In an announcement relayed by Tom's Hardware, a team of Google researchers recently revealed a major vulnerability that affects the first four families of AMD Zen processors. Fortunately, owners of these chips can easily prevent malicious actors from exploiting this flaw.
The vulnerability in question, called EntrySign, has its origins in the microcode — the basic set of instructions with which the chip can execute complex operations. It allows a user to deploy custom microcode on any Zen, Zen 2, Zen 3, or Zen 4 chip, which is the majority of Ryzen CPUs sold by the brand over the past eight years, except for the most recent ones.
Poorly implemented encryption
In practice, this allows you to modify the way the processor behaves at the most fundamental level. Tavis Ormandy, one of the researchers behind this work, explains that a malicious actor could therefore "jailbreak" your processor remotely - with all that this implies in terms of security.
If Ryzen processors have such a backdoor, it is because of a cryptographic problem. According to Tom's Hardware, these CPUs previously used an encryption function called AES-CMAC, which allows the authenticity of a message to be verified. The problem is that AMD used it as a hash function to verify the integrity of the transmitted data, while AES-CMAC was not designed for this at all. Therefore, anyone who managed to intercept the key could easily initiate a reverse-engineering process to break the encryption and manipulate the processor.
The good news is that AMD quickly fixed the problem after being made aware of it by the researchers. On December 17, 2024, before the results of the study were revealed to the general public, the firm discreetly deployed a patch to plug these gaping holes in the microcode. These modifications have since been integrated by manufacturers into the latest BIOS versions of motherboards compatible with the affected processors,
How to update your BIOS?
But be careful: this does not mean that your processor is no longer vulnerable. If your motherboard BIOS has not been refreshed since last December, it remains potentially exploitable. If you use a machine equipped with a Ryzen Zen, Zen 2, Zen 3 or Zen 4 processor to carry out critical and/or strictly confidential work, you may therefore be interested in updating your BIOS. To do this, go to your motherboard manufacturer's website to download the latest BIOS version, taking care to select the correct motherboard model. Also make sure to choose a stable version, rather than a beta version which could cause problems later.
After placing this file on a FAT32 formatted USB stick, you should then be able to update the system either through the BIOS itself (by holding down the Delete key at startup), or by using the dedicated flash button if you have a more recent motherboard. In all cases, be sure to follow the manufacturer's instructions to the letter. And if you're not sure, it's best to abstain: playing with the BIOS without knowing what you're doing is the perfect recipe for getting into big trouble!
0 Comments