This sounds weird. I was in the impression that operating systems load updated cpu microcode at every boot, because it does not survive a power cycle, and because the one embedded in the BIOS/UEFI firmware is very often outdated. But then how exactly can a virus persist itself for practically forever?
The OS can’t get to the point of loading cpu microcode without that outdated, embedded microcode. The reason it can persist is because there aren’t a lot of good ways to see what that UEFI microcode actually is once it’s installed. Plus, only the UEFI tells you that it has successfully updated itself. There is no other more authoritative system to verify that against. So the virus could just lie and say it’s gone and you would never know. Hence needing to treat it as the worst case scenario, that it never leaves.
This sounds weird. I was in the impression that operating systems load updated cpu microcode at every boot, because it does not survive a power cycle, and because the one embedded in the BIOS/UEFI firmware is very often outdated. But then how exactly can a virus persist itself for practically forever?
The OS can’t get to the point of loading cpu microcode without that outdated, embedded microcode. The reason it can persist is because there aren’t a lot of good ways to see what that UEFI microcode actually is once it’s installed. Plus, only the UEFI tells you that it has successfully updated itself. There is no other more authoritative system to verify that against. So the virus could just lie and say it’s gone and you would never know. Hence needing to treat it as the worst case scenario, that it never leaves.