What is the point? According to this scummy "amdflaws" site, most of the exploits need modifying the firmware anyway... LOL.

Did the hardware vulnerabilities turned out to be false ? Or will even Ryzen 2 users be stuck with an insecure cpu ?

Hardware flaws are only limited to the Promntory chip-set. AMD is already working with ASMedia which are the designers of the chip-set to find proper solution to close these security holes with BIOS/firmware update.

I suppose later versions of chip-set for the next generation of Ryzen CPU's will have the proper hardware fixes.

Someone wanted to buy AMD stocks for cheap here. That's all this was.

It's only a "hardware" vulnerability if you consider the fact that the security-related function of AMD PSP run in a separate ARM core.
(Not dissimilar to the IntelME's ARC core running their management functions).

The attack is about flaws in the firmware running on these extra core
(and requiring root access on a the machine in order to be able to access and communicate with these core or even upload a new firmwar. - i.e.: at that point an attacker has tons of options to hose your system. The fact that now a few of these options happens to rely on AMD PSP core is merely a footnote compared to the fact that by that point the attacker is already root).

The fix is simply about fixing the firmware that runs on these cores.

There's no fundamental hardware design problem that needs to be redesigned (beyond the fact that there are extra administrative cores such as AMD PSP / Intel ME in our CPUs) and it's not going to be changed
(though it would be great if cpu manufacturers conceded to let a way for end users to upload their own opensource firmware instead, like Secure UEFI can be allowed to boot Linux. Or end users could replace the firmware with a gutted down version "bare strict minimum in order to bring the hardware up during boot and won't to anything afterward" like the replacement IntelME that got popular last autumn).

Ryzen2 will still feature AMD PSP. Wether it will be insecure will depend on the quality of the firmware running there. By then the current bugs in the firmware will be definitely sorted out. But there's no guarantee that there aren't other bugs not yet discovered in the firmware. Nor that future version of the firmware won't introduce new exploitable bugs. Nonetheless, if that were to happens, newer fixed firmware will be all that's needed.

This whole thing is nothing much impressive.

CTSlab have blown it way out of proportion, probably to profit of it, betting on AMD stock diving a bit.

FUD everywhere

Can they actually provide open firmware for PSP, or at least a way to completely disable it?

Well, you can either insist on there not being any flaws and then endlessly fight against the bad press for denying any flaws, or say that you "fixed some issues/vulnerabilities" (even if there were none) and put everyone's mind at ease.

This is like a "no duh" moment. Isn't the whole point of root to have the highest tier of access? Isn't it literally the job of hardware and software designers to make certain that root in fact does have that highest tier of access? In that sense doesn't this mean that the hardware and the software is doing exactly what it's supposed to do?

EDIT: In other words, wouldn't the fix necessarily mean root would no longer have that highest tier of access? If that's true then their is no doubt at all that whatever "fix" is involved most definitely introduces an even higher tier of vulnerability. That would be retarded and anti-consumer.