The mitigations for Spectre highlighted a weak link in the patching process for many users: firmware (un)availability. While updated microcode was made publicly available for many processors, end-users are unable to directly consume it. Instead, platform and operating system vendors need to distribute firmware and kernel patches which include the new microcode. Inconsistent support from those vendors has left millions of users without a way to consume these critical security updates, until now. Micro-Renovator provides the ability to apply microcode updates without modifying either platform firmware or the operating system, through simple (and reversible) modifications to the EFI boot partition.
Matt is a security geek responsible for ensuring platform and firmware trust at a cloud service provider, and dedicates an inordinate amount of time to updating firmware as a result. He has pen tested a broad range of systems as a product security validation lead at a prominent processor vendor, and has a history of rendering all manner of computing devices inoperable.