No need to be a major power. Linux patches x86 code, as does Windows. I ran
across a project several years ago that modified the microcode for some i/o x86
assembly instructions. Here's a good link explaining it all.
http://en.wikipedia.org/wiki/Microcode
All this hw/sw flexibility makes
[EMAIL PROTECTED] wrote:
No need to be a major power. Linux patches x86 code, as does Windows. I ran across a project several years ago that modified the microcode for some i/o x86 assembly instructions. Here's a good link explaining it all.
What the OS or the BIOS loads is files that
The signature in the microcode update has not the same
meaning as within crypto. For intel chips it has 31bits and basically
contains a revision number. The requirements for the BIOS for
checking microcode updates are in short: check the crc and ensure
that older revisions cant replace new ones
On Apr 28, 2008, at 23:56, Perry E. Metzger wrote:
If you have a rotten apple engineer, he will be able to hide what he's
trying to do and make it look completely legit. If he's really good,
it may not be possible to catch what he's done EVEN IN PRINCIPLE.
Fred Cohen proved in 1984 in his
On Apr 28, 2008, at 2:56 PM, Perry E. Metzger wrote:
I'm pretty sure we can defend against this sort of thing a lot of the
time (by no means all) if it is done by quite ordinary criminals. If
it is done by really good people, I have very serious doubts.
I think you just described all of
On Apr 28, 2008, at 12:58 PM, John Denker wrote:
Of course we should insist on an open-source boot ROM code:
The boot ROM should check the pgp signature of each PCI card's
BIOS code before letting it get control. And then it should
check the pgp signature of the operating system before booting
Stephan Neuhaus [EMAIL PROTECTED] writes:
On Apr 28, 2008, at 23:56, Perry E. Metzger wrote:
If you have a rotten apple engineer, he will be able to hide what he's
trying to do and make it look completely legit. If he's really good,
it may not be possible to catch what he's done EVEN IN
On Tue, 29 Apr 2008, Ivan Krsti?~G wrote:
On Apr 28, 2008, at 12:58 PM, John Denker wrote:
Of course we should insist on an open-source boot ROM code:
The boot ROM should check the pgp signature of each PCI card's
BIOS code before letting it get control. And then it should
check the pgp
This is an important discussion
The threats are real, and we need to defend against them.
We need to consider the _whole_ problem, top to bottom. The
layers that could be subverted include, at a minimum:
-- The cpu chip itself (which set off the current flurry of
interest).
-- The boot
John Denker [EMAIL PROTECTED] writes:
This is an important discussion
The threats are real, and we need to defend against them.
I'm not sure how to feasibly defend against such things. It would seem
to require complete control over the entire design and supply chain,
which involves so many
Intel and AMD processors can have new microcode loaded to them, and this
is usually done by the BIOS. Presumably there is some asymmetric crypto
involved with the processor doing the signature validation.
A major power that makes a good fraction of the world's laptops and
desktops (and hence
11 matches
Mail list logo
