Could the Intel Foreshadow Bug Break 4K Hardware DRM? [Updated]
Update: We’ve heard from Intel on this issue. A company spokesperson states: “Mitigations that address this [the L1 Terminal Fault bug, aka Foreshadow] have already been made available – which also address the attestation scenario. The best thing for people to do is simply to keep their systems up to date. Once systems are updated, we expect the risk to most consumers and enterprise users will be low.”
Original Story Below:
Earlier this week, news broke that a set of three vulnerabilities — collectively referred to as Foreshadow — have been found in Intel microprocessors. These vulnerabilities specifically impact Intel’s implementation of a security feature known as Software Guard Extensions, a technology Intel developed to run hardened, protected code even in cases where the underlying operating system or hardware might not be secure. But just how far does the flaw extend, and what kind of practical use can it be put to?
The Register recently spoke to one of the flaw’s discoverers, Dr. Yuval Yarom, who minced no words in his evaluation. One of the hallmarks of Foreshadow is that it can be used to falsify attestation information, which is to say, SGX can appear to attest that code is valid and unchanged while said code is anything but. Without the ability to verify that the code in question is actually the code that’s running, Dr. Yarom says, “The whole trust model collapses.”
“The main promise of SGX is that you can write code, and ship it to someone you do not fully trust,” Dr. Yarom told the Register. “That person will run the code inside SGX on their machine, and you can see that whatever they run there is protected, because you know… they haven’t modified your code, they haven’t accessed the data that your code used.”
One specific example Yarom gave of an example application that could be harmed by this flaw is a video player that used SGX to implement its DRM mechanism. The player obviously isn’t intended to allow for the video stream to be copied, but if you can muck with the SGX attestation, you can alter the player to claim that its stream is properly protected when it isn’t. In theory, this sounds like precisely the kind of break that PC pirates might exploit to break Microsoft’s PlayReady 3.0, the 4K content protection that (still) makes Netflix playback require a lot of jumping through hoops, including the use of specific browsers (Microsoft Edge) and compatible hardware (recent AMD APUs, or Kaby Lake-and-later CPUs). But it’s not at all clear if this flaw will actually enable that kind of activity. Intel’s documentation makes it absolutely clear that SGX can be used for DRM, but it’s not evident that PlayReady 3.0 actually uses it.
Microsoft’s publicly available documentation is filled with references to Trusted Execution Environments (TEEs) and the need to have hardware DRM protection baked in at the physical level in order to certify a device for SL3000 feature levels (and that’s the relevant target, as near as I can tell). Older levels, like SL2000, are software based.
SGX was technically introduced with Skylake, not Kaby Lake, and Netflix 4K playback requires the latter. This could be read to imply that whatever DRM solution MS relies on, it isn’t explicitly tied to SGX. On the other hand, however, other reports have suggested that while Skylake CPUs deployed SGX, the firmware and software that shipped with Skylake systems wasn’t necessarily capable of enabling the feature. If Intel made supporting the full capabilities of SGX out of the box mandatory only with Kaby Lake it might explain why Microsoft didn’t support the feature until 7th Generation CPUs.
On the other hand, we know that Nvidia and AMD have both added support for 4K playback over both CPUs and GPUs, which strongly implies that Microsoft’s Trusted Execution Environments are designed to be flexible rather than demanding only one vendor’s hardware implementation. And given that Intel is already distributing microcode updates to fix this bug (or at least, major parts of it), it’s not clear if there’s a meaningful risk in the first place. The window of opportunity for attacks like this to impact mainstream video streaming services could ultimately be small to nonexistent. Like Meltdown and Spectre, this bug isn’t going to principally hit consumers but cloud service providers and enterprises. So far, Intel’s data center revenue has weathered this barrage of bad news unscathed — there are some who think the problems have created opportunities for future Intel products and accelerated upgrade cycles.
Continue reading
SpaceX Successfully Launches Falcon Heavy Rocket, Sends Car Into Space [Update]
SpaceX successfully launched the rocket from Cape Canaveral today, Feb. 6, 2018. On board the rocket is Elon Musk's personal Tesla Roadster, which makes it the first car in space.
Huawei Had Fans Leave Over 100 Fake Reviews for the Mate 10 Pro [Update]
In a misguided attempt to hype up the phone before launch, Huawei appears to have solicited fake reviews on the Best Buy pre-order page in a foolishly transparent way.
Security Certificate Issues Disable All Oculus Rifts [Updated]
If your Oculus Rift headset is temporarily malfunctioning, don't fret. A solution is on the way and a quick date change can get you back on your feet until then.
China’s First Space Station Has Broken Up, Landed in Pacific Ocean [Update]
As predicted, the Chinese space station hit the atmosphere over the weekend. Specifically, Tiangong-1 reentered the atmosphere at 8:16 PM EDT Sunday, April 1.