Olivia
Online
Mark Ermolov
@_markel___
I research security of Intel platforms. I don't work for Intel
Москва, Россия
Joined September 2014
131 Following
12.1K Followers
1.6K Posts
Pinned Tweet
@marcrygamerbr In C-states CPU doesn't execute anything, in C6 it's even power gated, but C6SRAM is accessible via LDAT. Usb2dbc can debug all IPs until DCI isn't turned off (Sx/S0ix)
I found the description of Intel Core CPUs hardware straps and the way to override them using JTAG (without any physical rework)
@cortexauth No, this's from a laptop Service Manual
Who to follow
Xeno Kovah
@XenoKovah
Interested in reverse engineering, firmware, bluetooth, trusted computing, and training. Founder of OpenSecurityTraining2 https://t.co/slK2fsMRwU
Brandon Falk
@gamozolabs
I find and exploit 0day, develop OSes, hypervisors and emulators, design massively parallel data structures and code, and do precision machining! Optimization❤️
quarkslab
@quarkslab
Securing every bit of your data
https://t.co/hqdd8jMkYM
https://t.co/GOXPtukIXE
@marcrygamerbr Usb2dbc debug cable is enough. I made it myself (removing VCC from standard USB2 A to A cable)
Next are the most interesting:
EAR - CPU bringup stall in PCU fw
PHYSICAL_DEBUG_ENABLED - sets CONSET in DFX AGG
CFG_UNLOCK - activates NOA (Node Observation Architecture) bus in DFX Green
SAFE_MODE_BOOT - disables active state power management
@mayorhardin Until recently, all such NDA-ed info was a real secret, but now AI collects everything (open source code, LinkedIn, doc storages), all where sometimes private info leaks
In the era of AI, Intel will find it very difficult to hide its secrets...
What a huge field to research: rdmsr microcode for desktop CPUs speculates that CREGPLA (data struct describing each MSR, hardcoded in HW and obtained via MSR2CR uop) entry is valid!
Below is a fragment of CNL microcode simulation via Archsim tool for rdmsr instruction:
@Sparkys_Adv This is exactly for Rocket Lake (which is 14nm backport of Tiger Lake)...
Ha-ha, Intel implemented a super protection😀 in the new CPUs (TGL+): pcode/ucode throws #MC (Machine Check) exception if DAM (Delayed Authentication Mode) is enabled and UEFI/BIOS signals BIOS Reset Complete...
🔥 Read the new article by our researcher Timofey Duditsky.
The write-up dives into the AMD Platform Configuration Blobs mechanism, shows how it works, and reveals the vulnerability CVE-2025-54502.
https://t.co/DQHz8M5bRN
AMD has published Security Bulletin AMD-SB-7054 with my vulnerability CVE-2025-54502. There has been no feedback on my research (as well as my mention), so I will publish my work as it is and as soon as possible.
@Gyzome Yes, all standard JTAG IRs (SAMPLE, PRELOAD and others) are supported at CLTAP, BSDL also exists for each CPU/PCH/SOC but unfortunatelly it's not public
Metal Unlock JTAG password for one of very old Atoms...
@AbeiV No, we use Intel DCI CCA/DbC with Intel System Studio. There's very limited number of information available in public on the subject. All necessary info is under NDA...
@GabrielKerneis There's also a difference in the keys generation: GWK is created by simply xor from HW and FW 16- byte constants, while for FEK the hardware shuffle of 48 bytes embedded in HW and 16 bytes from FW is used
Intel SGX has fallen! Its most important key is in our hands: we extracted the Global Wrapping Key from an instance of the Intel Gemini Lake platform
@GabrielKerneis As you can see from the phyton code, GWK is used to encrypt Fuse Key 0 (hence the "wrapping" in the name), while FEK decrypts Security Fuses for CSME
@c_sharp_gr Thanks. For SGX it doesn't matter how, only the key matters...
@samlafer https://t.co/n8GCeM0zZ3 compromized the derived key, not the RoT
Yes, Intel has declared this first SGX implementation as obsolete and unsupported, but its fundamental break means that the HW Root of Trust approach is not unshakable. The full white paper is coming...
This is made possible by executing arbitrary microcode on the DFX-locked system. And although this was a truly challenging task, we were able to do it after researching in details the interaction between PMC and PUNIT
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers