Zen and the Art of Microcode Hacking (Google Bug Hunters)

Date:
Wed, 05 Mar 2025 22:10:45 +0000

Description:
The Google Bug Hunters blog has a
detailed description of how a vulnerability in AMD's microcode-patching functionality was discovered and exploited; the authors have also released
a set of tools to assist with this kind of research in the future. Secure
hash functions are designed in such a way that there is no
secret key, and there is no way to use knowledge of the
intermediate state in order to generate a collision. However, CMAC
was not designed as a hash function, and therefore it is a weak
hash function against an adversary who has the key. Remember that
every AMD Zen CPU has to have the same AES-CMAC key in order to
successfully calculate the hash of the AMD public key and the
microcode patch contents. Therefore, the key only needs to be
revealed from a single CPU in order to compromise all other CPUs
using the same key. This opens up the potential for hardware
attacks (e.g., reading the key from ROM with a scanning electron
microscope), side-channel attacks (e.g., using Correlation Power
Analysis to leak the key during validation), or other software or
hardware attacks that can somehow reveal the key. In summary, it is
a safe assumption that such a key will not remain secret forever.

======================================================================
Link to news story:
https://lwn.net/Articles/1013136/


--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)