[EMAIL PROTECTED] wrote:
No need to be a major power. Linux patches x86 code, as does Windows. I ran across a project several years ago that modified the microcode for some i/o x86 assembly instructions. Here's a good link explaining it all.
What the OS or the BIOS loads is files that come from Intel.
There is some verification involved, as the processor won't just accept
random bytes. You'll need a fair amount of money, as well as
intelligence expertise, to get hold of the signing keys, not to mention
the documentation for how to write microcode in the first place. I
assume that's one of Intel's (and AMD's) closest-guarded secrets.
http://en.wikipedia.org/wiki/Microcode
"It must be true, I read it on the Internet" :)
All this hw/sw flexibility makes designing a good security system a real
challenge. You need a reference monitor somewhere in it that you can truly
trust.
- Alex
That we agree on!
/ji
----- Original Message -----
From: "John Ioannidis" <[EMAIL PROTECTED]>
To: Cryptography <cryptography@metzdowd.com>
Subject: Just update the microcode (was: Re: defending against
evil in all layers of hardware and software)
Date: Mon, 28 Apr 2008 18:16:12 -0400
Intel and AMD processors can have new microcode loaded to them, and
this is usually done by the BIOS. Presumably there is some
asymmetric crypto involved with the processor doing the signature
validation.
A major power that makes a good fraction of the world's laptops and
desktops (and hence controls the circuitry and the BIOS, even if
they do not control the chip manufacturing process) would be in a
good place to introduce problems that way, no?
/ji
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]