back to article Foreshadow and Intel SGX software attestation: 'The whole trust model collapses'

In the wake of yet another collection of Intel bugs, The Register had the chance to speak to Foreshadow co-discoverer and University of Adelaide and Data61 researcher Dr Yuval Yarom about its impact. The main promise of SGX is that you can write code, and ship it to someone you do not fully trust. That person will run the …

  1. onefang
    Coat

    I foreshadow more doom and gloom for Intel, there may be a meltdown in profits.

    1. Warm Braw

      That's just speculation...

    2. TerrenceRocks

      Stupidity

      Ok, we invented TCP/IP how many Years ago???? Why have we not improved it to be more Secure.

      If we can build a Smartphone that is equivalent to a super computer 20 Years ago why can't we restructure and Secure the IP Stack?? This is blatant Stupidity. It is based on Binary, Change its BASE!!!!

      Computers can be Photonic CLUE!!!! We have Algorithms, Encryption and infinite variations that it could be made secure. Ok, we could pool money together and do the research, We have the people, what is the problem???? AND, do not share it with Russia or China!!!

      1. kirk_augustin@yahoo.com

        Re: Stupidity

        No, the problem has nothing to do with the TCP/IP protocol stack.

        That has its own strengths and weaknesses, but you can tell the problem is Intel x86 processors because Unix machines and machines with other processors, like Motorola, were never historically very insecure, even though they used the same TCP/IP protocol stack.

        The problem is that Intel does not protect process memory space in hardware. And now they can't, because Microsoft uses Common Object Model protocols, that violate normal process memory space rules.

        So if you are looking for a solution, it requires a different processor than x86, and not Windows..

    3. kirk_augustin@yahoo.com

      There should be a meltdown in profits, but Intel never should have had any profits to begin with. The whole x86 architecture was horrendous even in the 1980s.

      The main reason for the total lack of security is that the x86 uses over lapped paging for high and low memory addressing, but incorrectly calls it segmentation. So then the real segmentation that is necessary for security, one data segment and one code segment, are not supported in hardware.

      So no Intel x86 processor can ever be secure.

  2. Zippy´s Sausage Factory
    Facepalm

    Essentially, then, that's the end of DRM isn't it? Hollywood studios are going to be so pleased with Intel...

    1. Richard 12 Silver badge

      DRM was dead a hundred years ago

      If I can physically see and hear the video, I can copy it bit-for-bit.

      The visual data gets to the screen pixels and the audio data gets to the DAC. Both of those can be easily cloned.

      Publishers, just stop wasting your money on this stuff that physically cannot ever possibly work.

      Spend it on making and advertising good content so I can buy it.

      1. WolfFan
        Gimp

        Re: DRM was dead a hundred years ago

        Four examples of DRM which didn't work very well have stuck with me for decades now.

        1 More than 30 years ago, there was a game [name redacted 'cause the twat who thought it up is still around and he was pretentious then and is probably worse, and quick on the lawyer-launch button, now] which like all games of the time, shipped on floppy. I, not knowing then what I was soon to discover, purchased a copy of the game, and the first thing I did was to copy it from the floppy to my computer's (brand new, and very expensive) 40 MB (so much space! I could never fill all of that up!) hard drive. I then launched the game... and the computer crashed. I restarted, launched again... and the computer crashed again. The next time I rebooted, I had the game floppy in the drive, and the computer booted from the floppy, not my hard drive. It booted directly to the game. No crashes. A little experiment showed that the game would crash the computer every time unless it was launched from the floppy. I wrote to the game vendors; they sent back a mimeographed copy of a 9-pin dot-matrix original document lamenting that people would steal their Work of Art(tm) if it wasn't copy-protected. In the meantime, I had discovered two things: (a) several commercially available bit-copy utilities would make perfect copies of the Work of Art(tm) and (b) at least two commercially available utilities would would fake 'load' the floppy well enough to let me play the game. The vendors deliberately and with malice aforethought set up DRM which would crash my computer if the game was played from a hard drive, risking damaging my file system, did not warn me on the packaging or in the notes or anywhere at all that they were doing this... and were incompetent in the process, using easily circumvented methods. They offered to sell me a 'back-up' floppy for the low, low, LOW price of only $10 (the game cost $40 in the first place). I wrote back, stating that I already had two 'back-up copies', and that I would assist them in their desire to prevent their products being run from my hard drive by never again purchasing anything from them. They were upset and threatened to sue me for all kinds of things. I told 'em to bring it. Never heard from them again.

        2 related to above. This time the game came on a CD, and would not play unless the CD was in the CD drive. Making a regular copy of the CD didn't work. Again, using a commercially available bit-copier to generate a disc image and then burning the image did work. Again, using a commercially-available utility to mount the image also worked.

        3 another game. This time it shipped with an actual manual, on pink paper with some words in pink ink which was human-readable, but which ordinary photocopiers couldn't read. The idea was that the game could be copied, but the manual couldn't, and every now and again users had to enter something specific from the manual. I had access to a very high end 48-bit scanner. It had no problem scanning the manual. One quick application of Photoshop later, the pages were no longer pink and the the words weren't, either.

        4 yet another game. (you may be detecting a trend...) This one required that users enter a license key in to play. The problem is, the guys who wrote it were incompetent. The key was not saved. Users had to enter it again every time they played, usually by copying and pasting the key from somewhere else. This meant that the key was saved in a TXT file... which could be, and was, handed around with the installer for the game. One reason why this was so was that the developers flat out refused to reply to anyone (me) who reported the key save bug, even if the user (me) had got the game direct from the developer's own site, had set up an account on the site, and had paid and received a receipt for the game. They also never notified registered users (me) of any updates. They simply didn't give a fuck about users once they had their money. The result was that users didn't give a fuck about them and passed copies of the game and keys around freely. I, personally, never handed out my key, but I was able to get hold of no less than five other keys for multiple versions of the game. (Remember, they didn't notify anyone about updates. And the key worked, if you could call it that, with just one version. They wanted users to pay full price for all updates, no matter how trivial, and never, ever, fixed the key bug.)

      2. kirk_augustin@yahoo.com

        Re: DRM was dead a hundred years ago

        Correct. All you ever needed to totally defeat DRM was an mpeg encryption cars to capture your own video out put onto the hard drive, without any of the encryption that is not sent to your video monitor.

        That not only works for all DVDs, but also any live TV you can see on your computer monitor.

  3. deive

    ... and this is why security by obscurity doesn't work.

    1. Michael Wojcik Silver badge

      and this is why security by obscurity doesn't work

      Security by obscurity does work, for some value of "work". It just falls under Kerckhoffs's principle: the obscured elements are part of the key, and as key material they're difficult to re-key and liable to exposure, so they make a poor key component. It's more accurate to say that security by obscurity is uneconomical.

      That said, there's no "security by obscurity" at work in SGX attestation (or other SGX aspects), Foreshadow, or L1TF. The security components are all documented, as are most or all critical aspects of the hardware in question. The problem is that the security mechanisms do not cover a branch of the attack tree, and that branch is exploitable, undermining the security guarantees.

      This is not security by obscurity. It's another common security problem: complex systems are very difficult to secure. They're difficult to reason about (as Yarom says in the article); they suffer from combinatorial explosion in their state spaces and attack surfaces; they have unexpected interactions and revenge effects; and they have more side channels.

  4. Anonymous Coward
    Anonymous Coward

    Intel only?

    Can't find anything on AMD procs. Do they have something similar to SGX that would allow a variation of this exploit, ala the Spectre variants that affected AMD too?

    1. Anonymous Coward
      Anonymous Coward

      Re: Intel only?

      Don't worry, there will soon be an announcement from some 'research' group in Israel associated with Intel that says AMD have the same problems only worse.

      1. henryd

        Re: Intel only?

        And why the sly reference to Israel?

        1. Ken Hagan Gold badge

          Re: Intel only?

          "And why the sly reference to Israel?"

          Because Intel have a major presence there?

          (You don't have to give the Jeremy Corbyn treatment to everyone, you know.)

          1. henryd

            Re: Intel only?

            Intel have a major presence in the US as well, there could equally have been a snide comment on Trump.

            If I understand your meaning correctly the “Jeremy Corbyn treatment” implies that I shouldn’t speak out when I see anti-semitism. Sorry, but no. I know an anti-Semite when I see one.

        2. foo_bar_baz

          Re: Intel only?

          A reference to Ryzenfall et al. which weren’t as much disclosures as an attempt to cause AMD share price as much damage as possible via negative publicity.

      2. amehaye

        Re: Intel only?

        You do realize that the researchers interviewed here - those how discovered the 'Foreshadow' flow in *Intel* CPUs - are Israelis, right?

        I'm not trying to downplay the 'Ryzenfall' scam by 'CTS labs' or whatever they called themselves. But let's not start with conspiracy theories.

        1. Michael Wojcik Silver badge

          Re: Intel only?

          You do realize that the researchers interviewed here - those how discovered the 'Foreshadow' flow in *Intel* CPUs - are Israelis, right?

          Some are. The University of Michigan is still in the US. I mean, I haven't checked recently, but it's just down the road and I think I'd've heard if it had gone missing.

    2. donk1

      Re: Intel only?

      https://lwn.net/Articles/686808/

      http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf

      1. Anonymous Coward
        Anonymous Coward

        Re: Intel only?

        Excellent description. Thanks for the links.

    3. kirk_augustin@yahoo.com

      Re: Intel only?

      Unfortunately AMD has to follow whatever Intel does, the bad along with the good, or else people complain it is not working right.

  5. Anonymous Coward
    Anonymous Coward

    Dedicated website: check

    Logo: check

    Guess it's a legit vulnerability then ...

  6. Anonymous Coward
    Anonymous Coward

    Well in the example case given, 'security' is just an excuse for limiting the user and prescribing him what he can and can't do with his machine. I think better examples should be given, digital rights management for content providers is not security for the end user.

    1. JohnFen

      I agree. That's why this "trusted platform" stuff is deeply problematic.

      However, here's a better example that is relevant to end user security: malicious software. With this trust model, it (theoretically) becomes impossible for malicious software to modify legitimate software to perform bad acts.

  7. Mark Manderson
    Facepalm

    think im going to go work filling shelves in Asda

    nothing beats reading up on a stinker of an exploit first thing in the morning :P

  8. Chronos
    Thumb Up

    Finally

    One of their attempts to make your machine disobey you bites them on the arse. About time too. Now maybe we can put to bed this stupid idea of trusted executables, signed bootloaders and so forth and get back to general purpose computing.

  9. Hurn

    SGX = ?

    Software Guard Extensions (SGX)

    1. Chronos
      Unhappy

      Re: SGX = ?

      I keep getting it confused with SGI click on the articles in the vain hope that we're getting some new funky-coloured workstations...

  10. John Smith 19 Gold badge
    Big Brother

    And by "Trusted computing" MS meant "Trusted by corporate media providers"

    To stop you reading their media or their internal documents.

    Which is a properly Orwellian use of language, along with the "Ministry of Love"

    I wonder if someone simply takes the Intel processor manual and literally tests every high level function to see if it does what the manual claims how many more of them turn out to be bogus.

    Literally just a blatant lie about what the processor state should be.

    Because that's what this is. It is documented. It just doesn't do what the document says it does at all.

    1. Michael Wojcik Silver badge

      Re: And by "Trusted computing" MS meant "Trusted by corporate media providers"

      What in the world does this have to do with Foreshadow / L1TF?

      Incidentally, neither Microsoft nor the Trusted Computing Group invented the term "trusted computing".

      It is documented. It just doesn't do what the document says it does at all.

      What blatant lie in the Intel CPU documentation are you referring to? Care to provide a citation?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like