I wouldn’t call it debunking; with the research and reverse engineering we are starting to learn more about IME, but I hear little about ASP.
AMD did say they let third parties look at the PSP code, so there are multiple companies outside of AMD that have seen the code; but they are probably under NDA.
AMD response to questions on open sourcing PSP
I transcribed it myself from this Twitch recording, there is also a copy on periscope.
There’s another security related question, from the community is: When will you, or will you, release PSP source code?
So essentially kind of, the embedded hypervisor and firmware that we run inside of our platform security coprocessor for those that maybe aren’t as close to the technology.
I think our approach - I’ll kind of take this one and you guys can chime in as well - we’ve actually already completed multiple different audits from security companies, that we’ve hired to come in and essentially try and find threats, or vulner- excuse me, not threats, vulnerabilites in our PSP architecture as well as the PSP firmware that goes with it.
So that’s something that we’ve actually completed; actually earlier this year. So I think, we are looking to have people look at our security implementation from a software perspective and determine if there are vulnerabilities and weaknesses.
At this point it isn’t our plan to go kind of, put that out in the community, but we are taking the right steps and measures to ensure that we are having people that are experts, that kind of know what bad agents do, to really see if we have vulnerabilities.
Yeah, you know, so those are third party audits that we’ve contracted, but quite frankly, we’ve also had some customers charter their own; so not just AMD, but other customers and partners have performed their own third party audits of our firmware as well.
Yup. Very good.
The next questions really kind of pivot a little bit more to the hardware ecosystems-