Microcode is a fundamental building block for x86 CPUs – implementing everything from complex x86 instructions, to privilege transitions and virtualization. Beyond ring 0 and SMM lies the microcode privilege level, with maximum control over the x86 core and the internal buffers within. Accessing and tinkering with microcode is a hacker’s dream, but cryptographic protections prevent all but Intel and AMD from doing so..
We present.. EntrySign, a cryptographic flaw in AMD’s microcode patch verification.. EntrySign lets us execute arbitrary microcode on all AMD CPUs from Zen to Zen 4 and modify the behavior of x86 instructions. We will delve into the format of AMD microcode, how their patches are verified, how we were able to reverse engineer this process, and how we were able to access the key information required to defeat it.. we are releasing all of the tools necessary to reproduce our work and continue building upon our research..
transpute•6mo ago