Compromising Between Intel Without Coreboot or AMD PSP

As it currently stands, Joanna herself has found Intel ME to be a depressing^[1] situation^[2]. This was in fact a change of heart, compared to her earlier views^[3].

Fortunately, neutralising parts of the ME is now possible. For this reason, obtaining a Qubes hardware certification^[4] makes it mandatory. So this is currently the ideal choice.

Unfortunately, this choice is also limiting. A highlight for example are the Framework laptops, where the manufacturer still has not agreed to prioritise free firmware, despite years of persistence^[5] from their potential customers and broader community.

On the other hand, there is the choice for an AMD processor. Their equivalent of ME is called PSP. As of 2023, security researcherers such as Christian Werling^[6], Alexander Eichner and Robert Buhren^[7] have reported that PSP is lacking a network stack and as such, it doesn’t represent a priority for similar efforts to neutralise it. But at the same time, the maintainer of the Coreboot fork Libreboot, seems to express equal concern^[8] for PSP as she does for ME; while indeed she mentions the existence of a built-in network interface only in the case of ME, she does say that PSP has access to the standalone network controller, if one is present on the system. However, this does not have equivalent implications for security; comments are welcomed.

In any case, AMD comes with unique and definitive issues. First, as Qubes themselves emphasise^[9], AMD is significantly less efficient than Intel regarding microcode updates, which in fact introduces new security risks. Notably, the user depends on hardware vendors (rather than on AMD alone) to eventually distribute the required update.

Secondly, on multiple online forums there are generic reports of “bugs” and “instability” on various systems (not necessarily Qubes OS) running AMD, which seem to be attributed to a lower standard in the manufacturing process, but also to less support at the software level. Without direct experience, it’s difficult for me to know the extent of those issues and their relevance. This is another point where I hope the community is able to provide clarity.

Finally, it should be noted that AMD also offers a cost advantage.

I hope to hear opinons on the accuracy of this assessment, in particular regarding any omission of relevant variables. As previously mentioned, a comparison between the usability of AMD vs. Intel would be valuable, with a particular focus on being specific (e.g when using Qubes, are rare and brief system freezes to be expected, or more likely regular crashes?). But most importantly, how does standard Intel ME and standard AMD PSP actually compare, from a security point of view?

Thank you

1. Intel x86 considered harmful (new paper) | The Invisible Things Blog ↩︎

2. https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf ↩︎

3. More Thoughts on CPU backdoors | The Invisible Things Blog ↩︎

4. Certified hardware | Qubes OS ↩︎

5. [RESPONDED] Coreboot on the Framework Laptop - Framework Laptop 13 - Framework Community ↩︎

6. Question, regarding psp, · Issue #54 · PSPReverse/PSPTool · GitHub ↩︎

7. Select instance - Invidious ↩︎

8. Libreboot – Frequently Asked Questions about Libreboot firmware ↩︎

9. System requirements | Qubes OS ↩︎

I normally overwrite the IME with a custom operating system that I trust if I have the availability to enable the write mode on the IME. Same with AMD’s version.

They are all very insecure.

No significant difference, as both of them contain firmware black boxes with elevated administrative privileges that cannot be completely and permanently revoked by the user.

I noticed that the reasons you gave are theoretical in style, so I must ask: is there a specific, more practical angle as well? Note that the context of this thread is trying to find a relative compromise, when the ideal option (addressed in the second paragraph) isn’t available.

Here is another source which I omitted to include in the first post. It’s a less alarmist (but still equivocal) comparison of Intel ME and AMD PSP. It addreses the networking aspect.

Playing the devils advocate a little bit:

1. You realize that the articles linked in Footnotes 1 and 2 are 10 years old? And in the meantime, there has not been one verifiable instance of ME abuse?
2. The coreboot/libreboot alternatives are more or less crippling your hardware.
3. AMD (as a company) is not in any way more ethical than Intel is. If the Government (yes, that Government) asks them to jump, they ask “how high?” or lose all access to Government (-related) contracts.

Same link on my Anonymous Overflow instance:

I need to address one of your prior statements first:

Qubes-certified hardware does not require Intel ME to be neutralized/disabled via HAP bit.

Sure, Intel ME has more security researchers discovering vulnerabilities within it compared to AMD PSP:

Thanks for that.

If I understand you correctly, Intel ME has received more scrutiny from security researchers, which exposed several backdoors, and those have since been fixed. And as a result, this makes Intel ME more battletested.

On the other hand, AMD PSP has not received this level of scrutiny. However, this might be due to the fact it lacks a network stack (as mentioned earlier), so its functionality appears to be more limited to begin with. Rather than a large and battletested attack surface, it has a smaller one, which could be argued to be an inherent advantage for security.

Is my reasoning here correct? If so, it’s still very much equivocal and I don’t feel closer to deciding whether Intel or AMD would be a better choice for a new machine. Before I conclude it’s a “pick your poison” situation and therefore reasoning this out can’t help more than a coin flip - I’d like to hear more comments.

I’ll link the following quote from another thread back in Aug 2023, which adds another important argument:

It’s not from March 2025, but the research is going on.

Yes, but I would like to emphasize footnote #9, particularily this quote:

There’s no such requirement in your link:

Qubes-certified hardware should run only open-source boot firmware (aka “the BIOS”), such as coreboot. The only exception is the use of (properly authenticated) CPU-vendor-provided blobs for silicon and memory initialization (see Intel FSP) as well as other internal operations (see Intel ME).

Are you saying you can get rid of the negative features of Intel IME by, temporarily using a particular Operating System for awhile? Going on to use Qubes? Without doing a hardware Flash, (meaning open the computer, attach wires from another device) and Flash the target computer?

What OS can accomplish this? How well is this tested by others?

No, I mean overwriting the IME.
You can install the original IME back again when you want to, but I don’t advise doing this sort of thing again and again.
It will always be a hardware flash.

PCs these days have updaters, so they allow updating to these things over time.
So you just have to know how to write to these things and just do it.

BIOS updates… Write your own BIOS to flash to it, fixing all the issues.
IME Updates… Download Minix, add your IME code, flash.

The same goes for many parts of the computer.

If anyone allows firmware updates and flashing to their hardware, you just need to know what commands to send to what devices to allow the flashing and then to flash it.

This itself is a major security vulnerability in computers these days.

Which is one thing that many people will exploit.

Upload a custom IME to an Intel CPU, then you can watch and monitor everything that passes through the CPU.

Do this on the NIC, and you have a device sitting on someones network that you can freely access at any time as it will create a connection to your own server from inside the network. And if you have the BIOS flashed/updated with your spyware as well, you can wake the computer, then use the computer to do whatever you want.

This is one thing I love about Qubes.
Run everything separated in guests, and nothing that you do things on has direct hardware access. Meaning you need to boot to a mini system to update them if you ever want to. But that is the down side unfortunately. Protection prevents removing bugs and fixing security holes and flaws in your hardware.
So people can’t EASILY get access to the hardware without sending the signal from outside to directly interface with your NIC.

Often flashing is done with Windows, because of the insecurities inside Windows itself and the lack of restriction and security that is inherent in the operating system to allow all forms of bad things to happen. (Which is why there is more malware that works on Windows than anything else)

I don’t know how well it is tested by others. I was first doing this back in 2007 when I learned about it and what they actually put in the CPUs and the fact it was actually an operating system.

These days it would be more advanced, and they may have it completely custom, but it would still be similar methodology.