Just update the microcode (was: Re: defending against evil in all layers of hardware and software)

John Ioannidis ji at tla.org
Tue Apr 29 00:46:04 EDT 2008 

alex at alten.org wrote:
> No need to be a major power.  Linux patches x86 code, as does Windows.  I ran across a project several years ago that modified the microcode for some i/o x86 assembly instructions.  Here's a good link explaining it all.  
> 

What the OS or the BIOS loads is files that come from Intel.

There is some verification involved, as the processor won't just accept 
random bytes. You'll need a fair amount of money, as well as 
intelligence expertise, to get hold of the signing keys, not to mention 
the documentation for how to write microcode in the first place.  I 
assume that's one of Intel's (and AMD's) closest-guarded secrets.


> http://en.wikipedia.org/wiki/Microcode

"It must be true, I read it on the Internet" :)

> 
> All this hw/sw flexibility makes designing a good security system a real challenge.  You need a reference monitor somewhere in it that you can truly trust.
> 
> - Alex
> 

That we agree on!

/ji

> 
>> ----- Original Message -----
>> From: "John Ioannidis" <ji at tla.org>
>> To: Cryptography <cryptography at metzdowd.com>
>> Subject: Just update the microcode (was: Re: defending against 
>> evil in all layers of hardware and software)
>> Date: Mon, 28 Apr 2008 18:16:12 -0400
>>
>>
>> Intel and AMD processors can have new microcode loaded to them, and 
>> this is usually done by the BIOS.  Presumably there is some 
>> asymmetric crypto involved with the processor doing the signature 
>> validation.
>>
>> A major power that makes a good fraction of the world's laptops and 
>> desktops (and hence controls the circuitry and the BIOS, even if 
>> they do not control the chip manufacturing process) would be in a 
>> good place to introduce problems that way, no?
>>
>> /ji
>>
>> ---------------------------------------------------------------------
>> The Cryptography Mailing List
>> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
> 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list