The following text is provided by AMD and published verbatim.
The fact is, nobody thinks cybersecurity will get any easier, any time soon.
Bad actors are continuously innovating, quickly moving to new targets and tactics just as defenses mature. It was hard enough protecting well-managed devices when they were kept safely in the office. In today’s always-connected, always-moving mobile and remote world, securing devices and sensitive information can become an overwhelming challenge for IT staff and business decision-makers.
A Multilayered, Defense-in-Depth Approach to Protection
As risks accelerate in volume and variety, AMD continues to pursue a carefully layered approach that relies on controls and capabilities embedded directly into hardware, software, and firmware. This is especially true for a more mobile “new normal.” With the latest AMD Ryzen™ PRO processors, AMD PRO security delivers a multilayered set of security features ready to help defend against sophisticated attacks of today and tomorrow.
Integrated Hardware Root of Trust
AMD “Zen 3”-based core architecture, including the AMD Ryzen™ PRO 5000 mobile series processors, are built with these strong protection foundations in mind, helping reduce exposure of attacks, which in turn can minimize costly downtime, and reduce IT interventions. It all starts with a hardware-driven root of trust.
Hardware roots of trust are instrumental to protecting modern devices, helping a system verify the identity and integrity of hardware components and protecting the system firmware from tampering. Each AMD silicon architecture ships with a dedicated hardware security processor (the AMD Secure Processor, or ASP) which acts as a hardware root of trust, providing platform integrity and authenticating all initial firmware loaded on the platform.
This ability to authenticate each system’s firmware can provide protection from rogue or malicious firmware across the device lifecycle, no matter where it’s being used. If errors or modifications are detected, components are automatically denied access to the system, providing a fundamental early line of defense in the battle to keep information secure.
Memory Encryption with AMD Memory Guard
Increasingly sophisticated applications rely on in-memory caching and processing (e.g., using RAM) to accelerate performance. This means that RAM isn’t just a resource, it’s also a potential attack target. Even without access to the hard drive, attackers can gain access to critical information stored on a lost or stolen device.
AMD Memory Guard is designed to encrypt all DRAM contents utilizing a random key, helping protect against physical cold boot, DRAM interface snooping, and similar types of attacks. It does so via a 128-bit key generated by an onboard random number generator that restarts with every system reset.. It is completely invisible to OS or any software running on the CPU.
AMD Shadow Stack: Advanced Protection for Advanced Malware
An increasingly popular tactic, commonly referred to as “return-oriented programming” (ROP), is a sophisticated class of software attacks where attackers don’t inject their own malicious code into a process, but instead gain control of the system by stitching together legitimate code to create a malicious process which can harm the system. By hijacking trusted applications to carry out attackers’ malicious exploits, attackers aim to avoid detection by cyber defenses for longer than if they had injected their own malicious code.
AMD Ryzen™ PRO 5000 series processors with AMD Shadow Stack are designed to help mitigate these ROP attacks by providing software access to special registers in the CPU where a copy of an application’s return address can be stored. Applications can utilize this parallel stack, known as the “shadow stack,” to help mitigate software attacks that attempt to modify the control flow. These are just two pieces of the AMD PRO security solution, designed to deploy innovative multilayer security features while enabling our partners to do the same.
A Critical Security Collaboration
Building protective hooks deep into our hardware gives our OEM and OS partners the ability to deliver a more fully protected computing experience. This means supporting initiatives like Secured-core PC and other efforts to boost hardware-based security across the device.
AMD’s innovation supports Microsoft Secured-core PCs, and helps protect your device from firmware vulnerabilities, helps shield the operating system from attacks, and can prevent unauthorized access to devices and data through advanced access controls and authentication systems.
Exactly how many layers are enough?
Cybersecurity troublemakers never seem to sleep, but AMD is working hard to keep up. AMD believes that modern security solutions can only be achieved through layered defenses that combine hardware, software, and data in meaningful ways. AMD will continue to invest in continued security innovation and leadership, pushing the boundaries on what we can accomplish with each new generation.