• Guest, The rules for the P & N subforum have been updated to prohibit "ad hominem" or personal attacks against other posters. See the full details in the post "Politics and News Rules & Guidelines."
  • Community Question: What makes a good motherboard?

Article 10/28/20 - Researchers have extracted the secret key that encrypts updates to Intel (Goldmont-based) CPUs

richierich1212

Platinum Member
Jul 5, 2002
2,704
336
126
Ars Technica Article

So now it looks like hackers can decrypt Intel’s microcode updates on Goldmont-based CPUs.
Intel is saying it shouldn’t affect consumers.

They’re correct in the short term. Who knows what other vulnerability’s are in all of these darned CPUs (ARM, Apple, AMD, Intel, etc). At least researchers found it and not an actual exploiter.
 
Last edited:

VirtualLarry

Lifer
Aug 25, 2001
49,494
5,580
126
In a statement, Intel officials wrote:


The issue described does not represent security exposure to customers, and we do not rely on obfuscation of information behind red unlock as a security measure. In addition to the INTEL-SA-00086 mitigation, OEMs following Intel’s manufacturing guidance have mitigated the OEM specific unlock capabilities required for this research.
The private key used to authenticate microcode does not reside in the silicon, and an attacker cannot load an unauthenticated patch on a remote system.

Not quite the end of the world, and, at least according to the article, ONLY for Goldmont-architecture CPUs. Can we get an update to the title to clarify that?

Thanks for the article link, though.

Edit: Also, this is ONLY the RC4 key used to encrypt (obfuscate) the microcode. They DID NOT hack the (private) microcode signing key (*which according to Intel, is no-where in the silicon), so at least from my read of the article, one cannot simply conjure up their own hacked microcode updates for Intel (Goldmont) CPUs.
 

moinmoin

Platinum Member
Jun 1, 2017
2,059
2,461
106
"The key can be extracted for any chip—be it a Celeron, Pentium, or Atom—that’s based on Intel’s Goldmont architecture. (...)

The genesis for the discovery came three years ago when Goryachy and Ermolov found a critical vulnerability, indexed as Intel SA-00086, that allowed them to execute code of their choice inside the independent core of chips that included a subsystem known as the Intel Management Engine. Intel fixed the bug and released a patch, but because chips can always be rolled back to an earlier firmware version and then exploited, there’s no way to effectively eliminate the vulnerability. (...)

the trio was able to use the vulnerability to access “Red Unlock,” a service mode embedded into Intel chips. Company engineers use this mode to debug microcode before chips are publicly released. (...)

Accessing a Goldmont-based CPU in Red Unlock mode allowed the researchers to extract a special ROM area known as the MSROM, short for microcode sequencer ROM.
"

Intel security is a rabbit hole alright.
 
Thread starter Similar threads Forum Replies Date
M CPUs and Overclocking 3

ASK THE COMMUNITY