back to article Boffins release tool to decrypt Intel microcode. Have at it, x86 giant says

Infosec boffins have released a tool to decrypt and unpack the microcode for a class of low-power Intel CPUs, opening up a way to look at how the chipmaker has implemented various security fixes and features as well as things like virtualization. Published Monday on GitHub, the Intel Microcode Decryptor is a collection of …

  1. A Non e-mouse Silver badge

    Always wondered how modern CPUs really work. Just have to wait for the "Dummies guide to Intel Microcode" book to come out.

    1. Jim Mitchell

      Microcode isn't really part of the how the CPU operates. Its just code that the processor runs to do complex actions.

      1. david 12 Silver badge

        Well, when I was a student, microcode design was part of what 'microprocessor design' was. We started with TTL, and designed a microcoded processor.

        Anyway, this is part of the history of RISC. Researchers developed advanced compilation techniques that allowed them to optimize RISC code, and thought that RISC processors would be the wave of the future. Then Intel implemented the advanced compilation techniques in microcode, and offered it as a CISC package.

        1. Fifth Horseman

          Quite. If you are as old as me, you probably started with a 74181 ALU and worked from there. Good enough for the the first generation of VAX... I think it is something still worth doing today, assuming you can find the parts.

          Not so sure about your RISC vs CISC comparison, though. True, the Intel P6/Pentium Pro CISC architecture has roots in the i960 RISC, just as the AMD K5 architecture is derived from the Am29050, but the arguments are much older - dating back to an analysis of IBM 1401 code, I believe - and are probably more about philosophy and ideology than implementation techniques.

          1. Fifth Horseman

            As an aside, if you are interested in the development of the Pentium Pro, "The Pentium Chronicles" by Robert Colwell is worth a read. Not "Soul of a New Machine" good, but entertaining and informative enough.

      2. nijam Silver badge

        > It's just code that the processor runs to do complex actions.

        In other words, it really is part of how the CPU operates.

      3. Fifth Horseman

        Define 'complex'.

        You're new to this whole "CPU design" thing, I assume?

      4. ITMA Silver badge

        "Microcode isn't really part of the how the CPU operates. Its just code that the processor runs to do complex actions."

        You mean like twiddling the bits necessary to operate all of the CPU's lowest level core functions that allow it to execute the CPU's "official" instruction set instead of having to design hard coded logic to do it all?

  2. Zhdanovite

    Intel might appear to accept the new reality though I bet they miss the old days.

    eA swift knock to the head with a corporate billyclub, A Pair of silicon shoes and finally a long rest in the wildlife refuge. Problem solved until the next itinerant researcher trundles along.

  3. PRR Bronze badge

    > lifts the lid off the complex world of processor design.

    Lifts the lid? More like opens a small peep-hole into a side-branch of tedious disassembly.

  4. Pascal Monett Silver badge

    "some people worrying the scripts could be used for mischievous purposes"

    There's always a miscreant somewhere that will use whatever in bad ways.

    That's not a reason to not do the job.

  5. Clausewitz4.0

    Microcode Security

    QUOTE: "microcode has an RSA signature for integrity protection."

    In other words, a well-guarded(?) RSA key opens the doors to the kingdom

    1. Michael Wojcik Silver badge

      Re: Microcode Security

      It's a fairly narrow branch of the attack tree. The attacker would still have to get the new signed microcode onto the machine and get it loaded into the CPU. That requires privileged access, and if you already have that, the additional advantage of putting it in microcode is slight for most use cases. It's a nice way to get a really hardy APT into a system, but for the vast majority of cases a regular rootkit would be sufficient.

      1. Clausewitz4.0

        Re: Microcode Security

        QUOTE: for the vast majority of cases a regular rootkit would be sufficient

        I agree on that.

        But a microcode-rootkit would be the most undetectable piece of nasty code, and could be activated remotely without triggering any alarm bells - actually, you could even submit a sample to any famous sandboxes, and they would not flag nothing malicious at all.

        Probably the reason China and Russia insist on using home-made silicon for mil/intel/sensitive stuff.

  6. John Smith 19 Gold badge
    Thumb Up

    Because security -by-obscurity has worked soooooooooooo well in the past.


    More eyeballs on this code might stop a few of these vulerantiblities that have hammerd the Intel architecture from time to time.

    Now, how about that blob that runs the "management engine"

    1. Dwarf

      Re: Because security -by-obscurity has worked soooooooooooo well in the past.

      @John Smith 19

      +1 for this, have an upvote

  7. J.G.Harston Silver badge

    Sigh. What happened to the good old days when b0-b2 selected a register, and b3-5 selected the ALU operation, and it all just flowed through electronically. None of this program code all the way down stuff.

    1. John Smith 19 Gold badge

      What happened to the good old days


      Microcode was first discussed by Maurice Wilkes in 1951 *as a way of simplifying computer design.

      AFAIK only the 6502 (of that generations processors) was directly coded, which may explain why it's 16bit successor used in the AppleIIGS was a PITA to design and took so long to get to market.

      Just because a processor used a few formats doesn't necessarily mean its hard coded. The Transputer's byte length encoding about as simple as possible, but actualy implemented on top of an even simpler micro machine.

      TBH it's all about the tools you have available. ARM was done by generating logic signals with PLA's. Put enough PLA entries to cover every possible input combination (or "Address" if you like) and start consistently labelling the output bit patterns (call them "micro instructions") and hey presto it's become a microcode ROM. It's also likely to be a lot bigger.

      *However before he died (in 2010) Wilkes looked at Babbages Analytical Engine designs (sometime in the 80's I think) and concluded that the "Barrels" in the design were basically iimplementing microprograms to provide the instruction set (this is around 1834-38, IOW 1 century before Alan Turning). Babbage also developed multiple notations to track the mechanical, logical and temporal behaviour of the design. IOW he'd also developed EDA support before he had a machine to run it on.

      When I hear people talking about something being "On the next level" I think of Babbage. If his notations had taken off it's impossible to say what the world would be like now. Makes you wonder what other stuff is in the archives somewhere,,,,

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like