On Mon, Feb 10, 2025 at 03:09:06PM +1300, Peter Reutemann wrote:
'Google security researchers have discovered a way to bypass AMD's security, enabling them to load unofficial microcode into its processors and modify the silicon's behaviour at will. To demonstrate this, they created a microcode patch that forces the chips to always return 4 when asked for a random number.
Beyond simply allowing Google and others to customize AMD chips for both beneficial and potentially malicious purposes, this capability also undermines AMD's secure encrypted virtualization and root-of-trust security mechanisms.'
The reference in the original article to the obligatory xkcd comic strip is missing. It is: https://xkcd.com/221/ We once had a PhD student who did exactly that. He generated one random number and used that one number in every place he needed a random number throughout his complete simulation! Sigh. Cheers, Michael.