Finally, the casket is opened: we (+@h0t_max and @_Dmit) have extracted Intel x86 microcode! One more Intel "top secret" information gets revealed...

They fired the pcode programmer... Who will fix the bugs now?

Most likely the PoC was obtained brute forcing mutable bits of a patch for which it was known for certain that it makes changes to the rdrand instruction...

@_MatteoRizzo @misc0110 Great work, congratulations! Waiting for AMD ucode ROM dump/disassembler...

RT @taviso: This was a huge research project -- at least some details are partially released today! 😩

@taviso Patch for a bug in the patch loading ucode in MSROM? That's unfixable in my opinion...

RT @wipawel: An excellent undocumented instruction chase story. Must have been a lot of fun.

RT @taviso: welp, it looks like an OEM leaked the patch for "AMD Microcode Signature Verification Vulnerability" 🔥 The patch is not in linu…

MOWs are sent to NDA-ed customers (having privileged Intel RDC access) and describe changes in Pre-Production HW/FW/Docs of selected products. You can find many useful info in MOWs such as hw bug fixes, all issued microcode patch revisions, existing collateral doc numbers...

The king is dead! Long live the King!

RT @a13xp0p0v: Slides for my talk at @h2hconference 2024: Diving into Linux kernel security 🤿 I described how to learn this complex area…

RT @InstLatX64: #Intel opened a "Trusted Computing Base Recovery of Intel Trusted Execution Environments" page: htt…

A big step forward in reverse engineering of Intel p-unit firmware (pcode): managed to match the debug trace message IDs in the pcode with the message IDs from the .xml files of Intel System Trace utilities. Huh, many things become clearer...

@a66ot I don't do a drama, I just do a research 😀

RT @EduardKovacs: Intel has shared some clarifications on claims made by a researcher regarding the hacking of its SGX security technology.…

@B_Shamshirsaz @sbellem Thanks

@sbellem To overcome the issue, yes, they should remove all known Root Provisioning Keys of GLK/R from their RAS databases

@Analytic_ETH @socrates1024 @PratyushRT @kobigurk That's CSME Anti Rollback Prevention. Most vendors don't enable it