Description
While the development interface of modern x86 processors is usually
extensively documented, the same can not be said about the internals.
CPU subsystems like the Microcode, Management Engine and others
are effectively black boxes to users. While their role is essential to
the function of a system, many of these possess unchecked power over one’s
device, and can be used to hide undocumented or potentially unwanted features,
whether by manufacturers or malicious third parties.
Our primary goal in this thesis is to deepen our understanding of the
Microcode used in Intel processors. To achieve this, we first modify an exploit
targeting the Intel Management Engine to work on the device available to us, and
use it to gain access to Microcode debugging functionality. Based on this, we introduce
a basic framework for the testing of micro-instruction semantics, as well as a method to
discover the mapping between complex x86 instructions and their entry points in
Microcode ROM, both facilitating reverse engineering work.
|
