'Researchers have extracted the secret key that encrypts updates to an
assortment of Intel CPUs, a feat that could have wide-ranging
consequences for the way the chips are used and, possibly, the way
they're secured. The key makes it possible to decrypt the microcode
updates Intel provides to fix security vulnerabilities and other types
of bugs. Having a decrypted copy of an update may allow hackers to
reverse engineer it and learn precisely how to exploit the hole it's
patching. The key may also allow parties other than Intel -- say a
malicious hacker or a hobbyist -- to update chips with their own
microcode, although that customized version wouldn't survive a reboot.
"At the moment, it is quite difficult to assess the security impact,"
independent researcher Maxim Goryachy said in a direct message. "But
in any case, this is the first time in the history of Intel processors
when you can execute your microcode inside and analyze the updates."
Goryachy and two other researchers -- Dmitry Sklyarov and Mark
Ermolov, both with security firm Positive Technologies -- worked
jointly on the project. The key can be extracted for any chip -- be it
a Celeron, Pentium, or Atom -- that's based on Intel's Goldmont
In a statement, Intel officials wrote: "The issue described does not
represent security exposure to customers, and we do not rely on
obfuscation of information behind red unlock as a security measure. In
addition to the INTEL-SA-00086 mitigation, OEMs following Intel's
manufacturing guidance have mitigated the OEM specific unlock
capabilities required for this research. The private key used to
authenticate microcode does not reside in the silicon, and an attacker
cannot load an unauthenticated patch on a remote system."'
-- source: https://developers.slashdot.org/story/20/10/28/217212
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 577-5304