Re: Intel Pentium Bug

Dean Gaudet (dgaudet-list-bugtraq@ARCTIC.ORG)
Fri, 07 Nov 1997 21:09:17 -0800

I'd imagine the update sequence can be executed once after power-on, after
that you can't change it again without a power cycle. Then it's trivial
for intel to supply a "null update" to all BIOS vendors, and have them
load that at boot time. Then the chip would be secure (from update
attacks) after the BIOS did its thing. When intel needs to really update
the microcode they supply the update to the bios vendors who make newly
flashable images ... and so on.

At least that's one way to do it.

Dean

On Fri, 7 Nov 1997, Eric Allman wrote:

> This scenario does assume that the instruction sequence that updates
> the microcode is accessible when the processor is in user mode. Of
> course, it does make an attack that lets you run in kernel mode
> rather more interesting....
>
> eric
>
>
> ============= In Reply To: ===========================================
> : From: Aleph One <aleph1@DFW.NET>
> : Subject: Re: Intel Pentium Bug
> : Date: Fri, 7 Nov 1997 19:49:28 -0600
>
> : On Fri, 7 Nov 1997, George Imburgia wrote:
> :
> : > Intel recently acknowledged that they enabled the ability to update
> : > microcode on Pentium chips several years ago. That's right folks, they put
> : > a backdoor in your hardware. The good news is, it could be used to fix
> : > this bug, should Intel be so inclined.
> : >
> : > AMD's microcode is updateable too. No clue about cyrix.
> :
> : This is something I discussed with a friend about two years ago.
> : Imagine if you will someone with information on how to download new
> : microcode to the CPU. This person has the availity to write a
> : virus/trojan/activex/program that can now compleatly disable your CPU
> : in such a way that it would need to be taken out to reinitialize.
> : If they fully disable the CPU the end user would program replace every
> : single component of the computer before the CPU. This would cost thousands
> : of hours of lost work and man power.
> :
> : Far worse, it could introduse subtle random flaws in for example the login
> : or artihmetic processing. How may industries would be affected if hit?
> : Or what about microcode backdoors that add your own instructions to
> : bypass memory protection? You could write your own program to modify
> : your process structure to become owned by root. The possibilities are
> : endless.
> :
> : If Intel where to provide a program to update the microcode on the CPU
> : it would most probably be disassembled and reverse engineered quickly.
> : Whats a multi-billion company to do?C
> :
> : > George Imburgia, Network Specialist Phone: (302)739-4068
> : > Delaware Technical & Community College Fax: (302 739-3345
> : > Office of the President e-mail: gti@hopi.dtcc.edu
> :
> : Aleph One / aleph1@dfw.net
> : http://underground.org/
> : KeyID 1024/948FD6B5
> : Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
>