Most active commenters
  • pgeorgi(4)
  • rwmj(3)

←back to thread

Intel x86 considered harmful – survey of attacks against x86 over last 10 years

(blog.invisiblethings.org)
276 points chei0aiV | 27 comments | 27 Oct 15 14:51 UTC | HN request time: 2.826s | source | bottom
1. pjc50 ◴[27 Oct 15 16:01 UTC] No.10458874[source]
"System management mode" is a tremendous wart and should be removed wholesale, with Intel adopting a more ARM-style trusted boot chain with explicit cooperation from the OS or hypervisor. And while you're at it, kill UEFI and install a pony for me.

(Seriously, SMM serves either bizarre ILO features that high-end vendors like but are rarely used, or security agencies looking for a layer to hide in.)

replies(5): >>10459094 #>>10459158 #>>10459893 #>>10460557 #>>10462796 #
2. pgeorgi ◴[27 Oct 15 16:25 UTC] No.10459094[source]
SMM is used all the time:

Several Intel chipset generations require certain register writes on shutdown (disable busmaster) or they won't _actually_ shut down. Operating systems aren't aware of that. (https://github.com/coreboot/coreboot/blob/master/src/southbr...)

UEFI Secure Boot requires "authenticated variables", which can be updated by the OS (after checking authentication, using a signature scheme). UEFI code resides somewhere in memory, so the OS (or ring0 code) could opt to bypass the verification and simply rewrite those variables. The recommended (but not required) solution is to move variable update to SMM. (https://firmware.intel.com/sites/default/files/resources/A_T...)

Several hardware features are actually implemented in SMM. I've seen SMM-based handling of certain special keys (eg. "disable Wifi" button) where ACPI grabs the event, then traps into SMM using a magic IO port.

replies(3): >>10459277 #>>10461503 #>>10462094 #
3. rwmj ◴[27 Oct 15 16:35 UTC] No.10459158[source]
Actually ILO is pretty useful :-)

I have an APM (ARM64) Mustang, and this takes a rather different approach, but probably not one you'll think is better. The chip advertises 8 x 64 bit cores, but there's a 9th 32 bit core which runs all the time, even when the machine is powered down (although obviously still connected to mains power). It runs a separate firmware, in its own RAM, but can access the main memory at will and invisibly to the main OS.

One way to look at this is it's brilliant that we can just put a tiny Cortex-M3 in a spare bit of silicon and have it do useful management stuff.

replies(5): >>10459253 #>>10459344 #>>10460086 #>>10460423 #>>10462384 #
4. ctstover ◴[27 Oct 15 16:45 UTC] No.10459253[source]
Terrifying! Is there a way to disable that?
replies(2): >>10459365 #>>10459503 #
5. pdkl95 ◴[27 Oct 15 16:49 UTC] No.10459277[source]
> and simply rewrite those variables

Good luck trying that once that memory is encrypted with SGX.

replies(1): >>10459350 #
6. pgeorgi ◴[27 Oct 15 16:59 UTC] No.10459344[source]
That's more or less what the Management Engine (Intel) and Platform Security Processor (AMD) are. In the latter case, it's also some smaller ARM core.
7. pgeorgi ◴[27 Oct 15 17:00 UTC] No.10459350{3}[source]
SGX is too complex for such purposes, and it also doesn't provide access levels to hardware.

The alternative to hooking into UEFI code would be to just write to flash by yourself. SMM has additional permissions there.

8. bravo22 ◴[27 Oct 15 17:01 UTC] No.10459365{3}[source]
I don't know which chip OP is using but no you can't. It is usually a small CPU which is part of the GPU video decoder that is used as the 'boot' processor. It usually executes first level ROM code and fetches the first stage boot loader from flash, USB, etc.

It can also do PMU control when the machine is 'turned off'. The alternative is to use an external microcontroller. It is actually quiet useful.

What is your reason for wanting to disable it?

replies(1): >>10459523 #
9. rwmj ◴[27 Oct 15 17:16 UTC] No.10459503{3}[source]
It's basically a fundamental part of the SoC, so I doubt it could be disabled.
10. gvb ◴[27 Oct 15 17:18 UTC] No.10459523{4}[source]
It is another "DMA hacking" vector, one that is always on. https://en.wikipedia.org/wiki/DMA_attack
replies(1): >>10462768 #
11. StillBored ◴[27 Oct 15 18:00 UTC] No.10459893[source]
ARM is doing all the same things intel has. EL3/Secure mode is basically intel SMM. For every "feature" intel has there is a similar version for ARM64.
12. pjc50 ◴[27 Oct 15 18:29 UTC] No.10460086[source]
It runs a separate firmware, in its own RAM, but can access the main memory at will and invisibly to the main OS

All watched over by hypervisors of loving grace.

How do you know what the firmware does? Is it even possible to inspect it, let alone replace it? It's just another part of the attack surface - not necessarily deliberately, but if there are exploitable bugs in that firmware that can be triggered from the rest of the system, it's another security risk.

replies(2): >>10460476 #>>10464198 #
13. rsync ◴[27 Oct 15 19:21 UTC] No.10460423[source]
"but there's a 9th 32 bit core which runs all the time, even when the machine is powered down"

So it's like the situation on mobile phones, with their baseband processors. Except on a general purpose computer.

Awesome.

14. rwmj ◴[27 Oct 15 19:28 UTC] No.10460476{3}[source]
It's possible to update it, not sure about replacing it with ones own code. I know this is "whataboutism" but here goes: Is this different from Intel ME processors with their "hidden" Sparc core?

http://www.slideshare.net/codeblue_jp/igor-skochinsky-enpub

replies(1): >>10461156 #
15. lurkinggrue ◴[27 Oct 15 19:41 UTC] No.10460557[source]
I would prefer a pony over UEFI... possibly Rainbow Dash.
replies(1): >>10461989 #
16. msbarnett ◴[27 Oct 15 21:09 UTC] No.10461156{4}[source]
> Is this different from Intel ME processors with their "hidden" Sparc core?

Minor quibble: The IME is not Sun's SPARC architecture, it's ARC International's ARC, the Argonaut RISC Core, which has its origins in (of all things) the Super Nintendo's SuperFX chip.

replies(3): >>10461233 #>>10461274 #>>10462237 #
17. nickpsecurity ◴[27 Oct 15 21:20 UTC] No.10461233{5}[source]
Didn't even know they had ARC processors in them. That's a trip.
18. ◴[27 Oct 15 21:27 UTC] No.10461274{5}[source]
19. Nelson69 ◴[27 Oct 15 22:05 UTC] No.10461503[source]
Yeah, I was going to say, I've seen hardware were advertised features were implemented with SMM. You could possibly take it away but it sure does enable a lot of nice hardware fixes without re-spinning silicon.

Some implementations it'll really screw up any RT plans you might have...

20. semi-extrinsic ◴[27 Oct 15 23:42 UTC] No.10461989[source]
> UEFI stands for "Unified Extensible Firmware Interface", where "Firmware" is an ancient African word meaning "Why do something right when you can do it so wrong that children will weep and brave adults will cower before you", and "UEI" is Celtic for "We missed DOS so we burned it into your ROMs".

(From the excellent https://lkml.org/lkml/2011/5/25/228)

21. caf ◴[28 Oct 15 00:07 UTC] No.10462094[source]
Couldn't those register writes required on shutdown be included in ACPI?
replies(1): >>10463442 #
22. voltagex_ ◴[28 Oct 15 00:48 UTC] No.10462237{5}[source]
Is this what I've got in my Lenovo X1 with vPro? The Ctrl+P shortcut to get into the config at boot doesn't work - can I poke at it any other way?
23. hornetblack ◴[28 Oct 15 01:38 UTC] No.10462384[source]
I think x86 chips with Intel Active Management has the 'Management Engine' which runs an ARC processor with a ThreadX RTOS on it. It even has it's own network interface separate from the rest of the CPU. As far as I can tell this is for Enterprise users who need to manage the PC's and Rack computers remotely, even when the OS dies.

Most motherboard vendors also thrown stuff onto enterprise motherboards for doing things remotely. They can have issues: https://www.youtube.com/watch?v=GZeUntdObCA

24. bravo22 ◴[28 Oct 15 03:54 UTC] No.10462768{5}[source]
I have to disagree.

Those core execute the codes from their local SRAM which can only be written to under very specific conditions. You can't arbitrarily write to their SRAMs.

An SOC has various bus arbitrators that are built into hardware which control the dataflow. It is part of the chip's backbone. I've never seen an architecture in which you could easily write to the aux core's SRAM. This is partially because those cores are often responsible for DRM therefore access to them is very restricted, but also because it is expensive (in terms of gates) and unnecessary to hang them off the main bus.

It is a very unlikely "DMA hacking" vector.

The peripheral can just as easily DMA to main memory and overwrite kernel code if the memory apertures are set wide open to allow peripheral to DMA anything into the host. Additionally unless you have PCIe or a similar bus with mastering capability a peripheral can't DMA.

25. loginusername ◴[28 Oct 15 04:07 UTC] No.10462796[source]
"kill UEFI"

Sounds good to me. I see UEFI as an added, redundant, poor quality OS. I'm a connoisseur of bootloaders and live in a TTY so UEFI is another command line that I do not need. You said it best: its features are "rarely used"; it just provides unwanted third parties with another "layer to hide in".

26. pgeorgi ◴[28 Oct 15 09:26 UTC] No.10463442{3}[source]
Since it's traversing the PCI bus hierarchy, not easily.

There are also a number of shortcuts for "shutdown is just two writes to a given register" that some OS probably expect to be around these days (a field in FADT) that I'm not sure how a complex ACPI shutdown routine would fare in practice.

27. kbart ◴[28 Oct 15 13:12 UTC] No.10464198{3}[source]
In case of high end Texas Instrument's ARM MCUs + Linux, M3 is used for power management. Though the firmware is provided as a binary blob and there's no way to control or check what it actually does (as far as I know).