*Sorry it’s NOT enough.* Don’t worry I trust Intel for changing Intel
CPUs; I trust AMD for changing AMD CPUs, etc. NO problem with that! - But
SIMPLYFYED:
How can Firefox 57.0.4 change the Intel CPU/MMU - Microcode if such
change need a secret code signature and don’t know anything secured
from my CPU?
If a Browser-SW can change it (I hope this SW is running in
user-mode), a "tarned Hacker-SW" can change it to !!!
I do not know where you got the impression that this is possible. As it
isn't.
The Meltdown and Specter vulnerabilities have nothing whatsoever to do
with putting "hacked microcode" or something like that on the CPU. I
suggest you read up on how these vulnerabilities actually work before
posting messages such as this or for that matter look up what exactly
microcode IS as it seems you have a bit of a misconception about the
nature of it.
In essence they use features that are already in the CPU in a way that
allows them to gain knowledge of privileged information. They don't put
anything malicious onto the CPU especially not something that would
"stay there", "hacker software", "malware" or anything of the sort. They
use normal operation features of modern CPUs in order to defeat higher
level protection mechanisms.
*For me this is NOT a trustful way for such an important change and
need to be addressed very seriously to the HW manufactories.*
*If your org can help for this, it’s great.*
Sooo installing updates onto your system by downloading them is also not
a trustful way for updates to arrive? You want to chisel those onto your
harddrive manually? On Windows I think every user has the right to
install updates even ... which makes sense in a way.
I do not really get what your issue is. As long as you trust that a
signature for an update is not compromised you should be fine installing
that signed update ( as long as you trust updates in general ).
Your main problem really seems to be a misconception about the way these
vulnerabilities work and what exactly exploiting them entails.
