Plundervolt - Another Intel Vulnerability

[Pickles von Brine]

Quote

Plundervault, as the attack has been dubbed, starts with the assumption that an attacker is able to run privileged software on a targeted computer. While that's a lofty prerequisite, it's precisely the scenario Intel's SGX feature is designed to protect against. The chipmaker bills SGX as a private region that uses hardware-based memory encryption to isolate sensitive computations and data from malicious processes that run with high privilege levels. Intel goes as far as saying that "Only Intel SGX offers such a granular level of control and protection."

https://arstechnica.com/information-technology/2019/12/scientists-pluck-crypto-keys-from-intels-sgx-by-tweaking-cpu-voltage/

This one is rather interesting. It requires some setup, high prerequisites but nonetheless nasty. 

Edited December 11, 2019 by Lord Xeb
Spelled the name of the exploit wrong.

[Levent]

This awfully reminds me of RGH in Xbox360. Just using voltages to crash the process, instead of slowing down core speed.

[Mira Yurizaki]

Next thing you know, the voltage settings on CPUs will be locked down and only enthusiast grade parts will be able to tweak with them.

 

(Also I'm sure this isn't how it was attacked, just being cheeky)

[Mister Woof]

So software level voltage is no more (nobody did this anyway) and for now it needs to be local, and needs admin privileges.

 

Only concern is if the microcode reduces performance really....and if it's local only it's no big deal and not worth updating

[porina]

1 minute ago, Plutosaurus said:

So software level voltage is no more (nobody did this anyway) 

I think overclockers and related might be about the only use case to do this in software, as opposed the more tedious process of doing it through bios. Not a great loss if that is the case, but certainly an annoyance.

[Mister Woof]

5 minutes ago, porina said:

I think overclockers and related might be about the only use case to do this in software, as opposed the more tedious process of doing it through bios. Not a great loss if that is the case, but certainly an annoyance.

Maybe I'm just oblivious about software CPU overclocking; most people I talk to and myself just use BIOS to do everything.

 

GPU on the other hand software yes of course.

[porina]

8 minutes ago, Plutosaurus said:

Maybe I'm just oblivious about software CPU overclocking; most people I talk to and myself just use BIOS to do everything.

With CPUs getting more complicated, it is "nice" to be able to change voltages if trying to balance clocks and temps at the same time. Having to reboot for every change is a pain. It might be more of an issue for competitive overclocking than someone finding a 24/7 OC setting, where in the latter case you might just go overkill on cooling, pick a fixed voltage and play with clock a bit.

[Mira Yurizaki]

33 minutes ago, Plutosaurus said:

Only concern is if the microcode reduces performance really....and if it's local only it's no big deal and not worth updating

The microcode update locks the voltage of the CPU to default values while doing anything related to SGX. The only way this would reduce performance is if the voltage level is high enough to cause thermal concerns. Also most users don't have SGX enabled anyway, so this won't affect anyone but servers and data centers.

[CephDigital]

17 hours ago, Plutosaurus said:

So software level voltage is no more (nobody did this anyway) and for now it needs to be local, and needs admin privileges.

Us laptop throttlestop users need it!

[Mister Woof]

6 minutes ago, TheUberMedic said:

Us laptop throttlestop users need it!

 

you're also at the greatest risk for local access due to the portable nature of your system and ease of theft and foul play

[Mira Yurizaki]

8 hours ago, TheUberMedic said:

Us laptop throttlestop users need it!

You're likely not using SGX anyway.

[straight_stewie]

So are the MSRs actually loaded during boot, and therefore BIOS changes can still affect CPU voltage, or does the firmware update instruct the processor to ignore any writes to the affected registers?

 

Or in other words, if an overclocker were using SGX, would BIOS voltage changes still be useful? 

[Curious Pineapple]

12 hours ago, Plutosaurus said:

 

you're also at the greatest risk for local access due to the portable nature of your system and ease of theft and foul play

Who needs to break CPU security when they've walked away with the entire machine?

[Mister Woof]

2 minutes ago, Curious Pineapple said:

Who needs to break CPU security when they've walked away with the entire machine?

Put some shit in there and give it back to you and let you use it without knowing it's been compromised

[Curious Pineapple]

1 minute ago, Plutosaurus said:

Put some shit in there and give it back to you and let you use it without knowing it's been compromised

Again, why is a CPU issue relevant? At that point a keylogger and RAT are much more useful.

[Mister Woof]

24 minutes ago, Curious Pineapple said:

Again, why is a CPU issue relevant? At that point a keylogger and RAT are much more useful.

Well, just saying that if anyone is vulnerable to a local-only exploit, it's more likely to be a mobile system than one that's say, in your house.

 

The fact there's better ways to skin a cat is just more evidence this whole issue is overblown.

[thechinchinsong]

2 hours ago, Curious Pineapple said:

Again, why is a CPU issue relevant? At that point a keylogger and RAT are much more useful.

Those are easier to detect than something like this that would require you to interface with Intel SGX to figure out something was wrong.

[Kisai]

On 12/11/2019 at 9:03 AM, Mira Yurizaki said:

The microcode update locks the voltage of the CPU to default values while doing anything related to SGX. The only way this would reduce performance is if the voltage level is high enough to cause thermal concerns. Also most users don't have SGX enabled anyway, so this won't affect anyone but servers and data centers.

Most systems at the office have SGX set to "software controlled" which is basically "Off until asked" since no software appears to turn it on. So yeah, I doubt anyone is actually using SGX in any significant production environment. Only some software like software Blueray players apparently even try to use it.

 

[Sauron]

On 12/11/2019 at 4:50 PM, Lord Xeb said:

starts with the assumption that an attacker is able to run privileged software on a targeted computer.

AKA it's completely useless.

[PlayStation 2]

Remember, kids, having direct access to the hardware at hand negates bothering with attacks like these, where direct access to the hardware at hand is required.

[jagdtigger]

On 12/11/2019 at 6:03 PM, Mira Yurizaki said:

The microcode update locks the voltage of the CPU to default values while doing anything related to SGX.

Well that has the potential to totally crash a heavily overclocked CPU. Like my 4670k that needs about 1.38V to maintain 4.5 GHz.....

[Mira Yurizaki]

1 hour ago, jagdtigger said:

Well that has the potential to totally crash a heavily overclocked CPU. Like my 4670k that needs about 1.38V to maintain 4.5 GHz.....

If you're using SGX, you probably shouldn't be overclocking the CPU anyway. :3

[jagdtigger]

9 hours ago, Mira Yurizaki said:

If you're using SGX, you probably shouldn't be overclocking the CPU anyway. :3

I dont intend to. But if one of the programs start to use it suddenly it can happen....

[spartaman64]

20 hours ago, Sauron said:

AKA it's completely useless.

 

On 12/12/2019 at 5:01 PM, Plutosaurus said:

Well, just saying that if anyone is vulnerable to a local-only exploit, it's more likely to be a mobile system than one that's say, in your house.

 

The fact there's better ways to skin a cat is just more evidence this whole issue is overblown.

normally id agree but apparently the point of the SGX system is to offer protection when your computer is already compromised

Quote

What Is Intel® SGX?

There is tremendous opportunity for application and solution developers to take charge of their data security using new hardware-based controls for cloud and enterprise environments. Intel® Software Guard Extensions (Intel® SGX)1 2 offers hardware-based memory encryption that isolates specific application code and data in memory. Intel® SGX allows user-level code to allocate private regions of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels. Only Intel® SGX offers such a granular level of control and protection. 

https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions.html

[Sauron]

2 hours ago, spartaman64 said:

normally id agree but apparently the point of the SGX system is to offer protection when your computer is already compromised

Sure, of course it's technically a flaw and should be patched - but in the vast majority of cases, if the attacker has privileged access to your machine it's over. This only applies if you have a program that deliberately uses this feature in the first place and only if sensitive information is completely relegated to that program.