Chip Red Pill: How we achieved to execute arbitrary [micro]code inside Intel Atom CPUs
All the modern Intel CPUs have RISC-core inside the chip. The core implements abstraction layer that interprets user-visible instruction set to invisible hardware-internal RISC instructions. RISC core has maximum privileges and it can manipulate data directly. The microcode program built-in the chip, but the S and UEFI may apply some patches – microcode updates. Unfortunately, it is encrypted and there is poor public information on its working. Due to this, has no public research about internal structure of Intel CPU microcode.
Now we found a way that you can get access to it on the public-available platform. In our talk, we are going to describe the structure of microcode for the Intel Atom platform, how our proof of concept works and hijacking user-visible x86 instruction. We will describe the approach how we did reverse engineering of microcode format and internal structure of Intel Atom.