Researchers: Pietro Borrello, Martin Schwarzl, Moritz Lipp, Daniel Gruss, Michael Schwarz
We present the first systematic study of Intel Atom Microcode and a software-only framework that can observe, trace, and even patch microcode execution, shedding unprecedented light on the internal workings of Intel CPUs.
We develop a Ghidra decompiler for Atom Microcode and reverse-engineer how the CPU internally uses its control register bus to manage its resources. Resorting to previously disclosed undocumented instructions, we then create a framework that can gain complete control over CPU microcode by replicating such interactions.
Imagine a future where you can customize the behavior of your CPU. It’s now here for Atom GLMs.
Our framework can assemble and patch micro-instructions, hook CPU events, and trace microcode execution. To showcase its power, we trace and reverse-engineer the routines involved in the obscure Intel CPU microcode update process.
For the first time, we disclose the details of the decryption algorithms for microcode updates and the binary format of the decrypted update: an amazing discovery is that a microcode update is, in fact, a custom language interpreted by the CPU.
We will make our framework available as open source.