
PSPTool Is a Swiss Army Knife for the Firmware of the AMD Secure Processor - zdw
https://github.com/cwerling/psptool
======
pixelbath
Having done a bit of homebrew and other things with my Sony PSP, this post was
a little confusing until I hit the readme (Sony PSP uses MIPS instead of AMD).
Especially since a tool of this name already exists:
[https://gbatemp.net/download/psp-
tool.7590/](https://gbatemp.net/download/psp-tool.7590/)

~~~
jackalo
You are not alone. I had the same confusion at first glance.

~~~
craftyguy
> PSPTool Is a Swiss Army Knife _for the Firmware of the AMD Secure Processor_

Do people stop reading titles after the first word now?

~~~
3martron
Many tools and programs have started life as a niche hacking tool. For
example, XBMC. I also had to pause and wonder if this tied into the PSP
somehow.

~~~
craftyguy
> Many tools and programs have started life as a niche hacking tool. For
> example, XBMC

Your little story is relevant.. how?

The rest of the title literally has nothing to do with the Sony PSP... If you
open the article, you'll see it has even less to do with the Sony PSP. It's
not hard, folks, even for "Hacker" "News".

~~~
3martron
Well, you replied to someone making a comment about first glances, and I too,
at first glance, had a brief moment of confusion.

That's how it's relevant. I'm sorry that you have trouble understanding that.

------
josteink
Not really useful for me at this stage of development, but I will up-vote any
baby-step towards getting less proprietary magic firmware in my Ryzen rig.

I certainly hope this is useful to the firmware-hacking community and helps
spur interest for more AMD-oriented libre firmware efforts.

~~~
mehrdadn
> I will up-vote any baby-step towards getting less proprietary magic firmware
> in my Ryzen rig.

This has definitely got to be the most compelling motivation I've ever seen on
HN!

------
AdmiralAsshat
So does it actually let us _neutralize_ the PSP like the me_cleaner tool, or
just poke at it?

~~~
snvzz
It looks like a tool to analyze the psp firmware, which is a necessary step in
this process.

Necessary only because AMD isn't being cooperative, that is. It'd be as easy
as providing a shim so that the machine can boot without enabling the psp.

~~~
cwerling
PSPTool author here. Since all PSP firmware must be signed by AMD, something
like a psp_cleaner would be possible given that a bug in the firmware allows
to inject arbitrary code. This was shown by CTS-Labs earlier. [1]

[1] [https://msrnd-cdn-
stor.azureedge.net/bluehat/bluehatil/2019/...](https://msrnd-cdn-
stor.azureedge.net/bluehat/bluehatil/2019/assets/doc/The%20AMDFlaws%20Story%20Technical%20Deep%20Dive.pdf)

~~~
StudentStuff
Wow, only the header is signed (for the Ryzenfall-1 bug)? That is a pretty big
oversight, did AMD attempt to patch these bugs?

~~~
zanny
If there is anything these secret proprietary built in hardware backdoors are
its that they are very poorly thought out.

~~~
fwip
It does seem to be a pattern. I can think of a few reasons off the top of my
head:

1\. Incompetence - The engineers try to get it right, but fail due to skill,
budget or time constraints.

2\. Malice - This allows bad actors to compromise the PSP for evil

3\. Benevolence - This allows hardware owners to alter the PSP for their own
protection.

I think the smart money is on #1, but they're all interesting to think about.

~~~
StudentStuff
ARM is the designer of the PSP, if its incompetence then they're the ones at
fault.

AMD states that the PSP is "ARM TrustZone ... Industry standard"
[https://www.amd.com/en/technologies/security](https://www.amd.com/en/technologies/security)

------
shmerl
What are the practical applications? Are there FOSS replacements for PSP? Can
you disable it, and what happens if you do?

