AMD Turin PSP binaries analysis from open-source firmware perspective
7 hours ago
- #coreboot
- #AMD_PSP
- #firmware_analysis
- Coreboot was successfully run on Gigabyte MZ33-AR1 with Turin CPU, but encountered issues with AMD's published blobs not being sufficient to release the CPU from reset by PSP.
- A workaround was implemented by injecting coreboot into the vendor firmware image and flashing it back, leading to an analysis of the problems and solutions.
- AMD Platform Security Processor (PSP) firmware structure was analyzed, highlighting its complexity and the integration of various firmwares for co-processors.
- The Embedded Firmware Structure (EFS) was examined, showing differences between coreboot and vendor images, particularly in SPI speeds, eSPI config, and Multi Gen EFS value.
- PSP and BIOS directories were compared between coreboot and vendor images, revealing a significant difference in the number of entries and the necessity to extract and integrate missing blobs from the vendor image.
- Modifications to PSPTool and amdfwtool were made to support the analysis and integration of missing blobs, enabling the creation of a bootable coreboot image.
- Debugging efforts included enabling PSP verbose debug output and comparing outputs between vendor and coreboot images, identifying issues with the AMD Root Key.
- Public blobs were found to be incompatible due to differences in the AMD Root Key, leading to a request for updated blobs from AMD.
- The project achieved milestones in analyzing the vendor image, updating coreboot's amdfwtool, and preparing for future integration of correct blobs.
- The porting of Gigabyte MZ33-AR1 to coreboot is ongoing, with further updates and explanations promised in future blog posts.