2

Given that the IBM POWER9 CPU doesn't appear contain an AMT subsystem (like those seen in Intel and AMD CPUs), is there any way the absense of such a backdoor could be audited? For example, might a lab be able to physically disassemble the chip to verify that it matches an open spec?

Jonathan Cross
  • 1,618
  • 1
  • 13
  • 25

2 Answers2

1

A lab could theoretically decap the chip and analyze it, and any large, complex subsystem inside would not be able to hide from that (although you could not verify that it matches the open spec). If there's something undocumented that functions as an actual backdoor, then it would, by definition, be hidden. There are endless possibilities for embedding a backdoor in a complicated architecture like POWER9. For example, setting a couple registers to magic values that are unlikely to be guessed or occur naturally and then running a particular unprivileged instruction could trigger the elevation to supervisor mode. It could even be designed such that vulnerabilities worse than Spectre and Meltdown are "accidentally" possible, providing plausible deniability in the backdoor.

In regards to the specific capabilities of the CSME or AMD PSP, you can verify that POWER9 lacks a few of those features. For example, the CSME has access to many network cards, and to the on-board gigabit Ethernet system (Intel GbE). This requires the PCH be hooked up to the network card in a particular way that may be unique to the x86 architecture. You should be able to verify that, for example, the CPU cannot directly control the network card in any way that is not possible through the interfaced used to connect to it (e.g. PCIe). You should familiarize yourself with the system's architecture, as it is quite different from systems that descend from IBM-style x86 PCs.

While I don't know if the AMD PSP can do this, server systems with AMT can keep the coprocessor powered up even when the system is off, as long as it is connected to the power. It is trivial to detect if this is the case with an arbitrary computer by measuring power draw while the system is off. It is trivial to verify if any coprocessor is exposing itself automatically to the network by seeing if the networking card has a new MAC address. This assumes they are on by default.

But what is the actual risk? I would say it is very low. AMD PSP and Intel CSME are designed to make the lives of system administrators easier, even if they come with security downsides. As such, it makes little sense to keep them secret and undocumented. The only reason they would be secret is if they are an intentional backdoor, in which case they need not manifest themselves as coprocessors, and could instead be implemented as a simple but fatal security "bug".

forest
  • 65,613
  • 20
  • 208
  • 262
1

Talos II mobo for Power9 contains fully opensource firmware

It is unlikely any potential backdoor will remain hidden over time, and ultimately allow forensics to identify the attacker.

That is probably your best case scenario if you are concerned about someone violating your system.