Re: Just update the microcode (was: Re: defending against evil in all layers of hardware and software)

2008-04-29 Thread alex

No need to be a major power.  Linux patches x86 code, as does Windows.  I ran 
across a project several years ago that modified the microcode for some i/o x86 
assembly instructions.  Here's a good link explaining it all.  

http://en.wikipedia.org/wiki/Microcode

All this hw/sw flexibility makes designing a good security system a real 
challenge.  You need a reference monitor somewhere in it that you can truly 
trust.

- Alex


 - Original Message -
 From: John Ioannidis [EMAIL PROTECTED]
 To: Cryptography cryptography@metzdowd.com
 Subject: Just update the microcode (was: Re: defending against 
 evil in all layers of hardware and software)
 Date: Mon, 28 Apr 2008 18:16:12 -0400
 
 
 Intel and AMD processors can have new microcode loaded to them, and 
 this is usually done by the BIOS.  Presumably there is some 
 asymmetric crypto involved with the processor doing the signature 
 validation.
 
 A major power that makes a good fraction of the world's laptops and 
 desktops (and hence controls the circuitry and the BIOS, even if 
 they do not control the chip manufacturing process) would be in a 
 good place to introduce problems that way, no?
 
 /ji
 
 -
 The Cryptography Mailing List
 Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Just update the microcode (was: Re: defending against evil in all layers of hardware and software)

2008-04-29 Thread John Ioannidis

[EMAIL PROTECTED] wrote:
No need to be a major power.  Linux patches x86 code, as does Windows.  I ran across a project several years ago that modified the microcode for some i/o x86 assembly instructions.  Here's a good link explaining it all.  



What the OS or the BIOS loads is files that come from Intel.

There is some verification involved, as the processor won't just accept 
random bytes. You'll need a fair amount of money, as well as 
intelligence expertise, to get hold of the signing keys, not to mention 
the documentation for how to write microcode in the first place.  I 
assume that's one of Intel's (and AMD's) closest-guarded secrets.




http://en.wikipedia.org/wiki/Microcode


It must be true, I read it on the Internet :)



All this hw/sw flexibility makes designing a good security system a real 
challenge.  You need a reference monitor somewhere in it that you can truly 
trust.

- Alex



That we agree on!

/ji




- Original Message -
From: John Ioannidis [EMAIL PROTECTED]
To: Cryptography cryptography@metzdowd.com
Subject: Just update the microcode (was: Re: defending against 
evil in all layers of hardware and software)

Date: Mon, 28 Apr 2008 18:16:12 -0400


Intel and AMD processors can have new microcode loaded to them, and 
this is usually done by the BIOS.  Presumably there is some 
asymmetric crypto involved with the processor doing the signature 
validation.


A major power that makes a good fraction of the world's laptops and 
desktops (and hence controls the circuitry and the BIOS, even if 
they do not control the chip manufacturing process) would be in a 
good place to introduce problems that way, no?


/ji

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]




-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Just update the microcode (was: Re: defending against evil in all layers of hardware and software)

2008-04-29 Thread Sebastian Krahmer

The signature in the microcode update has not the same
meaning as within crypto. For intel chips it has 31bits and basically
contains a revision number. The requirements for the BIOS for
checking microcode updates are in short: check the crc and ensure
that older revisions cant replace new ones by comparing the signature.
I did not try myself, but I think one can probably update anything
if you just hexedit the update header.
Afaik these chips do not own any crypto-related functionallity
or storage capability (except precise timing and rand maybe) and
they are not tamper-proof. Thats why TPM was invented :-)

l8er,
Sebastian

On Mon, Apr 28, 2008 at 06:16:12PM -0400, John Ioannidis wrote:

 Intel and AMD processors can have new microcode loaded to them, and this 
 is usually done by the BIOS.  Presumably there is some asymmetric crypto 
 involved with the processor doing the signature validation.
 
 A major power that makes a good fraction of the world's laptops and 
 desktops (and hence controls the circuitry and the BIOS, even if they do 
 not control the chip manufacturing process) would be in a good place to 
 introduce problems that way, no?
 
 /ji
 
 -
 The Cryptography Mailing List
 Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

-- 
~~
~~ perl self.pl
~~ $_='print\$_=\47$_\47;eval';eval
~~ [EMAIL PROTECTED] - SuSE Security Team
~~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Just update the microcode (was: Re: defending against evil in all layers of hardware and software)

2008-04-28 Thread John Ioannidis
Intel and AMD processors can have new microcode loaded to them, and this 
is usually done by the BIOS.  Presumably there is some asymmetric crypto 
involved with the processor doing the signature validation.


A major power that makes a good fraction of the world's laptops and 
desktops (and hence controls the circuitry and the BIOS, even if they do 
not control the chip manufacturing process) would be in a good place to 
introduce problems that way, no?


/ji

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]