Checkingupdating cpu microcode

I don't know of any research or in-the-wild attack that has done any practical experimentation with this, so my answer will be purely academic.First, it's probably best if I explain a bit about how microcode works.These transistors alter their states based on internal changes in voltage, or on between voltage levels.

This isn't as simple as it sounds - the registers you would normally recognise (eax, ebx, ecx, edx, ebp, etc.) aren't fixed to a particular physical set of transistors in the chip.

In fact, a CPU has a lot more physical internal registers than it exposes, and it uses a technique called register renaming to optimise the translation of incoming, outgoing and processed data.

So the actual data from the memory bus has to be moved into a physical register, then that register has to be mapped to an exposed register name. All of the above is a simplification - the real operation might involve a lot more work, or might be handled by a dedicated internal device.

As such, you might be looking at a large sequence of microinstructions that do very little on their own but add up to a single instruction.

First, the processor has to read the instruction from its internal instruction cache, which is a complicated task in itself.

Let's ignore this for now, but it involves a lot of various operations inside the control unit (CU) that parse the instruction and prime various other internal units.

In some cases special microinstructions are used to trigger asynchronous internal hardware operations that handle a particular operation, designed to improve performance.

As you can see, microcode is immensely complicated.

You'd need some serious hardware to reverse engineer the mechanisms and checks.

Let's assume for a moment that you overwrite microcode in a useful way. Keep in mind that each code simply shifts some values around in the internals of the hardware, rather than a real operation.

This means you'd need an entirely new BIOS and OS, all written from scratch. On top of that, you may not even be able to remap instructions, because the seemingly arbitrary byte values aren't so arbitrary - the individual bits map to codes that select different areas of the CPU internals.