Update: We’ve heard from Intel on this issue. A company spokesperson states: “Mitigations that address this [the L1 Terminal Fault bug, aka Foreshadow] have already been made available – which also address the attestation scenario. The best thing for people to do is simply to keep their systems up to date. Once systems are updated, we expect the risk to most consumers and enterprise users will be low.”
Original Story Below:
Earlier this week, news broke that a set of three vulnerabilities — collectively referred to as Foreshadow — have been found in Intel microprocessors. These vulnerabilities specifically impact Intel’s implementation of a security feature known as Software Guard Extensions, a technology Intel developed to run hardened, protected code even in cases where the underlying operating system or hardware might not be secure. But just how far does the flaw extend, and what kind of practical use can it be put to?
The Register recently spoke to one of the flaw’s discoverers, Dr. Yuval Yarom, who minced no words in his evaluation. One of the hallmarks of Foreshadow is that it can be used to falsify attestation information, which is to say, SGX can appear to attest that code is valid and unchanged while said code is anything but. Without the ability to verify that the code in question is actually the code that’s running, Dr. Yarom says, “The whole trust model collapses.”
“The main promise of SGX is that you can write code, and ship it to someone you do not fully trust,” Dr. Yarom told the Register. “That person will run the code inside SGX on their machine, and you can see that whatever they run there is protected, because you know… they haven’t modified your code, they haven’t accessed the data that your code used.”
One specific example Yarom gave of an example application that could be harmed by this flaw is a video player that used SGX to implement its DRM mechanism. The player obviously isn’t intended to allow for the video stream to be copied, but if you can muck with the SGX attestation, you can alter the player to claim that its stream is properly protected when it isn’t. In theory, this sounds like precisely the kind of break that PC pirates might exploit to break Microsoft’s PlayReady 3.0, the 4K content protection that (still) makes Netflix playback require a lot of jumping through hoops, including the use of specific browsers (Microsoft Edge) and compatible hardware (recent AMD APUs, or Kaby Lake-and-later CPUs). But it’s not at all clear if this flaw will actually enable that kind of activity. Intel’s documentation makes it absolutely clear that SGX can be used for DRM, but it’s not evident that PlayReady 3.0 actually uses it.
Microsoft’s publicly available documentation is filled with references to Trusted Execution Environments (TEEs) and the need to have hardware DRM protection baked in at the physical level in order to certify a device for SL3000 feature levels (and that’s the relevant target, as near as I can tell). Older levels, like SL2000, are software based.
SGX was technically introduced with Skylake, not Kaby Lake, and Netflix 4K playback requires the latter. This could be read to imply that whatever DRM solution MS relies on, it isn’t explicitly tied to SGX. On the other hand, however, other reports have suggested that while Skylake CPUs deployed SGX, the firmware and software that shipped with Skylake systems wasn’t necessarily capable of enabling the feature. If Intel made supporting the full capabilities of SGX out of the box mandatory only with Kaby Lake it might explain why Microsoft didn’t support the feature until 7th Generation CPUs.
On the other hand, we know that Nvidia and AMD have both added support for 4K playback over both CPUs and GPUs, which strongly implies that Microsoft’s Trusted Execution Environments are designed to be flexible rather than demanding only one vendor’s hardware implementation. And given that Intel is already distributing microcode updates to fix this bug (or at least, major parts of it), it’s not clear if there’s a meaningful risk in the first place. The window of opportunity for attacks like this to impact mainstream video streaming services could ultimately be small to nonexistent. Like Meltdown and Spectre, this bug isn’t going to principally hit consumers but cloud service providers and enterprises. So far, Intel’s data center revenue has weathered this barrage of bad news unscathed — there are some who think the problems have created opportunities for future Intel products and accelerated upgrade cycles.
Intel Launches AMD Radeon-Powered CPUs
Intel's new Radeon+Kaby Lake hybrid CPUs are headed for store shelves. Here's how the SKUs break down and what you need to know.
AMD Slashes Ryzen CPU Prices to Take On Intel’s Coffee Lake
AMD is slashing Ryzen prices in response to Intel's Coffee Lake launch. If you've been eyeing a new AMD CPU, this might be the time to buy it.
Intel Unveils ‘Breakthrough’ Quantum Computer
Intel has announced a new milestone in quantum computing, with 49 qubits now available. That's a huge step forward for the company compared with the 17-qubit system it showed just months ago.
Rivet Launches Blazing Fast, Intel-Based Killer Wireless-AC 1550 Chip, New Xbox Router
Rivet Networks has launched a new Wi-Fi chip based on an Intel solution, as well as a new, Xbox One-optimized router debuting this spring.