microcode store (was Re: Looking to get into a Mini Computer...)

On 7/25/2014 4:28 PM, Eric Smith wrote: Try to put some code of your own in there. All of those updates are encrypted. W/o being Intel and encoding and encrypting updates now you can't install microcode anymore. These are the updates I referred to that are routinely added to Bios to be installed automatically, so you don't need to do it with a tool like this. Once various chips would make the street, a rollup patch would be sent to the bios development groups I knew of and they'd be incorporated into the bios to be loaded based on each processor id as needed. The P3's up to the coppermine always seemed to have a lot of issues, but as what became the Core type processors came out less so. the P4 had some while I worked on it, but less than the P3s. Some shipped parts barely worked w/o an update. If you can encrypt and code a patch, then you have access to internal Intel tools and documentation I won't even describe to code them. I don't know if the NSA or others outside Intel could compromise that, but it would require doing it around the time the chip shipped, not something that could be done and assumed to be distributed to systems much after that time. I don't know a lot of people who do chip code updates, but if they update their Bios, in my experience it is usually while the system is relatively new. Compromising and reflashing the Bios based on the motherboard is another matter and is sufficent to do anything that one could do to the microcode. The bios which is compromised would have to be such that it installed it and concealed its presence. There may be some bios compromise kits in the wild, have not checked the sites that scan for such. They most likely would be very difficult to detect by signature if done correctly once installed in the bios. Jim