Frimware.
lol oops fixed
THIS IS A BIG DEAL
I think this means we will see a Libreboot style open source bootloader for AMD with the ability to monitor the AMD PSP (wiki). Maybe someone can correct me if I am wrong.
The github post link also links to this article:
indeed
THE IMPETUS
Platform & Silicon Firmware Development has historically been a niche field in the compute industry, requiring specific, hard-to-find engineering skill sets. As time progressed, firmware capabilities expanded, offering a large range of enhanced capabilities and platform intelligence ranging from rich feature sets to in-situ upgradability. Firmware became pervasive in the industry. However, the industry quickly realized that this increase in the role and capability of firmware, spread across so many different components on the platform, increased the attack surface for cyber attackers, potentially rendering the system vulnerable to malicious parties. Additionally, most Independent Silicon Vendors (ISVs) distribute their silicon-initialization firmware source code under a proprietary license to companies that have signed Non-Disclosure Agreements (NDAs). This limits the visibility the platform users have to inspect the security and functional validation that has gone into producing the firmware binaries running on their systems.
The above challenges present a pressing need for the following imperatives to be available at scale:
- Improved platform security, functionality, and at scale.
- Improved test coverage, validating entire systems.
- Increased penetration testing and vulnerability tracking.
- Optimized traceability such as SBOM for more traceability and vulnerability tracking within firmware binaries.
With the AMD Generic Encapsulated Software Architecture (AGESA™) solution, scaling to other nimbler host firmware solutions that foster a more robust security posture due to lower attack surface proved challenging. Below is the existing stack that caters to the UEFI host firmware requirements.
THE SOLUTION
AMD believes one of the ways to attain an improved security posture is to open Silicon Initialization Firmware architecture, development, and validation to the open-source community. AMD is committed to open-source software and is now expanding into the various firmware domains with the re-architecture of its x86 AGESA FW stack - designed with UEFI as the host firmware that prevented scaling, to other host firmware solutions such as coreboot, oreboot, FortiBIOS, Project µ and others. A newer, open architecture that potentially allows for reduced attack surface, and perceivably infinite scalability is now available as a Proof-of-Concept, within the open-source community for evaluation, called the AMD openSIL – Open-Source Silicon Initialization Library.
AMD openSIL adheres to simple goals of an agnostic set of library functions written in an industry-standard language that can be statically linked to the host firmware without having to adhere to any host firmware protocols. AMD openSIL is designed to be scalable and simple to integrate, light weight, low chirp and transparent, potentially allowing for an improved security posture.
AMD openSIL is a set of three statically linked libraries – xSIM (x86 Silicon Initialization Libraries), xPRF (x86 Platform Reference Library) & xUSL (x86 Utilities & Services Library), that can be statically linked to any host firmware during compile/link time. Below is a comparison firmware stack diagram that exhibits the scalability between two disparate platform host firmware solutions – UEFI & coreboot, which can be scaled to any other platform host firmwares that exist today and possibly in the future.
(The article continues with more details. This point in the article is the picture of the flow diagram comparing UEFI and Coreboot)
