Essential Security Vulnerability Discovered in All AMD Zen Processors by Google Researchers

A serious security threat called EntrySign has been identified by researchers from Google, impacting all AMD Zen processors ranging from Zen 1 to Zen 4. This vulnerability allows individuals with local administrator access to evade the cryptographic verification process used by AMD, enabling them to install unauthorized microcode updates on the affected CPUs.

The problem arises from AMD’s decision to use AES-CMAC as a hash function in its signature verification method. While AES-CMAC is meant for message authentication, it is not robust enough for secure hashing tasks, which is a major flaw in its cryptographic approach. Researchers revealed that AMD had been utilizing a publicly accessible example key documented by NIST since the launch of Zen 1. This oversight made it possible for attackers to forge signatures and execute arbitrary microcode modifications. Such changes can significantly modify how a CPU functions, allowing advanced attacks that remain active until the system is rebooted. For example, researchers demonstrated an ability to alter the RDRAND instruction so that it would consistently output specific, predetermined numbers, thereby putting the CPU’s random number generation at risk.

In order to support future investigations, Google’s security team has introduced a tool called zentool. This open-source toolkit enables researchers to create, sign, and apply custom microcode patches on affected processors. It comes equipped with features for disassembling microcode, authoring patches with limited assembly support, and performing cryptographic signing.

The zentool provides a framework for researchers to explore custom microcode updates and enhance security features, similar to those available for Intel processors. In response to this vulnerability, AMD has rolled out microcode updates designed to replace the flawed validation routine with a secure hash function. These updates utilize the AMD Secure Processor, which ensures that the validation process is conducted thoroughly before any potentially altered microcode can be executed by the x86 cores. Even though an attack requires local administrator access and does not survive power cycles, it poses considerable threats to sensitive computing environments that utilize technologies like SEV-SNP (Secure Encrypted Virtualization – Secure Nested Paging) and DRTM (Dynamic Root of Trust for Measurement).

It’s important to note that modern x86 CPUs—including those manufactured by AMD and Intel—rely on microcode for executing complex instructions. Microcode updates are essential for correcting hardware issues without the need for expensive hardware redesigns. In the context of AMD Zen processors, these microcode updates undergo rigorous verification against specific strings and keys that are signed by AMD and checked against a hard-coded public key embedded in the CPU. The EntrySign exploit takes advantage of AMD’s use of AES-CMAC, allowing researchers to deduce the security keys, which hampers users’ ability to install unsigned microcode updates. The use of a publicly accessible NIST example key as their security key further simplified the execution of the exploit.

In summary, the discovery of the EntrySign vulnerability highlights significant weaknesses in AMD’s approach to CPU security. By using insufficiently secure hash functions and maintaining easily accessible keys, the company inadvertently opened the door to serious risks that could affect users who rely on the security of their computing environments. The release of zentool and AMD’s subsequent updates mark important steps towards mitigating this vulnerability.