Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
They have been sort of cracked, but it doesn't matter. The web or chain of trust of those updates from the vendor to the processor is what matters. They're at least CRC checked to prevent loading corrupt files.
https://ieeeaccess.ieee.org/featured-articles/reverseenginee...
https://github.com/intel/Intel-Linux-Processor-Microcode-Dat...
https://github.com/platomav/CPUMicrocodes
They have been sort of cracked, but it doesn't matter. The web or chain of trust of those updates from the vendor to the processor is what matters. They're at least CRC checked to prevent loading corrupt files.
https://ieeeaccess.ieee.org/featured-articles/reverseenginee...
https://github.com/intel/Intel-Linux-Processor-Microcode-Dat...
https://github.com/platomav/CPUMicrocodes
They have been sort of cracked, but it doesn't matter. The web or chain of trust of those updates from the vendor to the processor is what matters. They're at least CRC checked to prevent loading corrupt files.
https://ieeeaccess.ieee.org/featured-articles/reverseenginee...
https://github.com/intel/Intel-Linux-Processor-Microcode-Dat...
https://github.com/platomav/CPUMicrocodes
For the Intel stuff you're talking about, there's three classes keys in play, two of which have been leaked, but not the one that allows you to impersonate Intel. What we have are the keys shipped on every actual system (that has been cracked, I think that's just for Goldmont), the symmetric encrypt/decrypt key (AES IIRC), and the public signing key to verify that it came from Intel. Intel's private keys behind the signature haven't been leaked.
Interestingly though, it turns out that AMD K10 microcode updates weren't signed and had only the laziest form of encryption, allowing some security researchers to make custom ucode updates using this toolchain they posted on github: https://github.com/RUB-SysSec/Microcode