26 Jul
2014
26 Jul
'14
10:44 a.m.
If you can encrypt and code a [microcode] patch, then
you have access
to internal Intel tools and documentation I won't even describe to
code them.
Except for the encryption, I'm not convinced. People have
reverse-engineered harder things.
I don't know if the NSA or others outside Intel
could compromise
that, [...]
Depends on how you define "compromise". From their point of view, I
doubt there is any compromise involved; I would expect that Intel rolls
over for the letter agencies, providing documentation and encryption
help as desired, so there is no compromise in the sense of doing it
without Intel's cooperation. But from the end user's point of view,
being attacked by NSA (or whoever) malware reflashing the BIOS to
include (say) a subtly broken RNG, that is a compromise, and a rather
serious one.
I've long been irritated that motherboards don't include hardware
en/disables for reflashing, so that to reflash the BIOS you have to do
something physical like move a jumper. This is actually a moderately
plausible reason for that - it improves security too much.
but it would require doing it around the time the chip
shipped, not
something that could be done and assumed to be distributed to systems
much after that time.
Oh, I don't see it as being a mass compromise. I see it as being
targeted: the letter agencies want to see what person (or corporation)
XYZ is doing, so they release stealth malware which, when it determines
it's reached (one of) the right machine(s), reflashes the BIOS with the
tweaked microcode.
It's one reason I like old hardware: it's significantly less vulnerable
all around to such attacks. (It's also another reason to prefer RISC
CPUs: they tend to be less microcoded.)
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse at rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B