funsec mailing list archives
Re: Description of the Intel CPU bugs
From: Valdis.Kletnieks () vt edu
Date: Thu, 28 Jun 2007 11:45:31 -0400
On Thu, 28 Jun 2007 11:08:08 EDT, Larry Seltzer said:
Does this mean that microcode in these CPUs is actually field-upgradable? I wonder if Joanna Rutkowska knows about this.
Yes, it's designed as field-upgradable and loadable into the CPU for the current power-on cycle (in other words, it evaporates at power-off). Most sane BIOS include a "upload current microcode from ROM into CPU as part of POST". If your BIOS hasn't been upgraded, you can upload it during boot (as the Microsoft patch presumably does, and the Linux microcode_ctl utility does - http://www.urbanmyth.org/microcode/ ). Yes, flashing your own microcode into the CPU would be the ultimate pwn-the-box, except (a) you'd still have to arrange for it to get re-flashed at power-on, and (b) the format is incredibly undocumented, and dependent on the exact internal design, down to processor family and probably stepping (the current microcode update from Intel covers 125, yes 125, different CPUs). So unless you have docs for what bit 57 of a format-7 microcode control word for a T6500 processor does, you will almost certainly just lock the damned thing up and require a power cycle... ;)
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Description of the Intel CPU bugs Richard M. Smith (Jun 28)
- RE: Description of the Intel CPU bugs Larry Seltzer (Jun 28)
- RE: Description of the Intel CPU bugs Larry Seltzer (Jun 28)
- Re: Description of the Intel CPU bugs Valdis . Kletnieks (Jun 28)
- RE: Description of the Intel CPU bugs Larry Seltzer (Jun 28)
- Re: Description of the Intel CPU bugs Matthew Murphy (Jun 28)
- Is this a hoax? Blanchard_Michael (Jun 28)
- Re: Is this a hoax? B.K. DeLong (Jun 28)
- Re: Is this a hoax? Valdis . Kletnieks (Jun 28)
- RE: Is this a hoax? Blanchard_Michael (Jun 28)
- Re: Description of the Intel CPU bugs Valdis . Kletnieks (Jun 28)
- RE: Description of the Intel CPU bugs Larry Seltzer (Jun 28)
- Re: Description of the Intel CPU bugs Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jun 30)
- Re: Description of the Intel CPU bugs Gadi Evron (Jun 28)