Jump to content

In a first, researchers extract secret key used to encrypt Intel CPU code


Recommended Posts


"The genesis for the discovery came three years ago when Goryachy and Ermolov found a critical vulnerability, indexed as Intel SA-00086, that allowed them to execute code of their choice inside the independent core of chips that included a subsystem known as the Intel Management Engine. Intel fixed the bug and released a patch, but because chips can always be rolled back to an earlier firmware version and then exploited, there’s no way to effectively eliminate the vulnerability.

Five months ago, the trio was able to use the vulnerability to access “Red Unlock,” a service mode (see page 6 here) embedded into Intel chips. Company engineers use this mode to debug microcode before chips are publicly released. In a nod to The Matrix movie, the researchers named their tool for accessing this previously undocumented debugger Chip Red Pill, because it allows researchers to experience a chip’s inner workings that are usually off-limits. The technique works using a USB cable or special Intel adapter that pipes data to a vulnerable CPU.

Accessing a Goldmont-based CPU in Red Unlock mode allowed the researchers to extract a special ROM area known as the MSROM, short for microcode sequencer ROM. From there, they embarked on the painstaking process of reverse engineering the microcode. After months of analysis, it revealed the update process and the RC4 key it uses. The analysis, however, didn’t reveal the signing key Intel uses to cryptographically prove the authenticity of an update."

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...