Secret Debugger Discovered In AMD Chips

AMD processors built within the past ten years are reported to contain a debugging feature, that may pose a possible security risk.

The hidden mechanism was apparently discovered by a hacker called Czernobyl (AKA Czerno) who posted his findings here.

Czernobyl calls himself a ‘reverse engineer’.

Secretive AMD

“AMD processors (Athlon XP and better) have included firmware-based debugging features that expand greatly over standard, architecturally defined capabilities of x86,” the hacker wrote. “For some reason, though, AMD has been tightly secretive about these features; hint of their existence was gained by glancing at CBID’s page.”

The debugger is password-protected to guard against casual access, but Czernobyl also revealed how the CPU could be placed into developer mode, and changes made to the chip’s register if the correct value is used for the EDI.

Czernobyl reportedly used a brute force attack to discover the password.

There are concerns that the debugging feature could reveal exactly how AMD’s chips work, allowing them to be reverse engineered. It also means that there could be a possible security risk, as Czernobyl published a full set of instructions for turning the debugging feature on.

Security Worries

It is not clear at this stage whether the debugger was used by AMD engineers during the processors’ development phase, and then disabled as the chips were shipped.

But Czernobyl dismissed concerns that his revelations could pose a security risk.

“Amidst a ton of comments, I’ve seen some somber interrogations about security,” he wrote. “IMO (in my opinion) what is described herein does not pose new security problems per se; after all MSRs and Control Registers aren’t accessible except from ring zero. Nor are the Host’s CRs and MSRs accessible from a properly designed Virtual machine. I doubt the newly disclosed features will open security risks that were not already present due to poor OS and/or virtualisation systems designs.”

AMD did not respond to eWEEK Europe’s request for information at the time of writing.

The chip vendor recently put aside its rivalry with Intel and joined the chip giant and Nokia, when it signed up to the Linux Foundation’s MeeGo open source project – the operating system Nokia and Intel are looking to use to compete against the Apple  iPhone and Android-running handsets.

AMD and Intel had previously been locked in a number of lawsuits, but reached an agreement in November last year to settle the antitrust claims AMD had levelled against Intel.

Article Update:

AMD responsed to eWEEK Europe UK with an email statement…

“This type of undocumented (not secret) registers are common practice and are shared with our customers. In many of our newer products, in fact, they are unlocked and available,” AMD said. “There is no security concern posed by accessing these registers, and they do not enable hacking or reverse engineering of AMD processors.”

“The registers in question are internal registers used by AMD during the development and testing stages of our processors,” it added. ” They are intended for use by AMD engineers only to help deliver higher quality products to the market more quickly. The exact functionality and application of password protections may vary between models, so AMD has chosen to not make access to these registers a supported feature.”