Last month, Google security researchers disclosed a high-severity vulnerability in AMD's CPU microcode signature verification system, affecting multiple AMD processors.
Today, they have released the full chain details of the vulnerability dubbed "EntrySign," a significant vulnerability (CVE-2024-56161) affecting AMD's Zen-based CPUs that allowed the execution of unauthorized microcode. The flaw, affecting processors from Zen 1 through Zen 4, enabled researchers to bypass AMD's cryptographic signature verification system designed to protect the integrity of microcode updates.
According to the technical details, modern x86 CPUs use microcode—a RISC-like instruction set—to implement complex instructions. Since hardware bugs can't be fixed without replacing physical components, manufacturers developed a mechanism for microcode updates to patch critical issues. These updates are generally protected by encryption and digital signatures to prevent tampering.
The vulnerability stems from AMD's use of AES-CMAC as a hash function in their signature verification process rather than a properly secure cryptographic hash algorithm.
The researchers discovered that AMD used the example key from NIST documentation (2b7e1516 28aed2a6 abf71588 09cf4f3c) across multiple CPU generations. This allowed them to forge signatures and create unauthorized microcode patches.
"This opens up the potential for hardware attacks, side-channel attacks, or other software or hardware attacks that can somehow reveal the key," the researchers noted in their analysis.
To demonstrate the vulnerability, the team created "zentool," a suite of utilities that can examine, author, sign, and load custom microcode patches. As proof of concept, they modified the RDRAND instruction to always return a specific value (4) rather than random numbers.
While the vulnerability requires an attacker to already have ring 0 (kernel) privileges and doesn't persist through a power cycle, it could have serious implications for confidential computing technologies like AMD SEV-SNP or DRTM using SKINIT and potential supply chain attacks.
AMD has since addressed the vulnerability with microcode updates that implement a more secure hash function, with the fix deployed through both a microcode update and an AMD Secure Processor update to prevent bypassing the validation routine.
The researchers have released their Zentool suite publicly, enabling other security researchers to examine microcode patches and create their own. They expressed hope that this will lead to new security research, similar to previous work on Intel microcode that has enabled the implementation of new security features and detection techniques.