ACM SIG Arch: Reflections on trusting SGX

Reflections on trusting SGX
by Mark Silberstein
Sep 25, 2018

The security community will remember the year of 2018 as the year of speculative execution attacks. Meltdown and Spectre, the recent Foreshadow (L1TF in Intel’s terminology), and their variants demonstrate how the immense processor design complexity, perpetual drive for higher performance, and subtle hardware-software interactions — all collude to create a major system security earthquake that is shaking the whole industry. Foreshadow stands out in that it wreaks havoc on Intel SGX, Intel’s recent instruction set extension for building trusted execution environments, which has been envisioned as a stronghold of security in future computing systems. In this blog I highlight the important differences between Foreshadow and other speculative execution attacks, and raise a few questions that require much more than just a technical solution.[…]

https://www.sigarch.org/reflections-on-trusting-sgx/

 

Spectre & Meltdown vulnerability/mitigation checker for Linux

A shell script to tell if your system is vulnerable against the several “speculative execution” CVEs that were made public in 2018.

CVE-2017-5753 [bounds check bypass] aka ‘Spectre Variant 1’
CVE-2017-5715 [branch target injection] aka ‘Spectre Variant 2’
CVE-2017-5754 [rogue data cache load] aka ‘Meltdown’ aka ‘Variant 3’
CVE-2018-3640 [rogue system register read] aka ‘Variant 3a’
CVE-2018-3639 [speculative store bypass] aka ‘Variant 4’
CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 [L1 terminal fault] aka ‘Foreshadow & Foreshadow-

https://www.cnx-software.com/2018/08/17/check-spectre-meltdown-l1-terminal-fault-linux/amp/

https://github.com/speed47/spectre-meltdown-checker/

a bit more on Intel-SA-00161 (and microcode license update)

Re: https://firmwaresecurity.com/2018/08/23/a-bit-more-on-intel-sa-00161/

Intel updated their document today, and revised their microcode license:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

https://01.org/mcu-path-license-2018

a bit more on Intel-SA-00161

Re: https://firmwaresecurity.com/2018/08/16/more-on-intel-sa-00161-2/

https://www.linode.com/community/questions/17122/how-is-linode-handling-l1tfforeshadow
https://www.kb.cert.org/vuls/id/982149
https://blogs.oracle.com/oraclesecurity/intel-l1tf
https://docs.cloud.oracle.com/iaas/Content/Security/Reference/L1TF_response.htm
https://docs.cloud.oracle.com/iaas/Content/Security/Reference/L1TF_protectinginstance.htm
https://duo.com/decipher/what-it-needs-to-know-about-foreshadow
https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf.html
https://blog.barkly.com/what-is-l1tf-foreshadow-intel-vulnerability-explained
https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/foreshadow-l1tf-intel-processor-vulnerabilities-what-you-need-to-know
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF

more on Intel-SA-00161

Re: https://firmwaresecurity.com/2018/08/15/intel-sa-00161-l1-terminal-fault-l1tf-speculative-execution-side-channel-attack-foreshadow/

and https://firmwaresecurity.com/2018/08/15/more-on-intel-sa-00161/ :

Update from Intel:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

 

https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html

https://careers.tenable.com/blogs/tenable-blog-548d2213-b14f-4795-a028-c85ba38381df/foreshadow-speculative-execution-attack-targets-intel-sgx

https://www.amd.com/en/corporate/security-updates

https://www.tenable.com/plugins/nessus/111703

https://www.trendmicro.com/vinfo/in/security/news/vulnerabilities-and-exploits/foreshadow-l1tf-intel-processor-vulnerabilities-what-you-need-to-know

 

more on Intel-SA-00161

Re: https://firmwaresecurity.com/2018/08/15/intel-sa-00161-l1-terminal-fault-l1tf-speculative-execution-side-channel-attack-foreshadow/

https://en.wikipedia.org/wiki/Foreshadow_(security_vulnerability)
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3620.html
https://support.microsoft.com/en-us/help/4343909/windows-10-update-kb4343909
https://xenbits.xen.org/xsa/advisory-273.html
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF
https://blogs.oracle.com/oraclesecurity/intel-l1tf
https://cloud.google.com/blog/products/gcp/protecting-against-the-new-l1tf-speculative-vulnerabilities
https://kb.vmware.com/s/article/55636
https://blogs.vmware.com/security/2018/08/new-vmware-security-advisory-vmsa-2018-0022-and-updated-security-advisory-vmsa-2018-0019-1.html
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03874en_us
https://blog.rapid7.com/2018/08/14/patch-tuesday-august-2018/
https://lkml.org/lkml/2018/8/14/885
https://www.suse.com/support/kb/doc/?id=7023077
https://marc.info/?l=openbsd-tech&m=153431475429367&w=2

Intel-SA-00161: L1 Terminal Fault (L1TF) speculative execution side-channel attack (Foreshadow)

Security researchers have identified a speculative execution side-channel method called L1 Terminal Fault (L1TF). This method impacts select microprocessor products supporting Intel® Software Guard Extensions (Intel® SGX). Further investigation by Intel has identified two related applications of L1TF with the potential to impact additional microprocessors, operating systems, system management mode, and virtualization software. If used for malicious purposes, this class of vulnerability has the potential to improperly infer data values from multiple types of computing devices.[…]

https://foreshadowattack.eu/

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html

https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf.html

https://access.redhat.com/security/vulnerabilities/L1TF

https://www.redhat.com/en/blog/understanding-l1-terminal-fault-aka-foreshadow-what-you-need-know

https://blogs.technet.microsoft.com/virtualization/2018/08/14/hyper-v-hyperclear/

https://blogs.technet.microsoft.com/srd/2018/08/10/analysis-and-mitigation-of-l1-terminal-fault-l1tf/

https://www.us-cert.gov/ncas/current-activity/2018/08/14/Intel-Side-Channel-Vulnerability