On Mon, 2007-06-18 at 13:40 -0500, Nicolas Williams wrote: > Are the algorithms used by Intel public? If not then that's an > additional reason to do our own signing.
They're not. Starting from: http://developer.intel.com/products/processor/manuals/index.htm I found: "Intel 64 and IA-32 Architectures Software Developer's Manual Volume 3A: System Programming Guide" see section 9.11 of: http://developer.intel.com/design/processor/manuals/253668.pdf assuming I'm reading this correctly, intel recommends that (a) software using this interface verify that the microcode blob checksums correctly (using a sum of the blob interpreted as an array of 32-bit integers) before attempting the load, and (b) software verify that the the microcode blob is for the CPU that's running. The document also states that the CPU will do additional tests before accepting the blob but says nothing about what they are or how strong they are. BTW, to make it easier to find, I put a copy of this PDF into the case directory as "ia32-sdm-3A.pdf". - Bill
