On “I don't trust microcode”

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • Intel-Linux-Processor-Microcode-Data-Files

    • They have been sort of cracked, but it doesn't matter. The web or chain of trust of those updates from the vendor to the processor is what matters. They're at least CRC checked to prevent loading corrupt files.

    https://ieeeaccess.ieee.org/featured-articles/reverseenginee...

    https://github.com/intel/Intel-Linux-Processor-Microcode-Dat...

    https://github.com/platomav/CPUMicrocodes

  • Intel-Linux-Processor-Microcode-Dat

    • They have been sort of cracked, but it doesn't matter. The web or chain of trust of those updates from the vendor to the processor is what matters. They're at least CRC checked to prevent loading corrupt files.

    https://ieeeaccess.ieee.org/featured-articles/reverseenginee...

    https://github.com/intel/Intel-Linux-Processor-Microcode-Dat...

    https://github.com/platomav/CPUMicrocodes

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • CPUMicrocodes

    Intel, AMD, VIA & Freescale CPU Microcode Repositories

    • They have been sort of cracked, but it doesn't matter. The web or chain of trust of those updates from the vendor to the processor is what matters. They're at least CRC checked to prevent loading corrupt files.

    https://ieeeaccess.ieee.org/featured-articles/reverseenginee...

    https://github.com/intel/Intel-Linux-Processor-Microcode-Dat...

    https://github.com/platomav/CPUMicrocodes

  • Microcode

    Microcode Updates for the USENIX 2017 paper: Reverse Engineering x86 Processor Microcode

    • For the Intel stuff you're talking about, there's three classes keys in play, two of which have been leaked, but not the one that allows you to impersonate Intel. What we have are the keys shipped on every actual system (that has been cracked, I think that's just for Goldmont), the symmetric encrypt/decrypt key (AES IIRC), and the public signing key to verify that it came from Intel. Intel's private keys behind the signature haven't been leaked.

    Interestingly though, it turns out that AMD K10 microcode updates weren't signed and had only the laziest form of encryption, allowing some security researchers to make custom ucode updates using this toolchain they posted on github: https://github.com/RUB-SysSec/Microcode

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project