[Update] Security flaws discovered in AMD zen processors : AMD's meltdown?

[LAwLz]

38 minutes ago, laminutederire said:

It was designed to execute code from signed applications, which makes sense because otherwise it would have no contact with the rest of the cpu/computer parts. That's intentional and understandable.

That is not necessarily true. Passing some variables to the PSP is very different from passing it instructions to run.

But I don't think we know how the PSP works or how the drivers interacts with it. I seems to me (again, with my very limited understanding of it) like very poor design to let the driver have direct control and can pass arbitrary code for it to run.

 

If that is what is happening, then I would kind of agree that it is a Windows driver exploit, but I would also say the platform is terribly designed and should not function that way.

 

43 minutes ago, laminutederire said:

In theory the signed code should run as an equal level as the system admin (or whatever it's called in English (You know the admin account of the system itself which runs at higher privileges than user admin accounts)

You mean SYSTEM? That's not really a higher privilege than admin in Windows.

 

46 minutes ago, laminutederire said:

I think the issue here is that you could send code it should not (akin to sql code injection methods). That'd basically mean that the issue is not the privileges hierarchy but that you could fool an entity of higher privileges to do something it shouldn't without having the rights ever to do it yourself.

Yeah that seems to be the issue here.

 

36 minutes ago, Stefan Payne said:

Yeah, but this isn't a vulnerability, its not hacked.

When you need admin rights to do stuff, it isn't a problem because that's the way its intended.

 

Its just utter nonsense of the "no shit, Sherlock!" category. 

 

Or to rephrase it:
If you can do the things this "exploid" claims, you have admin access to the system anyway. So you can already do other, more important stuff. Why would you care about the AMD processing shit when you just could install anything you want?!

Sigh...

23 hours ago, LAwLz said:

A lot of people think that admin in Windows is the highest form of privilege you can get on a computer. This used to be more or less true but that is no longer the case.

PSP (Platform Security Processor from AMD), ME (Management Engine from Intel), TrustZone (from ARM), Secure Enclave Processor (SEP from Apple) and the other variants of these functions outside of the OS and handles very low level security functions. It's very complex stuff and I won't even pretend to understand 1/100 of the things I've read. It doesn't help that companies are very hush hush about how they work, and won't release the source code for them either (although I do believe ARM has released an open source reference implementation).

 

In any case, the basis of the different implementations are all more or less the same. There is a chip inside the processor which is called the trusted execution environment (TEE). This is a separate, completely functional computer, inside your computer. You can basically imagine it as a VM. It has its own processor and RAM.

 

The TEE acts as a hardware based root of trust. It is supposed to be the one thing inside the entire computer which can 100% be trusted, and because of this it has privileges to do essentially anything. Or to put it in other terms, it is a "super admin" which your regular computer sometimes contacts to verify things for it.

 

In the iPhone the SEP is what handles all the fingerprint analysis and verification. Neither iOS nor the regular processor knows how to process the fingerprint data to validate that it is correct. That is completely left up to the SEP to handle. iOS basically just sticks the fingerprint into a black box which then spits out an answer to whether or not the fingerprint was correct. Even if you compromise iOS in its entirety, with root access and everything, you still can't for example decrypt encrypted files because neither the OS nor the processor knows how to do that. That's why the FBI struggled to unlock that iPhone.

 

The same thing is happening on laptops and desktops these days. Some functions are deemed as needing extra security and are therefore handed to the TEE to handle. Things like Device guard, credential guard, some types of DRM, system management mode, IOMMU and many more.

 

40 minutes ago, Stefan Payne said:

And can be disabled in the latest AGESA versions as well...

Already talked about that earlier.

1) I think it is only a partial disable of it, not fully.

2) Disabling security features because they do more harm than good is not exactly a great situation to be in.

 

 

33 minutes ago, Stefan Payne said:

No, they haven't.

Its a licensed product from Acorn RISC Machine, AMD just implemented it. 

Ehm, no? From what I have read AMD is using a modified Trustonic TEE implementation.

Where did you get Acorn from? Where did you get the idea that it is a a non-modified implementation from?

[David89]

8 minutes ago, LAwLz said:

Already talked about that earlier.

1) I think it is only a partial disable of it, not fully.

2) Disabling security features because they do more harm than good is not exactly a great situation to be in.

1) I have it disabled and don't have any devices relating to the PSP in Device Manager, or even DMESG on Linux. Nothing. Enabled there are a few things that hint at the PSP.

2) IMHO that's a design flaw with X86. Has been the case with many, many things over the years. Intel ME, many TPM devices, DRM functions or even Kinibi.

[LAwLz]

5 minutes ago, David89 said:

1) I have it disabled and don't have any devices relating to the PSP in Device Manager, or even DMESG on Linux. Nothing. Enabled there are a few things that hint at the PSP.

You have to remember that not being exposed to the OS does not necessarily mean it is turned off though. 

Device Manager and DMESG are good indicators but not definitive answers. 

 

Just so that we are clear, I am not saying that they are on, just that your tests are not enough to definitively say they are off. 

 

10 minutes ago, David89 said:

2) IMHO that's a design flaw with X86. Has been the case with many, many things over the years. Intel ME, many TPM devices, DRM functions or even Kinibi.

I don't see how that is relevant or counters what I said. 

[leadeater]

9 minutes ago, LAwLz said:

You have to remember that not being exposed to the OS does not necessarily mean it is turned off though. 

Device Manager and DMESG are good indicators but not definitive answers. 

 

Just so that we are clear, I am not saying that they are on, just that your tests are not enough to definitively say they are off. 

It can never be fully off, like Intel ME, as it controls the boot process. It's just disabling some of the features of the PSP, a bit like loading on that custom Intel ME firmware that disables a lot of the features that OEM like Dell offer. It's still functional just less functional.

[Stefan Payne]

33 minutes ago, LAwLz said:

Sigh...

Yes, and?!

 

That doesn't change the fact that this "Excploit" is just Bullcrap and that you can do the same with an Intel System under the same circumstances, it is not an AMD Problem.

 

There is NO Problem here, what they claim to have found is obvious and everyone with a bit of knowledge about this shit should know about this for at least 10 years.

 

 

They kinda say it themselves, that you need high privileges for this "Explioit" to work!

Yes and with that you can do the same with any other hardware!

 

 

nVidia Graphics cards, Intel Chips, everything that can be accessed can be modified and exploited with these privileges.

 

So yeah, it is a bullshit claim.

 

 

[Stefan Payne]

To summarize this shit:

Quote

Conclusion, re-written: “we wrote an amazing media-whoring whitepaper and website about stuff which is barely beyond obvious so that we can short AMD stock because suckers and TVs will listen to us”.

 

Quote

Now onto the “vulnerabilities”:

1) MASTERKEY: if you allow unauthorised BIOS updates you are screwed.

Threat level: No shit, Sherlock!

2) RYZENFALL: again, loading unauthorised code on the Secure Processor as admin.

Threat level: No shit, Sherlock!

3) FALLOUT: vendor-supplied *signed* driver allows access to Secure Processor.

Threat level: No shit, Sherlock!

4) CHIMERA¹: outsourced chipset has an internal ucontroller which can be 0wned via digitally signed driver. __

¹ read about my Chimaera Processor: far sexier stuff.

 

[LAwLz]

1 hour ago, Stefan Payne said:

To summarize this shit:

Three things. 

1) It's generally a bad idea to parrot something you heard someone else say, if you don't fully understand the situation. 

2) You should probably read his other, more recent tweets. Arrigo does not hold the position you think he does. 

3) Almost everything you have said in this thread have been incorrect. I am willing to explain to you why, but quite frankly I am getting tired of correcting the same misinformation over and over when some people (not necessarily you) are unwilling to learn. 

[Notional]

https://www.realworldtech.com/forum/?threadid=175139&curpostid=175169

 

Quote

So I actually interviewed these guys along with Ian Cuttress of AnandTech: https://www.anandtech.com/show/12536/our-interesting-call-with-cts-labs

It's telling how quickly they bailed on the call once I started asking about their company. Also, they seemed to not understand "chicken bits" at all or the basic HW design principles. The ramblings about FPGAs were fascinating.

David

 

For those who are unaware of "chicken bits": (electronics) A bit on a chip that can be used to disable one of the features of the chip if it proves faulty or negatively impacts performance. 

 

Now for the great part about the interview:

 

Quote

DK: I think the biggest question that I still have is that ultimately who originated this request for analysis – who was the customer that kicked this all off?

ILO: I definitely am not going to comment on our customers.

DK: What about the flavor of customer: is it a semiconductor company, is it someone in the industry, or is it someone outside the industry? I don’t expect you to disclose the name but the genre seems quite reasonable.

ILO: Guys I’m sorry we’re really going to need to jump off this call but feel free to follow up with any more questions.

Considering that scummy scam company, Viceroy, got their hands on this paper as one of the first, and the entire paper is written in a very manipulative way, it's hardly difficult to figure out who paid for this.

 

At the end of the day Asmedia and AMD needs to fix any and all security holes, just like every one else. But this is blown way way out of proportion, and the incentive to do so, is clear as day: Stock market manipulation. 

 

Anyone who is taking these security issues seriously, requiring elevated admin privileges, as a consumer, is being a useful idiot for this investment conspiracy.

[AncientNerd]

I just managed to read through this whole massive thread and want to make one point that I don't think anyone has made yet.

 

It looks to me like all of these take some form of signed driver. Now I have been writing driver code in one form or another for going on 30 years now, and frankly once I have a driver installed I own part of that system. So depending on what driver is compromised (and they didn't seem to specify), the fact that they were able to make persistent changes is not a surprise. In fact I would be surprised if they couldn't make persistent and possibly damaging changes, heck I can think of three or four driver level places off the top of my head that if I wrote replacements for those drivers and got them signed I would be able to read or write anything on the system regardless of the upper level security settings, and if I wrote into the device's firmware (say a network card) my changes would be persistent and could be made invisible to security. Yes, writing it to the Secure Processor on the CPU gives it some additional panache but really? This is just one more case of "if you have a malicious device driver your screwed", which has been true since computers were created.

[LAwLz]

6 minutes ago, Notional said:

Anyone who is taking these security issues seriously, requiring elevated admin privileges, as a consumer, is being a useful idiot for this investment conspiracy.

I agree with everything but this the last part of your post. I think these issue should be taken seriously. The risk of being attacked using them is small, but assuming the findings are true (I see no reason to not believe them) then they are a risk.

Small risk, big consequences. 

 

I mean, if we shouldn't take these seriously then why fix them at all? 

[Notional]

1 minute ago, LAwLz said:

I agree with everything but this the last part of your post. I think these issue should be taken seriously. The risk of being attacked using them is small, but assuming the findings are true (I see no reason to not believe them) then they are a risk.

Small risk, big consequences. 

 

I mean, if we shouldn't take these seriously then why fix them at all? 

For companies mostly. If you are a consumer and already provided elevated admin privileges to malware, you're screwed either way and most, if any, consumers don't have the knowledge to fix any of it even if they find out about it. The prerequisites required for this issue means you're already screwed anyway. Security holes like that are found all the time and fixed all the time. It is only due to the stock manipulation conspiracy, that this issue is even public, let alone discussed to this extent in here.

[AncientNerd]

14 minutes ago, LAwLz said:

I mean, if we shouldn't take these seriously then why fix them at all? 

Yes...and No. Here's the thing, software/firmware has bugs, live with it. Some of the bugs are in Security subsystems. There is a three part trade-off to all projects, time-resources-quality (or doneness). You can get perfect or near perfect quality if you have infinite time and resources, but your company will go out of business. You can have impossibly short deadlines with infinite resources and bad quality.

 

Basically at some point you have to "shoot the engineer and ship the product", i.e., an engineer (no matter what kind of engineer) wants everything absolutely perfect and will work on a project until nothing is wrong including low probability issues.  On the other hand sometimes you also have to "Shoot marketing and keep the product in Engineering" because marketing will ship the product with fatal flaws to get "something to market now". And on the third hand sometimes you have to "Shoot the Product, because it is a lost cause and will never be finished", if you don't do that it can kill the company. I have worked for two companies who couldn't learn the third lesson and are no more because they couldn't learn that lesson. 

 

So, the question that needs to be answered (and only AMD can really answer) is "how many resources are these flaws worth?". My (admittedly educated guess), is lots due to the high profile that they have gotten. So inside AMD I would guess there are multiple near "infinite resource" projects going on to fix these right now.

[Mira Yurizaki]

17 minutes ago, AncientNerd said:

So, the question that needs to be answered (and only AMD can really answer) is "how many resources are these flaws worth?". My (admittedly educated guess), is lots due to the high profile that they have gotten. So inside AMD I would guess there are multiple near "infinite resource" projects going on to fix these right now.

In another hand I feel it's also "how exactly does this issue work and what can we do about this?" Knowing as much as you can about a critical problem is key to figuring out the best educated solution you can roll out.

 

If it really is just "admins don't need to be dumb", then they can call it a day and we can sweep this under the rug. But we don't really know that.

[AncientNerd]

1 minute ago, M.Yurizaki said:

In another hand I feel it's also "how exactly does this issue work and what can we do about this?" Knowing as much as you can about a critical problem is key to figuring out the best educated solution you can roll out.

 

If it really is just "admins don't need to be dumb", then they can call it a day and we can sweep this under the rug. But we don't really know that.

Well I suspect that it has gotten enough press (since I have now seen this show up in some mainstream media) to need a resolution of some sort, so if I were managing a team at AMD I would be pushing to get something fixed on at least the EPYC line to keep the server side of the house as clean as possible.

[David89]

And that's exactly why there are different stages of severity of Bugs. This whole thing is just not a security issue. Those are some very nasty and bad bugs - but you can't to anything with them, unless you actually got in to the system with some security holes.

 

They need to be fixed, yes, but they are rather low on the priority list. Although, as we have come to know AMD, i'm pretty sure there is a new AGESA in a few Weeks, that completely fixes those issues.

[MoonSpot]

53 minutes ago, LAwLz said:

 

Small risk, big consequences.

That's not quite right, the risk isn't small.  I know several people that will install ANYTHING and say yes to EVERYTHING from malicious websites that have crap streams of soccer matches 'for free' if the site tells them to.

 

That said, I don't place these issues at quite the drama-queen threat level that they were originally painted as.  I do acknowledge there's action that needs to be taken and hope that there aren't insurmountable HW issues preventing the gaps from being closed.

Personally I intend to afford some time for the IT security crowd to wrap their heads around the problems and more time to tinker with possible solutions.  It's just not the sort of topic to fly off the handle on in any direction, and does more harm than good flinging emotionally sourced opinions around.

[Razor01]

4 hours ago, AncientNerd said:

Yes...and No. Here's the thing, software/firmware has bugs, live with it. Some of the bugs are in Security subsystems. There is a three part trade-off to all projects, time-resources-quality (or doneness). You can get perfect or near perfect quality if you have infinite time and resources, but your company will go out of business. You can have impossibly short deadlines with infinite resources and bad quality.

 

Basically at some point you have to "shoot the engineer and ship the product", i.e., an engineer (no matter what kind of engineer) wants everything absolutely perfect and will work on a project until nothing is wrong including low probability issues.  On the other hand sometimes you also have to "Shoot marketing and keep the product in Engineering" because marketing will ship the product with fatal flaws to get "something to market now". And on the third hand sometimes you have to "Shoot the Product, because it is a lost cause and will never be finished", if you don't do that it can kill the company. I have worked for two companies who couldn't learn the third lesson and are no more because they couldn't learn that lesson. 

 

So, the question that needs to be answered (and only AMD can really answer) is "how many resources are these flaws worth?". My (admittedly educated guess), is lots due to the high profile that they have gotten. So inside AMD I would guess there are multiple near "infinite resource" projects going on to fix these right now.

 

 

That's the PM triangle, Q (quality), S (scope), R (resources), T(time).  But It actually goes beyond that.  Bit hard to type up here easier to show an article

 

https://www.pmi.org/learning/library/beyond-iron-triangle-year-zero-6381

 

Now creating chips they don't really use the basis of Pmbok for their project management processes, they would be using something more stringent based on Agile which gives transparency through out every team member and ownership of each part that is being worked on to specific team members (called tasks based on stories), something like Sigma 6 (this gives governesses and the ability to analyze past work and current work as its being done), something with iteration as their most basic steps.  Now the basis of pmbok is an overlying understanding but the components of management of the project is different.

 

While doing iterations, the team, or engineers involved will try to do things as much as they can but they full well know what they can't do and can do based on the time of their sprint cycles as they commit to work based on those sprint cycles.  The backlog will never be finished and also new things are added to the blacklog ever sprint cycle.  They might not even have gotten to the point knowing anything was wrong lol.  As you stated they have a finite amount of time and resources.

 

 

[LAwLz]

1 hour ago, Notional said:

The prerequisites required for this issue means you're already screwed anyway.

There is a very big difference between:

"You clicked yes on a UAC prompt and now you need to reinstall Windows"

and

"You clicked yes on a UAC prompt and now you have an irremovable virus that can not be detected, stored inside your processor"

(or is the PSP OS stored inside the motherboard?)

 

The latter is clearly worse, so I don't think the whole "you need to be screwed before this can do anything" really hold up. I mean, it is true that you are kind of fucked if someone has admin privilege on your computer, but this takes the level of "fucked" to a higher level.

It makes a bad situation worse.

 

48 minutes ago, AncientNerd said:

Yes...and No. Here's the thing, software/firmware has bugs, live with it. Some of the bugs are in Security subsystems. There is a three part trade-off to all projects, time-resources-quality (or doneness). You can get perfect or near perfect quality if you have infinite time and resources, but your company will go out of business. You can have impossibly short deadlines with infinite resources and bad quality.

I am not sure why you responded to me.

Someone was saying these issues should not be taken seriously.

I said that they should, because if we don't take them seriously why even fix them to begin with? They are not serious, right?

All I said was that these vulnerabilities are, assuming they are legitimate, to be taken seriously and fixed.

 

"Take things seriously" don't mean sell your computer, buy an Intel one, and go on a crusade telling everyone how shitty AMD is. When I say a vulnerability should be taken seriously I mean "acknowledge that it could be a risk, and install the update which protects you from it". I assume that's what most people mean when they take something seriously.

 

 

 

Edit:

With a bit of luck, this might lead AMD to open sourcing their PSP. I doubt they will, but one can hope, right? I don't like the idea of having a black box that can do anything with my computer, and that I can't control or have any insight in what it's doing.

[Notional]

23 minutes ago, LAwLz said:

"You clicked yes on a UAC prompt and now you have an irremovable virus that can not be detected, stored inside your processor"

(or is the PSP OS stored inside the motherboard?)

Well, according to Josh Walrath (PCPer), the arm security processor built into the Ryzen CPU's, has an OS that is on non volatile memory; so it should be impossible for this security hole to overwrite the security processor. Something else must be happening, but alas, we don't know what exactly.

47:36 in, they talk about it.

 

But don't get me wrong, I think it should be patched and all, but what I clearly said was, that a consumer won't know what to do either way. Once malware is installed, they are screwed. Lot's of malware installs into the bios as a rootkit, so it's not exactly new.

[AncientNerd]

40 minutes ago, LAwLz said:

 

I am not sure why you responded to me.

Someone was saying these issues should not be taken seriously.

I said that they should, because if we don't take them seriously why even fix them to begin with? They are not serious, right?

All I said was that these vulnerabilities are, assuming they are legitimate, to be taken seriously and fixed.

 

Because I somehow read your post that I responded to as

Quote

"I mean, if we shouldn't take these seriously then why not fix them at all?" 

rather than your actual statement of 

Quote

I mean, if we shouldn't take these seriously then why fix them at all? 

which is a completely different meaning and makes me seem a bit pedantic as a result, sorry!

[David89]

Interesting. Anyone noticed, that Gadi Evron was in the same military unit, as the other guys from CTS...?
Also, that BOTH Ido Li On and Yaron Luk-Zilberman contradicted Gadi Evron, who said "I can confirm they have a PoC on everything."

Quote

 

ILO: We are in touch them, but they have not gone through the materials yet. They might decide to do that – we are going to see.

YLZ: They are a collaborating with us, so they have seen quite a bit of the findings, but unlike Trail of Bits they have not got the full information, the step-by-step.

 

 

I'm still going with my first assessment of the whole ordeal: Gadi Evron was part of the whole thing from the beginning...

 

And Trail of Bits right away said, it's no where near as bad, as they say.

[mr moose]

 

Oh well that's it guys. We no longer need to worry about security anymore because you can simply put your head in the sand and the threat goes away.

 

 

[Cybershaman]

Is it just me or does the music in the CTS-Labs video sound like the music from that leaked Tom Cruise Scientology video?  I guess in that video it's just the Mission Impossible theme. It's just the first thing that popped into my mind when watching the CTS vid.

[AndPeroty]

 

[NemesisPrime_691]

I cannot for the life of me complete reading the entire thread. I suppose 24 hours are long gone. So, did CTS make the details of the vulnerabilities public or what? It's not like I'm waiting for them to do that or anything, just want to know the outcome of this whole fiasco.

 

PS - Also, I am running out of popcorns and this has started to become uninteresting.