[geeks] How?

Patrick Giagnocavo patrick at zill.net
Tue Jan 9 21:51:35 CST 2018


Pretty sure there is code in the linux kernel that deals with this. Whether obfuscated or a binary blob or not, I don't know. 

Cheers Patrick 
----- Original Message -----
From: Jonathan Patschke <jp at celestrion.net>
To: The Geeks List <geeks at sunhelp.org>
Sent: Tue, 9 Jan 2018 22:23:46 -0500 (EST)
Subject: Re: [geeks] How?

On Tue, 9 Jan 2018, Lionel Peterson wrote:

> https://redmondmag.com/blogs/scott-bekker/2018/01/intel-patch-chips-in-last-5
> -years.aspx
>
> Seriously, how are they accomplishing this update? Anyone know?

Short answer: it gets stored somewhere that can be applied every time the
CPU is reset.

The three leading x86 CPU vendors all have microcode update capabilities.
When Intel introduced the feature, it was primarily used for turning off
features.

I can only speak to how one of the companies (the one that pays my salary)
manages the updates (and only with a great deal of hand-waving because of
NDA), but I suspect the other two work similarly.  With that particular
product family, microcode updates consist of an x86 header to "do setup
things" prior to loading the microcode update into memory, followed by a
non-published "go" instruction.  The CPU decrypts the update within L2D,
and the microcode loader reads the update records one-by-one (and makes
sure various rules are followed about how the records need to look).

When it's all done, an area of on-die cache-like memory holds the patches
to the microcode, and that area acts like an overlay, obscuring the
original microcode at the patched addresses.  The pipelines are then
flushed, and execution resumes.

All three CPU makers support ucode updates from a running system (ex:
loaded by the OS), but it's more typical that the updates are applied from
firmware.

-- 
Jonathan Patschke
Austin, TX
USA
_______________________________________________
GEEKS:  http://www.sunhelp.org/mailman/listinfo/geeks


More information about the geeks mailing list