Re: A quote from Crypto-Gram
From: Joris Dobbelsteen (REMOVE.UPPERCASE.joris_at_jAoris2k.aTth.cXx)
Date: 08/18/04
- Next message: Mok-Kong Shen: "Re: strengthening /dev/urandom"
- Previous message: David Wagner: "Re: strengthening /dev/urandom"
- In reply to: Jeff Williams: "Re: A quote from Crypto-Gram"
- Next in thread: Tim Smith: "Re: A quote from Crypto-Gram"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 18 Aug 2004 22:39:05 +0200
"Jeff Williams" <frostback@canada.com> wrote in message
news:gOnUc.4075$bJ2.27380@news1.mts.net...
> Juergen Nieveler wrote:
>
> CAVEAT: I have no idea how much space is available for additions to the
> microcode in the relevant processors.
Please check out
Intel document 25366813
"IA32, Volume 3, System Programming"
Check out chapter 9.11 "Microcode Update Facilities".
The update is triggered by a WRMSR (Write Machine-Specific Register), with
the correct parameters.
It is a priviledges instruction (so you must be the kernel/driver or before
the kernel).
It existed and is used since Pentium 2. So people who start worrying should
throw all there Pentium 2/3/4 out of the window.
The maximum size of the microcode update block on the Pentium is 2 KB
(probably to scale to the future). It includes some checks for architecture,
checksum and such... So you should still be able to put in near 2 KB of
microcode into the processor. Of course, this doesn't mean the processor
contains 2KB of space for the microcode.
Many BIOSes update your processor to the latest microcode. Microsoft Windows
might do it too (noticed that 'microcode update' device in your hardware
list?)
I'm unaware whether the microcode loaded is lost when power is removed or if
its stored in an EEPROM.
I don't know if the assumption can be made whether this affects all
instructions or only affects specific instructions. Those x86 string
handling instructions would probably in microcode since long, but this might
not be true for addition/subtraction and other basic functions. Since the
x86 instruction set allows you to access so many sources it is possible for
a addition involving memory to be split into a load-from-memory / add /
store-to-memory instructions.
Both Intel and AMD seem to make a difference between 'simple' and 'complex'
instructions, where all (but one) decoders can handle the simple ones, but
only one is
capable of handling complex instructions (too).
The Pentium 4 CPU also had its instruction cache changed from just caching
the data to caching the microcode (micro-trace cache it was called if I
recall correctly). So this could mean all instructions are translated into
the microcode.
Unfortunally the AMD site is not as easy to use as Intel's, so I gave up
looking for AMD specs how to do the update.
It would seem quite unlikely to me doing such a thing, but given the
interest and the specific purpose of a single machine for a specific task,
it might just be a good place to hide a backdoor.
As a last-minute find:
ftp://download.intel.com/design/network/manuals/IXP1200_prog.pdf
microcode programming the Intel IXP1200 network processor.
- Joris
- Next message: Mok-Kong Shen: "Re: strengthening /dev/urandom"
- Previous message: David Wagner: "Re: strengthening /dev/urandom"
- In reply to: Jeff Williams: "Re: A quote from Crypto-Gram"
- Next in thread: Tim Smith: "Re: A quote from Crypto-Gram"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
