Uncategorized

microparse

“Microparse: Microcode update parser for AMD, Intel, and VIA processors written in Python 3.x.”

Security Analysis of x86 Processor Microcode
Daming D. Chen, Gail-Joon Ahn
December 11, 2014

Modern computer processors contain an embedded firmware known as microcode that controls decode and execution of x86 instructions. Despite being proprietary and relatively obscure, this microcode can be updated using binaries released by hardware manufacturers to correct processor logic faws (errata). In this paper, we show that a malicious microcode update can potentially implement a new malicious instructions or alter the functionality of existing instructions, including processor-accelerated virtualization or cryptographic primitives. Not only is this attack vector capable of subverting all software-enforced security policies and access controls, but it also leaves behind no postmortem forensic evidence due to the volatile nature of write-only patch memory embedded within the processor. Although supervisor privileges (ring zero) are required to update processor microcode, this attack cannot be easily mitigated due to the implementation of microcode update functionality within processor silicon. Additionally, we reveal the microarchitecture and mechanism of microcode updates, present a security analysis of this attack vector, and provide some mitigation suggestions. A tool for parsing microcode updates has been made open source, in conjunction with a listing of our dataset.

https://github.com/ddcc/microparse

 

https://www.dcddcc.com/docs/2014_paper_microcode.pdf

 

Standard
Uncategorized

AMD seeks Firmware Security Engineer

MTS Software Development Engineer – Firmware – Security
The Software Security Engineering group is responsible for enabling Platform Security and Content Protection features. The team develops components across the entire software stack including device drivers, firmware, and application level interfaces, enabling customers to build novel solutions while supporting industry standards. […] Design and implement embedded firmware supporting Platform Security features across a wide range of AMD product lines.[…]

https://jobs.amd.com/job/Markham-MTS-Software-Development-Engineer-Firmware-Security-ON/391389700/

Standard
Uncategorized

OEMs/IBVs aren’t enabling ECC config in boot menus

It looks like most vendors don’t have their boot menus updated to support the new ECC memory they now support…

[…]Once you have an ECC-enabled memory controller, a motherboard with the right traces, and a few sticks of ECC memory, the next step is whether the BIOS/UEFI properly supports ECC. This is where things start getting a little bit iffy. AMD placed all the responsibility for ECC support on the motherboard manufacturers, and they aren’t really willing to step up to the plate and assume that responsibility…you will find out why in the conclusion. As a result, while most motherboard manufacturers have now come to acknowledge that their motherboards are indeed ECC enabled, that is the extent of their involvement. Not one is offering an enable/disable option in the UEFI, and we haven’t seen anyone but ASRock and ASUS have any ECC settings available at the moment.

This lack of settings severely hampers the overall ECC functionality, since a big part of it is that the motherboard should be able to log errors. Right now, no such logging capability exists. Thankfully, there is a possible software solution. The operating system – if it fully supports this new AM4 platform – should have the ability to log errors and corrections. If it does not, the hardware might be silently correcting single-bit errors and even detecting ‘catastrophic’ two-bit errors, but you will never know about it since there will be no log. That’s what we are going to look into next.

To conclude this page, we strongly suspect that just about every AM4 motherboard likely has ECC enabled, or at the very least will in the future. Most motherboard manufacturers certainly aren’t actively supporting it, or even unlocking any of the features that accompany it, but they don’t appear to be maliciously disabling it either. At this point in time, they simply have other way more important things on their plate, like improving memory support, overclocking, ensuring that IOMMU is functional, etc. Furthermore, we strongly suspect that they are presently unable to unlock all of the necessary settings without a newer CPU microcode from AMD.

 

http://www.hardwarecanucks.com/forum/hardware-canucks-reviews/75030-ecc-memory-amds-ryzen-deep-dive-2.html

Standard
Uncategorized

AMD on AGESA updates for Ryzen

AMD has a blog post on the Ryzen, and it talks about AGESA updates!

[…]Let’s talk BIOS updates:
Finally, we wanted to share with you our most recent work on the AMD Generic Encapsulated Software Architecture for AMD Ryzen™ processors. We call it the AGESA™ for short. As a brief primer, the AGESA is responsible for initializing AMD x86-64 processors during boot time, acting as something of a “nucleus” for the BIOS updates you receive for your motherboard. Motherboard vendors take the baseline capabilities of our AGESA releases and build on that infrastructure to create the files you download and flash. We will soon be distributing AGESA point release 1.0.0.4 to our motherboard partners. We expect BIOSes based on this AGESA to start hitting the public in early April, though specific dates will depend on the schedules and QA practices of your motherboard vendor. BIOSes based on this new code will have four important improvements for you:
* We have reduced DRAM latency by approximately 6ns. This can result in higher performance for latency-sensitive applications.
* We resolved a condition where an unusual FMA3 code sequence could cause a system hang.
* We resolved the “overclock sleep bug” where an incorrect CPU frequency could be reported after resuming from S3 sleep.
* AMD Ryzen™ Master no longer requires the High-Precision Event Timer (HPET).

We will continue to update you on future AGESA releases when they’re complete, and we’re already working hard to bring you a May release that focuses on overclocked DDR4 memory.[…]

https://community.amd.com/community/gaming/blog/2017/03/30/amd-ryzen-community-update-2

 

Standard
Uncategorized

AMD updates Programmer’s Manual

Last week, AMD updated “AMD64 Architecture Programmer’s Manual Volume 2: System Programming”. The changelog does not give a lot of information, you have to visit all the Tables/Sections to see what was changed:

Modified CR4 Register, Section 3.1.3.
Removed UD2 in Table 6-1.
Added new bullet in Section 7.1.1.
Modified Note in Table 7-1.
Added new Section 7.4.1.
Clarified Self Modifying Code in Section 7.6.1.
Added UD0 and UD1 instructions in Section 8.2.7.
Added Instructions Retired Performance counter in Section 13.1.1.
Modified Table in Section 15.34.9.

https://support.amd.com/TechDocs/24593.pdf

http://developer.amd.com/resources/developer-guides-manuals/

Standard
Uncategorized

AMD updated AGESA?

There are news reports that AMD AGESA has been updated. AMD has a developer section on their web site, but I wish they included a section with news on AGESA, like Intel FSP site does.

https://www.dvhardware.net/article66244.html
https://www.bit-tech.net/news/hardware/2017/03/21/amd-ryzen-fma3-fix-promise/1
https://www.overclock3d.net/news/cpu_mainboard/amd_has_reportedly_released_new_agesa_microcode_for_ryzen/1
https://www.hardocp.com/news/2017/03/20/new_amd_agesa_microcode_in_wild_uefi

https://en.wikipedia.org/wiki/AGESA

Standard