AMD and Synaptics are teaming up to do the impossible, secure a PC with Windows. SemiAccurate thinks the hardware security side will be fine, it is just a pointless exercise when you layer unsecurable software on top.
On the plus side we have AMD and Synaptics working together to tie the FS7600 Match-In-Sensor to an upcoming AMD Ryzen chip in a secure way. The idea is to get secure biometric data to the CPU itself along a secure path just like it is done in phones. Presumably this is due to the payment processors leaving the PC by the wayside because they are insecurable.
Microsoft presumably doesn’t like the perception of being the Maginot Line of information security so they are leaping into action and doing nothing like usual. The hardware vendors are in fact doing the right thing, presumably, and making sure the biometric data is captured and transmitted securely as long as it is in their domain.
All of this is being forced by the mobile payment processors, especially those in China, who are demanding actual security before they deploy on a platform. The phone/ARM space is there and their systems seem to work right for the right reasons. If the PCs want to play in mobile payments, and likely DRM, in the future, they have to have the same level of security.
This security is not doable on a component basis, it must be done at a platform level to even have a chance at being effective. PCs don’t do much on a platform level, they almost exclusively do things on a component level which is increasingly untenable in the new order of security and connectivity. Because of this you see the AMD/Qualcomm LTE always on PC partnership, and now the AMD/Synaptics biometric security work.
AMD tying the Synaptics FS7600 sensor into the Ryzen platform is a good thing for the right reason. It will bring the PC hardware platform into the modern age as far as biometric sensing and security goes, and opens up a potential world of mobile payments. Better yet it will presumably be pre-validated on most mobile payment platforms saving the OEMs a lot of cost.
The only problem is that Microsoft is part of this integration. As you might have noticed, over the last 20 or so years, the company can’t secure a wet paper bag because they don’t want to. Microsoft did try and do the right thing to secure Windows in Vista, and if you recall the blowback they got for it, you understand why they will never try again. Making the needed changes would cost them more customers than they can afford, so they simply don’t, but they will retroactively patch and crow about it. That isn’t real security or doing the right thing.
This is the world AMD and Synaptics face with the integration of Ryzen and the FS7600. The hardware is a good idea and necessary to not get left behind by the mobile payment ecosystem. Unfortunately all their good work is undone by putting Windows on top of the secure hardware, likely as the only option for ‘secure’ certifications. The hardware is moving in the right direction for the right reasons, and that is worth celebrating.S|A