On Fri, Jul 25, 2014 at 11:24 AM, Rob Doyle <radioengr at gmail.com> wrote: Based on what's been leaked so far, the NSA seems to prefer to modify products after they leave the manufacturer's control, rather that have the manufacturer complicit, presumably in order to reduce the number of people who are aware of the alteration. It's certainly possible that the NSA installs custom microcode updates in the BIOS of machines they modify. In the case of x86 CPUs, they might have sufficient motivation to get their modifications into the standard vendor microcode update releases. I would expect that if they do that at all, they put in modifications far beyond just compromising the RNG. A huge percentage of x86 CPUs are used to run a relatively limited number of NT, MacOS, or RHEL kernels, so it seems possible that malicious microcode could recognize certain kernel addresses or instruction sequences and introduce exploitable bugs that can never be found in the kernel source code or even by disassembly of the object code. This might be a point in favor of RISC processors, which typically don't have any microcode, let alone a microcode patch area. It's not impossible that such a back door might be present in a RISC processor, but it would have to be designed in from the outset, not installed after manufacture. I'm going to go put on my tin foil hat [*] now, and watch the new Weird Al video "FOIL" again. Eric * I have it on good authority that only true tin foil is usable to block the mind control rays, and that's why you can't buy actual tin foil at the supermarket, only aluminum foil.