!New_cpu90672_plat07_ver00000035_2023-12-05_PRD_5B76074D.zip (877.0 KB)
6 Likes
Matisse
cpu00870F10_ver08701033_2023-10-06_E71C3D44 (>ver08701030_2022-03-28)
Updated MCE.db (v1.96.0 r288 Dev, 02/26/2024)
AMD_240226.rar (230.6 KB)
3 Likes
Ice Lake-D
cpu606C1_plat10_ver01000290_2023-12-05_PRD_5E8E231F
Updated MCE.db (v1.96.0 r288 Dev, 03/01/2024)
Intel_240301.rar (521.4 KB)
2 Likes
Gemini Lake
cpu706A1_plat01_ver00000040_2023-08-25_PRD_F18D5528
Updated MCE.db (v1.96.0 r289 Dev, 03/04/2024)
Intel_240304.rar (304.0 KB)
4 Likes
Someone managed to dump the bios on the strange Chinese motherboards having Xbox Series X CPU. AMD 4800S Main Bios, Backup Bios, Rom, Fuses : Anonymous : Free Download, Borrow, and Streaming : Internet Archive
I needed to modify line 1703 in MCE.py to include ā88ā, length matches in hex view 0xc80 and this is the result.
cpu00880F40_ver08804005_2021-03-12_C7872275
!New_cpu00880F40_ver08804005_2021-03-12_C7872275.zip (2.0 KB)
3 Likes
Ah, this is cool, thanks Marvin.
AMD does actually offer BIOS updates for the equivalent PS5 āDesktop Kitā at their website, but no microcode seems to be included at the provided image. Probably partial only. In theory, that should be 84 (i.e. 00840F70).
Does AMD 19h (specifically 5850U) or the Linux kernel early loading process perform any validation before loading? I would like to use this binary, but Iām not sure how to get comfortable with it first.
I ran MC Extractor on the bin and the checksum value is 0x00000000 which leads me to believe thereās no validation happening.
Of course there is validation, cryptographic. But at the CPU microcode loader level, not before. Effectively, the CPU will not accept a microcode which has a broken signature, once decrypted. Some older AMD generations (not Zen, 19h), did not actually have a signature, so it was possible to alter any microcode and the CPU loader would happily accept it. That has never been the case with Intel, though.
The checksum is only good for a quick sanity check that the blob was properly transmitted/downloaded etc. It provides no security. Itās very useful for MCE to know if it got the entire blob correctly, but AMD stopped populating that field around a decade ago for some (probably nonsensical) reason.
Cool! That makes sense. Is there any method to verify the binaries with a publicly available key?
Maybe another way to ask. How do you get comfortable these are original and unmodified before uploading to GitHub?
In the vast majority of cases (e.g. extraction from BIOS update), the only way we have to know that a blob should be ok is from the checksum (when present). But again, that is not security-related (authenticity, integrity). The CPU itself (through its uCode Loader), can verify the microcode binary securely, not us.
However, there are some official sources of microcode updates by Intel and AMD. It doesnāt mean they are fully up-to-date or cover all products, but itās the best thing you can have, assurances-wise. In AMDās case, they do have a container format, in which they bundle microcode blobs for the Linux kernel, and that container is signed so you could verify that if you like.
Got it. Iām familiar with the amd-ucode repo, but unfortunately AMD doesnāt provide microcode for my CPU there. Additionally, HP has said they wonāt be providing additional UEFI updates for my machine. Thatās what led me to this site.
It sounds like the validation process is fully controlled by the hardware. All users can do is attempt to load, and if it works that means it passed hardware validation.
Exactly, unless we are talking about fairly old AMD families (14h or older I believe).
@plutomaniac This is a new world to me. Iāve always known hardware was closed, but hadnāt really appreciated what that meant. Any good papers or reading recommendations on firmware/microcode, etc.?
Iām particularly interested in how vendors store private keys in hardware for microcode decryption and signature checking. Something like a TPM?
You should start with https://www.youtube.com/watch?v=V1nJeV0Uq0M
A team used Intel Management Engine flaw to get total low level access on Goldmont series of Atom CPUs do dump everything. They produced the best known current analysis of modern Intel microcodes:
3 Likes
cpu706A8_plat01_ver00000024_2023-08-25_PRD_8760C292.zip (75.2 KB)
and missed older A06A4 one
cpuA06A4_platE6_ver00000018_2023-11-17_PRD_CE26B77F.zip (133.1 KB)
4 Likes
Thanks! Runs nicely on my ASRock j5005.
New Intel official microcode release microcode-20240312.
!New_cpu50653_plat97_ver01000191_2023-07-28_PRD_476A9E92.bin
!New_cpu50665_plat10_ver0E000015_2023-08-03_PRD_78AB538E.bin
!New_cpu706A8_plat01_ver00000024_2023-08-25_PRD_8760C292.bin
!New_cpu806C2_platC2_ver00000036_2023-09-13_PRD_D1BE13CF.bin
!New_cpu806F4_plat87_ver2B000590_2024-01-03_PRD_48DCA707.bin
!New_cpu806F5_plat87_ver2B000590_2024-01-03_PRD_48DCA706.bin
!New_cpu806F6_plat87_ver2B000590_2024-01-03_PRD_48DCA705.bin
!New_cpu806F7_plat87_ver2B000590_2024-01-03_PRD_48DCA704.bin
!New_cpu806F8_plat87_ver2B000590_2024-01-03_PRD_48DCA703.bin
!New_cpu90661_plat01_ver00000019_2023-09-26_PRD_0B467B16.bin
!New_cpu906E9_plat2A_ver000000F8_2023-09-28_PRD_18E71F12.bin
!New_cpuA0661_plat80_ver000000FA_2023-07-16_PRD_07361F91.bin
!New_cpuB0671_plat32_ver00000122_2023-12-14_PRD_A3EBE2A5.bin
!New_cpuB06A2_platE0_ver00004121_2023-12-07_PRD_E7BB9CBB.bin
!New_cpuB06A3_platE0_ver00004121_2023-12-07_PRD_E7BB9CBA.bin
!New_cpuB06A8_platE0_ver00004121_2023-12-07_PRD_E7BB9CB5.bin
microcode-20240312.zip (4.0 MB)
8 Likes
Emerald Rapids
cpuC06F1_plat87_ver21000170_2023-09-11_PRD_AC8019A7 (old)
cpuC06F2_plat87_ver21000170_2023-09-11_PRD_AC8019A6 (old)
Updated MCE.db (v1.97.0 r291 Dev, 03/13/2024)
Intel_240313.rar (773.5 KB)
3 Likes