Boffins release tool to decrypt Intel microcode. Have at it, x86 giant says
Peek behind the curtain to see SGX implemented, Spectre mitigated, and more
Infosec boffins have released a tool to decrypt and unpack the microcode for a class of low-power Intel CPUs, opening up a way to look at how the chipmaker has implemented various security fixes and features as well as things like virtualization.
Published Monday on GitHub, the Intel Microcode Decryptor is a collection of three Python scripts users can execute to decode the microcode – including the SGX XuCode – of certain Atom, Pentium, and Celeron CPUs based on Intel's Goldmont and Goldmont Plus microarchitectures. The work was done by three researchers — Maxim Goryachy, Mark Ermolov, and Dmitry Skylarov — who have previously uncovered several vulnerabilities in Intel processors.
The researchers noted that the tool cannot be used to create a custom microcode update because the "microcode has an RSA signature for integrity protection." In other words, there are checks in place to prevent people, including miscreants, from creating their own microcode updates to change the operation of CPU cores.
In response to questions from The Register, Intel seemed fairly chilled out about the tool's release, even though the US giant said it wasn't alerted about the researchers' plans ahead of time.
An Intel spokesperson told us "there should not be any security risks" as a result of the tool's availability. In fact, the company said letting more people review Intel's microcode could help the chipmaker identify more vulnerabilities in the future. For anyone successful doing so, that means potentially making some cash through Intel's bug bounty program.
"The ability for researchers to analyze microcode could enable discovery of new vulnerabilities. Since this microcode has been exposed, Intel welcomes researchers to participate in the microcode bug bounty program in the event that any issues are discovered," we were told.
Why access to microcode is a big deal
When Goryachy alerted netizens to the microcode-decrypting scripts on Twitter, it turned more than a few heads in the IT and security communities.
Today we've published Intel Microcode decryptor! It gives you an amazing opportunity for researching x86 platforms. You can understand how Intel mitigated spectre vulnerability, explore the implementation of Intel TXT, SGX,VT-x technologies! Enjoy it! https://t.co/CrMYbrPu03 pic.twitter.com/pW6iQoUGLJ
— Maxim Goryachy (@h0t_max) July 18, 2022
This is an important achievement because it lifts the lid off the complex world of processor design.
Chip designers like Intel have long used microcode to translate low-level machine instructions into circuit-level operations within CPU cores. Microcode can be loaded by the processor from memory, and thus updates to this code can be issued to fix bugs. These updates usually arrive as system software patches and BIOS upgrades.
Goryachy said the Intel Microcode Decryptor can be used to understand, for instance, how the chip giant mitigated the Spectre vulnerability in Goldmont CPUs. He added that the scripts can also help people understand how Intel has implemented various technologies, like Intel Trusted Execution Technology (TXT), Intel Software Guard Extensions (SGX), and Intel Virtualization Technology (VT-x).
Ermolov, one of the other boffins, added that the tool's availability means that people can now research XuCode, a variant of 64-bit mode x86 code used to implement parts of Intel SGX that is loaded as a microcode update. SGX is Intel's technology for creating secure enclaves in memory: these are protected areas that other software and users can't tamper with, not even the operating system or hypervisor.
XuCode is pretty interesting: the special x86 instructions to manage SGX enclaves are so involved that they are broken up into sequences of XuCode instructions that carry out the desired operations.
These XuCode instructions are standard 64-bit x86 with some extensions, and are further broken down by the processor into the usual x86 micro-operations. When an application uses a high-level SGX instruction, the processor may jump to its XuCode to carry out the work.
These XuCode sequences are stored in the microcode, and can now be extracted using the above Python scripts and analyzed using standard x86 reverse-engineering suites.
At run-time, the XuCode is stored in specially protected RAM, so some SGX instructions are effectively jumps to x86-like subroutines.
The tools' genesis and a mix of reactions
According to the researchers, the Intel Microcode Decryptor was made possible after the trio found vulnerabilities in Intel's chipsets in early 2020 that allowed them to activate an undocumented debugging mode dubbed Red Unlock. This led the boffins to find the decryption key that let them extract and decipher the microcode.
Intel had a slightly different account of the tool's genesis. The company spokesperson told us the researchers reported the Red Unlock vulnerability to the chipmaker in 2017. The boffins used this vulnerability to analyze and document the structure of the microcode in May 2021, which included releasing a disassembler script, Intel pointed out. The disclosure of the Red Unlock issue prompted Intel to launch a bug bounty program for microcode vulnerabilities.
- Older AMD, Intel chips vulnerable to data-leaking 'Retbleed' Spectre variant
- Intel sticks another nail in the coffin of TSX with feature-disabling microcode update
- Hardware boffin starts work on simulation of an entire IBM S/360 Model 50 mainframe
- Another month, another way to smash Intel's SGX security. Let's take a closer look at these latest holes...
The response to the latest tooling online has been a mix of awe, intrigue, and horror, with some people worrying the scripts could be used for mischievous purposes while others hailed it as a breakthrough in understanding how at least some part of Intel's incredibly complex silicon works. Just take a look at the quote tweets and replies for Goryachy's original tweet.
The release of the scripts did get a tip of the hat from Gal Diskin, a former Intel employee who led product security for SGX and contributed to the feature's design and architecture.
When asked by someone if access to the SGX microcode could lead to new kinds of attacks, Diskin had this to say: "We've always assumed that our code will be open source one day, and never allowed security by obscurity. That is at least how we worked when I led security evaluation for SGX." Diskin noted, however, that he hasn't been with Intel since 2013. ®