AMD Microcode Signature Verification Vulnerability Let Attackers Load Malicious Patches
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Security researchers have uncovered a critical vulnerability in AMD Zen CPUs that allows attackers with elevated privileges to load malicious microcode patches, bypassing cryptographic signature checks.
Dubbed “EntrySign,” this flaw stems from AMD’s use of the AES-CMAC algorithm as a hash function during microcode validation—a design decision that enables collision attacks and signature forgery.
Microcode Security Foundations
According to Google’s Bug Hunting researchers, modern x86 processors like AMD’s Zen architecture rely on microcode—a layer of RISC-like instructions that translate complex x86 operations into executable hardware logic.
AMD employs encrypted microcode updates authenticated via RSA-2048 signatures to patch hardware bugs without physical recalls. The validation process involves four stages:
AMD’s Zen architecture
This chain assumes CMAC’s collision resistance—an assumption shattered by EntrySign’s findings.
The CMAC Hash Collision Vulnerability
The fatal flaw lies in AMD’s dual use of AES-CMAC as both a key hashing and content authentication mechanism.
While CMAC provides integrity against passive attackers, it fails catastrophically when adversaries control the AES key—a scenario made feasible through hardware reverse engineering or side-channel attacks.
Researchers demonstrated that knowing the AES-CMAC key enables:
The attack exploits CMAC’s linear structure—by injecting a 16-byte “compensating block” (ae4634b83805ea28d7ecac0053a6ab6c), attackers manipulate intermediate CMAC states to force collisions.
This allowed creating a valid RSA key pair (N = 0x151d07eae2f…) that factors into small primes, enabling private key derivation:
Exploitation Mechanics
With a colliding public key, attackers bypass AMD’s fused hash check. They then exploit RSASSA-PKCS1-v1.5’s lax padding verification to sign malicious microcode.
A proof-of-concept patch hijacked the RDRAND instruction to always return 4:
Mitigations
EntrySign exposes all Zen 1-4 CPUs to persistent microcode hijacking by attackers with ring-0 access. While patches reset on reboot, threats persist in:
AMD’s mitigation replaces CMAC with a custom hash and deploys Secure Processor (ASP) checks before x86 cores activate. However, retrofitting older Zen architectures remains challenging due to ROM storage constraints.
“This vulnerability underscores the fragility of cryptographic trust anchors in hardware,” noted the research team.
“When security-critical algorithms like hashing are repurposed beyond their design scope, it creates systemic risks.”
The disclosure coincides with the release of Zentool, an open-source framework for analyzing and crafting AMD microcode. Researchers hope it will promote community efforts to audit and harden low-level CPU security.
As CPUs increasingly underpin cloud and AI infrastructures, EntrySign highlights the urgent need for agile, updateable cryptographic primitives in silicon, a lesson the industry is now racing to implement.
#Cyber_Security #Cyber_Security_News #Google #Vulnerability #Vulnerability_News #cyber_security #cyber_security_news
Оригинальная версия на сайте:
AMD Microcode Signature Verification Vulnerability Let Attackers Load Malicious Patches
Author: KaaviyaSecurity researchers have uncovered a critical vulnerability in AMD Zen CPUs that allows attackers with elevated privileges to load malicious microcode patches, bypassing cryptographic signature checks.
Dubbed “EntrySign,” this flaw stems from AMD’s use of the AES-CMAC algorithm as a hash function during microcode validation—a design decision that enables collision attacks and signature forgery.
Microcode Security Foundations
According to Google’s Bug Hunting researchers, modern x86 processors like AMD’s Zen architecture rely on microcode—a layer of RISC-like instructions that translate complex x86 operations into executable hardware logic.
AMD employs encrypted microcode updates authenticated via RSA-2048 signatures to patch hardware bugs without physical recalls. The validation process involves four stages:
AMD’s Zen architecture - Public Key Validation: The CPU hashes the patch’s embedded RSA public key using AES-CMAC and compares it against a fused hardware hash.
- Content Hashing: AES-CMAC generates a 128-bit digest of the patch’s instruction quads and match registers.
- Signature Verification: The RSA signature is decrypted and matched against the content hash using PKCS #1 v1.5 padding.
- Patch Installation: Validated microcode loads into SRAM, overriding ROM instructions.
This chain assumes CMAC’s collision resistance—an assumption shattered by EntrySign’s findings.
The CMAC Hash Collision Vulnerability
The fatal flaw lies in AMD’s dual use of AES-CMAC as both a key hashing and content authentication mechanism.
While CMAC provides integrity against passive attackers, it fails catastrophically when adversaries control the AES key—a scenario made feasible through hardware reverse engineering or side-channel attacks.
Researchers demonstrated that knowing the AES-CMAC key enables:
- Public Key Collisions: Forging new RSA moduli (N’ = p*q) that hash to AMD’s fused CMAC value.
- Signature Forgery: Crafting malicious patches whose CMAC digest matches a legitimately signed payload.
The attack exploits CMAC’s linear structure—by injecting a 16-byte “compensating block” (ae4634b83805ea28d7ecac0053a6ab6c), attackers manipulate intermediate CMAC states to force collisions.
This allowed creating a valid RSA key pair (N = 0x151d07eae2f…) that factors into small primes, enabling private key derivation:
Exploitation Mechanics
With a colliding public key, attackers bypass AMD’s fused hash check. They then exploit RSASSA-PKCS1-v1.5’s lax padding verification to sign malicious microcode.
A proof-of-concept patch hijacked the RDRAND instruction to always return 4:
- Match Register Manipulation: Redirecting microcode execution flow to patch SRAM.
- Instruction Overwrite: Replacing RDRAND’s micro-ops with mov.qs rax, 4.
- Montgomery Constant Bypass: Forging the N’ constant (-N^{-1} mod R) to satisfy AMD’s Montgomery multiplier checks:
Mitigations
EntrySign exposes all Zen 1-4 CPUs to persistent microcode hijacking by attackers with ring-0 access. While patches reset on reboot, threats persist in:
- Compromised hypervisors could deploy hostile microcode to guest VMs.
- Malicious OEMs might preload firmware with backdoored patches.
- AMD’s SKINIT dynamic root-of-trust could be subverted during measured launches.
AMD’s mitigation replaces CMAC with a custom hash and deploys Secure Processor (ASP) checks before x86 cores activate. However, retrofitting older Zen architectures remains challenging due to ROM storage constraints.
“This vulnerability underscores the fragility of cryptographic trust anchors in hardware,” noted the research team.
“When security-critical algorithms like hashing are repurposed beyond their design scope, it creates systemic risks.”
The disclosure coincides with the release of Zentool, an open-source framework for analyzing and crafting AMD microcode. Researchers hope it will promote community efforts to audit and harden low-level CPU security.
As CPUs increasingly underpin cloud and AI infrastructures, EntrySign highlights the urgent need for agile, updateable cryptographic primitives in silicon, a lesson the industry is now racing to implement.
#Cyber_Security #Cyber_Security_News #Google #Vulnerability #Vulnerability_News #cyber_security #cyber_security_news
Оригинальная версия на сайте:
