AMD: Software techniques for managing speculation on AMD processors

Click to access Managing-Speculation-on-AMD-Processors.pdf

White Paper: SOFTWARE TECHNIQUES FOR MANAGING SPECULATION ON AMD PROCESSORS

Speculative execution is a basic principle of all modern processor designs and is critical to support high performance hardware. Recently, researchers have discussed techniques to exploit the speculative behavior of x86 processors and other processors to leak information to unauthorized code * . This paper describes software options to manage speculative execution on AMD processors ** to mitigate the risk of information leakage. Some of these options require a microcode patch that exposes new features to software. The software exploits have recently developed a language around them to make them easier to reference so it is good to review them before we start discussing the architecture and mitigation techniques.

 

ARM (Linaro) on Meltdown and Spectre

Spoiler alert:

[…]This is the first part in a series of blog posts about Meltdown and Spectre. The intention here was to penetrate the whitepapers and give an easy to grasp overview of the attacks. In the upcoming blog post we will talk more about individual components, like OP-TEE, Linux kernel and other firmware.

https://www.linaro.org/blog/meltdown-spectre/

a bit more on Spectre/Meltdown

https://www.osr.com/blog/2018/01/23/meltdown-spectre-drivers/

https://github.com/iadgov/Spectre-and-Meltdown-Guidance

https://github.com/hannob/meltdownspectre-patches

https://github.com/hackingportal/meltdownattack-and-spectre

https://kb.netgear.com/000053240/Security-Advisory-for-Speculative-Code-Execution-Spectre-and-Meltdown-on-Some-ReadyNAS-and-ReadyDATA-Storage-Systems-and-Some-Connected-Home-Products-PSV-2018-0005

Intel: Root Cause of Spectre/Meltdown Reboot Issues Identified

https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/

January 22, 2018 […]We have now identified the root cause for Broadwell and Haswell platforms, and made good progress in developing a solution to address it. Over the weekend, we began rolling out an early version of the updated solution to industry partners for testing, and we will make a final release available once that testing has been completed. Based on this, we are updating our guidance for customers and partners: We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior. For the full list of platforms, see the Intel.com Security Center site.[…]

meltdown-spectre-bios-list: machine-readable list of vendor patches

Meltdown/Spectre BIOS/Firmware Updates list

This is a list of all products an manufacturers which patched BIOS/Firmware addressing the Meltdown and Spectre vulnerabilities. If you have better info please send pull requests. Why I did this? to have a parseable list for all my hardware

linux
curl -s https://raw.githubusercontent.com/mathse/meltdown-spectre-bios-list/master/README.md | grep “$(cat /sys/devices/virtual/dmi/id/board_name)”

windows – powershell 3.0 or above
$model = (Get-WmiObject -Class Win32_ComputerSystem -ComputerName . | Select-Object -Property Model).Model
$mainboard = (Get-WmiObject Win32_BaseBoard | Select-Object Product).Product
$list = (Invoke-WebRequest https://raw.githubusercontent.com/mathse/meltdown-spectre-bios-list/master/README.md).content
$list.Split(“`n”) | Select-String “$model |$mainboard “

https://github.com/mathse/meltdown-spectre-bios-list

 

Spectre/Meltdown 007 humor

a bit more on Spectre and Meltdown

News press release from Intel yesterday:
https://newsroom.intel.com/news/firmware-updates-and-initial-performance-data-for-data-center-systems/

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

https://www.hardocp.com/news/2018/01/17/uefi_bios_updates_for_spectre

 

Yuriy working on new CHIPSEC Spectre test

Nice to see some recent CHIPSEC activity, given all the recent related CVEs…
…But this is not from the CHIPSEC team, it is from ex-CHIPSEC team member Yuriy of Eclypsium.

Added new module checking for Spectre variant 2
The module checks if system is affected by Speculative Execution Side Channel vulnerabilities. Specifically, the module verifies that the system supports hardware mitigations for Branch Target Injection a.k.a. Spectre Variant 2 (CVE-2017-5715)

See source comments for more info.

https://github.com/c7zero/chipsec/commit/b11bce8a0ed19cbe1d6319ef9928a297b9308840

 

a bit more on Spectre and Meltdown

https://developer.arm.com/support/security-update

https://www.op-tee.org/security-advisories/

https://newsroom.intel.com/

https://ami.com/en/news/press-releases/american-megatrends-statement-in-response-to-meltdown-and-spectre-security-vulnerabilities/

https://kb.vmware.com/s/article/52345

https://twitter.com/josephfcox/status/952107644076118017

https://twitter.com/revskills/status/951934905319133185

more on Spectre/Meltdown

https://www.amd.com/en/corporate/speculative-execution?sf178974629=1

https://blogs.technet.microsoft.com/surface/2018/01/10/updates-for-surface-devices-09-january-2018/

https://news.hitb.org/content/intel-says-patches-can-cause-reboot-problems-old-chips

https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/

https://www.gdatasoftware.com/blog/2018/01/30333-inside-meltdown-spectre

http://nymag.com/selectall/2018/01/why-it-took-22-years-to-discover-fundamental-chip-flaw.html

https://www.theverge.com/2018/1/11/16878670/meltdown-spectre-disclosure-embargo-google-microsoft-linux

more on Spectre and Meltdown

https://www.enisa.europa.eu/publications/info-notes/meltdown-and-spectre-critical-processor-vulnerabilities
https://www.ibm.com/blogs/psirt/potential-cpu-security-issue/
https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/
https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/
https://github.com/xoreaxeaxeax/movfuscator/tree/master/validation/doom
https://xorl.wordpress.com/2018/01/10/thoughts-on-meltdown-spectre/

 

more on Meltdown and Spectre

http://nvidia.custhelp.com/app/answers/detail/a_id/4611/~/security-bulletin%3A-nvidia-gpu-display-driver-security-updates-for-speculative

https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/

https://marc.info/?l=openbsd-tech&m=151521435721902&w=2

https://github.com/marcan/speculation-bugs/blob/master/README.md

https://github.com/raphaelsc/Am-I-affected-by-Meltdown

more on Meltdown and Spectre

We’re seeing browser and OS updates. The Microsoft Surface is the only firmware update I’ve seen so far…

 

Behind the scenes of a bug collision

https://access.redhat.com/security/vulnerabilities/speculativeexecution

https://support.apple.com/en-us/HT208394

https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/

https://lwn.net/Articles/741878/

https://lkml.org/lkml/2018/1/4/602

https://sourceforge.net/p/genode/mailman/message/36178974/

 

https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

https://erc.europa.eu/news/Cybersecurity-ERC-grantee-behind-discovery-of-major-hardware-bugs

https://forums.opensuse.org/showthread.php/528926-security-announce-openSUSE-SU-2018-0026-1-important-Security-update-for-kernel-firmware?s=9b3628026a7a7d45c7c4e77b68a62da6&p=2850099#post2850099

 

more on Meltdown and Spectre

Intel advisory:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
Intel tool for Linux:
https://github.com/intel/INTEL-SA-00075-Linux-Detection-And-Mitigation-Tools
Intel tool for Windows:
https://downloadcenter.intel.com/download/26755/INTEL-SA-00075-Detection-and-Mitigation-Tool
https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html

https://meltdownattack.com/
https://spectreattack.com/

https://access.redhat.com/security/vulnerabilities/speculativeexecution

https://www.freebsd.org/news/newsflash.html#event20180104:01

http://blog.dustinkirkland.com/2018/01/ubuntu-updates-for-meltdown-spectre.html

https://www.us-cert.gov/ncas/alerts/TA18-004A

http://www.commitstrip.com/en/2018/01/04/reactions-to-meltdown-and-spectre-exploits/?

https://www.reuters.com/article/us-cyber-intel-researcher/how-a-researcher-hacked-his-own-computer-and-found-worst-chip-flaw-idUSKBN1ET1ZR

more on Meltdown and Spectre

https://developer.arm.com/support/security-update

https://www.amd.com/en/corporate/speculative-execution

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

https://support.microsoft.com/en-us/help/4073119/windows-client-guidance-for-it-pros-to-protect-against-speculative-exe

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

https://support.google.com/chrome/answer/7623121?hl=en

https://github.com/ionescu007/SpecuCheck

https://lists.vmware.com/pipermail/security-announce/2018/000397.html

https://www.us-cert.gov/ncas/current-activity/2018/01/03/Meltdown-and-Spectre-Side-Channel-Vulnerabilities

Meltdown and Spectre

Intel says issue impacts other chip vendors, not just Intel:
https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

https://spectreattack.com/
says: At the moment, it is unclear whether ARM and AMD processors are also affected by Meltdown.

https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html

A few news sources are saying Apple has a fix in place:
http://appleinsider.com/articles/18/01/03/apple-has-already-partially-implemented-fix-in-macos-for-kpti-intel-cpu-security-flaw

Official T-Shirts: coming soon…