Enable "SPI Replay Protection" on Framework 13 with AMD 7640U

Hi, I already own a Framework 13 with AMD 7840U, and I am very satisfied with his security level as it achieves HSI-3.

I just bought another Framework 13, but this time with less powerful AMD 7640U CPU. I assumed it would come with the same security level since the CPU architecture is the same. However the AMD 7640U achieved only HSI-2 level, since it has “SPI Replay Protection” disabled:

Now the questions in my mind are:

  1. can I enable it?
  2. Is it something related to firmware only, or does the OS have anything to do with it?
  3. if I can’t enable it, what are the risks I am exposed to? Downgrade to a previous version of the firmware?

Any helps would be greatly appreciated :slight_smile:

Which Linux distro are you using?

Aeon last updated a couple days ago.

Which kernel are you using?
linux 6.12.6-1-default

Which BIOS version are you using?
03.05

After weeks of scouring the internet, I managed to understand that this “SPI replay protection” feature depends on the Relay Protected Monotonic Counters (RPMC) which are implemented inside the AMD PSP (the Secure Processor, kinda like the ME for Intel).

Still whether they can be provisioned and enabled, remains a mistery. It also remains a mistery why one of my framework laptops has it enabled, and the other not.

@jambonBeurre can you DM me with the serial number of the unit which does not have SPI replay protection enabled.

We would like to investigate this further. As we do not think this is expected.

2 Likes

Hi Kieran,

Thanks for taking interest into this. I tried DMing you but I can’t find a DM button here on the forum. Could you point me to where it is? Otherwise I can send you an email.

Edit: apparently on Discourse people are allowed DM only when they reach trust level 1, which I guess I do not have yet.

it’s for spam prevention.
But it’s not hard to get to level 1.
Looks like you just reached level 1. Either someone granted it to you or you just hit it

I see! A moderator granted it to me.