[fsflover]

> no Management Engine

https://en.wikipedia.org/wiki/AMD_PSP

[gray_charger]

AMD PSP is NOT the same as Intel ME. AMD PSP is a "trusted execution environment" (the first sentence in your link). Intel's equivalent is Intel SGX. Trusted execution environments are a security feature that does not offer remote management. It's not a privacy concern like Intel ME is.

[dont__panic]

Thank you for clarifying this, all of the acronyms are difficult to reason about if you don't work with them every day.

[sascha_sl]

The PSP is a lot slimmer than Intel ME. It also doesn't randomly yank traffic for specific ports from your Ethernet.

[trinsic2]

I havent looked at the presentation yet, but are you saying the PSP, like intels ME could be doing nefarious things since its proprietary and closed? Do you have a link to information on the network capturing thing? I mean is that really a thing?

I have heard of these things before but I am not quite sure what the possibilities are. Do you have a link that can summarize what this actual means in terms of security concerns?

[sascha_sl]

CVE-2017-5689

[google234123]

How do you know there isn't an undiscovered CVE for AMD? There's probably maybe 10x more security research focused on Intel

[sascha_sl]

I don't, but they do a lot less with the PSP, especially if you're just using Ryzen Pro and not server SKUs. Intel put a web interface you can't disable with an offbrand networking gear level RCE vulnerability that needs nothing more than ethernet access into their security chip. I don't think AMD can exceed that anytime soon.

[fsflover]

Any good link with the details?

[sascha_sl]

There was a good talk with an overview (as well as owning it) at 36c3.

https://media.ccc.de/v/36c3-10942-uncover_understand_own_-_r...