Google found a way to run unofficial microcode on AMD CPUs, bypassing signature checks and potentially compromising security features like encrypted virtualization. This raises concerns about the security of AMD CPUs and the potential for unauthorized access to sensitive data. The discussion also touches upon the common practice among software developers of 'rolling their own' solutions instead of using established, well-tested libraries, which can lead to vulnerabilities.
- Google bypassed signature checks on AMD CPUs using unofficial microcode.
- This allowed them to introduce a bug that made RD-RAND always return 4.
- This also compromises security features like encrypted virtualization and the root of trust.
- Software developers often write their own cryptographic functions instead of using established libraries, leading to vulnerabilities.
Shownotes Transcript
Google found a way to run unofficial microcode on AMD CPUs, whether software should get a CVE when it goes end of life, LLMs changing Redditors’ minds and self-replicating, and managing SSH keys at scale.
Plugs
Support us on patreon and get an ad-free RSS feed with early episodes sometimes
ZFS Orchestration Tools – Part 1: Snapshots
News/discussion
How to make any AMD Zen CPU always generate 4 from RDRAND
OpenAI says its models are more persuasive than 82 percent of Reddit users
AI can now replicate itself — a milestone that has experts terrified
Free Consulting
We were asked about managing SSH keys at scale.
See our contact page for ways to get in touch.
