I only skimmed through, but... was there no crypto that needed to be broken in order to hack microcode?

From the paper

> Our analysis focuses on the AMD K8/K10 microarchitecture since these CPUs do not use cryptographic signatures to verify the integrity and authenticity of microcode updates. Note that Intel started to cryptographically sign microcode updates in 1995 [15] and AMD started to deploy strong cryptographic protection in 2011 [15]. We assume that the underlying microcode update mechanism is similar, but cannot analyze the microcode updates since we cannot decrypt them.

So basically they found a way to change microcode in ten-year-old processors... though, it's still impressive.

Given the current state of PC market, there are plenty of those processors around.

I was kind of disappointed this wasn't on a modern processor. Finding a way to hack microcode updates on a modern Intel CPU would be HUGE, both as an attack vector, and because the Intel ME unit is a binary black box that prevents any modern Intel CPU from being completely security audited.

It's signed.

It's very inspiring that the systems responsible for running civilization are corporate secrets.

Inspiring isn't exactly the word I would choose.

It does convey about the intended amount of sarcasm though.

This seems like a really complex addition to the hardware. My first thought was that when process scaling fails and IF instruction sets stabilize more, they may be able to remove this flexibility and gain some power/area/speed benefits. My second thought was - maybe Intel already does that when a CPU has been out a while, they could bake the microcode more firmly into gates after it's been out a while.

impressive