How dangerous is Intel FSP?

If I understood correctly, Intel FSP is the only piece of software not reviewed or disabled by Purism (besides HDD/SSD firmware). What exactly can this do and why/is it is a security/privacy threat?

3 Likes

Intel’s FSP (Firmware Support Package) performs memory initialization/training, as well as some platform initialization. It was Intel’s attempt to allow OEMs (mainly Google) to use coreboot without having to get down into the weeds, configuration wise. While it’s not currently open-source, Intel has recently announced plans to do so (though it’s not expected to be 100%).

In terms of security threats, it’s IMO quite low. There’s no remote access component, no persistence - just an inability to audit what it’s doing, and in some cases inability to override due to registers being locked.