[osivertsson]

NSA and company probably do it all levels, but any level below the OS is probably preferable because it is less risk of being caught.

Who would you know if they targeted only you with a microcode update for your Intel/AMD CPU that made crypto weaker? All the assembler instructions that you execute are just the same as someone with a proper microcode blob.

[mschuster91]

ucode blobs are usually signed with strong crypto (RSA-2048 on Intel iirc), so unless the NSA doesn't get the keys or the raw transistor layouts of the CPU in order to look for bugs, no way to mess with the bytecode.

[osivertsson]

I'm paranoid enough to assume they have both the keys and the layout.