Zen and the Art of Microcode Hacking (Google Bug Hunters)

The Google Bug Hunters blog has a
detailed description of how a vulnerability in AMD's microcode-patching
functionality was discovered and exploited; the authors have also released
a set of tools to assist with this kind of research in the future.

Secure hash functions are designed in such a way that there is no
secret key, and there is no way to use knowledge of the
intermediate state in order to generate a collision. However, CMAC
was not designed as a hash function, and therefore it is a weak
hash function against an adversary who has the key. Remember that
every AMD Zen CPU has to have the same AES-CMAC key in order to
successfully calculate the hash of the AMD public key and the
microcode patch contents. Therefore, the key only needs to be
revealed from a single CPU in order to compromise all other CPUs
using the same key. This opens up the potential for hardware
attacks (e.g., reading the key from ROM with a scanning electron
microscope), side-channel attacks (e.g., using Correlation Power
Analysis to leak the key during validation), or other software or
hardware attacks that can somehow reveal the key. In summary, it is
a safe assumption that such a key will not remain secret forever.