Our talk is divided into three parts:
The first part covers the firmware structure of the PSP and how we analyzed this proprietary firmware. We will demonstrate how to extract and replace individual firmware components of the PSP and how to observe the PSP during boot.
The second part covers the functionality of the PSP and how it interacts with other components of the x86 CPU like the DRAM controller or System Management Unit (SMU). We will present our method to gain access to the, otherwise hidden, debug output.
The talk concludes with a security analysis of the PSP firmware. We will demonstrate how to provide custom firmare to run on the PSP and introduce our toolchain that helps building custom applications for the PSP.
This talk documents the PSP firmware's proprietary filesystem and provides insights into reverse-engineering such a deeply embedded system. It further sheds light on how we might regain trust in AMD CPUs despite the delicate nature of the PSP.