The scene is buzzing again for the recently leaked AMD Zen 2 Secure Processor Boot ROM online

admin

It’s been two weeks since the release of the AMD Zen and AMD Zen 2 Secure Processor Boot ROM , but it seems that only today has it piqued the interest of the community.

 

 

What has been shared, are the ROMs, but not the technique used to obtain them, if similar they could potentially be useful for people to use as an attack vector in an attempt to find an exploit.

Boot ROM exploits used to be critical on other devices for permanent jailbreaking (see the Switch console). Among other things, some security researchers have demonstrated how to compromise the Trusted Platform Module (TPM) from AMD.

These tiny processors have memory that applications can use to store keys, authentication data, or anything else they don’t want other programs to access.

Bugs in AMD Ryzen CPUs, its Secure Processor (SP), Trusted Platform Module (TPM), or System Management Unit (SMU) could lead to critical and hard-to-fix vulnerabilities for systems using these CPUs.

While this bootrom alone isn’t enough to ”hack” a console like the PS5, it is one more building block for the hacker community to better understand the gaming device and can hopefully lead to more discoveries and hacks. combined with previously reported vulnerabilities.

SpecterDev confirmed on the PS5 Research Discord server that this is indeed an interesting piece of the PS5 puzzle, although it will most likely still be “very hard to reverse”.

The hacker had recently shared some of his research on AMD’s Secure Processor, a very interesting read if you want to know more about the AMD platform: Part 1 – Part 2

SpecterDev claims that some critical encryption keys are ”locked” and secure in the cryptographic co-processor (CCP).

The hacker was quick to correct that these keys might not be as secure as initially believed, thanks to a recent Trusted Platform Module (TPM) hardware attack, released in May.

This particular attack, which reuses a hardware glitch (by the same infosec researchers Buhren and Seifert), could be essential for future PS5 console hacks.

Download: Ryzen Boot ROM Sourcecode

Source: wololo.net