A group of security researchers from the uCode team has published the source code for decrypting the Intel microcode. The Red Unlock technique developed by the same researchers in 2020 can be used to extract the encrypted microcode. The proposed possibility of microcode decryption allows you to explore the internal structure of the microcode and methods for implementing x86 machine instructions. Additionally, the researchers recovered the firmware update format, the encryption algorithm, and the key used to protect the microcode (RC4).
To determine the encryption key to use, a vulnerability in Intel TXE was used to enable an undocumented debug mode, which the researchers code-named "Red Unlock". In debug mode, we managed to load a dump with a working microcode directly from the CPU and extract the algorithm and keys from it.
The toolkit only allows decrypting the microcode, but does not make it possible to change it, since the integrity of the microcode is additionally verified using a digital signature based on the RSA algorithm. The method is applicable to Intel Gemini Lake processors based on the Goldmont Plus microarchitecture and Intel Apolo Lake processors based on the Goldmont microarchitecture.
Source: opennet.ru