Custom Processing Unit: Tracing and Patching Intel Atom Microcode

Discover the secrets of Intel Atom microcode updates, including tracing, patching, and decryption, to unlock custom CPU behavior and control flow redirection.

Key takeaways
  • The microcode update is done using an undocumented instruction that returns random data.
  • The CR bus is a critical component that allows CPU internal components to interact with each other.
  • Intel’s CPUs have a secret stored in the CR bus that can be accessed through the L dot component.
  • The microcode sequencer can be accessed through the L dot and allows modification of microcode.
  • The microcode can be decrypted and the decrypted content can be modified.
  • The matching patch mechanism allows the CPU to redirect control flow to microcode ROM.
  • By tracing the microcode update routine, the CPU’s internal state can be reconstructed.
  • The microcode updates can be patched to implement custom CPU behavior.
  • The CPU’s secret keys can be used to decrypt the microcode updates.
  • The CR bus is used to communicate between CPU internal components.
  • The CPU’s microcode can be analyzed to understand how it works.
  • By hooking the microcode update routine, the CPU’s internal state can be observed.
  • The microcode update can be used to implement custom CPU functionality.
  • The CPU’s microcode can be patched to implement custom CPU behavior.

More talks

Tarirah: The Chip Show: How Not To Design a CPU

ElixirConf 2023 - Jason Stiebs - A LiveView is a Process

Go security pitfalls; 2 lessons from the battlefield at Grafana Labs - Jeremy Matos

Trace Me if You Can: Bypassing Linux Syscall Tracing

Connect remotely like a pro! Hack VPNs, avoid firewalls, connect even when your machine is down

Django Logging Demystified with Lee Trout - DjangoCon US 2022

Just enough ops for developers with Peter Baumgartner - DjangoCon US 2022

BTD: Unleashing the Power of Decompilation for x86 Deep Neural Network Executables