How are Intel/Amd Microcode Issues Delivered? Is it possible to block them?

Answers to your questions, one by one:

  1. How are the microcode update files published?

    • They are simple, rather small, files, published by the processor makers.

  2. How are they loaded into the CPU?

    • Your processor comes with an initial version, that it boots up with.
    • Your processor has a sequence of instructions to initiate a microcode upload.
    • The BIOS/UEFI of your system may have a newer version, that it will load into the processor before your boot-loader gets control.
    • The operating system may have an even newer version. If so, it will load it into the processor during system start.

  3. How are new versions normally transferred into your computer:

    • If the BIOS gets updated by you, it could contain a newer version.
    • Your operating system may be setup for receiving microcode update through system update. (All current ones can)
    • If somebody nice from Intel gives you the encryption key for their microcode, you could encrypt/sign a modified version, place it on your hard-drive, and load it with some instructions.
    • If somebody else can run processes on your system with System/root rights (e.g. Virus, Trojan), they can even do it for/to you.

  4. How could somebody apply such an update without me knowing?

    • These days, BIOS/UEFI implementations are entire operating systems in themselves, with all modern features, networking, usb, graphics, ... support.
    • Most network cards runs an entire, independent Operating System too. Aside from bugs, which you can bet there are, these firmwares all have (partly) documented remote communication protocols.
    • Somebody exploiting a bug in your NIC, or using the magic_key/protocol, could send a correctly signed microcode update to your CPU.

  5. How feasible is this type of attack?

    • For somebody with authority over the key-holders: Very easy.
    • For the savvy neighbor kid: impossible

Yes, it's absolutely possible to shun them. And there's no kind of enforcing. Nor any particular way you shouldn't be able to rollback.

Updates either come with newer BIOS, or OS loads them. In the latter case, we can assume either you are on Linux or on Windows.

In the first situation, they get loaded from linux-firmware/intel-ucode, in the second they come via normal Windows Update. And as such you can install/uninstall them at will.

If you are really paranoid, delete any instance of mcupdate_AuthenticAMD.dll and mcupdate_GenuineIntel.dll you find on your system.

Tags:

Hardware

Backdoor

Related

What email addresses are treated as trusted? Is there a risk in opening port 22 for ssh access with a network? Is using the concatenation of multiple hash algorithms more secure? In order to trust the digital certificate, does immediate CA cert also needs to be in trust store or root CA cert is enough? Google Chrome "Your connection to website is encrypted with obsolete cryptography" How strong is visualCaptcha? Simple string comparisons not secure against timing attacks Why for some SSL websites browsers show extra info, while for others dont Why don't PGP keyservers enforce double-opt-in? Is there any point in using two step authentication if you have strong passwords? When using https but not DNSSEC, under what situation, a client is vulnerable? BitLocker Drive Encryption NOT secure from drive mapping on network

Recent Posts