How Does an Intel Processor Boot?

When we switch on a computer, it goes through a series of steps before it is able to load the operating system. In this post we will see how a typical x86 processor boots. This is a very complex and involved process. We will only present a basic overall structure. Also what path is actually taken by the processor to reach a state where it can load an OS, is dependent on boot firmware. We will follow example of coreboot, an open source boot firmware.[…]

https://binarydebt.wordpress.com/2018/10/06/how-does-an-x86-processor-boot/

6 new security advisories from Intel

Intel® Server Boards Firmware Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00179.html

Intel® RAID Web Server 3 Service Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00171.html

Intel® NUC Bios Updater Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html

Intel® NVMe and Intel® RSTe Driver Pack Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html

Intel® Server Board Firmware Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00138.html

 

Positive Technologies researcher finds vulnerability enabling disclosure of Intel ME encryption keys

Re: https://firmwaresecurity.com/2018/09/12/intel-releases-17-security-advisories/ and

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html

http://blog.ptsecurity.com/2018/09/intel-me-encryption-vulnerability.html

Intel releases 17 security advisories!

https://www.intel.com/content/www/us/en/security-center/default.html

Intel® Distribution for Python 2018 for Windows Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00181.html

Intel® Centrino® Wireless-N and Intel® Centrino® Advanced-N products Bluetooth Driver Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00177.html

Intel® NUC Firmware Security Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00176.html

Intel® IoT Developers Kit Permissions Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00173.html

OpenVINO™ Toolkit for Windows Permissions Issue Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00172.html

Intel® Data Migration Software Improper Permissions Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html

Intel® Driver & Support Assistant and Intel® Software Asset Manager Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00165.html

Intel® Extreme Tuning Utility Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html

Intel® Baseboard Management Controller (BMC) firmware Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00149.html

Intel® Server Board TPM Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html

Intel® Data Center Manager SDK Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00143.html

Intel® Platform Trust Technology (PTT) Update Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html

Intel® Active Management Technology 9.x/10.x/11.x/12.x Security Review Cumulative Update Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html

Power Management Controller (PMC) Security Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html

Intel® CSME Assets Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html

INTEL-SA-00086 Detection Tool DLL Injection Issue Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00119.html

Intel: The TPM2 Software Stack: Introducing a Major Open Source Release

A newly completed Trusted Platform Module 2.0 (TPM2) software stack is being introduced, developed to comply with the most recent Trusted Computing Group (TCG) v1.38 specification and work on any TPM2 implementation. Partnering with key players within the domain of Trusted Computing such as Infineon and Fraunhofer SIT, Intel has made large investments in code improvements and new functionality compared to the previous version. This includes the initialization of the TSS Stack development and the SAPI, TCTI and abrmd layer. Based on this development, Infineon and Fraunhofer SIT enabled the support of the Enhanced System API (ESAPI) layer, which is intended to reduce programming complexity and to simplify the use and integration of the TPM.[…]

https://software.intel.com/en-us/blogs/2018/08/29/tpm2-software-stack-open-source

 

Intel ME JTAG PoC for INTEL-SA-00086

Vulnerability INTEL-SA-00086 allows to activate JTAG for Intel Management Engine core. We developed our JTAG PoC for the Gigabyte Brix GP-BPCE-3350C platform. Although we recommend that would-be researchers use the same platform, other manufacturers’ platforms with the Intel Apollo Lake chipset should support the PoC as well (for TXE version 3.0.1.1107).[…]

https://github.com/ptresearch/IntelTXE-PoC

 

a bit more on Intel-SA-00161 (and microcode license update)

Re: https://firmwaresecurity.com/2018/08/23/a-bit-more-on-intel-sa-00161/

Intel updated their document today, and revised their microcode license:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

https://01.org/mcu-path-license-2018

Intel-microcode has license that prevents redistribution

In case technical issues weren’t enough, the lawyers at Intel have apparently made it more difficult for some open source operating systems to use the latest Intel microcode.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906158

https://bugs.gentoo.org/664134

PS: AMD is apparently still blocked at technical issues:

https://github.com/pcengines/apu2-documentation/issues/75

MicroPython for UEFI and Intel MicroPython-based UEFI test framework released

Re: https://firmwaresecurity.com/2018/03/20/intel-implementing-micropython-as-a-uefi-test-framework/

MicroPython for UEFI systems is available, see Brian’s edk2-devel list posting and the Tianocore wiki for more details:

https://lists.01.org/pipermail/edk2-devel/2018-August/028339.html

https://github.com/tianocore/edk2-staging/tree/MicroPythonTestFramework

https://github.com/tianocore/edk2-staging/tree/MicroPythonTestFramework/MicroPythonPkg

https://github.com/tianocore/edk2-staging/tree/MicroPythonTestFramework/MpyTestFrameworkPkg

https://micropython.org/

Intel updates 2 security whitepapers

https://software.intel.com/sites/default/files/managed/7c/4a/Managed-Runtime-Speculative-Execution-Side-Channel-Mitigations.pdf

https://software.intel.com/sites/default/files/managed/4e/a1/337879-analyzing-potential-bounds-Check-bypass-vulnerabilities.pdf

SMM disabling and verification techniques

3mdeb points out that there is a patent by Intel with information focused on disabling Intel SMM.

Don’t click on this link if you’re an engineer and are not allowed to view patent information.

 

https://patents.google.com/patent/US20170168844

IA32-doc: Intel Manual definitions in C and YAML

IA32-doc:: put as many definitions from the Intel Manual into machine-processable format (in this case: yaml) as possible.

TODO

  • ? OriginalNames – preserve case-sensitivity (BIOS, x2APIC, ToPA, …)
  • ? Add final Reserved field to bitfields
  • ? Possibility to split into multiple .h
  • ?? Add doxygen main page
  • ??? Add AMD
  • Find what else is missing
  • Fix 32/64 bitfields for MSR registers
  • Add possibility for bitfields to have both UINT32/UINT64 members

https://github.com/wbenny/ia32-doc