[yuriks]

The intro document mentions

> Here's the thing - the big vendors encrypt and sign their updates so that you cannot run your own microcode. A big discovery recently means that the authentication scheme is a lot weaker than intended, and you can now effectively "jailbreak" your CPU!

But there's no further details. I'd love to know about the specifics too!

[taviso]

They accidentally used the example key from AES-CMAC RFC, the full details are in the accompanying blog post: https://bughunters.google.com/blog/5424842357473280/zen-and-...

[RachelF]

Yikes! One would have expected a little more code review or a design review from a hardware manufacturer, especially of security system. A system that people have been worried about since the Pentium FDIV bug.

I guess this one just slipped through the cracks?

[timewizard]

Taking "never roll your own" too far.

[bmenrigh]

I feel like using the example key isn’t really the big failure here.

They didn’t need a keyed hash at all, they needed a collision resistant hash.

SHA256 would have eliminated this vuln and it has a hardcoded “key” built into it.

Using a secret key for CMAC would not have been more secure, it would have just meant sophisticated hardware extraction of the key was required before this attack could be mounted.

[garaetjjte]

I suppose the reuse wasn't accidental, but they mistakenly thought the key doesn't matter for CMAC.