On Sat, 6 Jan 2018 13:32:30 +0100 Patrik Lori <[email protected]> wrote:
>
> If Intel, AMD, ARM, .. now communicating, that they can change the
CPU/MMU-Microcode outside there secured factories; they send (with this)
very dangerous messages to all hackers.
>
> Hackers can use "the same procedure" to do the oposit of these patches!
>
> Changing CPU/MMU-Microcodes MUST NOT BE POSSIBLE outside the secured
HW-Factories!
>
> Otherwize, we are all in great new SECURITY-DANGER!
>
> I hope the CPU/MMU-Microcode - Patch can NOT be manipulated or
canceled afterwards !!!
>
This has always been possible. Microcode updates have one purpose only,
to change the way the CPU handles instructions. And there has always
been a way to apply these updates to running processors. Usually those
updates will be delivered along with your BIOS/UEFI versions, however
these packages provide a way to also load them via the kernel, providing
added security at runtime.
What you are describing is not really a new security danger whatsoever.
If you have kernel access you have compromised the system to such a
fundamental level already that loading older microcode would be the
least of your problems.
I'm not really sure what your message wants to convey either? Are you
against the practice of providing microcode updates or in general
appalled by the fact that microcode can be changed after a CPU has been
released (which it can since many years, how else would you fix critical
bugs that pop up later?)? Both make absolute sense from a security
standpoint.