Google has discovered a way to craft its own microcode that is accepted by AMD processors, effectively bypassing security features like secure encrypted virtualization and root-of-trust security.
Microcode is a special block of programs loaded into a processor during startup that defines the chip’s behavior. AMD uses microcode updates to add features, fix issues, and extend functionality without redesigning physical silicon. However, this also means that only AMD can produce working microcode updates for its products.
Google’s technique works on all Zen-based AMD chips, including Ryzen and Epyc parts. The company has released a proof-of-concept microcode update that forces a chip’s read random (RDRAND) instruction to always output the value 4, instead of an actual random number. This demo microcode is neutered, however, so it will not cause harm if used by legitimate software.
The implications of this vulnerability are significant. It demonstrates how software instructions can be altered or extended by unofficial microcode patches, which could be used for good or bad purposes. The vulnerability can only be exploited by someone with host admin access, but it raises concerns about the security of confidential computing workloads.
AMD has rolled out a fix for the issue, and users are advised to update their microcode on all impacted platforms to prevent malicious code from being loaded. The company is also releasing an SEV firmware update to support SEV-SNP attestation.
Source: https://www.theregister.com/2025/02/04/google_amd_microcode