AMD PSP Affected By Remote Code Execution Vulnerability

“…AMD’s Secure Processor / Platform Security Processor (PSP) that is akin to Intel’s Management Engine (ME) is reportedly vulnerable to remote code execution…”

5 January 2018
AMD PSP Affected By Remote Code Execution Vulnerability - Phoronix
https://www.phoronix.com/scan.php?page=news_item&px=AMD-PSP-2018-Vulnerability

[i]"…PSP: The Cortex A8 running trustzone firmware, implemented from family 15h model 60h (Carrizo) and family 16h model 30h (Mullins) and up. It is running Trustonic TEE OS licensed by AMD. PSP Boot ROM runs before x86 core. Then non-bootrom PSP parts are stored (zlib-compressed) in the main flash. Bypass mechanism available via strap pin, but dummy and AMD signed bypass binaries needs to be always run. It is expected that newer CPUs will offload part of AGESA to the PSP, making memory init even part of the PSP :(

PSP is AMD’s analog of Intel’s ME with a few implementation differences, in laymans terms the panic level is the same and it is present on newer AMD processors (see above) including FM2+ and Zen (AM4), it is also present on the die but supposedly not activated on various older models as well…"[/i]

Binary situation - coreboot
https://www.coreboot.org/Binary_situation#recent_AMD

Related:

Just another reason to Disable the Intel ME: - GeForce Forums
https://forums.geforce.com/default/topic/1029603/pc-components/just-another-reason-to-disable-the-intel-me-/