Article 10/28/20 - Researchers have extracted the secret key that encrypts updates to Intel (Goldmont-based) CPUs

Toggle sidebar Toggle sidebar
richierich1212

richierich1212

Platinum Member
Jul 5, 2002
2,741
360
126
Ars Technica Article

So now it looks like hackers can decrypt Intel’s microcode updates on Goldmont-based CPUs.
Intel is saying it shouldn’t affect consumers.

They’re correct in the short term. Who knows what other vulnerability’s are in all of these darned CPUs (ARM, Apple, AMD, Intel, etc). At least researchers found it and not an actual exploiter.
 
Last edited:
  • Wow
Reactions: lightmanek and Gideon
Sort by date Sort by votes
VirtualLarry

VirtualLarry

No Lifer
Aug 25, 2001
56,340
10,044
126
In a statement, Intel officials wrote:


The issue described does not represent security exposure to customers, and we do not rely on obfuscation of information behind red unlock as a security measure. In addition to the INTEL-SA-00086 mitigation, OEMs following Intel’s manufacturing guidance have mitigated the OEM specific unlock capabilities required for this research.
The private key used to authenticate microcode does not reside in the silicon, and an attacker cannot load an unauthenticated patch on a remote system.
Click to expand...
Click to expand...


Not quite the end of the world, and, at least according to the article, ONLY for Goldmont-architecture CPUs. Can we get an update to the title to clarify that?

Thanks for the article link, though.

Edit: Also, this is ONLY the RC4 key used to encrypt (obfuscate) the microcode. They DID NOT hack the (private) microcode signing key (*which according to Intel, is no-where in the silicon), so at least from my read of the article, one cannot simply conjure up their own hacked microcode updates for Intel (Goldmont) CPUs.
 
Upvote 0 Downvote
moinmoin

moinmoin

Diamond Member
Jun 1, 2017
4,952
7,661
136
"The key can be extracted for any chip—be it a Celeron, Pentium, or Atom—that’s based on Intel’s Goldmont architecture. (...)

The genesis for the discovery came three years ago when Goryachy and Ermolov found a critical vulnerability, indexed as Intel SA-00086, that allowed them to execute code of their choice inside the independent core of chips that included a subsystem known as the Intel Management Engine. Intel fixed the bug and released a patch, but because chips can always be rolled back to an earlier firmware version and then exploited, there’s no way to effectively eliminate the vulnerability. (...)

the trio was able to use the vulnerability to access “Red Unlock,” a service mode embedded into Intel chips. Company engineers use this mode to debug microcode before chips are publicly released. (...)

Accessing a Goldmont-based CPU in Red Unlock mode allowed the researchers to extract a special ROM area known as the MSROM, short for microcode sequencer ROM."

Intel security is a rabbit hole alright.
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom