Re: Downgrade attack?
How are you verifying that the microcode zero days were not on the machine before you acquired it?
Donkeys years ago I worked in a company that made mission critical hardware. We used a checksum on the software/firmware code at compilation time.
The checksum values were stored on hard copy (paper) and elsewhere, corrections to any errors were signed (on the sheet of paper). An altered entry with no signature was deemed invalid : that software release was checked against the version controlled code library.
The binaries generated were then stored on a server and loaded onto the EPROM devices as required.
When programmed the EPROM was interrogated to verify that the checksum was correct. Verification was against the paper copy checksum.
The devices were not connected to any external networks and could not be interfered with (exception : physical modification).
There has to be a point where trust can be established. If not what remains is the belief that the manufacturers are deliberately compromising their firmware.
The weak point is the initial compilation, mitigated with a code comparison by a third party.