Researchers Maxim Gorachy, Dmitry Skkylarov and Mark Ermolov have made done something what seemed impossible, they have succeeded in decrypting Intels secret key for CPUs for the first time, allowing them, for example, to fully view the content of security patches and micro-updates.
The key makes it possible to decrypt the microcode updates Intel provides to fix security vulnerabilities and other types of bugs. Having a decrypted copy of an update may allow hackers to reverse engineer it and learn precisely how to exploit the hole it’s patching. The key may also allow parties other than Intel—say a malicious hacker or a hobbyist—to update chips with their own microcode, although that customized version wouldn’t survive a reboot.
Arstechnica:
“At the moment, it is quite difficult to assess the security impact,” independent researcher Maxim Goryachy said in a direct message. “But in any case, this is the first time in the history of Intel processors when you can execute your microcode inside and analyze the updates.” Goryachy and two other researchers—Dmitry Sklyarov and Mark Ermolov, both with security firm Positive Technologies—worked jointly on the project. The key can be extracted for any chip. Five months ago, the trio was able to use the vulnerability to access “Red Unlock,” a service mode (see page 6 here) embedded into Intel chips. Company engineers use this mode to debug microcode before chips are publicly released. In a nod to The Matrix movie, the researchers named their tool for accessing this previously undocumented debugger Chip Red Pill, because it allows researchers to experience a chip’s inner workings that are usually off-limits. The technique works using a USB cable or special Intel adapter that pipes data to a vulnerable CPU.
“For now, there's only one but very important consequence: independent analysis of a microcode patch that was impossible until now,” Positive Technologies researcher Mark Ermolov said. “Now, researchers can see how Intel fixes one or another bug/vulnerability. And this is great. The encryption of microcode patches is a kind of security through obscurity.”
Researchers manage to decrypt Intel's secret CPU code key
