Update: We’ve heard from Intel on this issue. A company spokesperson states: “Mitigations that address this [the L1 Terminal Fault bug, aka Foreshadow] have already been made available – which also address the attestation scenario. The best thing for people to do is simply to keep their systems up to date. Once systems are updated, we expect the risk to most consumers and enterprise users will be low.”
Original Story Below:
Earlier this week, news broke that a set of three vulnerabilities — collectively referred to as Foreshadow — have been found in Intel microprocessors. These vulnerabilities specifically impact Intel’s implementation of a security feature known as Software Guard Extensions, a technology Intel developed to run hardened, protected code even in cases where the underlying operating system or hardware might not be secure. But just how far does the flaw extend, and what kind of practical use can it be put to?
The Register recently spoke to one of the flaw’s discoverers, Dr. Yuval Yarom, who minced no words in his evaluation. One of the hallmarks of Foreshadow is that it can be used to falsify attestation information, which is to say, SGX can appear to attest that code is valid and unchanged while said code is anything but. Without the ability to verify that the code in question is actually the code that’s running, Dr. Yarom says, “The whole trust model collapses.”
“The main promise of SGX is that you can write code, and ship it to someone you do not fully trust,” Dr. Yarom told the Register. “That person will run the code inside SGX on their machine, and you can see that whatever they run there is protected, because you know… they haven’t modified your code, they haven’t accessed the data that your code used.”
One specific example Yarom gave of an example application that could be harmed by this flaw is a video player that used SGX to implement its DRM mechanism. The player obviously isn’t intended to allow for the video stream to be copied, but if you can muck with the SGX attestation, you can alter the player to claim that its stream is properly protected when it isn’t. In theory, this sounds like precisely the kind of break that PC pirates might exploit to break Microsoft’s PlayReady 3.0, the 4K content protection that (still) makes Netflix playback require a lot of jumping through hoops, including the use of specific browsers (Microsoft Edge) and compatible hardware (recent AMD APUs, or Kaby Lake-and-later CPUs). But it’s not at all clear if this flaw will actually enable that kind of activity. Intel’s documentation makes it absolutely clear that SGX can be used for DRM, but it’s not evident that PlayReady 3.0 actually uses it.
Microsoft’s publicly available documentation is filled with references to Trusted Execution Environments (TEEs) and the need to have hardware DRM protection baked in at the physical level in order to certify a device for SL3000 feature levels (and that’s the relevant target, as near as I can tell). Older levels, like SL2000, are software based.
SGX was technically introduced with Skylake, not Kaby Lake, and Netflix 4K playback requires the latter. This could be read to imply that whatever DRM solution MS relies on, it isn’t explicitly tied to SGX. On the other hand, however, other reports have suggested that while Skylake CPUs deployed SGX, the firmware and software that shipped with Skylake systems wasn’t necessarily capable of enabling the feature. If Intel made supporting the full capabilities of SGX out of the box mandatory only with Kaby Lake it might explain why Microsoft didn’t support the feature until 7th Generation CPUs.
On the other hand, we know that Nvidia and AMD have both added support for 4K playback over both CPUs and GPUs, which strongly implies that Microsoft’s Trusted Execution Environments are designed to be flexible rather than demanding only one vendor’s hardware implementation. And given that Intel is already distributing microcode updates to fix this bug (or at least, major parts of it), it’s not clear if there’s a meaningful risk in the first place. The window of opportunity for attacks like this to impact mainstream video streaming services could ultimately be small to nonexistent. Like Meltdown and Spectre, this bug isn’t going to principally hit consumers but cloud service providers and enterprises. So far, Intel’s data center revenue has weathered this barrage of bad news unscathed — there are some who think the problems have created opportunities for future Intel products and accelerated upgrade cycles.
NASA: Asteroid Could Still Hit Earth in 2068
This skyscraper-sized asteroid might still hit Earth in 2068, according to a new analysis from the University of Hawaii and NASA’s Jet Propulsion Laboratory.
Review: The Oculus Quest 2 Could Be the Tipping Point for VR Mass Adoption
The Oculus Quest 2 is now available, and it's an improvement over the original in every way that matters. And yet, it's $100 less expensive than the last release. Having spent some time with the Quest 2, I believe we might look back on it as the headset that finally made VR accessible to mainstream consumers.
Why Apple’s M1 Chip Could be a Real Threat to Intel and AMD
Intel's own history suggests it and AMD should take Apple's new M1 SoC very seriously.
Job Ads for AI Could Soon Look Like This. Are You Ready?
Our recent past has shown us that we can develop the type of machines that would soon open up a whole new field of lucrative and fulfilling work.