Enable "SPI Replay Protection" on Framework 13 with AMD 7640U

Framework Laptop 13 Linux
1

Hi, I already own a Framework 13 with AMD 7840U, and I am very satisfied with his security level as it achieves HSI-3.

I just bought another Framework 13, but this time with less powerful AMD 7640U CPU. I assumed it would come with the same security level since the CPU architecture is the same. However the AMD 7640U achieved only HSI-2 level, since it has “SPI Replay Protection” disabled:

image
image473×768 69.3 KB

Now the questions in my mind are:

  1. can I enable it?
  2. Is it something related to firmware only, or does the OS have anything to do with it?
  3. if I can’t enable it, what are the risks I am exposed to? Downgrade to a previous version of the firmware?

Any helps would be greatly appreciated :slight_smile:

Which Linux distro are you using?

Aeon last updated a couple days ago.

Which kernel are you using?
linux 6.12.6-1-default

Which BIOS version are you using?
03.05

2

After weeks of scouring the internet, I managed to understand that this “SPI replay protection” feature depends on the Relay Protected Monotonic Counters (RPMC) which are implemented inside the AMD PSP (the Secure Processor, kinda like the ME for Intel).

Still whether they can be provisioned and enabled, remains a mistery. It also remains a mistery why one of my framework laptops has it enabled, and the other not.