lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 28 Jul 2014 17:36:38 -0300
From:	Henrique de Moraes Holschuh <>
Cc:	H Peter Anvin <>
Subject: Re: [PATCH 8/8] x86, microcode, intel: correct extended signature
 checksum verification

On Wed, 23 Jul 2014, Henrique de Moraes Holschuh wrote:
> We have been calculating the checksum for extended signatures in a way that
> is very likely to be incompatible with the Intel public documention.  This
> code dates back to 2003, when the support for the "new microcode format"
> was added to the driver by Intel itself.
> The extended signature table should be deleted when an extended signature
> is "applied" to the main microcode patch if the Intel SDM is to be believed
> (Intel 64 and IA32 Software Developers Manual, vol 3A, page 9-30, entry for
> "Checksum[n]" in table 9-6).  Deleting the extended signature table changes
> the Total Size of the microcode, and that reflects in the checksum that
> should be in the extended signature entry if it is to be used unmodified to
> replace the main microcode signature.
> It is worth noting that deleting the extended signature table results in a
> microcode patch that violates the rule that the Total Size field must be a
> multiple of 1024, and it is impossible to add any padding to fix that.
> This patch changes the extended signature table checksum verification
> code to accept both ways of calculating the extended signature checksum
> as valid.

It looks like this might not be enough.

TianoCore USDK2014 (UEFI reference code) and OpenSolaris do it in a
completely different, and utterly incompatible way.  For the record, they
sum all three dwords on the extended signature entry (including the checksum
one) and expect it to be zero.   How the heck did they went from what is
described in the Intel SDM to that crazy code, I have no idea.

At this point, I do think we could just remove the entire extended signature
support, and be happy with the LOC reduction.  That's code that has never
seen use in 11 years, and which nobody seems to agree on how it should be
implemented.  I very much doubt it will ever be used at this point.

Anyway, I propose we stop checking the checksum on the extended microcode
signature entirely.  They are already covered by the checksum of the
extended microcode signature *table* (which covers all extended signature

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists