Reverse Engineering x86 Processor Microcode

Microcode is an abstraction layer on top of the physical components of a CPU and present in most generalpurpose CPUs today. In addition to facilitate complex and vast instruction sets, it also provides an update mechanism that allows CPUs to be patched in-place without requiring any special hardware. While it is well-known that CPUs are regularly updated with this mechanism, very little is known about its inner workings given that microcode and the update mechanism are proprietary and have not been throughly analyzed yet. In this paper, we reverse engineer the microcode semantics and inner workings of its update mechanism of conventional COTS CPUs on the example of AMD’s K8 and K10 microarchitectures. Furthermore, we demonstrate how to develop custom microcode updates. We describe the microcode semantics and additionally present a set of microprograms that demonstrate the possibilities offered by this technology. To this end, our microprograms range from CPU-assisted instrumentation to microcoded Trojans that can even be reached from within a web browser and enable remote code execution and cryptographic implementation attacks.

[1]  Maurice V. Wilkes,et al.  The best way to design an automatic calculating machine , 1981 .

[2]  Tomlinson Gene Rauscher,et al.  Microprogramming: A Tutorial and Survey of Recent Developments , 1980, IEEE Transactions on Computers.

[3]  Moshe Y. Vardi,et al.  Formal Verification of Backward Compatibility of Microcode , 2005, CAV.

[4]  Daming Dominic Chen,et al.  Security Analysis of x86 Processor Microcode , 2014 .

[5]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[6]  Louise H. Jones A Survey of Current Work in Microprogramming , 1975, Computer.

[7]  Sergei Skorobogatov,et al.  Semi-invasive attacks: a new approach to hardware security analysis , 2005 .

[8]  Albert Meixner,et al.  Detouring: Translating software to circumvent hard faults in simple cores , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[9]  Frederik Vercauteren,et al.  Practical Realisation and Elimination of an ECC-Related Software Bug Attack , 2012, CT-RSA.

[10]  Todd M. Austin,et al.  DIVA: a reliable substrate for deep submicron microarchitecture design , 1999, MICRO-32. Proceedings of the 32nd Annual ACM/IEEE International Symposium on Microarchitecture.

[11]  Elaine Shi,et al.  PHANTOM: practical oblivious computation in a secure processor , 2013, CCS.

[12]  Satish Narayanasamy,et al.  Patching Processor Design Errors with Programmable Hardware , 2007, IEEE Micro.

[13]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[14]  William Stallings,et al.  Computer Organization and Architecture: Designing for Performance (7th Edition) , 2005 .

[15]  Ashok K. Agrawala,et al.  Foundations of microprogramming : architecture, software, and applications , 1976 .

[16]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003 .

[17]  David S. Hardin Design and Verification of Microprocessor Systems for High-Assurance Applications , 2010 .

[18]  Christof Paar,et al.  A Design Methodology for Stealthy Parametric Trojans and Its Application to Bug Attacks , 2016, CHES.

[19]  Jonathan M. Smith,et al.  SPECS: A Lightweight Runtime Mechanism for Protecting Software from Security-Critical Processor Bugs , 2015, ASPLOS.

[20]  Stanley Habib Microprogrammed enhancements to higher level languages - an overview , 1974, MICRO 7.

[21]  Y. Patt,et al.  SPAM: a microcode based tool for tracing operating sytsem events , 1988, SIGM.

[22]  Daniel J. Bernstein,et al.  Curve25519: New Diffie-Hellman Speed Records , 2006, Public Key Cryptography.

[23]  Bruce Jacob,et al.  Memory Systems: Cache, DRAM, Disk , 2007 .

[24]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[25]  M. Smotherman,et al.  A Brief History of Microprogramming , 2005 .

[26]  Serge Vaudenay,et al.  When Constant-Time Source Yields Variable-Time Binary: Exploiting Curve25519-donna Built with MSVC 2015 , 2016, CANS.

[27]  Patrick Schaumont,et al.  A Practical Introduction to Hardware/Software Codesign , 2010 .

[28]  Mark Mohammad Tehranipoor,et al.  A Survey on Chip to System Reverse Engineering , 2016, JETC.

[29]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[30]  Michael Backes,et al.  Dachshund: Digging for and Securing (Non-)Blinded Constants in JIT Code , 2017, NDSS.

[31]  Loïc Duflot,et al.  CPU bugs, CPU backdoors and consequences on security , 2008, Journal in Computer Virology.

[32]  David I. August,et al.  Configurable Transient Fault Detection via Dynamic Binary Translation , 2006 .

[33]  Farinaz Koushanfar,et al.  A Survey of Hardware Trojan Taxonomy and Detection , 2010, IEEE Design & Test of Computers.

[34]  Srinivas Devadas,et al.  Sanctum: Minimal Hardware Extensions for Strong Software Isolation , 2016, USENIX Security Symposium.

[35]  Amir Roth,et al.  DISE: a programmable macro engine for customizing applications , 2003, ISCA '03.

[36]  Dionysus Blazakis Interpreter Exploitation , 2010, WOOT.

[37]  Adam Langley,et al.  Elliptic Curves for Security , 2016, RFC.

[38]  J. LaFountain Inc. , 2013, American Art.