The biggest microcode attack in our history is underway
- Reference: 1739198166
- News link: https://www.theregister.co.uk/2025/02/10/microcode_attack_trump_musk/
- Source link:
There's a far worse scenario, when the CPU itself is brainwashed into highly dangerous behavior like a mouse infected by a parasite that makes it completely unafraid of cats. This is a microcode attack, something that's remarkably hard to pull off. [1]Google just found one that works on some AMD processors , which is bad enough, even though it's now patched and under control. There is another far, far more terrifying example underway right now – so let's look at how it works.
Microcode is one of the most esoteric and profound aspects of the stack. It can take many forms depending on CPU architecture; its job is to coordinate and control the physical function blocks within a processor. Simple processors don't need it. The instructions fetched from memory have an internal format making them easy to decode into the signals that trigger the logic, math, and data-moving units on the silicon.
[2]
This is ancient history for modern CPUs. Program code like x86 has long since stopped bearing any relationship to how data is physically crunched. Instead, that code is translated into micro-instructions that work with the microcode unit to optimally use all the pipelining, out-of-order execution, and inherent parallelism that speeds the plow.
[3]
[4]
This is almost entirely invisible to the outside world and is kept as secret as the details of the hardware itself. Microcode is also a fiendish exercise in mediating between intricate, interrelated subsystems, and the whole must be very high performance, very reliable, and very secure. Unpicking it is an exercise in perplexity, making compromises very difficult. But not impossible.
Compromised microcode is equally invisible, but can do anything from making 2 + 2 = 5 to poisoning all the security and memory management on which all our digital infrastructure depends. Google's proof of concept made a random number function return a non-random result, which is how you completely cripple quotidian cryptography. Quantum computing breakthroughs are not required.
[5]
If microcode is permanently baked into a chip, it is effectively invulnerable. That has been the case in the past. Unfortunately, that means a bug in the microcode or the hardware itself can't be fixed with a patch. The chip has to be replaced, which is the horror show Intel found itself in 1994 with the infamous Pentium FDIV bug. So microcode is now loaded into the processor at startup as an unencrypted and signed binary blob. If you're smart enough to break that and reverse engineer the microcode, you're in business. Google's security engineers are smart enough, others will be too.
Microcode is the regulator of the state of the machinery with infinite disruptive power. To see the other and infinitely alarming hack going on right now, just rearrange those first few words. Regulators are the microcode of the machinery of state, with infinite disruptive power. That's why [6]Musk and DOGE are working so hard at taking over , closing down, and ignoring regulators. Once those are turned off, the machinery of state will be unprotected and institutionally corrupt. You don't want Trump to have access to the data that the state has about you? How about the [7]mechanisms of money by which the Treasury works ? All the interlocking components of the state, carefully designed to follow rules to protect that data, will be open to abuse.
[8]DeepSeek spills Big AI's open secret: Bright people with good ideas can beat billion dollar binges
[9]Fear of the unknown keeps Broadcom's VMware herd captive. Don't be cowed
[10]How to leave the submarine cable cutters all at sea – go Swedish
[11]Pornhub lockdown and fact-free Zuckbots – welcome to 2025
We know that this is a hack. It's taking place behind closed doors with no oversight – of course – and no observable rules. It's of a piece with the other attacks on the Department of Justice, the CIA, and any international obligations that stand between whim and warfare. Musk knows that taking over the IT infrastructure of any organization is the quickest way to commandeer the whole thing. He damn nearly broke Twitter that way, but he did get the wherewithal to drive its radioactive zombie corpse into the ground commercially.
Musk notoriously hates regulation because it just isn't fair that it reins in his genius. He is the richest man in the free world because of, not despite, a well-ordered state where the conflicting needs of uncountable components are balanced. There is a commitment to finding facts and acting on them through rules and oversight. Like microcode, there are bugs and mechanisms for safe updates. There's a need for constant evolution through good faith. Smash those, and everything else falls apart. Corrupt states always have corrupt regulation, honest states have honest regulation. An absolute rule.
If you want a metaphor for what the hell's going on right now, the microcode attack is as good as any. That's important because what's happening is so massively and obviously illegal that it depends like all coups on everyone else being too stunned and overwhelmed by the speed and audacity of the attacks to organize before the tipping point. Having a mental model to restore context is the first step in fighting back.
[12]
And don't you dare buy a Tesla. ®
Get our [13]Tech Resources
[1] https://www.theregister.com/2025/02/04/google_amd_microcode/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z6owskx1tDYrMVKhYc4GGQAAARU&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z6owskx1tDYrMVKhYc4GGQAAARU&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z6owskx1tDYrMVKhYc4GGQAAARU&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z6owskx1tDYrMVKhYc4GGQAAARU&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://www.theregister.com/2025/02/06/democrat_trump_admin_letter/
[7] https://www.theregister.com/2025/02/03/musk_doge_treasury_usaid/
[8] https://www.theregister.com/2025/02/03/opinion_column_deepseek/
[9] https://www.theregister.com/2025/01/28/opinion_column_software_licensing/
[10] https://www.theregister.com/2025/01/20/opinion_column_submarine_cables/
[11] https://www.theregister.com/2025/01/13/smut_meta_opinion/
[12] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z6owskx1tDYrMVKhYc4GGQAAARU&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[13] https://whitepapers.theregister.com/
Re: What is this article about again ?
I dunno… behemoth IT company finds an IT flaw while billionaire IT trumpony finds itself above the law
Made sense to me
Re: What is this article about again ?
The article is making an analogous comparison between corrupting or rewriting microcode and what is happening right now in the US government. The part that you think the article could have "done without" was its entire point.
Re: What is this article about again ?
"Bend over and kiss your arse goodbye".
That's what it's about.
Re: What is this article about again ?
It literally follows ElReg's motto:
The Register - Biting the hand that feeds IT
Let me be the first to say
thanks for the insightful article.
You could say it's just built around one cute word play, bu I say, well done for that! An important point, well stated.
" but can do anything from making 2 + 2 = 5"
Microcode probably can't do that, such low level things like the add instruction are hardcoded. The random function that google altered to always return 4 is complex and was at least partially implemented in microcode.
Not to distract from the actual point of the article.
Quintain
Once upon a time, microcode was quite the fashion. There were systems that allowed the user to change the microcode (DEC?) allowing the creation of new custom instructions more economical in execution time and resources, so speeding up the machine for signal processing and making more complex operations possible in the same memory, all because it didn't have to rely on the old fashioned bloated safety first architecture put in by the plodding....
I think you see where we're going here.
Beware of torturing something into a metaphor, it can swing round and clout you on the back of the head!
It's really sad to see what The Register has become these days. It was once a superb tech news site for British IT professionals.
Now we get hate-filled Daily Mail style editorials wailing about Donald Trump and Elon Musk and the state of American politics.
Then the comment section fills up with hundreds of rabid democrat and republican supporters shouting nonsense at each other.
And while I don't care for American politics, I'd take Trump, over any of the worthless clowns that that been running Britain in the
last 30 years. Just be glad you don't have Boris Johnson, Liz Truss or Kier Starmer.
You might have had a point about the politicised editorialising in the Reg (at least in the Software section, although I guess that's partially exonerated by the cute/clunky [delete to taste] extended metaphor) - then you went and blew it by neatly exemplifying the overwrought style you claim to deplore 1 .
1 Note for those confined to a bunker for the last decade: "hate" in modern political discourse actually means "deplore", "rabid" means "passionately disagrees with me", etc., etc.
A fair analogy, but...
I would venture most readers here know what a coup is and what fascism looks like, don't need it explaining to them.
However; I am all for anything which supports the anti-fascist cause. So I'll forgive El Reg.
In Otherworldly Times there be Alien Spaces to Conquer or Enter Into to Survive and Prosper
You aint seen nothing yet, Rupert, for the purges haven't really started yet with IT [Information Technocrats] and AI Programs for Novel Projects and Pogroms [an Almighty Intervention of Advanced Interference] currently just beta testing compatible steganographic protocols for secure secret quantum communication internetworking of future trials and tribulations and troubles and remote virtually controlled events resulting in necessarily alternative unusual consequences for progress to appear and to flow and to grow economies to scale naturally and supernaturally.
The die it is cast, Rupert. There is nothing to be done to stop the invasion and prevent the series of programs presenting absolutely fundamental radical change billions will have a great deal of difficulty believing possible and have even less of a chance of understanding the ways of its workings.
I Kid U Not.
Please don't torture the metaphor
It's a fun idea to use microcode, which we geeks understand, to introduce the idea of subverting the state by changing the rules from within.
Since half the mainstream media on the planet are busy pointing the putsch out already, the value of it as an informative metaphor is somewhat limited.
But I like the style. Let's have more, please!
What is this article about again ?
Is it about a microcode attack devised by Google or taking a stab at Elmo & Der Trumpenfuhrer ?
I don't like the latter two, but I think this article could have done without all of that...