AMD has responded to the reports last week of a range of security flaws affecting its Platform Security Processor (PSP) and chipset. The company acknowledges the bugs and says that, in coming weeks, it will have new firmware available to resolve the PSP bugs. These firmware fixes will also mitigate the chipset bugs.
Israeli firm CTS identified four separate flaw families, naming them Masterkey (affecting Ryzen and Epyc processors), Ryzenfall (affecting Ryzen, Ryzen Pro, and Ryzen Mobile), Fallout (hitting only Epyc), and Chimera (applying to Ryzen and Ryzen Pro systems using the Promonotory chipset).
Masterkey, Ryzenfall, and Fallout are all problems affecting the Platform Security Processor (PSP), a small ARM core that’s integrated into the chips to provide certain additional features such as a firmware-based TPM security module. The PSP has its own firmware and operating system that runs independently of the main x86 CPU. Software running on the x86 CPU can access PSP functionality using a device driver, though this access is restricted to administrator/root-level accounts.