Entrysign: Create Your Own x86 Microcode for Fun and Profit
Matteo Rizzo, Kristoffer "spq" Janke, Eduardo Vela Nava, Josh Eads
OffensiveCon 2025 · Day 2 · Main
A Google security team discovered **EntrySign**, a cryptographic flaw in AMD's microcode patch signing scheme affecting every AMD CPU from Zen 1 through Zen 5: the signature algorithm uses AES-128 CMAC with a hardcoded key, a construction whose compression function is invertible, allowing attackers with root access to forge a valid signature over arbitrary microcode. Combined with a separate Platform Security Processor (PSP) vulnerability on Zen 1 that enabled extraction of the signing key, the researchers demonstrated end-to-end arbitrary microcode execution on AMD hardware — breaking the trust boundary underlying AMD's Confidential Computing (SEV) platform. ---
AI review
EntrySign is the kind of research that makes hardware security teams lose sleep: AMD signed microcode with AES-CMAC using the RFC's example key, and the construction is algebraically invertible, making signature forgery trivial once you have the key. The IBS-as-microcode-tracer technique alone would be worth a conference slot. Combined with the PSP extraction chain, the Zento release, and a live RDRAND backdoor demo, this is a five-star package.