Reversing the AMD Secure Processor (PSP) – Part 2: Cryptographic Co-Processor

The article discusses the AMD Secure Processor (PSP) and its Cryptographic Co-Processor (CCP), focusing on the latest version, CCPv5. The CCP is crucial for hardware-accelerated cryptography and functions as a Direct Memory Access (DMA) engine for firmware operations. It utilizes Local Storage Blocks (LSBs) for context management during operations, with a maximum of eight LSBs available, each capable of holding 512 bytes of data. The CCP supports five command queues for job submissions, with each queue able to hold 16 commands. The commands are structured to include control words, lengths, and pointers for source, destination, and key information. The CCP can handle various cryptographic functions, including AES, DES, SHA, and RSA, and can access different memory types, such as system memory and local memory. The article also highlights the firmware loading process, which involves reading from SPI flash and can handle both compressed and uncompressed data. Additionally, it details the encryption and decryption of firmware using a layered key system, where the root key is securely stored and used to decrypt intermediate keys for accessing firmware. The CCP's design allows for fine-grained access control and efficient data handling, making it a vital component of the AMD Secure Processor architecture.

- The AMD Secure Processor's Cryptographic Co-Processor (CCP) is essential for cryptography and firmware operations.

- CCPv5 introduces Local Storage Blocks (LSBs) for improved data management and context retention.

- The CCP supports multiple command queues and various cryptographic functions, enhancing its versatility.

- Firmware loading can handle both compressed and uncompressed data, utilizing a layered encryption key system.

- The design of the CCP allows for fine-grained access control and efficient memory operations.