Down The Intel Microcode Rabbit Hole

The aptly-named [chip-red-pill] staff is supplying you a probability to go down the Intel rabbit hole. If you figured out how to build CPUs back in the 1970s, you would master that your instruction decoder would, for instance, be aware a register to register shift and then light-weight up 1 sign-up to compose to a common bus and yet another register to examine from the prevalent bus. These days, it isn’t that simple. In addition to compiling to an underlying instruction set, processors rarely encode guidance in components any longer. In its place, each individual instruction has microcode that will cause the suitable matters to occur at the suitable time. But Intel encrypts their microcode. Of training course, what can be encrypted can also be decrypted.

Working with vulnerabilities, you can activate an undocumented debugging method identified as pink unlock. This enables a microcode dump and the decryption keys are within. The workforce did a paper for OffensiveCon22 on this procedure and you can see a online video about it, beneath.

So far, the keys for Gemini Lake and Apollo Lake processors are readily available. That covers fairly a amount of processors. Of class, there are quite a few much more processors out there if you want to consider your hand at a identical exploit.

This exact same staff has performed other exploits, these kinds of as executing arbitrary microcode inside an Atom CPU. If you want to engage in alongside, you might come across this helpful. You do know that your CPU has guidance it is holding from you, do not you?

https://www.youtube.com/view?v=V1nJeV0Uq0M