Opening pAMDora's box and unleashing a thousand paths on the journey to play Beatsaber custom songs

While trying to apply fault injection to the AMD Platform Security Processor with unusual (self-imposed) requirements/restrictions, it were software bugs which stopped initial glitching attempts. Once discovered, the software bug was used as an entry to explore the target, which in turn lead to uncovering (and exploiting) more and more bugs, ending up in EL3 of the most secure core on the chip. This talk is about the story of trying to glitch the AMD Platform Security Processor, then accidentally discovering several bugs and getting a good look inside the target, before returning to trying to hammer it with novel physical strategies. # BACKSTORY --------------- So here is the backstory of how it all started: - I bought a commercial gaming console - Then bought a VR headset (for this console) because of exclusive game - But also wanted to play beatsaber - I could, but builtin song selection was very limited - Custom songs exist (for example on steam), but not for this console - I didn'