Now that we have examined the vulnerability that enables arbitrary microcode patches to be installed on all (un-patched) Zen 1 through Zen 4 CPUs, let’s discuss how you can use and expand our tools to author your own patches. We have been working on developing a collection of tools combined into a single project we’re calling zentool. The long-term goal is to provide a suite of capabilities similar to binutils, but targeting AMD microcode instead of CPU machine code. You can find the project source code here along with documentation on how to use the tools.
↫ Google’s Bug Hunters website
I just read a whole bunch of words, but I barely understand what’s going on. The general, very simplified gist is that the researchers discovered a way for an attacker with local administrator privileges to load arbitrary microcode onto AMD Zen 1-4 processors.
“…researchers discovered a way for an attacker with local administrator privileges to load arbitrary microcode…”
In an ideal world this should have been a feature to begin with…
However, we don’t, and because people are assholes, this seems like a very bad thing to be able to do
i would assume microcode can fix vulnerabilities, fix bugs and improve performance.
so, malicious microcode might do the opposite. not sure if it can actually damage the cpu.
Without even “playing” with the microcode, what was the impact on performance of Meltdown and Spectre mitigation ?
The ability to inspect and modify the CPU’s microcode is actually a good thing. It’s YOUR machine remember.
The fact that someone who has already compromised your machine now has one more way to backdoor it isn’t really a huge concern, especially given that microcode updates are loaded at runtime and someone with privileged access has plenty of other places they could put backdoors. If you power cycle the microcode is gone, so they’d need to backdoor the firmware or the os to load the new malicious microcode – or they could load any other kind of backdoor into the firmware or os instead, likely one that isn’t processor model specific.