105 comments
wrs · 13 days ago
"A test payload for Milan and Genoa CPUs that makes the RDRAND instruction return 4"... Turns out kernel RNG belt-and-suspenders was justified?

Show replies

xmodem · 13 days ago
Security implications aside, the ability to load custom microcode onto these chips could have fascinating implications for reverse engineering and understanding them better.

Show replies

userbinator · 13 days ago
This reminds me of a decade-old utility called "Bulldozer Conditioner" that claimed to increase performance of certain AMD CPUs dramatically (and was verified by benchmarks), yet the author was extremely avoidant of the technical details of how it was accomplished --- AFAIK no one publicly RE'd and posted information on it that I could find, and I never got around to doing it either, but now I wonder if he had figured out how to modify and optimise(!) the microcode.

Show replies

hedora · 13 days ago
As an end user, I wonder how my cloud provider can prove to me that they installed AMD's fix and are not simply running a malicious version of the microcode on their CPU that claims to have the fix.

Show replies

account42 · 12 days ago
"This vulnerability allows an adversary with local administrator privileges (ring 0 from outside a VM) to load malicious microcode patches."

"Vulnerability"

These restrictions should never have been in place in the first place.

Show replies