Source URL: https://www.theregister.com/2025/02/04/google_amd_microcode/
Source: The Register
Title: Google: How to make any AMD Zen CPU always generate 4 as a random number
Feedly Summary: Malicious microcode vulnerability discovered, fixes rolling out for Epycs at least
Googlers have not only figured out how to break AMD’s security – allowing them to load unofficial microcode into its processors to modify the silicon’s behavior – but also demonstrated this by producing a microcode patch that makes the chips always output 4 when asked for a random number.…
AI Summary and Description: Yes
**Summary:**
The text discusses a security vulnerability discovered by Google’s engineers that allows unauthorized microcode modifications in AMD processors. This vulnerability undermines AMD’s secure encrypted virtualization and root-of-trust features, posing significant risks for systems relying on AMD hardware for secure operations.
**Detailed Description:**
The breakthrough achieved by Google engineers has depicted how they can manipulate AMD processors’ microcode, leading to the following key insights:
– **Microcode Significance:**
– Microcode is crucial for CPU functionality, enabling updates and fixes without physical alterations to the chip. AMD employs a cryptographic mechanism to validate microcode updates.
– **Vulnerability Discovery:**
– Google was able to produce microcode updates that are accepted by AMD processors, effectively changing their operation.
– A proof-of-concept demonstration indicated that it could redirect the chip’s random number generator to always output the value 4, destabilizing cryptographic applications that depend on randomness.
– **Potential Implications:**
– The capability to craft arbitrary microcode raises severe security concerns.
– It jeopardizes the confidentiality of computing workloads, particularly those leveraging AMD’s Secure Encrypted Virtualization (SEV) and Dynamic Root of Trust Measurement (DRTM).
– Such unauthorized access requires kernel-level permissions, highlighting the risk posed by either system customizers or advanced malware.
– **Root Cause:**
– The issue stems from AMD’s use of a weak hash function in their microcode signature validation, which can be exploited to load malicious microcode updates.
– **Response and Mitigation:**
– AMD views this as a significant vulnerability (CVE-2024-56161) and has initiated a rollout of security patches.
– Despite these patches, there is a need for an official update process and ongoing research to enhance the system’s resilience against such attacks.
– **Administrative Access Required:**
– Attackers need host admin access to exploit this vulnerability, which emphasizes the importance of privilege management in preventing unauthorized actions.
This incident serves as a stark reminder for security and compliance professionals to maintain rigorous standards over administrative access and to be vigilant of vulnerabilities associated with hardware-level management, particularly in environments utilizing advanced virtualization technologies. The ongoing collaboration between AMD and Google illustrates the necessity of swift responses to emerging security threats in computing infrastructures.