What
Many of the vulnerabilities described in this document are indications of poor security practices and
insufficient security quality controls. The Ryzen and Ryzen Pro chipsets, currently shipping with exploitable
backdoors, could not have passed even the most rudimentary white-box security review.
Source: Pdf linked above
If this was the case, AMD would have never released the product as EVERYONE would be able to detect these vulnerabilities.
Edit 1:
They sure use a lot of fluff in this "official" document lol. Its half product advertisment, half garble for the most part with a sprinkle of circle logic.
Mitigations
Consult with your OEM on ways to prevent unauthorized BIOS updates
Machines that are also vulnerable to RYZENFALL are at increased risk of attack, because a compromised
Secure Processor may be able to circumvent OEM-specific mitigations and write to system flash
That second bullet point is a restatement of everything they just mentioned. Again, circle logic to try and scare you.
Edit 2:
Looking in RyzanFall, they only have one sentence on how an exploit could be done. And they trail off that you need some vague secured driver from the OEMs.... Of which I don't believe have access to this region.
Impacts and Prerequisites for Exploitation
Exploitation requires that an attacker be able to run a program with local-machine elevated administrator
privileges. Accessing the Secure Processor is done through a vendor supplied driver that is digitally signed.
And now for the great twist lol:
https://www.theregister.co.uk/2018/01/06/amd_cpu_psp_flaw/
This article was released a while back and is a known issue that AMD has been working on with Google. RyzenFall seems to be a rip off of this very exploit.
Edit 3:
LOLOLOL Man this is classic Russian strategy. Stir chaos among the idiots and let it drive a particular event. I'll give you the best [read: worst] example of how this document is complete garbage.
In the Chimera Exploit (excellently named [Ref: Russia]) The figure they use is said to come from the Crosshair VI manual, but isn't even in there. I just checked it on ASUS's website. The image also has a giant watermark for Bit-Tech.net That image looks to be stripped from an OEM PP or some official document provided by AMD/OEM for highlevel understanding of the system architecture.
Furthermore, none of these "exploits" have any credible information making them seem like they are a threat. Most of them rely on some vague process that requires completely custom malware or the like for the specific ARM processor used by the Secure Processor. Which, if there was an issue with an ARM Cortex 5, a lot of people would be VERY worried. Just about every mobile device has one of those in them.
All of the images they used are either stolen off Google or they have absolutely no meaning what so ever. The "block diagrams" they provide are nothing more than just junk information thrown at you to make it seem like there is more information to be abstracted.
Where are the references? Where is the supposed scientific process of showing that this can be done? This entire paper is a farce, and I hope that AMD melts that firm into nothing and than finds out who did this.