back to article 'Unfixable' boot ROM security flaw in millions of Intel chips could spell 'utter chaos' for DRM, file encryption, etc

A slit in Intel's security – a tiny window of opportunity – has been discovered, and it's claimed the momentary weakness could be one day exploited to wreak "utter chaos." It is a fascinating vulnerability, though non-trivial to abuse in a practical sense. It cannot be fixed without replacing the silicon, only mitigated, it is …

        1. eldakka

          Re: And none of this is important

          But this only has to happen once, on one machine, anywhere in the world. Doing this the once, even on their own perfectly legally purchased kit, will now give them the global master key to unlock the local platform keys for every intel computer of the last several generations.

          Once this global master key is unlocked, then they may be able to remotely attack other intel computers, at least that's how I read it.

          1. YetAnotherLocksmith Silver badge

            Re: And none of this is important

            Of course, quite how this hasn't already been figured out via chip decapping, I'm unsure?

        2. Tomato Krill

          Re: And none of this is important

          Via exploits

    1. Anonymous Coward
      Anonymous Coward

      Re: And none of this is important

      If you are worried about personal files being stolen just change all the extensions to .exe , no one click them then.

    2. thosrtanner

      Re: And none of this is important

      As far as I can see, if said miscreant gets access to your PC, they can read the management key which doesn't apply to your PC, it applies to however many hundreds of thousands of PCs that were built with the same chipset.

      I imagine it's rather less hard at that point to do interesting things remotely.

      1. vtcodger Silver badge

        Re: And none of this is important

        I'm pretty sure that I don't understand this. But it sure sounds like the miscreant doesn't need to tease out the management key on your PC. They can use the management key from their own PC if it has the same chipset as yours. Which suggests that it's only a matter of time -- weeks? months? years? -- before the management keys to every intel CPU with a management engine are available to everybody on the internet. The next question would seem to be what nasty things can they actually do if they know that key and somehow get access to someone's Intel CPU by, for example, by incorporating some malicious Javascript in an ad?

        Let's all fervently hope that the answer is "Not much really." If it isn't, you may want to wait a while before sending that dust covered (ME less) 386DX out in the garage off to the dump, You may be about to find a use for it.

        1. amanfromMars 1 Silver badge

          Re: And none of this is important

          Let's all fervently hope that the answer is "Not much really." ..... vtcodger

          Are we to expect you suspect that a forlorn hope, vtcodger, and practically anything is then virtually possible and therefore most probable?

          1. vtcodger Silver badge

            Re: And none of this is important

            "Are we to expect you suspect that a forlorn hope, vtcodger, and practically anything is then virtually possible"

            Nope. This is way beyond my pay grade. The only clue I have is that if "anything is then "virtually possible" I should think there would be a **LOT** of excitement, hand waving, blame shifting, and preposterous "solutions". So maybe in practice having the management keys to most of the world's Intel CPUs become public knowledge is no big deal and nothing to worry about.

            1. the future is back!

              Re: And none of this is important

              Or not.

        2. the future is back!

          Re: And none of this iand you do realize...s important

          This is some Daniel Craig, 007 type shit here. So X has compromised every #Intel #CPU for generations of versions. And Q doesn’t have an answer. In theory. .

        3. YetAnotherLocksmith Silver badge

          Re: And none of this is important

          Exactly.

          Think of it like figuring it how to break into your car without a trace or key, and drive it away. Those exact same steps will get you into every other (2011 Vauxhall Astra|2001 VW Golf|1974 Ford Cortina)

          1. Anonymous Coward
            Anonymous Coward

            Re: And none of this is important

            >"Those exact same steps will get you into every other (2011 Vauxhall Astra|2001 VW Golf|1974 Ford Cortina)"

            But at least nothing of value is at stake.

  1. g00ner

    Disable AMT/ME

    Some vendors give the option of disable AMT/me in the bios.

    One of my steps when building windows clients.

    1. Joe Harrison

      Re: Disable AMT/ME

      That's what they want you to think. You set the switch to "disabled" in the BIOS, then relax with a well-earned beer. Meanwhile...

      1. Anonymous Coward
        Anonymous Coward

        Re: Disable AMT/ME

        Exactly. Sounds like the ME has its own BIOS that boots and runs before ever the main BIOS does.

  2. DenTheMan

    Blame China

    Wasn't Bruce Lee a double agent who also dabbled in coding?

    A tiny bit far fetched even for Donald Trump to use.

    Only just though.

  3. Mike 125

    The best.

    " 'Unfixable' boot ROM security flaw..."

    That's my favourite kind, a bit like 'impossible milestone', 'challenging deadline', 'unreachable dream'.

    My advice is take a beer, stretch out, and self-isolate.

    1. A.P. Veening Silver badge

      Re: The best.

      It is only infixable as long as you insist on using Intel chips, no problem whatsoever if you are prepared to switch to AMD.

      1. whitepines
        Alert

        Re: The best.

        no problem whatsoever if you are prepared to switch to AMD.

        AMD has pretty much the exact same system in play, it just hasn't been attacked as earnestly as the IME yet. Look into the PSP. This is only good news for AMD if they can continue to lie about their security focus while still forcing the exact same DRM model that has brought Intel to this situation.

        To get away from it you can select from certain ARM CPUs, Power, or RISC-V. Or, use old hardware from the early 2010s or before. Ryzen, Epyc, etc. are not going to get you away from this!

        1. the future is back!

          Re: The best.

          Faaaak now I have a headache.

        2. zuckzuckgo Silver badge

          Re: The best.

          Not sure about other current CPUs but it seems to me that "old hardware from the early 2010s" lacks this kind of secure enclave altogether so would still be less secure then the new stuff with the vulnerability.

          1. whitepines

            Re: The best.

            Not sure about other current CPUs but it seems to me that "old hardware from the early 2010s" lacks this kind of secure enclave altogether so would still be less secure then the new stuff with the vulnerability.

            Depends on use case, but the older hardware tended to have isolated TPMs so would still have secure enclave support (ish) whereas with this vulnerability even something as basic as secure boot or firmware signing is completely trashed.

            The new hardware of course has (at least on the Power side) secure enclave type functionality. ARM has its TrustZone, but SoCs with TrustZone and open firmware for it aren't the most common. Given a choice I'd use the newer chips that aren't from Intel or AMD but for those that feel they absolutely must game on their PC the old hardware is likely the only thing that will work.

            1. zuckzuckgo Silver badge

              Re: The best.

              Upvote for the clarification.

            2. Tom 64

              Re: The best.

              > "for those that feel they absolutely must game on their PC the old hardware is likely the only thing that will work."

              Depends on your definition of 'work'. Suffering a 50% drop in FPS is not palatable to most gamers.

      2. the future is back!

        Re: The best.

        But that’s not a point, let alone THE point.

      3. Stoneshop
        FAIL

        Unfixable

        How many laptops are available with AMD processors?

      4. Sudosu Bronze badge

        Re: The best.

        I'd settle for a new SPARC laptop...

    2. tekHedd

      Re: The best.

      Don't forget 'stretch goal'

    3. vtcodger Silver badge

      Re: The best.

      "... and self-isolate."

      The network cable is the one with a flat 8-pin connector.

  4. seven of five

    – a tiny window of opportunity –

    "A one in a million chance."

    -Samuel Vimes

    1. DrBed

      Re: – a tiny window of opportunity –

      > "A one in a million chance."

      Almost suitable for Infinite Improbability Drive (@ Zaphod's Heart of Gold).

      1. Soruk

        Re: – a tiny window of opportunity –

        It's not his, he stole it.

    2. NeilPost Silver badge

      Re: – a tiny window of opportunity –

      “One in a million Chance”

      - Boris Johnson.

      1. DenonDJ DN-2500F

        Re: – a tiny window of opportunity –

        Boris Johnson - one in a million CHANCER.

    3. Wayland

      Re: – a tiny window of opportunity –

      I used to shoot wamprats no bigger than that.

    4. zuckzuckgo Silver badge

      Re: – a tiny window of opportunity –

      Unfortunately, "A one in a million chance." + 238,310 MIPS (2014) = certainty.

  5. NonSSL-Login
    Coat

    SDDS

    Another example of what I assume is a government organisation gifted backdoor which shows that backdoors cannot be kept secret forever and once exposed, everyone can be screwed by every Tom,Dick and Harry.

    All the US has to do now is to make a noise about foreign hardware having backdoors so everyone scrambles to buy US backdoored kit. oh wait...i'll get my coat.

    1. Inventor of the Marmite Laser Silver badge

      Re: SDDS

      Never ascribe to malice things which can be explained by stupidity

      1. Kabukiwookie

        Re: SDDS

        Isn't that the NSA's PR department's slogan?

      2. Wayland

        Re: SDDS

        Never give your enemy the benefit of the doubt.

    2. NeilPost Silver badge

      Re: SDDS

      .... and all the shouting has been about Huawei.

      1. DCFusor

        Re: SDDS

        Projection is all over government and politics. You always accuse the other guys of doing what you damn well know you're guilty of yourself. Rampant in the US just now, but it's not exclusive and not new.

    3. zuckzuckgo Silver badge

      Re: SDDS

      > "backdoors cannot be kept secret forever"

      Especially when you describe them in the product documentation.

  6. amanfromMars 1 Silver badge

    For/From Those of A.N.Other Persuasion ........ an Alternate View for Earthly Presentation

    'Unfixable' boot ROM security flaw in millions of Intel chips could spell 'utter chaos' for DRM, file encryption, etc

    Although exploitation is like shooting a lone fish in a tiny barrel 1,000 miles away ..... Shaun Nichols in San Francisco 5 Mar 2020 at 14:00

    Attempts at prevention of exploitation are much more likely to be like shooting a lone fish in a tiny barrel 1,000 miles away, Shaun.

    You can be sure if the key sequences to boot and root are lost and found in the ken of others, further experimentation is virtually guaranteed to be Servered as Spectacular BlockBusters in an Endless Stream of Halcyon Day 0Days.

  7. tekHedd

    An infinite number of typewriters gets you every time

    The chance of exploitation is miniscule...and you get an unlimited number of attempts. I think I see the problem here.

    So... we've built basically an entire world full of computers with a hardware backdoor, but fortunately only *trusted authorities* have the key to that backdoor. Only now the key is leaking. Time to pretend to be surprised and shocked and double down because a) this was never really a backdoor it's a handy tool for administrators, and b) this doesn't invalidate the need to put backdoors in everything else as well, which also aren't backdoors but desperately needed to protect you.

    "[EPID] is used for things like providing anti-piracy DRM protections, and Internet-of-Things attestation"

    Translation: the point of EPID is to ensure that you, the end user, do not have control of your computer. This is why its compromise is a disaster of biblical proportions. If your computer is compromised that's sad. If /their/ telemetry and DRM content is compromised, cats and dogs sleeping together, mass hysteria.

    1. jonathan keith

      Re: An infinite number of typewriters gets you every time

      Don't forget the human sacrifices. Very important part of the End Of Days.

    2. Claptrap314 Silver badge
      Boffin

      Re: An infinite number of typewriters gets you every time

      This. Any article on the Reg which mentions and apocalypse without cats and dogs sleeping together is clearly just hype. No cats & dogs sleeping together? No apocalypse.

      1. Frumious Bandersnatch

        Re: An infinite number of typewriters gets you every time

        Who's to say that someone hasn't already infiltrated your computer and muddled the quite glaringly obvious reference to cogs and dats that is explicitly mentioned in the (fine) article?

    3. Anonymous Coward
      Anonymous Coward

      Re: An infinite number of typewriters gets you every time

      "So... we've built basically an entire world full of computers with a hardware backdoor, but fortunately only *trusted authorities* have the key to that backdoor."

      We have built a world full of hardware/firmware/software made by others that we believe to be secure. It was never secure without trust and the trust was never deserved.

      To try and address this, we have added even more layers of hardware/firmware/software and it appears that we have become even less secure.

      A few more layers of hardware/firmware/software are bound to fix the issue. Or make it seem so far away it can never hurt us.

  8. Sgt_Oddball
    Holmes

    Missing the point....

    I, for one, am fascinated that this flaw exists and was open for all in the documentation (finally a reason to RTFM, no?) but I'd be intrigued how this behaves on a multi cpu system.

    Whilst I'm aware that you used matched CPUs if one if compromised, does that mean they both are? Or is it a pot shot on if you can hijack one or multiple cpus in the attempt? Questions, questions..

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like