Hacker News new | ask | show | jobs
by tomxor 2995 days ago
I think you are confusing EFI firmware with CPU microcode, the EFI does often contain microcode ROMs to upload to the CPU at boot but the microcode itself is proprietary and signed and reverse engineering is quite a challenge - In fact there was a submission of a presentation here not long ago showing the painstaking progress of a small group of individuals attempting to reverse engineer some intel microcode.

I assure you there is no working libre microcode for intel CPUs and it seems far more likely people will successfully focus their efforts on open source hardware before being able to successfully replace substantial microcode of complex closed source hardware.

In "libre" EFI mods they tend to disable ME as well, maybe you were confusing that with microcode?
1 comments
IntelMiner 2995 days ago
Libreboot is a "de-blobbed" fork of Coreboot

One of its omissions is that it excludes microcode ROM updates that can be inserted at power on by the BIOS

As I understand it. The CPU's of that era are old enough that they can run without updated microcode being inserted either at system bootup or operating system boot time

link
tomxor 2995 days ago
Ommiting microcode from the EFI has nothing to do with whether a CPU has loadable microcode capability or whether it is vulnerable. Unless you are using some pre-pentium intel CPU, an initial microcode revision is included in an on die ROM and an updated revision can be loaded at boot. Loading it in EFI/BIOS vs OS is a matter of convenience, which is why it's usually left to the OS these days.

Not having microcode blobs in the EFI doesn't magically mean your CPU doesn't use microcode or doesn't need patched versions to stay secure as in this case.

I do find it a little deceptive with some of these "libre" projects where they draw an arbitrary box around something, evict all proprietary blobs from it and then announce victory despite it operating underneath a whole load of other blobs that could easily subvert it. However I suspect the intent behind evicting microcode from libreboot was more due to it being a redundant task for EFI today.

link