Announcement

Collapse
No announcement yet.

LVI Attack Hits Intel SGX - Defeats Existing Mitigations, More Performance Hits

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by franglais125 View Post

    Any specific reason you would buy a i9 nowadays, with AMD being an absolutely compelling option in the high core count area?

    Genuinely curious, please don't read this with a "how dumb" tone.
    I am not offended don't worry. This machine was purchased 3 years ago (whooo i9 7900x :P ) when none of these flaws were official and first gen TRs were just a myth. I remember installing 4.13.0 kernel on it when I first booted the system.

    Comment


    • #12
      Originally posted by SkyWarrior View Post

      I am not offended don't worry. This machine was purchased 3 years ago (whooo i9 7900x :P ) when none of these flaws were official and first gen TRs were just a myth. I remember installing 4.13.0 kernel on it when I first booted the system.
      Ahh, I see, to me it feels like i9s were released only yesterday (I'm still not used to them being a thing). Time flies!

      Comment


      • #13
        Wow, this is going to cause headaches :-(

        If I understand these attack scenarios correctly, they affect mainly multi-user environments, normal single user desktop should be mostly unaffected.

        However, working in a regulated environment, at which point does NOT auditing your data center service providers for not using Intel CPUs amount to gross, possibly criminal negligence? Does anyone have any legal expertise or experience in this area? Is it even possible under US and EU law to contractually transfer responsibility for these - at this point foreseeable - exploits onto the service provider, or do we go to jail ourselves, if the s*** hits the fan?

        Comment


        • #14
          Originally posted by zxy_thf View Post
          Not a hardware guy, but the first prerequisite (Incorrect transient forwarding) already sounds crazy to me.
          What the h*** are they doing inside the processors sold to us?
          If you want to get a peek at the insanity of modern CPU microarchitecture, you may want to read through the "Instruction-Level Parallelism" chapter of the "Computer Architecture: A Quantitative Approach" book by Hennessy and Patterson. It's not hard to find PDFs around the web.

          Once you understand how much complexity was accumulated to make it all work, you stop asking yourself why all these hardware attacks are happening now, and start instead asking yourself why they didn't start happening (or at least didn't went public) sooner.

          Comment


          • #15
            Oh lawd. I thought AMD's memory encryption feature has its share of issues, but SGX on the other hand... what an unholy mess it is at this point.

            Comment


            • #16
              At some point you won't even want to make a keychain out of an Intel CPU.

              Comment


              • #17
                Originally posted by HadrienG View Post
                If you want to get a peek at the insanity of modern CPU microarchitecture, you may want to read through the "Instruction-Level Parallelism" chapter of the "Computer Architecture: A Quantitative Approach" book by Hennessy and Patterson. It's not hard to find PDFs around the web.

                Once you understand how much complexity was accumulated to make it all work, you stop asking yourself why all these hardware attacks are happening now, and start instead asking yourself why they didn't start happening (or at least didn't went public) sooner.
                Unlink spectre or meltdown, forwarding arbitrary guessed values from store buffer to load buffer makes much less sense.
                The processor design have drifted too far from the safe/sane approach. Now we see the the backfires.
                Last edited by zxy_thf; 03-10-2020, 03:57 PM.

                Comment


                • #18
                  Originally posted by HadrienG View Post
                  If you want to get a peek at the insanity of modern CPU microarchitecture, you may want to read through the "Instruction-Level Parallelism" chapter of the "Computer Architecture: A Quantitative Approach" book by Hennessy and Patterson. It's not hard to find PDFs around the web.

                  Once you understand how much complexity was accumulated to make it all work, you stop asking yourself why all these hardware attacks are happening now, and start instead asking yourself why they didn't start happening (or at least didn't went public) sooner.

                  I can remember researchers pointing out problems with Intel SMP and encryption using timing attacks going back to at least the early 2000s. It's not that there weren't people looking into potential problems. It was more that no one was much paying attention to the people saying that the foundation of trust in modern computing was breaking down (the hardware itself has major flaws in a modern interconnected environment). Then comes Manning and Snowden, and the people that could generate a great deal of publicity and had the brain trust, like Google, began kicking the tires out of self-interest. Now the house of cards is tumbling down around Intel's ears because they wouldn't listen to earlier researchers that were pointing to problems in their architectural decisions. In pursuing raw performance numbers to the exclusion of all other considerations, they've basically ended up cutting their own throat.

                  I'm not disagreeing with you, quite the contrary. Just pointing out that there have been people trying to point out the emperor (Intel) has no clothes for quite a while.

                  Comment


                  • #19
                    Originally posted by zxy_thf View Post
                    Not a hardware guy, but the first prerequisite (Incorrect transient forwarding) already sounds crazy to me.
                    What the h*** are they doing inside the processors sold to us?
                    Oh, it's even worse than the base SGX-enclave type attacks. LVI can probably be used to steal any data.
                    Cross kernel/user boundaries and between processes.

                    "Intel furthermore acknowledged that LVI may in principle be exploited in non-SGX user-to-kernel or process-to-process environments and suggested addressing by manually patching any such exploitable gadgets upon discovery."

                    It's a real f*cking mess.

                    Comment


                    • #20
                      Originally posted by milkylainen View Post

                      Oh, it's even worse than the base SGX-enclave type attacks. LVI can probably be used to steal any data.
                      Cross kernel/user boundaries and between processes.

                      "Intel furthermore acknowledged that LVI may in principle be exploited in non-SGX user-to-kernel or process-to-process environments and suggested addressing by manually patching any such exploitable gadgets upon discovery."

                      It's a real f*cking mess.

                      Comment

                      Working...
                      X