intel hopefully fucked
coderman
coderman at protonmail.com
Mon Mar 9 15:33:41 PDT 2020
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, March 9, 2020 8:20 PM, Punk-Stasi 2.0 <punks at tfwno.gf> wrote:
>
> I'm sending this again because it seems kinda on-topic (as opposed to say, the flu hysteria, 'womens day' and similar garbage)
>
> http://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html
>
> It's not clear to me how the exploit is supposed to work, ...
>
> So, what's going on?
i'll break this into two parts. the scope, and the details.
regarding scope:
- "The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole."
this means that the security boundary of root(s) of trust get violated through exploitation of this vulnerability. a fatal error, from an integrity perspective...
how do these roots get r00ted?
- "Intel's security is designed so that even arbitrary code execution in any Intel CSME firmware module would not jeopardize the root cryptographic key (Chipset Key), but only the specific functions of that particular module."
one root / trust anchor here, the Chipset Key. being able to manipulate this key is equivalent to having the private key, to sign malicious code in CSME context. so while the system is designed to robustly protect the Chipset Key, exploitation in early ROM compromises this Chipset Key root of trust.
- "Unfortunately, no security system is perfect. Like all security architectures, Intel's had a weakness: the boot ROM, in this case. An early-stage vulnerability in ROM enables control over reading of the Chipset Key and generation of all other encryption keys."
yup, early exploit in boot ROM lets you control Chipset key, and by extension, all of the other keys generated from this compromised root of trust, including Soft TPM keys, content protection keys, etc.
- "One of these keys is for the Integrity Control Value Blob (ICVB). With this key, attackers can forge the code of any Intel CSME firmware module in a way that authenticity checks cannot detect. This is functionally equivalent to a breach of the private key for the Intel CSME firmware digital signature, but limited to a specific platform."
what is meant by limited to a specific platform, is that this exploit is low level and platform specific. to attack another platform, you'd need to adjust exploit accordingly. they don't state what other platforms, if any, they've successfully exploited via this same vulnerability.
- "We will provide more technical details in a full-length white paper to be published soon."
will be fun to see :)
best regards,
More information about the cypherpunks
mailing list