do we have any tools to test and see if this really works?

Actually didn't we request they open source it not just add an option to disable it?

God knows what the option actually does if we can't see the code.

Wait, how do you get this going? :)

What mobo do you have?

Excellent. I will be buying AMD in the very near future

edit: a month later, I am the proud owner of an AMD processor. Just wanted to update.

Turns out, markets have massive incentives for business practices that are consumer- and enterprise-friendly. AMD stands to gain a ridiculous amount of business from this.

Id like to believe this, but i definitely cant agree with the words "massive incentives". Moreover if most people both in the consumer and enterprise sector wouldnt be massively ignorant of privacy and security no one would still be using Windows or macOS except for being a hipster.

Why is this so good, or bad, or whatever?

PSP is basically AMD's counterpart to Intel's ME, with all the same security and privacy concerns. If this really disables it, then AMD CPUs can be fundamentally "safer" than Intel's.

The only PSP and PBS I know are Playstation Portable and Public Broadcasting Station. What are we talking about?

PSP is AMD's version of Intel ME
PBS is... Something, but the setting for disabling the PSP is there.

Is that really disabling the PSP or just the interactions between the PSP and BIOS?

This is amazing news!

Time for my first AMD build, I think...

Ohh this is so cooooooollll!

Holy shit that's amazing!

What info is behind the QR code? I can't pick it up

IIRC just the mobo manual

Transcript of image

BIOS PSP Support
Description
Enable/Disable BIOS PSP driver execution (including all C2P/P2C mailbox, Secure S3, fTPM Support)

QR code is: http://www.asrock.com/manual.asp?Model=AB350%20Pro4

I got tired of reopening the image each time I wanted to check the wording

Will Libreboot be possible now?

Already talked about here: r/linuxmasterrace/comments/7i6kl7/amd_listened_to_us_and_added_a_psp_disable_option/dqwfxil/

Can we trust an on/off switch provided by the company that made the thing in the first place?

Are we sure that this method completely disables the PSP?

Intel's ME can also be "disabled" by the HAP bit, but the "small" part that still runs is still exploitable, as detailed here.

Definitely not. More discussion e.g. here.

Any AM3+ motherboards supporting this, or just AM4?

AM3+ Doesn't have the PSP

PlayStation Portable?

Platform Security Processor

AMD's Intel ME

So since Zen2 will arrive in February, will those BIOS updates still be compatible with Zen2 and allow to remove Zen2's PSP.

What ASRock motherboard enable you to disable the PSP?

The Gigabyte AB350 Gaming 3