{"id":45648,"date":"2021-07-07T15:19:51","date_gmt":"2021-07-07T19:19:51","guid":{"rendered":"http:\/\/pappp.net\/?guid=b40746a8a19defd00d07c3bbf63e2a09"},"modified":"2021-07-07T15:19:51","modified_gmt":"2021-07-07T19:19:51","slug":"undocumented-x86-instructions-to-control-the-cpu-at-the-microarchitecture-level-pdf","status":"publish","type":"post","link":"https:\/\/pappp.net\/?p=45648","title":{"rendered":"Undocumented x86 instructions to control the CPU at the microarchitecture level [pdf]"},"content":{"rendered":"<p class=\"syndicated-attribution\">Source: <a href=\"https:\/\/raw.githubusercontent.com\/chip-red-pill\/udbgInstr\/main\/paper\/undocumented_x86_insts_for_uarch_control.pdf\">Hacker News<\/a><\/p>\n<div style=\"background-color : #fff7d5;\n\t\t\tborder-width : 1px; padding : 5px; border-style : dashed; border-color : #e7d796;margin-bottom : 1em; color : #9a8c59;\">Article note: These are always fun.\n\nGetting to a state where you can use the microcode read\/write instructions they found is clearly tricky, but I could see an escalation paths with a CSME exploit to get into the appropriate debug mode, or side effects from speculatively executing (because of course it speculatively executes them) the special instructions to leak data from the security by complexity bullshit on the processors or the like. \n\nThere _are_ apparently some machine-readable unique identifiers in the parts they studied which is itself interesting\/concerning.<\/div><a href=\"https:\/\/news.ycombinator.com\/item?id=27764806\" rel=\"noopener noreferrer\">Comments<\/a>","protected":false},"excerpt":{"rendered":"<p>Comments<\/p>\n<p> <a href=\"https:\/\/pappp.net\/?p=45648\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[226],"tags":[],"class_list":["post-45648","post","type-post","status-publish","format-standard","hentry","category-news-2"],"_links":{"self":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts\/45648","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=45648"}],"version-history":[{"count":0,"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts\/45648\/revisions"}],"wp:attachment":[{"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=45648"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=45648"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=45648"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}