By: Adrian (email@example.com), June 25, 2019 7:38 pm
Room: Moderated Discussions
Due to a firmware bug, the private encryption keys can be extracted from the AMD PSP, unless the PSP firmware is updated to a corrected version.
This bug is a typical case of lack of validation of the input from the user.
It was very easy to fix, but it shows once more an example of the practice that is unfortunately common to almost all companies, where they omit to hire some cryptography expert to audit their cryptography code.
This vulnerability was well known since almost 20 years ago and any expert would have verified if the firmware includes a check for it.
|Security bug in AMD PSP firmware||Adrian||2019/06/25 07:38 PM|
|Security bug in AMD PSP firmware||SeeYouSeeMe||2019/06/26 06:50 AM|
|Won't happen, not realistic||anonymous2||2019/06/26 08:10 AM|
|Won't happen, not realistic||dmcq||2019/06/27 12:38 AM|
|Security bug in AMD PSP firmware||David Hess||2019/07/02 09:20 AM|