Validating license landesk management suite rejection stories dating
Microcode Update Procedure: The update procedure expects the 64-bit virtual address of the update data, including the 64 byte header, to be in edx:eax: edx = high 32 bits of 64-bit virtual address eax = low 32 bits of 64-bit virtual address ecx = 0xc0010020 (MSR to trigger update) Execute wrmsr with these register values.If the address and update block data are valid, wrmsr completes successfully. The microcode does not appear to update MSR 0x8B with the new update signature as it does on Intel processors, despite the fact that some BIOS code that was analyzed does seem to check this field.After analyzing a number of BIOS images, it appears that AMD has secretly used the microcode update facility on several occasions over the past few years, but obviously avoided publicly disclosing that it actually had bugs patchable in this manner.Early K7 (Athlon) cores initially supported microcode updates as well, until ironically the microcode update mechanism itself was found to be broken and subsequently listed as an erratum.Such an update could be flashed into the BIOS to make it persistent across reboots.For instance, by patching the appropriate microcode lines, it may be possible to catch an opcode that would normally be illegal, and instead handle it by tricking the TLB into thinking we’re in kernel mode when in fact the attacker has only compromised a userspace process.
The updates are structured to patch specific microcode lines, and there are a very limited number of patch slots available (around 64 if the patented technique was actually implemented as described).
Microcode Format: Surprisingly, the microcode itself is in no way encrypted as it is in Intel microcode updates; the raw data loaded into the microcode patch array is directly exposed. Patent 6438664 describes the most probable structure of this data; the bit patterns in the update blocks show the outline of the uop triads and control fields known to exist in K8 microcode.
The repetitive structure of the data, bit patterns and fields characteristic of microcode indicate that apparently no encryption was performed. Further analysis of the microcode format is in progress.
Even more surprising is the total lack of strong authentication that the update block has not been damaged or altered.
The processor’s sole means of validating an update is to take the sum of all 32-bit words in the 896 byte update block and compare it to the 32-bit checksum at offset 12; this verification is done by microcode already stored in the microcode ROM.
Search for validating license landesk management suite:
The following sections describe the microcode update procedure, obtained by clean room reverse engineering various vendors’ BIOS code.