No need to be a major power. Linux patches x86 code, as does Windows. I ran across a project several years ago that modified the microcode for some i/o x86 assembly instructions. Here's a good link explaining it all.

What the OS or the BIOS loads is files that come from Intel.

There is some verification involved, as the processor won't just accept random bytes. You'll need a fair amount of money, as well as intelligence expertise, to get hold of the signing keys, not to mention the documentation for how to write microcode in the first place. I assume that's one of Intel's (and AMD's) closest-guarded secrets.


"It must be true, I read it on the Internet" :)

All this hw/sw flexibility makes designing a good security system a real 
challenge.  You need a reference monitor somewhere in it that you can truly 

- Alex

That we agree on!


----- Original Message -----
From: "John Ioannidis" <[EMAIL PROTECTED]>
To: Cryptography <cryptography@metzdowd.com>
Subject: Just update the microcode (was: Re: defending against evil in all layers of hardware and software)
Date: Mon, 28 Apr 2008 18:16:12 -0400

Intel and AMD processors can have new microcode loaded to them, and this is usually done by the BIOS. Presumably there is some asymmetric crypto involved with the processor doing the signature validation.

A major power that makes a good fraction of the world's laptops and desktops (and hence controls the circuitry and the BIOS, even if they do not control the chip manufacturing process) would be in a good place to introduce problems that way, no?


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to