Yes in Linux you can remove the ability to update the microcode. I was only trying to point out that the microcode can be inserted anytime and isn't set in stone at the fab as the GGP suggested.
And a reboot is not required to update microcode, it takes effect immediately.
so, you've got the code (wireshark, tcpdump), You don't even need that, you can download the code from Intel's site, or see what you have in/etc/firmware/microcode.dat.
the key (embedded in CPU), As far as I know, nobody has extracted the key.
and the mechanism (kernel support code) - are you implying that this isn't enough to reverse engineer any/or revert microcode changes? Without that key, the microcode can't be reverse engineered.
But to revert microcode, you simply remove the update mechanism and reboot. Your BIOS maay still hold a microcode update that it applies on boot, though.
But the microcode is produced and distributed seprately. There will be microcode data in the chip when it is shipped, but a BIOS or operating system can overwrite it on-the-fly with an updated version from upstream. Microsoft even releases microcode updates from chip makers on occasion, as do some Linux distros.
Intel never describes what they changed in their updates, and their microcode is encrypted with a key that is built into the chip (preventing it from being inspected). And we're talking about hundreds of kilobytes of code here (last update is 387072 bytes of code, much more than enough to do some serious espionage with). I don't know about the other makers.
Slashdot Mirror
And a reboot is not required to update microcode, it takes effect immediately. so, you've got the code (wireshark, tcpdump), You don't even need that, you can download the code from Intel's site, or see what you have in
But to revert microcode, you simply remove the update mechanism and reboot. Your BIOS maay still hold a microcode update that it applies on boot, though.
But the microcode is produced and distributed seprately. There will be microcode data in the chip when it is shipped, but a BIOS or operating system can overwrite it on-the-fly with an updated version from upstream. Microsoft even releases microcode updates from chip makers on occasion, as do some Linux distros.
Intel never describes what they changed in their updates, and their microcode is encrypted with a key that is built into the chip (preventing it from being inspected). And we're talking about hundreds of kilobytes of code here (last update is 387072 bytes of code, much more than enough to do some serious espionage with). I don't know about the other makers.