Yet another bad sounding Intel processor security vulnerability is released and this could be big again. Little over two years ago I wrote about Meltdown and Spectre, and posted links to some following vulnerabilities.
Now an article Intel x86 Root of Trust: loss of trust from Positive Technologies details a new vulnerability. Researchers at enterprise security firm Positive Technologies discovered that this vulnerability could allow hackers to compromise platform encryption keys and steal sensitive information, adding the “unfixable vulnerability in Intel chipsets threatens users and content rightsholders.”
It seems that this vulnerability could jeopardized very many things Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms.. destroys the chain of trust for the platform as a whole. The scenario that Intel system architects, engineers, and security specialists perhaps feared most is now a reality. A vulnerability has been found in the ROM of the Intel Converged Security and Management Engine (CSME). This is bad because Intel CSME is responsible for initial authentication of Intel-based systems by loading and verifying all other firmware for modern platforms. For instance, Intel CSME interacts with CPU microcode to authenticate UEFI BIOS firmware using BootGuard. Intel CSME also loads and verifies the firmware of the Power Management Controller responsible for supplying power to Intel chipset components.
A new vulnerability has been discovered in Intel CPU chipsets, purportedly unfixable, which could threaten
enterprise users and content rights holders across the globe using chipsets released in the last five
The exploit targets already known vulnerabilities in the Intel Converged Security and Management Engine,
which is responsible for the initial authentication of Intel-based systems by loading and verifying all
other firmware for modern platforms.
A vulnerability has been found in the ROM of the Intel Converged Security and Management Engine (CSME). This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms. The problem is not only that it is impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets. The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.
Unfortunately, no security system is perfect. Like all security architectures, Intel’s had a weakness: the boot ROM, in this case. An early-stage vulnerability in ROM enables control over reading of the Chipset Key and generation of all other encryption keys.
The vulnerability discovered by Positive Technologies affects the Intel CSME boot ROM on all Intel chipsets and SoCs available today other than Ice Point (Generation 10). The vulnerability allows extracting the Chipset Key and manipulating part of the hardware key and the process of its generation. However, currently it is not possible to obtain that key’s hardware component (which is hard-coded in the SKS) directly. The vulnerability also sets the stage for arbitrary code execution with zero-level privileges in Intel CSME.
Sounds pretty bad. Arbitrary code execution with zero-level privileges is bad. Getting chipset keys used for firmware verification is also not good news (fuel for all kinds of nasty future hacks).
New Intel CSME CPU Bug is ‘Unfixable’ Security Vulnerability Affecting Chipsets Released Over Last Five Years. Zdnet article Intel CSME bug is worse than previously thought says Researchers say a full patch requires replacing hardware. Only the latest Intel 10th generation CPUs are not affected.
Intel has confirmed that it is aware of the discovery in its CSME and that it affects most Intel chipsets
released in the last five years—other than Ice Point (Generation 10). They have posted advisory paper Intel® Converged Security and Management Engine, Intel® Server Platform Services, Intel® Trusted Execution Engine, and Intel® Active Management Technology Advisory (Intel-SA-00213)
According to descriptions the vulnerability is present in both hardware and the firmware of the boot ROM. According to descriptions there seems to be a time period when SRAM is susceptible to external DMA writes (from DMA to CSME, not to the processor main memory). Any platform device capable of performing DMA to Intel CSME static memory and resetting Intel CSME (or simply waiting for Intel CSME to come out of sleep mode) can modify system tables for Intel CSME pages, thereby seizing execution flow. So if yo are technically capable and has physical access to the computer, you could pull off some interesting tricks with this. Unscrupulous suppliers, contractors, or even employees with physical access to the computer can get hold of the key.