L1 Terminal Fault Attack - Status check

[Simon771]

So today we got news about another vulnerability for Intel CPUs, but Microsoft already released patch to fix this: https://support.microsoft.com/sl-si/help/4343909/windows-10-update-kb4343909

Now I did install this update, and then found some website with instructions, how to check if you are vulnerable to L1TF: https://www.windowscentral.com/how-check-if-your-pc-still-vulnerable-meltdown-and-spectre-exploits

 

Now my result is something like this:

PS C:\WINDOWS\system32> Get-SpeculationControlSettings
For more information about the output below, please refer to https://support.microsoft.com/en-in/help/4074629

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security]

Speculation control settings for CVE-2018-3639 [speculative store bypass]

Hardware is vulnerable to speculative store bypass: True
Hardware support for speculative store bypass disable is present: False
Windows OS support for speculative store bypass disable is present: True
Windows OS support for speculative store bypass disable is enabled system-wide: False

Speculation control settings for CVE-2018-3620 [L1 terminal fault]

Hardware is vulnerable to L1 terminal fault: True
Windows OS support for L1 terminal fault mitigation is present: True
Windows OS support for L1 terminal fault mitigation is enabled: True


BTIHardwarePresent                  : True
BTIWindowsSupportPresent            : True
BTIWindowsSupportEnabled            : True
BTIDisabledBySystemPolicy           : False
BTIDisabledByNoHardwareSupport      : False
KVAShadowRequired                   : True
KVAShadowWindowsSupportPresent      : True
KVAShadowWindowsSupportEnabled      : True
KVAShadowPcidEnabled                : True
SSBDWindowsSupportPresent           : True
SSBDHardwareVulnerable              : True
SSBDHardwarePresent                 : False
SSBDWindowsSupportEnabledSystemWide : False
L1TFHardwareVulnerable              : True
L1TFWindowsSupportPresent           : True
L1TFWindowsSupportEnabled           : True
L1TFInvalidPteBit                   : 45
L1DFlushSupported                   : False

PS C:\WINDOWS\system32>

Also picture:

Spoiler

And now I'm a bit confused, what does that mean.

 

Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: True

 

Does that mean I'm safe against those attacks or not?

I know that chances of being victim from attack like this is very unlikely, but I just want to know where I'm at.

[n4da]

It means that:

 

- Spectre 1-2 patched, OS and hardware (microcode/BIOS), and you still have good performance due to having INVPCID, and well, Coffee Lake helps too.

- you don't have the microcode update for SSB installed, the OS is patched but it's not enough; you need to not only update the BIOS (I'm sure Asus has the new microcode in their latest BIOS), but also to manually enable SSB (it's not automatically enabled like previous Spectre/Meltdown mitigations). Doing this is a further (small) performance impact. 1% in games, if that's what you care about.

- the last part is tricky. Problem is, the same microcode as for SSB should be the one needed for L1TF. But, i have that one, and well, it's not enough. Something else, somewhere, somehow must be done, I am not sure what at this moment. I have also didn't manually enable SSB mitigations. Maybe it is that? 

 

This is how it looks on my 8700K:

 

 

It would be nice if somebody knew more about this, but from the 0 answers you got... I'm a bit skeptical.

 

Edit:

 

Alright, I enabled SSB. Now SSBDWindowsSupportEnabledSystemWide is True, as expected. Sadly L1TFHardwareVulnerable is also remaining True, so it's not that. Microsoft is saying that if you use Virtualization Based Security (VBS), you'll also need to turn off Hyperthreading. I tried that too, even though I am not using VBS, at least it's not enabled, and HT or not, you're still L1TF vulnerable.

 

I'm guessing something is broken here.

[Simon771]

21 hours ago, n4da said:

It means that:

 

- Spectre 1-2 patched, OS and hardware (microcode/BIOS), and you still have good performance due to having INVPCID, and well, Coffee Lake helps too.

- you don't have the microcode update for SSB installed, the OS is patched but it's not enough; you need to not only update the BIOS (I'm sure Asus has the new microcode in their latest BIOS), but also to manually enable SSB (it's not automatically enabled like previous Spectre/Meltdown mitigations). Doing this is a further (small) performance impact. 1% in games, if that's what you care about.

- the last part is tricky. Problem is, the same microcode as for SSB should be the one needed for L1TF. But, i have that one, and well, it's not enough. Something else, somewhere, somehow must be done, I am not sure what at this moment. I have also didn't manually enable SSB mitigations. Maybe it is that? 

 

This is how it looks on my 8700K:

 

-snip-

 

It would be nice if somebody knew more about this, but from the 0 answers you got... I'm a bit skeptical.

 

Edit:

 

Alright, I enabled SSB. Now SSBDWindowsSupportEnabledSystemWide is True, as expected. Sadly L1TFHardwareVulnerable is also remaining True, so it's not that. Microsoft is saying that if you use Virtualization Based Security (VBS), you'll also need to turn off Hyperthreading. I tried that too, even though I am not using VBS, at least it's not enabled, and HT or not, you're still L1TF vulnerable.

 

I'm guessing something is broken here.

Thanks for your interest in my post.

I do have some old bios from 26th April of this year. Since then, 3 new BIOS versions were released, but I just didn't feel like updating it again and going trough all my settings once more. Every time I update my BIOS I have to spend like an hour, putting all settings back to the way I want them. For some reason backing settings up, and trying to load them back in after BIOS update, just doesn't work. So I have to set everything manually.

 

I wonder if we need new BIOS release for that L1TF vulnerability ... that's why I will wait few more days, to see if any motherboard partners will be releasing new BIOS versions. If not, I will update my BIOS to version from 13th July of this year.

[n4da]

On 8/15/2018 at 11:32 PM, Simon771 said:

Thanks for your interest in my post.

I do have some old bios from 26th April of this year. Since then, 3 new BIOS versions were released, but I just didn't feel like updating it again and going trough all my settings once more. Every time I update my BIOS I have to spend like an hour, putting all settings back to the way I want them. For some reason backing settings up, and trying to load them back in after BIOS update, just doesn't work. So I have to set everything manually.

 

I wonder if we need new BIOS release for that L1TF vulnerability ... that's why I will wait few more days, to see if any motherboard partners will be releasing new BIOS versions. If not, I will update my BIOS to version from 13th July of this year.

You need the BIOS that holds the updated microcode for SSB. You want to see this line:

Hardware support for speculative store bypass disable is present: False

Go to true.

 

What I assume this will do for L1TF is "teach" your CPU to flush the L1 cache (when exactly? how? it's above my knowledge). You want that so that basically malware can't "infer" (Intels's term) potentially sensitive data inside the cache. In some scenarios this would negatively impact performance. If you just play games, browse the web and do "normal" stuff, you won't notice anything, not even 1% drop (can confirm, tested with a few game benchmarks, Cinebench, AIDA64 before/after). Running VMs however might take a hit.

 

I am also having the same issues with loading old BIOS settings after an update, not really working, so it's manually setting everything up again. I'd still update to the last BIOS. It should also contain other potentially useful stuff, like the new Intel RST EFI module v. 16.5, which should pair nicely with 16.5 RST drivers. If that's better from the 16.0, I can't say.

 

You should also know that if you want ALL protections enabled, you'll have to manually do it for SSB. I tried it and found again no performance impact, but your mileage might vary.

 

So:

 

- you don't need a new microcode for L1TF, the one released for SSB should do (Intel confirmed). It should be rev. 0x96.

- I'd update the BIOS if I were you. 

 

PS: it appears that the output you see in my screenshot is the best you will get for L1TF. Hardware Vulnerable will always remain True, which is kinda accurate, yet peculiar choice of words. Nobody wants to patch shit up and see "Hardware vulnerable". The output just tries to say that your hardware is vulnerable to this exploit and measures against it were applied in the OS, and for those with updated microcode, the CPU also can flush the L1 cache. Which, indeed, is not a real fix, it's just a workaround, but let's be honest...

 

... no Spectre/Meltdown attacks of any sort were yet detected. No PC will ever be 100% safe.