Subj : Zen and the Art of Microcode Hacking (Google Bug Hunters)
To   : All
From : LWN.net
Date : Wed Mar 05 2025 22:15:08

Zen and the Art of Microcode Hacking (Google Bug Hunters)

Date:
Wed, 05 Mar 2025 22:10:45 +0000

Description:
The Google Bug Hunters blog has a
detailed description of how a vulnerability in AMD's microcode-patching
functionality was discovered and exploited; the authors have also released
a set of tools to assist with this kind of research in the future. Secure 
hash functions are designed in such a way that there is no
	secret key, and there is no way to use knowledge of the
	intermediate state in order to generate a collision. However, CMAC
	was not designed as a hash function, and therefore it is a weak
	hash function against an adversary who has the key. Remember that
	every AMD Zen CPU has to have the same AES-CMAC key in order to
	successfully calculate the hash of the AMD public key and the
	microcode patch contents. Therefore, the key only needs to be
	revealed from a single CPU in order to compromise all other CPUs
	using the same key. This opens up the potential for hardware
	attacks (e.g., reading the key from ROM with a scanning electron
	microscope), side-channel attacks (e.g., using Correlation Power
	Analysis to leak the key during validation), or other software or
	hardware attacks that can somehow reveal the key. In summary, it is
	a safe assumption that such a key will not remain secret forever.

======================================================================
Link to news story:
https://lwn.net/Articles/1013136/


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.