If I’m understanding this correctly this opens up the door to a serious type of rootkit.
It’s not a matter of attackers having access to the data. It’s that they have replaced your hardware with malicious hardware.
Additionally It can be trivial to gain administrative capacity on a personal computer. But in a regular case you can just reinstall the operating system. This would survive that.
On some level yes, but reading the article nothing persist between boots. This seems like a vulnerability that’s really only that serious A if you don’t apply AMDs patched micro code and B there’s another vulnerability on your system that lets this persist between operating system reinstall/in the BIOS.
I’m having hard time understanding how the microcode patch is delivered. system updater or bios update? I’m fucked if it’s a bios update cos my shitty gigabyte mobo won’t detect the files
Your OS can load the microcode. Most Linux distros will load the latest microcode during boot. Some will even update the microcode when it gets the new microcode from the distro repositories. This facility exists specifically because motherboard vendors are terrible about providing updates.
As far as them being applied, yes. The loaded microcode is volatile.
They can kind of persist across cold reboots, but it relies on them being applied again at some point. The motherboard vendor can apply microcode updates during platform initialization before POSTing. Or they can be applied from EFI (modern equivalent of BIOS) before handing control to the kernel. Or they can be applied very early in the boot process by the kernel.
Edit: seems I may be mistaken.
If I’m understanding this correctly this opens up the door to a serious type of rootkit.
It’s not a matter of attackers having access to the data. It’s that they have replaced your hardware with malicious hardware.
Additionally It can be trivial to gain administrative capacity on a personal computer. But in a regular case you can just reinstall the operating system. This would survive that.
On some level yes, but reading the article nothing persist between boots. This seems like a vulnerability that’s really only that serious A if you don’t apply AMDs patched micro code and B there’s another vulnerability on your system that lets this persist between operating system reinstall/in the BIOS.
I’m having hard time understanding how the microcode patch is delivered. system updater or bios update? I’m fucked if it’s a bios update cos my shitty gigabyte mobo won’t detect the files
Your OS can load the microcode. Most Linux distros will load the latest microcode during boot. Some will even update the microcode when it gets the new microcode from the distro repositories. This facility exists specifically because motherboard vendors are terrible about providing updates.
That’s not what this is about. It can’t even survive a reboot.
Ah, thanks for the clarification.
Aren’t microcode updates erased after restarts?
As far as them being applied, yes. The loaded microcode is volatile.
They can kind of persist across cold reboots, but it relies on them being applied again at some point. The motherboard vendor can apply microcode updates during platform initialization before POSTing. Or they can be applied from EFI (modern equivalent of BIOS) before handing control to the kernel. Or they can be applied very early in the boot process by the kernel.