On “I don't trust microcode”

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  • They have been sort of cracked, but it doesn't matter. The web or chain of trust of those updates from the vendor to the processor is what matters. They're at least CRC checked to prevent loading corrupt files.

    https://ieeeaccess.ieee.org/featured-articles/reverseenginee...

    https://github.com/intel/Intel-Linux-Processor-Microcode-Dat...

    https://github.com/platomav/CPUMicrocodes

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  • They have been sort of cracked, but it doesn't matter. The web or chain of trust of those updates from the vendor to the processor is what matters. They're at least CRC checked to prevent loading corrupt files.

    https://ieeeaccess.ieee.org/featured-articles/reverseenginee...

    https://github.com/intel/Intel-Linux-Processor-Microcode-Dat...

    https://github.com/platomav/CPUMicrocodes

  • CPUMicrocodes

    Intel, AMD, VIA & Freescale CPU Microcode Repositories

    They have been sort of cracked, but it doesn't matter. The web or chain of trust of those updates from the vendor to the processor is what matters. They're at least CRC checked to prevent loading corrupt files.

    https://ieeeaccess.ieee.org/featured-articles/reverseenginee...

    https://github.com/intel/Intel-Linux-Processor-Microcode-Dat...

    https://github.com/platomav/CPUMicrocodes

  • Microcode

    Microcode Updates for the USENIX 2017 paper: Reverse Engineering x86 Processor Microcode

    For the Intel stuff you're talking about, there's three classes keys in play, two of which have been leaked, but not the one that allows you to impersonate Intel. What we have are the keys shipped on every actual system (that has been cracked, I think that's just for Goldmont), the symmetric encrypt/decrypt key (AES IIRC), and the public signing key to verify that it came from Intel. Intel's private keys behind the signature haven't been leaked.

    Interestingly though, it turns out that AMD K10 microcode updates weren't signed and had only the laziest form of encryption, allowing some security researchers to make custom ucode updates using this toolchain they posted on github: https://github.com/RUB-SysSec/Microcode

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project