The "signature" in the microcode update has not the same meaning as within crypto. For intel chips it has 31bits and basically contains a revision number. The requirements for the BIOS for checking microcode updates are in short: check the crc and ensure that older revisions cant replace new ones by comparing the "signature". I did not try myself, but I think one can probably update anything if you just hexedit the update header. Afaik these chips do not own any crypto-related functionallity or storage capability (except precise timing and rand maybe) and they are not tamper-proof. Thats why TPM was invented :-)
l8er, Sebastian On Mon, Apr 28, 2008 at 06:16:12PM -0400, John Ioannidis wrote: > Intel and AMD processors can have new microcode loaded to them, and this > is usually done by the BIOS. Presumably there is some asymmetric crypto > involved with the processor doing the signature validation. > > A major power that makes a good fraction of the world's laptops and > desktops (and hence controls the circuitry and the BIOS, even if they do > not control the chip manufacturing process) would be in a good place to > introduce problems that way, no? > > /ji > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] -- ~~ ~~ perl self.pl ~~ $_='print"\$_=\47$_\47;eval"';eval ~~ [EMAIL PROTECTED] - SuSE Security Team ~~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]