Abstract
Microcode update mechanism have been widely used in modern processors. Due to the implementation details are not public, researchers are prevented from gaining any sort of further understanding currently. The microcode update binary which uploaded into Central Processing Unit (CPU) is the only accessible node in this update chain by researchers, but previous manual reverse analysis for a small amount of microcode updates has the disadvantages of incomplete coverage, slow speed, and low accuracy. Therefore, we first build a Sample Repository containing 504 Intel official microcode updates, then propose a semiautomatic analytical method named SJNW-MA to analyze samples. This work has the following merits: (1) automatic methods of similarity analysis and candidate feature mining improve the speed; (2) manual-assisted analysis based on expert knowledge can filter important features, to avoid redundant features or valuable common data blocks missing; (3) analysis for 504 microcode updates make the results of reverse engineering are more complete. Finally, we extract eleven structures of Intel microcode updates and group them into four categories. In addition, we also identify and describe some new metadata in microcode updates of the third and the fourth category, including a new 3072-bit RSA Modulus as well as corresponding RSA Exponent which indicates upgrade of security technology inside update mechanism.
Highlights
Processor manufactures have introduced microcode into Central Processing Unit (CPU) interior to achieve greater performance and efficiency since the 1970’s
Microcode was initially implemented in Read-Only Memory (ROM), an update mechanism was introduced by means of Random-Access Memory (RAM) to implement dynamic debugging capabilities and correcting processor errata, especially after the infamous Intel Pentium FDIV bug of 1994
From heatmap, it can be intuitively found that some Jaccard index is higher and shows the characteristics of dense distribution, which verifies the rationality of previous assumption preliminary; From histogram, the amount of Jaccard index equaling to 0 is 58885, only accounting for 46.5% of all; there are even 33 cases where Jaccard index is 1, which means that the data except Header of two samples is the same
Summary
Processor manufactures have introduced microcode into CPU interior to achieve greater performance and efficiency since the 1970’s. Microcode was initially implemented in Read-Only Memory (ROM), an update mechanism was introduced by means of Random-Access Memory (RAM) to implement dynamic debugging capabilities and correcting processor errata, especially after the infamous Intel Pentium FDIV bug of 1994. Once erroneous CPU behavior is discovered, manufacturers publish a microcode update immediately. The most famous is that Intel, OEM of Motherboard and Operating System successively delivered solution for Spectre and Meltdown vulnerabilities [1], [2] by microcode updates in 2018. On the basis of microcode updates, processor manufacturers obtain flexibility and reduce costs of correcting erroneous behavior. Due to the volatility of RAM, microcode updates are not persistent and have to be
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
