microcode store (was Re: Looking to get into a Mini Computer...)

On 7/25/2014 10:24 AM, Rob Doyle wrote: There is no reason to speculate about the microcode. Once you compromise the bios there is no reason to worry about microcode. You can pretty much do anything with a number of mechanisms at that point. Note what I said. The Intel guys make the NSA look like they are posting stuff publicly on street corners. They are beyond paranoid to the point of putting in an encryption hardware component dedicated to this load of microcode. The bios is only knows as much about the microcode patching mechanism as a wire knows about what is transmitted down it. Nothing. It is just passing thru. The Trusted computing component they added is much the same sort of device to be sure that code is executed on a machine that is not compromised. That Microsoft still makes a mess of it isn't the fault of the mechanism. They just have too many things that are apparently written by people who don't know or don't care being executed in trusted code that they still give away the farm. However back to the patch, I am pretty sure there is no remaining mechanism for putting in any patches anymore in any production part. And most prototypes are not very useful as it is hard to find a system running anything other than just a bare install of whatever windows is lying around with no application software loaded on it or network access. Other than being subject to massive legal problems by violating the trust of either organization, I'd say the NSA and Intel are both pretty far up there in maintaining their trust, and the there will not be many ways to send out a patch without it coming from inside Intel somewhere. I don't know that AMD does any patching, someone else will have to comment on that. What I saw of their processor development I was not near such a mechanism. Jim