The fine researchers at Google have released the juicy details on EntrySign, the AMD Zen microcode issue we first covered about a month ago. And to give away the punchline: cryptography is hard. It’s hard in lots of ways, but the AMD problem here is all about keeping track of the guarantees provided by cryptographic primitives.
The vulnerability is in the verification of microcode updates for AMD’s Zen processor family. To understand microcode, you have to understand that X86-64 processors are actually built out of proprietary Reduced Instruction Set Computer (RISC) cores, that then emulate the more complex X86-64 complex instruction set computer (CISC) cores. Microcode is the firmware that controls that emulation step. For the security guarantees of modern computing, it’s rather important that CPUs only run signed microcode from the CPUs vendor. AMD has a pretty straightforward system to sign and then verify microcode patches.
Each patch includes a 2048-bit RSA public key and signature, verifying that the microcode was actually signed by the holder of the corresponding private key. The CPU hashes that public key, and compares it to a 128-bit value that was burned into the CPU at manufacture time. The intent is that if the hash matches, the public key must be the same. The problem was the hashing algorithm used for this step.
For this scheme to work, it would need a collision resistant cryptographic hashing function. The security of the scheme relies on the idea that it’s effectively impossible to find another public key that results in the same hash output. Finding a collis ..
Support the originator by clicking the read the rest link below.
