AMD芯片架构中TEE实现技术之PSP初探

移动互联网和云计算等新兴技术的正在快速地改变着计算机行业，个人隐私和安全所面临的威胁也在一天天变得更为多样和复杂。单靠防病毒保护已不足以保证系统的安全。TEE技术已经从手机端芯片比如高通、MTK等等到桌面端芯片Intel、AMD等被广泛使用。

之前我们谈到Intel的TEE技术采用扩展指令来实现：

Intel芯片架构中TEE的实现技术之SGX初探

那么今天来看看AMD，简言之，ADM采用PSP处理器来实现TEE。

以前称之为平台安全处理器（PSP）,现在称之为AMD安全处理器。

原文这样说：

The Platform Security Processor (PSP) is built in on all Family 16h + systems (basically anything post-2013), and controls the main x86 core startup. PSP firmware is cryptographically signed with a strong key similar to the Intel ME. If the PSP firmware is not present, or if the AMD signing key is not present, the x86 cores will not be released from reset, rendering the system inoperable.

The PSP is an ARM core with TrustZone technology, built onto the main CPU die. As such, it has the ability to hide its own program code, scratch RAM, and any data it may have taken and stored from the lesser-privileged x86 system RAM (kernel encryption keys, login data, browsing history, keystrokes, who knows!). To make matters worse, the PSP theoretically has access to the entire system memory space (AMD either will not or cannot deny this, and it would seem to be required to allow the DRM “features” to work as intended), which means that it has at minimum MMIO-based access to the network controllers and any other PCI/PCIe peripherals installed on the system.

In theory any malicious entity with access to the AMD signing key would be able to install persistent malware that could not be eradicated without an external flasher and a known good PSP image. Furthermore, multiple security vulnerabilities have been demonstrated in AMD firmware in the past, and there is every reason to assume one or more zero day vulnerabilities are lurking in the PSP firmware. Given the extreme privilege level (ring -2 or ring -3) of the PSP, said vulnerabilities would have the ability to remotely monitor and control any PSP enabled machine completely outside of the user’s knowledge.

Much like with the Intel Boot Guard (an application of the Intel Management Engine), AMD’s PSP can also act as a tyrant by checking signatures on any boot firmware that you flash, making replacement boot firmware (e.g. libreboot, coreboot) impossible on some boards. Early anecdotal reports indicate that AMD’s boot guard counterpart will be used on most OEM hardware, disabled only on so-called “enthusiast” CPUs.

采用 ARM TrustZone® 技术并拥有支持第三方可信任应用程序的基于软件的可信任执行环境 (TEE)。AMD 安全处理器是一款基于硬件的技术，从 BIOS 层级安全启动后即可进入 TEE。可信任的第三方应用程序可利用行业标准的 API 充分运用 TEE 的安全执行环境。

AMD直接采用ARM TrustZone技术实现的专用安全处理器。通过与ARM TrustZone 的合作，提供基于 AMD APU 的全新创新型安全解决方案：防病毒和防盗软件、生物特征识别技术、电子商务安全。

并非所有应用程序都能利用 TEE 的安全功能。目前只有特定的 AMD A 系列和 E 系列 APU 上配有 AMD 安全处理器，提供部分或全部安全功能。

具体有如下特点：

它是基于硬件的安全性

AMD 在特定的 AMD 加速处理器 (APU) 中内置了专属的 AMD 安全处理器。ARM® TrustZone® 是一套系统级的安全解决方案，它运行于硬件之上，通过将 CPU 分割为两个虚拟的“世界”来建立安全环境。保密任务将运行于 AMD 安全处理器（即“安全世界”）中，而其他的任务则以“标准操作”方式运行。这有助于确保敏感数据和受信任的应用程序实现安全存储及处理。它还可以保护关键资源的完整性和机密性，例如用户界面和服务提供商的资产等等。

支持范围广阔的生态系统

AMD 通过 ARM TrustZone 技术整合了一套行业标准方法，将硬件和软件合作伙伴访问“安全世界”的综合生态系统进行融合及管理。这意味着我们的硬件合作伙伴可重新开始构建具有内置信任机制的平台，而我们的服务和内容合作伙伴也能够依赖这一整体信任机制，开始推出创新的服务并发展新的业务。