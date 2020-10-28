erek
"“There’s a common misconception that modern CPUs are mostly fixed in place from the factory, and occasionally they will get narrowly scoped microcode updates for especially egregious bugs,” Kenn White, product security principal at MongoDB, told me. “But to the extent that’s true (and it largely isn’t), there are very few practical limits on what an engineer could do with the keys to the kingdom for that silicon.”
One possibility might be hobbyists who want to root their CPU in much the way people have jailbroken or rooted iPhones and Android devices or hacked Sony’s PlayStation 3 console.
In theory, it might also be possible to use Chip Red Pill in an evil maid attack, in which someone with fleeting access to a device hacks it. But in either of these cases, the hack would be tethered, meaning it would last only as long as the device was turned on. Once restarted, the chip would return to its normal state. In some cases, the ability to execute arbitrary microcode inside the CPU may also be useful for attacks on cryptography keys, such as those used in trusted platform modules.
“For now, there's only one but very important consequence: independent analysis of a microcode patch that was impossible until now,” Positive Technologies researcher Mark Ermolov said. “Now, researchers can see how Intel fixes one or another bug/vulnerability. And this is great. The encryption of microcode patches is a kind of security through obscurity.”"
https://arstechnica.com/gadgets/202...ct-secret-key-used-to-encrypt-intel-cpu-code/
