1. Forum
  2. Usenet
  3. COMP.ARCH

  • Re: Zen Microcode

    From John Dallman@21:1/5 to Ormandy on Thu Mar 6 09:36:00 2025
    In article <m2s3p6F12efU1@mid.individual.net>, taviso@gmail.com (Tavis
    Ormandy) wrote:

    This might be interesting to regulars here, the scheme used by AMD
    to verify microcode patches are authentic was much weaker than
    intended. It turns out you can actually load your own patches.

    Oh, great. A new attack route for malware.

    John

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From MitchAlsup1@21:1/5 to All on Fri Mar 7 20:29:26 2025
    A "good try" at encryption is what engineers show management
    in order to claim they know what they are doing {{even when
    they really don't}}.

    I was in the meetings where the AMD architecture team discussed
    this "security issue" and I can name names.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lawrence D'Oliveiro@21:1/5 to BGB on Thu Apr 3 07:47:42 2025
    On Sun, 9 Mar 2025 16:20:10 -0500, BGB wrote:

    In the latter case, the encryption would often be something like XOR'ing
    with a bit pattern or a Caesar cipher or similar.

    XOR is perfectly fine as an encryption technique, provided that the
    sequence being XORed with is sufficiently strongly pseudorandom.

    This is known as a “stream” cipher. Basically, any “block” cipher can be
    turned into a stream cipher by using it to generate the XOR sequence.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)