[Cryptech Tech] AMD Microcode reverse engineered, breaking constant-time CPU crypto

[Peter Stuge]

This research presented at USENIX makes a good case for Cryptech.

https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/koppe

Philipp Koppe, Benjamin Kollenda, Marc Fyrbiak, Christian Kison,
Robert Gawlik, Christof Paar, and Thorsten Holz

Ruhr-Universität Bochum

Abstract excerpt

In this paper, we reverse engineer the microcode semantics and inner
workings of its update mechanism of conventional COTS CPUs on the
example of AMD’s K8 and K10 microarchitectures.  Furthermore, we
demonstrate how to develop custom microcode updates.  We describe the
microcode semantics and additionally present a set of microprograms
that demonstrate the possibilities offered by this technology.  To
this end, our microprograms range from CPU-assisted instrumentation
to microcoded Trojans that can even be reached from within a web
browser and enable remote code execution and cryptographic
implementation attacks.

Conclusion

In this paper we successfully changed the behavior of common,
general-purpose CPUs by modification of the microcode.  We provided
an in-depth analysis of microcode and its update mechanism for AMD K8
and K10 architectures.  In addition, we presented what can be
accomplished with this technology: First, we showed that augmenting
existing instructions allows us to implement CPU-assisted
instrumentation, which can enable high-performance defensive
solutions in the future.  Second, we demonstrated that malicious
microcode updates can have security implications for software systems
running on the hardware.