6

Before Spectre and Meltdown, I've never heard of users updating microcode on a chip through firmware or otherwise. I actually thought it was written into the silicon and immutable. Now I'm seeing a lot of mentions about this., things like disabling branch prediction and such.

To what degree is there any precedent for this? Has it been done officially or otherwise (through hobbyist channels). Can one for example, reprogram an Intel chip disabling everything but RISC instructions? And is there any way to verify executing Microcode has not been maliciously modified?

Evan Carroll
  • 2,325
  • 4
  • 22
  • 29

2 Answers2

9

Intel has been releasing microcode updates for its CPUs since at least January 29, 2000. AMD has been releasing microcode updates for a similar length of time.

In theory, it's possible to reprogram an Intel chip to do whatever you want, within the capabilities of the silicon. In practice, as the above website notes, microcode updates appear to be signed using best-practices public-key cryptography. As a result, only microcode updates signed by Intel will be accepted by the chip: neither tinkerers nor malicious actors can provide a valid update.

Mark
  • 34,390
  • 9
  • 85
  • 134
  • Really great link there, that's exactly what I was looking for. So essentially, capabilities, body of the the update, ability to dump microcode -- all that is yet unknown but Intel has been updating this and my idea that it was baked into the silicon is simply not true. Outside of Intel would you be aware of any Microcode hacking? – Evan Carroll Jan 07 '18 at 22:11
  • @Evan Carroll You might find this talk interesting. https://media.ccc.de/v/34c3-9058-everything_you_want_to_know_about_x86_microcode_but_might_have_been_afraid_to_ask – gtux Jan 08 '18 at 13:35
2

To express it clearer: the limiting factor of that will most probably be the "capabilities of the silicon" - beside the available possibilities to break the mentioned cryptography, as the available resources (microcode store area and hidden registers) in most cases should be very linited.

Otherwise opening the micro instruction set and marketing the processor as a (new) "RISC processor with x86 emulation software" could be much more promising.

Kerll
  • 21
  • 1