It is NOT in the firmware, it is in the timing diagrams.
The Problem is that things like semaphores does not work - things are apparently not just 0 or 1 and if two processor read the same memory location they may get different result - because a third process modified the content while it was read. There is a general misunderstanding about the issue. The CPUs will access RAM one, two, 4, 8 or 16 bytes at a time. But some instructions: memset fires off and sets the memory. To allow the "memset"to run at full speed, this is set to use cycles in the memory "between the other cycles" - ïmnterleaved".. The Intel instruction set is ïnefficient"and needs typically 5 "nano-cycles". So one for the CPU, or actually the cache, and then 4 for memory operations, DMA and Video. The typical way you detect this is that the boot loader does not "sense"devices that report in in the Cycles 2 to 4 - for DMA. They just set a flag / signal that is trapped and raise an IRQ that can be identified by its mask.I don't care, the Truth never hurts - but the notion of being "malicious"is just silly. You need access to the hardware to use this. To reboot means to make the device "dead"at some point. Nothing survives except what has been stored away. The malignant nature of this is the belief it creates to supports consultants or priests of some new religion: Computer Security. Nothing of what they have proposed stops me from writing code that exploit"this in a DMA transfer of the entire memory to some other device in units of 4K blocks. Pull the plug - and it is NOT there - gone.