'Unfixable' boot ROM security flaw in millions of Intel chips found

[wraith808]

'Unfixable' boot ROM security flaw in millions of Intel chips could spell 'utter chaos' for DRM, file encryption, etc
from The Register

The short version here:

A new vulnerability has been discovered in Intel's Converged Security and Manageability Engine (CSME), the embedded system that oversees management of Intel system chipsets (not processors, this time). The vulnerability is a DMA race that potentially allows hostile code to overwrite memory in the embedded management engine before the management engine enables memory protection on its own memory space. Key to the vulnerability is the fact that this memory protection is disabled by default until and unless the management engine enables it — i.e, it is unsafe by default, and fails unsafe.

During that timing gap, other hardware – physically attached or present on the motherboard – that is able to fire off a DMA transfer into the CSME's private RAM may do so, overwriting variables and pointers and hijacking its execution. At that point, the CSME can be commandeered for malicious purposes, all out of view of the software running above it.

The vulnerability is exploitable whenever the chipset is starting up. The chipset is vulnerable from the time the CSME boot ROM first initializes the memory page direvctory, up until the IOMMU (Input/Output Memory Management Unit) is turned on. Critically, this occurs not only at system boot time, but every time the CSME or the IOMMU resets.

What this means is that every time the CSME comes out of sleep mode, or any time the CSME is reset, it is briefly vulnerable to attack.

The CSME provides, among other things, something called Enhanced Privacy ID, or EPID. This is used for things like providing anti-piracy DRM protections, and Internet-of-Things attestation. The engine also provides TPM functions, which allow applications and operating system software to securely store and manage digital keys for things like file-system encryption. At the heart of this cryptography is a Chipset Key that is encrypted by another key baked into the silicon, and you can't do too much damage, it seems, until you can decrypt the Chipset Key.

If someone manages to extract that hardware key, though, they can unlock the Chipset Key, and, with code execution within the CSME, they can undo Intel's root of trust on large swathes of products at once, we're told.

"To fully compromise EPID, hackers would need to extract the hardware key used to encrypt the Chipset Key, which resides in Secure Key Storage (SKS)," explained Positive's Mark Ermolov.

"However, this key is not platform-specific. A single key is used for an entire generation of Intel chipsets. And since the ROM vulnerability allows seizing control of code execution before the hardware key generation mechanism in the SKS is locked, and the ROM vulnerability cannot be fixed, we believe that extracting this key is only a matter of time.

"When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted."

[Shades]

Similar attacks were already possible by freezing the RAM modules and read these out on a unprotected computer to completely break open the security features from the first CPU. That method had a high failure rate and a lot of hardware/software complexity.

But now it is possible to do the same attack without resorting to all those physical tricks, only leaving the software complexity, which is very likely reduced to almost no software complexity once a few smart people write an efficient routine for it.

Apparently there is very little to expect from Intel regarding security in their i3/i5/i7 series of processors of the last 10 years.

[tomos]

So, I guess one should avoid Intel if currently buying...