[geeks] How?

[Jonathan Patschke]

On Tue, 9 Jan 2018, Patrick Giagnocavo wrote:

> Pretty sure there is code in the linux kernel that deals with this.
> Whether obfuscated or a binary blob or not, I don't know.

The Linux code is limited to matching patches based on CPUID Vendor + FMS,
checking the publicly-documented fields (signature, checksum, etc.), and
doing the manufacturer-specific boostrap instructions to ask the CPU to
try loading the update.  The BSD code is similar, and the Solaris and
Windows code probably follows a similar pattern.

Most of the actual work happens in microcode, and the update files are
deliberately obfuscated and dusted with crypto.  This isn't the sort of
power you want a rootkit to ever be able to obtain.

-- 
Jonathan Patschke
Austin, TX
USA