Yes, CPU and graphics card, and motherboard chipset. I think it is less likely for the AMD graphics card to spy than it is for the AMD chipset to spy. Or perhaps more clearly, I believe that if AMD were inclined to spy, their platform security processor is the most likely spy chip. Further, I don’t believe AMD is intentionally spying on their customers. For one thing, the PSP is not connected to the NIC (and in the case of the GPU, it’s connected via the pcie bus, also without direct NIC access). This means it would be difficult to do the spying without detection. For another, I know people with relative who work at AMD, and I trust that they are unaware of any intentional spying (of course, its a big enough company that isn’t worth that much, but it is something).
I would very much prefer if they released their PSP code, or at least gave an option to completely disable it, as it doesn’t do me any good, and even if they aren’t doing anything nefarious with it intentionally, it’s extra attack surface for 3rd parties.
No. 1st gen Ryzen came out in 2017 on the CPU side, but they also started a come back on the GPU side with their Vega64 in 2017. They hadn’t fallen quite as far behind on the GPU side, with the 580 series cards and what not, but they didn’t have anything in the mid-range for several years (and still don’t have anything at the top end, but that may soon change).
As a general rule, every vendor that could include unapproved functionality is a potential source of spying. There is a small potential that some company is including secret spying ‘features’ in one line of products, but not another, but a company willing to spy on you is likely to do it everywhere they can. This means if you use an Intel CPU, Intel chipset, and the integrated graphics of the Intel CPU, then as long as Intel isn’t spying on you, you’re good. Similarly, if you use an AMD CPU, AMD chipset, and AMD GPU, you only have to worry about AMD spying on you. If, however, you put an intel CPU paired with an AMD (or nvidia) GPU, then you have 2 companies that could spy. And then you have the motherboard manufacturer in the mix too.