back to article Intel celebrates security of Ice Lake Xeon processors, so far impervious to any threat due to their unavailability

Intel on Wednesday talked up a set of security features planned for its promised third-generation Xeon Scalable Processors, code-named Ice Lake, which are supposed to show up before the end of the year. The chip biz said it's "doubling down on its Security First Pledge," as if some sort of quantitative measurement of security …

  1. chuckufarley Silver badge

    I like the ideas...

    ...Behind encrypted RAM and all that. I will admit that I am skeptical (and maybe even more cynical, if possible) about Intel's claims. It's not just Intel either. I think I am developing a full blown case of hardware vulnerability paranoia.

    This is due to the fact that as time goes by it is inevitable that more of what we used to do in software will be done in hardware. I spent decades watching people roll their eyes when I told them that reducing their software footprint was the fastest and cheapest way to reduce the attack surface of their organization. Maybe, just maybe, had they actually been paying me for advice instead of just "Making IT Work" they would have listened. After I have been gone from those companies for decades I look back and in my minds eye I can those eyes rolling again when some PFY says "You are going to ransom? You know that will only make things worse, right?"

    My point is that I want to be able to choose which features I get in my CPU now. For 25 years I have able to apt-get my way to a (mostly?) stable and secure system. Now it's time for some new commands, like "Intel-put --cores=32 --L2=2M --L3=128M --AVX=128 --hidden-backdoors=-1" and have them spit out my desired hardware. It would not be cheap but it would go a long way towards rebuilding the trust that was lost.

    Maybe, just maybe, in the future everyone will be able to design a custom CPU in fifteen minutes.

    1. diodesign (Written by Reg staff) Silver badge

      "in the future everyone will be able to design a custom CPU in fifteen minutes."

      I don't want to sound like a RISC-V fanatic and also go off-topic on an Intel story, but..

      If you pop over to the SiFive website, it has an in-browser processor designer that allows you to configure pretty much what you're asking for: the number of RISC-V CPU cores, the security and integrity check features, various cache sizes and arrangements, the level of floating-point support, bus interfaces, branch prediction, interrupts, etc.

      When you're done, the site generates an FPGA bitstream for you to evaluate the processor core(s) on your own board, or the RTL to produce a custom ASIC. There are T&Cs depending on the complexity of the design, and if you go too high end, the site will tell you to contact sales rather than emit design files.

      Anyway, it's not exactly what you wanted, and it's not completely flexible, but it's just something I wanted to mention as an example of the chip world going in that way -- and SiFive wants to expand its in-browser tool.

      I've used it to generate a simple processor for an FPGA.

      C.

      1. Anonymous Coward
        Anonymous Coward

        Re: "in the future everyone will be able to design a custom CPU in fifteen minutes."

        CDaaS? What about a button to have TSMC fab it for you with a slider to select the nm process?

    2. Anon

      --hidden-backdoors=-1

      --hidden-backdoors=-1 ... and then they go and interpret it as an unsigned integer and you get a sieve delivered.

  2. Dvon of Edzore
    Coat

    Funniest headline in weeks!

    To paraphrase The Elon, "The most secure processor is no processor." Though it still won't protect against ransomware and "This is the Finance Director. Have our bank wire 21.7 million to this account for our new branch."

    Thanks, it's the one with "Mechanical Interlockings for Dummies" in the pocket.

  3. steamnut

    Special Instructions?

    If Intel have created/invented these "security-oriented instructions and features, baked into Intel silicon," into this series of CPU's then how does this help anyone right now? Presumably Microsoft and Linux O/S coders need to add these instructions to the kernels to get the benefit?

    A lot of hacks do not need "liquid nitrogen" but just loads of bored Russian manic depressives with time on their hands. I wonder how long after the first silicon appears in the wild will the first "crack" appear? If Intel are really confident then they should offer a large seven figure bounty to test it.

    Ever since Intel 8008 the architecture has been extended and expanded (aka bodged) all around the same design. Clearly ARM, and recently RISC-V, have used a clean sheet approach which has allowed them to create faster and more efficient silicon. Let's face it, Intel is still a long way from 7nm and, when they do get there, the competition will be at 5nm.

    It remains to be seen I just how many server farms will see this announcement as a reason to chose Intel over AMD/ARM. And, until these new CPU's have been tested in the labs, we have no proof that are really the answer to totally secure server farms.

    1. diodesign (Written by Reg staff) Silver badge

      SGX support

      "how does this help anyone right now? Presumably Microsoft and Linux O/S coders need to add these instructions to the kernels to get the benefit?"

      SGX has been around for ages, years in fact, in certain Intel processor families, and there is operating system support for it. What's new here is Intel adding SGX to mainstream Xeon server parts. I've made that clearer in the article.

      C.

    2. Dave K Silver badge

      Re: Special Instructions?

      My main issue with hardware based implementations like this is that if a vulnerability is discovered, you can end up with a system that isn't fixable. The one advantage software has is that you can patch it to resolve vulnerabilities, but patching hardware is far more challenging. If you can't work around a vulnerability with a microcode update or some software protections from the OS, you're left with no option but to replace the kit.

      Just 4 days ago an unpatchable flaw was found in Apple's T2 security chip for example, plus flaws in the past have been found in Intel's Management Engine.

      I'm not completely dismissing hardware-based security protections, but I remain sceptical of them due to the damage that can be caused should a flaw be found in them further down the line...

      1. Doctor Syntax Silver badge

        Re: Special Instructions?

        A hardware flaw may also affect your software solution.

  4. A random security guy Bronze badge

    Painting a target on their back

    I can just see, a professor's eyes bulging, with astonishment, and his Ph.D. students frothing, to go after these processors.

    Dose the word, Inconceivable, remind you of something?

    Do the Cliffs of Security invite a challenge?

    The one thing I know about being a security guy for 20 years: Never invite attention. Never paint a target on your own back. Intel just did that. Maybe that is a good thing; they will get free service.

  5. Binraider

    If that weren't an invitation to come and break them, I don't know what is.

    From a product development point of view, you can't help but think it would be a really good idea to actively involve the community and openly invite people to break into stuff. Security through obscurity is not security; so the old argument for "if they don't see it they can't break it" doesn't hold.

  6. Anonymous Coward
    Anonymous Coward

    "PRF relies on an FPGA as the platform root of trust"

    FPGA stands for *field programmable* gate array. What prevents the FPGA from being reprogrammed?

    Having said that: the debacle with the Apple T2 chip, whose security flaws are in mask-programmed ROM that can't be updated, demonstrates that a fixed root of trust isn't a great idea anyway (unless you can be 100% sure you got it right, which you probably didn't).

    1. Binraider

      Re: "PRF relies on an FPGA as the platform root of trust"

      Some FPGAs demonstrate the ability to reprogram one part of the device while the other is running, so it's a question of permissions. I think, like with virtually all things, if you have physical access to the hardware, your security can (eventually) be broken.

      Hallowed be thy air gap. And ensuring ports, networks and wireless capabilities on the isolated device are up to the job.

    2. Anonymous Coward
      Anonymous Coward

      Re: "PRF relies on an FPGA as the platform root of trust"

      FPGA stands for *field programmable* gate array. What prevents the FPGA from being reprogrammed?

      The Intel Management Engine. It's Obvious!

      1. MrDamage

        Re: "PRF relies on an FPGA as the platform root of trust"

        But "Bob" from "The Microsoft" told me that was a virus!!!111one!

    3. Steve Todd Silver badge

      Re: "PRF relies on an FPGA as the platform root of trust"

      FPGAs can be set to only boot from an encrypted bit stream, so you can trust the source of that and detect tampering. Bugs *have* been found in older FPGAs implementation of this, but as it is needed to protect clients IP and has been around for a while, you can be sure it’s pretty solid by now.

  7. StrangerHereMyself

    No trust

    I won't put my trust in them until external researchers have vetted their out-of-order execution processing and they've removed the infamous Intel Management Engine (or at least provide the ability to turn it off completely).

    For consumer CPU's IME is an unnecessary burden anyway.

    1. s2bu

      Re: No trust

      Some machines actually use the IME to control the system fans, sadly. Don’t ask me WHY.

      1. StrangerHereMyself

        Re: No trust

        That's probably an old wives' tale. Only Intel has access to the IME and it's certainly not giving anyone access to control the FAN.

  8. Steve Todd Silver badge

    More signs that Intel marketing

    Is bricking it in the face of AMDs competition. “Here, we have this upcoming processor that you can’t buy right now that fixes all these problems. Please ignore the fact that the competition will sell you one now that doesn’t have them, is cheaper and faster”

  9. JCitizen Bronze badge
    FAIL

    So how long until..

    the next 'Meltdown' comes?! Will there be 'Spectre' gunships?!

  10. mark l 2 Silver badge

    How much of a risk is it that someone will freeze the DIMM and take it out of your server to extract its unencrypted contents?

    Surely if someone has got physical access to your server it more than likely to be a rogue sysadmin who has root access anyway that you need to worry about than some theoretical liquid nitrogen wielding bad guy

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021