m0leCon 2025 - Federico Cerutti - Voltage Glitching Intel Microcode скачать в хорошем качестве

m0leCon 2025 - Federico Cerutti - Voltage Glitching Intel Microcode

m0leCon 2025 Turin, Italy - 22/03/2025 Intel SGX and AMD SEV secure enclaves have been proven vulnerable to voltage glitching attacks such as Plundervolt. But for how isolated it might be, the code running in enclaves still is x86 assembly. This raises the question: could such an accessible attack vector compromise the microarchitectural state of the CPU as well? However, without any public documentation, Intel microcode is an ambitious target. Luckily, hardware hackers have unlocked debugging on Intel Goldmont CPUs, reverse engineered the microcode format, and analyzed the microcode update process. In this talk, I will share how I built my glitching setup using coreboot to attack Goldmont microcode, uncovering new fault types in both architectural x86 operations and microinstructions. Although I was not successful in installing unsigned microcode, I identified critical injection points in the microcode update process that disrupt normal behavior. (micro)instruction skips are still cool though, right? 🙂