[geeks] How?
Jonathan Patschke
jp at celestrion.net
Tue Jan 9 22:12:49 CST 2018
On Tue, 9 Jan 2018, Patrick Giagnocavo wrote:
> Pretty sure there is code in the linux kernel that deals with this.
> Whether obfuscated or a binary blob or not, I don't know.
The Linux code is limited to matching patches based on CPUID Vendor + FMS,
checking the publicly-documented fields (signature, checksum, etc.), and
doing the manufacturer-specific boostrap instructions to ask the CPU to
try loading the update. The BSD code is similar, and the Solaris and
Windows code probably follows a similar pattern.
Most of the actual work happens in microcode, and the update files are
deliberately obfuscated and dusted with crypto. This isn't the sort of
power you want a rootkit to ever be able to obtain.
--
Jonathan Patschke
Austin, TX
USA
More information about the geeks
mailing list