Hidden Debug Mode Found In AMD Processors

An anonymous reader writes "A hidden (and hardware password protected, by means of required special values in processor registers) debug mode has been found in AMD processors, and documented by a reverse engineer called Czernobyl on the RCE Forums community today. It enables powerful hardware debugging features long longed for by reverse engineers, such as hardware data-aware conditional breakpoints, and direct hardware 'page guard'-style breakpoints. And the best part is, it's sitting right there in your processor already, just read the details and off you go with the debugging ninja powers!"

The ultimate security disaster?

[pyalot]

Since TFA is down by now, and I can't get the exact details... does this mean that any program running and setting the right bits in the right registers can get "processor root" access to everything the processor does, irrespective of any security constraint the OS may place on that process? Oh dear

Re:Security?

[fuzzyfuzzyfungus]

Any CPU debug mode worthy of the name should be able to violate OS security six ways from Sunday, and silently at that, without any difficulty. By the same token, though, any CPU debug mode worthy of shipping in commercial silicon really ough to be possible for the firmware and/or kernel to lock for the duration of operation. If userspace can kick it off, a brave and exciting new world of AMD-specific malware is about to begin...

Re:Security?

[TrisexualPuppy]

It's probably that AMD doesn't want to claim that they ever marketed the feature as such. If they did, it would put Intel up to create and release a debugging interface for their silicon. Then both would be forced into competing to produce a better debugging interface. This drives production costs up for a component that may be used by less than 1/100 of a percent of the users when they should have been putting their efforts elsewhere.

Re:Hidden?

[neokushan]

I can think of many reasons why it might be hidden. For example, it may be hidden because the cost of supporting it would outweigh the benefits of admitting the "feature" is there. I don't just mean in terms of documenting it and releasing that info for developers, I mean in termins of testing it for security reasons. Plus, let us say that a theoretical bug is found that creates a hole someone can exploit - is it patchable? It's a whole can of worms AMD may be right to avoid opening.

Re:Security?

[camperdave]

it would put Intel up to create and release a debugging interface for their silicon.

Maybe Intel already has a debugging interface on their silicon. This AMD interface has remained hidden for who knows how many years, why couldn't the same thing happen with Intel? After all, it's not as if just anyone can reverse engineer a CPU.

Re:Security?

[LordNimon]

It is possible that the debug features are for their internal use and they don't quite work as intended.

Ding ding ding ding ... we have a winner!

I work for a processor design company. If this feature is kept secret, it's because the company does not want to put in the resources to make sure it works completely on every chip. It probably uses lots of hacks and violates the architecture in some obscure way. AMD does not want customers depending on this feature and then insisting that it works for future design wins.