Re: PCIe 4
Concern stems from the former primarily. The latter (the tech supposedly trying to protect from requests for access) has not only been broken multiple times already in the real world (allowing malicious hosting providers to theoretically peer in on VMs thought to be safe) but is permanently dependent on an AMD held master key by design. Which means AMD itself can be forced to assist in requests for access.
AMD has refused to release the PSP as open source. Or allow anyone to audit it. Or allow anyone to remove it from their system (the EFI toggle doesn't remove it, BTW). And it's already been found to have a number of fun bugs.
Furthermore, AMD is a USA company. The USA has the CLOUD act. AMD can create malicious firmware (or just cooperate by signing someone else's malicious firmware) that will be accepted by any compatible AMD system already sold.
And no, they didn't get it right and probably couldn't care less about getting it 100% right, seeing as they're not on the hook when PSP bugs leak customer data or allow hijack. Just like Intel isn't on the hook when the ME leaks data or allows hijack.
It all comes down to "just trust us, we know what's best for you". Can you say "false sense of security"?
Biting the hand that feeds IT
