leap123

@leap123

he/him

leap123 @leap1234/14/2023, 10:40 AM

gravis again @cathoderaydude

Techokami @techokami4/12/2023, 1:37 AM

Microcode, and How Modern CPUs Are Impostors

Recently, Gravis made one hell of a dive into the horrible abuse of the BIOS to make a bootleg hypervisor, and then went even deeper to find truly cursed usage of forbidden processor features. User DecayWTF had a few things to add to this, and I wanted to add on further, but... well, I didn't want to hijack the thread. I've been putting this off for far too long, and now I'm going to finally get around to doing something I said I was going to do a few months ago.

Welcome to the first installment of my article series called "Education Yourself". This series aims to highlight the weird, failed, obscure, and interesting aspects of computing and technology history, usually in an entertaining tone with a short-ish length. I might go kind of fast, but I do hope that you get a kick out of this, and learn something new along the way. So sit back, relax, and prepare to be horrified when I tell you that your modern Intel or AMD x86-64 CPU... is not x86-64.

EDUCATION

YOURSELF

Episode 001

Part 1: How CPUs Actually Compute

So let's start with the very beginning. When a CPU is given an instruction to do something, that instruction first has to be decoded. Traditionally, this is done with hard-wired logic circuits within the CPU, using the opcode to select what the instruction is. But as CPUs grew more complex, they needed more and more logic gates to handle all the instructions. To solve this, CPU designers instead created a much simpler CPU core that only had a limited amount of instructions - the bare minimum needed - and then created a lookup table within a chunk of read-only memory within the CPU die that mapped the more complex instructions to a series of the limited internal instructions. This lookup table is what is known as microcode, and it allows for programs to be smaller and use the more complex instructions, at the tradeoff of having the translation from microcode to the internal instructions add extra overhead to processing time. There is a class of CPU called RISC that cuts out the middleman and makes people directly code on the limited internal instructions only, making programs larger but overall faster.

Using a microcode model for a CPU can make it very, very flexible. The Motorola 68000 uses such a model and can demonstrate this quite well. For starters, when issues arise, they can be fixed by simply modifying the mask ROM that contains the microcode, rather than redesign the entire CPU itself. The 68010 is such a revision, which fixes a problem with a certain MOVE operation not being properly protected, and adding a new MOVE instruction that is similar to the aformentioned operation, but correctly limited in its scope. This properly allows the processor to handle virtual memory correctly. Another upside is that the CPU can be completely reconfigured into a new purpose by simply replacing the microcode. IBM created the Personal Computer XT/370 in 1983, which used a pair of 68000 CPUs with replaced microcode to become a tiny embedded S/370 computer system!

Unfortunately, such a design is only as strong as its underlying internal core. The PowerPC was able to supplant the 68000 by emulating it faster than what the real hardware ran at. Which brings us to the next part of the story...

Part 2: AMD RISCs x86

Back in the mid 80s, AMD had one of the more popular RISC-style processors around, the Am29000 series. It was doing quite well, until the mid 90s, when AMD wanted to focus more on the x86 market. Rather than completely scrapping the next iteration of their RISC processor, they decided to use it as the internal core for their new K5 CPU, which implemented the x86 architecture as microcode. This turned out to work very well, creating a fast and robust processor! It's a design model they use even today. When Intel abandoned the Itanium, which is a dumpster fire that deserves its own dedicated piece, they adopted the 64-bit extension to x86 that AMD developed, and also made their own RISC CPU core to execute the instruction set as microcode. Using flash memory, the microcode can even be *updated* without needing to physically make a new chip!

So you're probably wondering, how can these processors be impostors? They're just using a lookup table to execute code on a more effective core. I mean, it's not like you can just bypass that lookup table and directly execute code on the core itself... right? Right?

Part 3: Intel Management Engine and AMD Platform Security Processor

So we've finally circled back to the start of this post. Ever since the 386SL processor, the x86 CPU family has a mode called "System Management Mode" which allows the CPU to basically access and do *anything*, with the original intent being for software-based thermal management. It has been christened "ring -2" since it is above the *hypervisor* (ring -1) and the operating system kernel itself (ring 0). But, it's not protected enough. Even though it supercedes all the other software on the computer, you can still see what it is doing from the *hardware*, given a fast enough logic analyzer to capture the address and data buses.

So how did Intel and AMD make something even more secure? Well... why does the code have to even go through the microcode decoding process?

This led to "ring -3", where the CPU stops pretending to be x86-64. The code is executed from within the CPU itself, bypassing microcode altogether, completely unable to be observed from hardware connections. This is why Intel ME and AMD PSP are considered so scary: we don't know entirely what is going on in here. It is shrouded in secrecy and protected by NDAs signed in blood. But there is a little bit of information we can glean and make educated guesses about.

For the AMD processors, we don't know what the exact code being executed is. However, it SHOULD be safe to say that the core it is running on is a descendant of the Am29000 series. This is the architecture they developed, and it would make sense to keep improving on it rather than take a lot of time, effort, and money to make a completely new architecture from scratch.

For the Intel processors, we don't know what the core itself is; it's some unknown, proprietary RISC design from within Intel. But we do know what the code being run came from. It is based on Minix, an operating system originally developed for educational use that inspired a certain Linus Torvalds to make his own kernel. However, it is a proprietary fork, and we don't know what the hell Intel has done with it.

Spooky shit!

NEXT TIME ON EDUCATION YOURSELF

Better address that dumpster fire... who wants to make smores?

#Education Yourself #Microcode #motorola 68000 #Am29000 #AMD #intel #minix

You must log in to comment.

in reply to @techokami's post:

godspeed you! big animal @niss4/12/2023, 2:00 AM

ooh i wanna know the dirt on itanium!! all i really know about it is "it sucked" and sometimes i try to look it up and find some incredibly dry articles but then i retain approximately nothing

Techokami @techokami4/12/2023, 2:03 AM

Yeah I'll be doing that next. It is so screwed up! Planned title is "How the solution is worse than the problem being solved"

count swagula @clip4/12/2023, 1:38 PM

itanium is probably the funniest cpu architecture so you kinda do gotta hand it to them for that

Gay Eminem on 9/11 @DecayWTF4/12/2023, 3:24 AM

Oh, this is interesting. My understanding was that the PSP ran on an ARM core, there's some documentation floating around to that effect, but this actually makes way more sense...

Techokami @techokami4/12/2023, 8:54 AM

Or the core of AMD's chips is ARM-based... again there is so much secrecy that all I've got to work with is logical deductions and using a modern ARM core would make sense as well 🤔

Yaodema @yaodema4/12/2023, 8:25 PM

probably not, with the way ARM is getting greedy lately and wants to charge licensing fees as a percentage of the product cost on anything its tech is put in. AMD would be better off using their own internal RISC systems, like Intel and GPU manufacturers do; so I think your take that it's a descendant of the Am29000 series is right, here

tertu marybig @tertu4/12/2023, 7:33 PM

my understanding with the ME, at least on intel is it’s not running on the main cpu at all, it’s a coprocessor. Modern high performance ARM CPUs work basically the same as modern high performance x86 CPUs and their microcode doesn’t necessarily resemble any standard instruction set. It’s also worth mentioning that the K5 architecture was a dead end and the K6 and all successors are not derived from it or the Am29000; the K6 design team was from an external company called NexGen that AMD bought.

Techokami @techokami4/12/2023, 10:17 PM

Huh! Didn't know that about Am29000. Intel and AMD tend to not like to talk about their microarchitectures that much (trade secrets and all) but NexGen being pulled in-house to do the new microarches... interesting. Thank you!

tertu marybig @tertu4/13/2023, 1:40 PM

idk about this and this may be misremembering things but I believe the Intel ME is a Quark, that is, basically a separate Pentium core embedded in the processor

Plum @plumpan4/13/2023, 4:20 AM

I was going to ask a question about if the K5 was based on design work done by NexGen before they were bought by AMD, but turns out that was the K6. Glad I didn't post that before looking it up because I was going to look stupid! :-)

Good post.

EDIT: I DIDN'T SEE THE FOLLOW UP POST I WAS A FOOL AFTER ALL

Nire Bryce @NireBryce4/13/2023, 5:42 AM

putting this here so if only the first post was shared, people can see the addendum:

https://cohost.org/techokami/post/1325839-corrections-and-adde

Annie D @ann-arcana4/13/2023, 2:46 PM

this is why you have permission to laugh at C programmers who talk about being "closer to the bare metal"

alex tax1a @atax1a4/17/2023, 11:31 PM

we tell those people "a truly low-level language for modern architectures would let you annotate structures for their preferred tiers of cache occupancy" and watch them implode

@just-one-bear4/14/2023, 12:14 AM

In technology there is a relentless drive for Faster, Better, Cheaper. Of the three we often get to pick only two. Then Intel revealed the Itanium and told the world to pick NONE.

Techokami @techokami4/14/2023, 12:51 AM

oh my GOD I want to use this in the piece

@just-one-bear4/14/2023, 1:17 AM

By all means! :)