[HN Gopher] On "I don't trust microcode" ___________________________________________________________________ On "I don't trust microcode" Author : ignoramous Score : 23 points Date : 2023-01-30 13:45 UTC (9 hours ago) (HTM) web link (patrick.georgi.family) (TXT) w3m dump (patrick.georgi.family) | slackfan wrote: | The something or other axiom: Updates to most software have been | inevitably harmful to any original user of that software. That | goes for programs, that goes for microcode. | mouse_ wrote: | Cybersecurity and updates in general are mostly gaslighting. | Not entirely, just mostly. Look to South Korea's banking | situation for a flanderized example. | zabzonk wrote: | i really don't think this guy understands what microcode is, if | he does, this article doesn't explain it. | | and if you are not going to trust microcode, what else are you | not going to trust - logic gates, transistors, electrons? | gruez wrote: | >and if you are not going to trust microcode, what else are you | not going to trust - logic gates, transistors, electrons? | | The article is unequivocally _pro_ microcode. The title is him | replying to people who don 't trust microcode, so it's a | rebuttal. | zabzonk wrote: | ok, i misread, will delete my comment - except i can't | DethNinja wrote: | There are good reasons to not trust microcode. For example, a | certain instruction chain can be made to trigger backdoors on | the CPU and allow direct memory access for attackers. Catching | this might be rather hard, though definitely not impossible. | pjmlp wrote: | Same applies to CPUs without microcode due to hardware design | bugs. | noorkersz wrote: | we will distrust that which we cannot inspect. | | if we cannot inspect the content of the microcode updates in | the context of the architecture's schematics then it won't be | trusted | gruez wrote: | That's already a lost cause considering how hard it is to | inspect the die (ie. the physical transistors) itself. | NoToP wrote: | Electrons are a ponzi scheme. The more you look into it the | more it's all empty space. | cwzwarich wrote: | I don't work on x86 CPUs, but it's my understanding that most | "microcode updates" change the values of HW registers (or | "chicken bits") to disable problematic CPU optimizations rather | than changing the literal microcode expansions of instructions. | | On non/less-microcoded CPU, this same functionality would be | achieved by a higher-level firmware/OS update. ___________________________________________________________________ (page generated 2023-01-30 23:00 UTC)