Re: Description of the Intel CPU bugs

[Valdis.Kletnieks () vt edu]

On Thu, 28 Jun 2007 11:08:08 EDT, Larry Seltzer said:

> Does this mean that microcode in these CPUs is actually
> field-upgradable? I wonder if Joanna Rutkowska knows about this.

Yes, it's designed as field-upgradable and loadable into the CPU for
the current power-on cycle (in other words, it evaporates at power-off).
Most sane BIOS include a "upload current microcode from ROM into CPU as
part of POST".  If your BIOS hasn't been upgraded, you can upload it during
boot (as the Microsoft patch presumably does, and the Linux microcode_ctl
utility does -  http://www.urbanmyth.org/microcode/ ).

Yes, flashing your own microcode into the CPU would be the ultimate pwn-the-box,
except (a) you'd still have to arrange for it to get re-flashed at power-on,
and (b) the format is incredibly undocumented, and dependent on the exact
internal design, down to processor family and probably stepping (the current
microcode update from Intel covers 125, yes 125, different CPUs).  So unless
you have docs for what bit 57 of a format-7 microcode control word for a T6500
processor does, you will almost certainly just lock the damned thing up and
require a power cycle... ;)

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.