Intel architecture ia-32 User Manual

9-48 Vol. 3A

The IA32_BIOS_SIGN_ID register is used to report the microcode update signature when
CPUID executes. The signature is returned in the upper DWORD (Table 9-11).

An update may be authenticated by the BIOS using the signature primitive, described above, and
the algorithm in Example 9-10.

Z 

← Obtain Update Revision from the Update Header to be authenticated;

X 

← Obtain Current Update Signature from MSR 8BH;

If (Z > X)

{

Load Update that is to be authenticated;

Y 

← Obtain New Signature from MSR 8BH;

If (Z == Y)

Success

Else

Fail

}

Else

Fail

Example 9-10 requires that the BIOS only authenticate updates that contain a numerically larger
revision than the currently loaded revision, where Current Signature (X) < New Update Revi-
sion (Z). A processor with no loaded update is considered to have a revision equal to zero.

This authentication procedure relies upon the decoding provided by the processor to verify an
update from a potentially hostile source.  As an example, this mechanism in conjunction with
other safeguards provides security for dynamically incorporating field updates into the BIOS.

63:32

Microcode update signature. This field contains the signature of the currently loaded 
microcode update when read following the execution of the CPUID instruction, function 1. It is 
required that this register field be pre-loaded with zero prior to executing the CPUID, 
function 1. If the field remains equal to zero, then there is no microcode update loaded. 
Another non-zero value will be the signature.

31:0

Reserved.