How HaiGuang’s Self‑Developed Security Tech Neutralizes CVE‑2024‑56161 in AMD‑Like CPUs

In the past few days CVE‑2024‑56161, a security flaw affecting AMD Zen 1‑to‑Zen 4 series CPUs, has resurfaced after Google’s security team highlighted it, drawing intense interest from the hardware‑security community.

The vulnerability stems from the microcode update process. AMD chose AES‑CMAC as the hash function, which does not provide the collision‑resistance required for secure hashing. Consequently, an attacker can craft distinct inputs that produce identical hash outputs, allowing forged signatures on microcode updates.

Chinese chip designer HaiGuang, the only domestic vendor that has obtained the Zen 1 micro‑architecture and full x86 source code, responded by implementing a completely self‑developed security stack. The company redesigned firmware verification and integrated dedicated firmware‑signing, decryption, and chip‑signing keys directly into the processor, ensuring those keys remain undisclosed throughout manufacturing and operation.

Specifically, HaiGuang’s CPUs employ on‑chip secure keys to enable a secure‑boot flow that blocks any unauthorized firmware from executing. A tightly controlled key‑injection and management process guarantees that keys stay confidential during programming and runtime, eliminating the root cause of signature forgery.

This architecture not only mitigates CVE‑2024‑56161 but also provides native chip‑level security. Because HaiGuang has independently created its own secure instruction set, it claims inherent immunity to many vulnerabilities that commonly affect x86 and ARM designs.

Earlier HaiGuang generations exhibited occasional bugs—for example, devices using deep‑sleep mode could crash after roughly 1,044 days of continuous operation. Those issues were addressed through firmware updates. The latest C86‑4G silicon, however, appears naturally immune to those problems and to many AMD‑specific bugs, demonstrating the effectiveness of its security‑first design.

Overall, HaiGuang’s approach validates the strategic value of domestic CPU development: by leveraging full instruction‑set ownership and a self‑contained security chain, the company not only avoids repeating past mistakes but also sets a higher baseline for hardware‑level vulnerability defense.