Why would you want to do away with AMD PSP? It's a trusted execution environment that privacy and security software (e.g. Signal) makes use of for it's confidentiality and integrity guarantees.
Because I don't need uncontrolled backdoors in my PC. By the way, my laptop has an option to disable PSP in BIOS but I don't understand how it works because PSP is still visible on the PCI bus as "encryption controller".
> It's a trusted execution environment
It is "trusted" only by manufacturers and cannot be controlled by the user. Why cannot it be controlled by the user? Probably because it is intented to be used as a backdoor or to report users who install pirated software, or download unapproved materials etc.
>Why cannot it be controlled by the user? Probably because it is intented to be used as a backdoor or to report users who install pirated software, or download unapproved materials etc.
I have a simpler answer that doesn't require inherent malice: To keep out hostiles that have control over the computer, be that virtually or physically. You can't compromise what you can't access.
Personally, I understand the concerns behind ME and PSP and am not particularly concerned. I trust Intel and AMD to not fuck with me, else why would I buy their processors? If I don't trust the ME/PSP because I don't trust Intel/AMD, I certainly can't trust the rest of their processors either.
There are several points that make all this look suspicious:
- first, ME/PSP do not follow minimum privileges principle. They have access to DRAM and network interfaces, so they can bypass restrictions set by OS and firewall. Does that make system more secure? I would say it is the opposite. They make the system less secure: for example, if there is a vulnerability in those modules then the whole system can be compromised and it will be difficult to detect using antivirus products.
- second, firmware for ME/PSP is encrypted. Why is it done so? To prevent user from knowing what it does. Why am I not allowed to know how my computer works?
Based on this, I can assume that intended purpose of this "trusted" modules is to implement user-hostile features like: DRM, software license checking, reporting illegal content, device fingerprinting, providing unauthorised remote access and so on.
> It's a trusted execution environment
It is "trusted" only by manufacturers and cannot be controlled by the user. Why cannot it be controlled by the user? Probably because it is intented to be used as a backdoor or to report users who install pirated software, or download unapproved materials etc.