Re: [Stable-review] [56/74] x86, microcode, AMD: Extend ucode sizeverification

[Henrique de Moraes Holschuh]

On Thu, 14 Apr 2011, Borislav Petkov wrote:
> > Good thing nothing important depends on this validation, oh wait...
> 
> Oh wait, please don't tell me that you really think that the CPU relies
> completely on software to do its ucode validation and accepts the "good"
> ucode binary patch blindly...

http://www.securiteam.com/securityreviews/5FP0M1PDFO.html

If it is not a hoax, circa 2004 K8s would accept any crap that passed a
simple checksum test.

I don't trust the claims of strong crypto usage by Intel either,
especially since AFAIK Intel itself never claimed to use anything strong,
just that its microcode was "encrypted".

I sure hope real crypto is used on the more recent cores from both
vendors, though.  Too bad we cannot lock down further microcode updates
until the next hard reset...

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/