AMD has included processors based on the microarchitecture zen 5 in the list of products affected by vulnerabilities of EntrySign. This vulnerability allows bypassing the mechanism for checking digital signatures when updating the microcode. Initially, it was believed to impact only AMD CPUs based on 1-4 generations of Zen microarchitecture, affecting processors such as Ryzen 9000 (Granite Ridge), Epyc 9005 (Turin), Ryzen Ai 300 (Strix Halo, Strix Point, Krackan Point), and Ryzen 9000hx (Fire Range).
In order to address this vulnerability, systems using SEV-SNP certification also require an update to AMD SEV firmware, which is included in BIOS updates. While AMD has provided the necessary changed firmware (Comboam5pi 1.2.0.3c Agesa) to manufacturers to mitigate the issue, final BIOS updates may take weeks or months to reach end-users.
The EntrySign vulnerability, which allows for the alteration of microcode, poses a risk to the AMD SEV (Secery Encrypted Virtualization) mechanism used in virtual machines to protect them from interference by hypervisors or host system administrators. Exploiting this vulnerability can compromise the integrity of virtual machines protected by AMD extensions like SV (Secure Encrypted Virtualization) and SEV-SNP (Secure Nested Paging), which secure processor registers and memory page tables.
This vulnerability was triggered by using the CMAC algorithm for microcode imitations instead of a secure hash function. AMD utilizes an RSA private key to certify the digital signature of microcode within the processor, while the public key distributes patches with the microcode. To verify the match between the public key and the original RSA pair, the processor compares the hash from the AMD public key embedded in the CPU during production to the hash from the provided patch.
Efforts to