'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Tinstaafl · Aug 23, 2018

mood said: ↑

Intel Publishes Microcode Security Patches, No Benchmarking Or Comparison Allowed!
August 22, 2018
https://perens.com/2018/08/22/new-intel-microcode-license-restriction-is-not-acceptable/
Click to expand...

Solution? Upgrade to AMD!

guest · Aug 25, 2018

reasonablePrivacy said: ↑

Mailing list message:
https://www.mail-archive.com/source-changes@openbsd.org/msg99141.html
Click to expand...

Mailing list message:
Disable SMT/Hyperthreading in all Intel BIOSes
"SMT is fundamentally broken"
August 23, 2018
https://marc.info/?l=openbsd-tech&m=153504937925732&w=2

Two recently disclosed hardware bugs affected Intel cpus:

TLBleed / T1TF
Solving these bugs requires new cpu microcode, a coding workaround, *AND* the disabling of SMT / Hyperthreading.

SMT is fundamentally broken because it shares resources between the two cpu instances and those shared resources lack security differentiators.
There will be more hardware bugs and artifacts disclosed. Due to the way SMT interacts with speculative execution on Intel cpus, I expect SMT to exacerbate most of the future problems.

OpenBSD -current (and therefore 6.4) will not use hyperthreading if it is enabled, and will update the cpu microcode if possible.
Click to expand...

BoerenkoolMetWorst · Sep 2, 2018

Qubes OS also disabled SMT/HT by default:

However, we believe there is a risk that similar issues will be discovered in the future, and that having hyper-threading disabled may mitigate those issues, as it does this one.
Therefore, we recommend that most users leave hyper-threading disabled regardless of whether they use HVM qubes.
Click to expand...

https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-043-2018.txt

guest · Sep 8, 2018

Foreshadow, SGX & the Failure of Trusted Execution
September 8, 2018
https://www.darkreading.com/cloud/foreshadow-sgx-and-the-failure-of-trusted-execution/a/d-id/1332733

Unfortunately, recent developments have shown that existing trusted execution environments fail to meet their promise. The reason is something called side channels. A side channel is an unexpected (and unintended) channel through which private information is leaked.
New Vulnerabilities
This year saw the discovery of new powerful vulnerabilities in the form of speculative execution: Spectre, Meltdown, and now Foreshadow. These attacks utilize the fact that modern hardware chips will run instructions and only later check whether these should have been carried out. This enables the chip's pipeline to be better utilized, since often the chip's "guesses" as to what to compute are correct.

Trusted execution can only be trusted if the execution environment is truly isolated from the rest of the chip [...]
One can only hope that truly isolated trusted execution environments can be built in the coming years. Because this would require great cost and a complete redesign, it is sadly not something that we will see soon.
Click to expand...

reasonablePrivacy · Sep 8, 2018

mood said: ↑

Foreshadow, SGX & the Failure of Trusted Execution
September 8, 2018
https://www.darkreading.com/cloud/foreshadow-sgx-and-the-failure-of-trusted-execution/a/d-id/1332733
Click to expand...

Given that trusted execution was going to be used primarily to implement DRM, I am not sad about this.

WildByDesign · Sep 28, 2018

New SpecuCheck release:

Link: https://github.com/ionescu007/SpecuCheck/releases/tag/v1.1.0

Latest release with SSBD and L1TF support.

I've released SpecuCheck v.1.1.0 which adds support for SSBD/Spectre V4 (CVE-2018-3639) and L1TF/Foreshadow (CVE-2018-3620) mitigation detections/hardware support. Also takes advantage of kernel-provided status if KVA shadow is required or not. Get it at: https://github.com/ionescu007/SpecuCheck …
Click to expand...

Link: https://twitter.com/aionescu/status/1045831647730401280

This release also includes support for detecting the awesome work from @aall86 and all of @mamyun's team(s) to support 'retpoline optimizations'.
Click to expand...

Link: https://twitter.com/aionescu/status/1045831916983803905

Tarnak · Sep 28, 2018

I ran this latest SpecuCheck, but I don't know if what I got is meaningful:

wat0114 · Sep 28, 2018

Tarnak said: ↑

I ran this latest SpecuCheck, but I don't know if what I got is meaningful:
Click to expand...

yeah I don't know if my results are good, bad or somewhere in between.

Tarnak · Sep 28, 2018

wat0114 said: ↑

yeah I don't know if my results are good, bad or somewhere in between.
Click to expand...

I compared mine to yours, and there are differences. But, what it means: I haven't a clue! But, I am not too concerned.

WildByDesign · Sep 29, 2018

Here is mine as it is currently:

WildByDesign · Sep 29, 2018

It is not so user-friendly, for sure. All that I know is that green is good (whether answer is Yes or No) and red is bad.

Tarnak said: ↑

I ran this latest SpecuCheck, but I don't know if what I got is meaningful:
Click to expand...

Your SpecuCheck output shows that the system is missing several components (model-specific register (MSR)) from the microcode. The output is more technical as opposed to user-friendly, but you could always copy and paste certain parts, such as "SPEC_CTRL MSR (048h)". But even in that case, Intel documentation is sometimes lacking with the more current details.

Tarnak said: ↑

I compared mine to yours, and there are differences. But, what it means: I haven't a clue! But, I am not too concerned.
Click to expand...

Your output seems to show all of the appropriate microcode related updates. Although it's missing the "SPEC_CTRL MSR (048h)" support similar to mine.

BoerenkoolMetWorst · Sep 29, 2018

A nice that SpecuCheck is still alive, with their last release in January I thought development was dead.
There have been 2 microcode updates with sidechannel migitations so far, 1 after the original Spectre and one for SSBD and L1TF. It looks like WildByDesign and wat0114 only have the first microcode update, and Tarnak has both. Without the second, you don't have SSBD mitigations, but it looks like for L1TF there is still some OS migitation("With KVA Shadow and Invalid PTE Bit".) I don't know however if that is effective without the microcode update.
The other red No's:
-Unnecessary due lack of CPU vulnerability: the latest Intel CPU's are not vulnerable to these, so they dont need the mitigations.(Afaik they're only not vulnerable to these specific attacks, the design is still the same with all kinds of insecure speed features like the speculative execution and hyperthreading, so I wouldn't buy a new CPU because of this until they make major architectural changes.
-Branch Prediction Migitations Optimized and Import Adress Table Optimizations: not sure about these ones, sounds similar to the PCID and INVPCID features of newer CPU's which allow for better performance. (Those 2 features are the ones InSpectre looks for.)
-SPEC_CTRL_MSR (048h): I don't know what this is. I have the second microcode update for SSBD/L1TF but this is also a No for me.

Tarnak · Sep 30, 2018

@WildByDesign ,@BoerenkoolMetWorst

Thank you both for your replies. This is all too technical for me, but I hope to understand, eventually. BTW, I am still running build 1703, which is coming to end of service on October 9, 2018. - https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet

guest · Oct 8, 2018

Spectre and Meltdown Hardware Protection Added to Intel's 9th Gen CPUs
October 8, 2018
https://www.bleepingcomputer.com/ne...ware-protection-added-to-intels-9th-gen-cpus/

As part of today's Intel's Fall Desktop Launch event, new 9th generation CPUs were announced that include hardware protection for two of the Spectre and Meltdown vulnerability variants. This information was slipped into the fine print of a slide announcing the release of Intel's new 9th Gen CPUs as can be seen below. [...]

With the release of the 9th gen CPUs, hardware protection for the L1 Terminal Fault and Meltdown V3 vulnerabilities has been added, but the other vulnerabilities still require software and microcode protection.

Previous software and microcode protections would cause a performance hit on older CPUs. With the release of these new CPUs, they are powerful enough that any performance hit caused by these protections should not be noticeable.
Click to expand...

guest · Oct 16, 2018

SpecuCheck v1.1.1 Released (October 16, 2018)
Download

Fixed the x86 build being old.
Addressed BPB detection clarity issues.
Click to expand...

guest · Oct 18, 2018

MIT researchers say memory splitting breakthrough could prevent another Meltdown or Spectre
October 17, 2018
https://techcrunch.com/2018/10/17/m...uld-prevent-another-meltdown-or-spectre-flaw/

Now, a team of MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) researchers say they have found a way to prevent a similar range of flaws like Meltdown and Spectre in the future.

MIT’s CSAIL says their technique would split up memory so that the data not stored in the same place — in what the team calls “secure way partitioning.”

They call it called DAWG — or “Dynamically Allocated Way Guard” — which, admittedly might sound ridiculous, but it’s meant to work as a counterpoint to Intel’s Cache Allocation Technology, or CAT. According to their work, DAWG works similarly to CAT and doesn’t require many changes to the device’s operating system — making it potentially as easy to install on an affected computer as Meltdown’s microcode fix.

Although DAWG can’t prevent against every speculative attack, the researchers are now working to improve their technology to prevent against more — if not all attacks.
Click to expand...

guest · Oct 19, 2018

Windows 10 19H1 will reduce the impact of Spectre Mitigation to “noise level”
October 19, 2018
https://mspoweruser.com/windows-10-19h1-will-reduce-the-impact-of-spectre-mitigation-to-noise-level/

Named as Spectre and Meltdown, these “speculative execution” vulnerabilities meant hackers could steal data by simply visiting a website.

Various tech companies have been working on mitigation for this, and in Microsoft’s latest move, they are working to implement Retpoline in the next major version of Windows 10, 19H1 due early next year.

Yes, we have enabled retpoline by default in our 19H1 flights along with what we call "import optimization" to further reduce perf impact due to indirect calls in kernel-mode. [...]
— Mehmet Iyigun (@mamyun) October 18, 2018
Kernell experts explain: [...]

For the rest of us it means that Spectre will no longer make our processors feel 5-10 years older than they are, and in general cause Spectre mitigation to only have an impact of 1-2%, or as Mehmet Iyigun from the Windows Kernel team notes, bring it down to “noise level” for most use cases, which is certainly good news. [...] Microsoft does not appear to be planning to backport the fix
Click to expand...

guest · Nov 12, 2018

The Intel Microcode Boot Loader Protects Older CPUs From Spectre
November 12, 2018
https://www.bleepingcomputer.com/ne...boot-loader-protects-older-cpus-from-spectre/

Unfortunately, older operating systems and thus the CPUs that run them, would not be receiving the patches and would not be protected. This is where the Intel Microcode Boot Loader comes into play.

Created by Eran "Regeneration" Badit, this tool will use the Intel BIOS Implementation Test Suite (BITS) and the Syslinux bootloader to automatically detect and apply the most current microcodes for an Intel processor. This allows computer using old processors to become protected.

When you boot up with the bootable USB drive, the bootloader will start, apply the included microcodes for the identified CPU, and then boot the operating system.

According to Badit, this release contains the microcodes for 392 Intel CPUs produced from 1996 to 2018. These microcodes are found in the \boot\mcudb folder and can be updated with newer ones if they are released in the future.
Click to expand...

BoerenkoolMetWorst · Nov 13, 2018

mood said: ↑

The Intel Microcode Boot Loader Protects Older CPUs From Spectre
November 12, 2018
https://www.bleepingcomputer.com/ne...boot-loader-protects-older-cpus-from-spectre/
Click to expand...

Great! I hope an option will be available in a next version to put the bootloader on the HDD so it doesn't require always booting from USB.

Minimalist · Nov 14, 2018

Spectre, Meltdown researchers unveil 7 more speculative execution attacks

A research team—including many of the original researchers behind Meltdown, Spectre, and the related Foreshadow and BranchScope attacks—has published a new paper disclosing yet more attacks in the Spectre and Meltdown families. The result? Seven new possible attacks. Some are mitigated by known mitigation techniques, but others are not. That means further work is required to safeguard vulnerable systems.
Click to expand...

https://arstechnica.com/gadgets/201...-unveil-7-more-speculative-execution-attacks/

Minimalist · Nov 15, 2018

More Spectre/Meltdown-Like Attacks

It shouldn't be surprising that microprocessor designers have been building insecure hardware for 20 years. What's surprising is that it took 20 years to discover it. In their rush to make computers faster, they weren't thinking about security. They didn't have the expertise to find these vulnerabilities. And those who did were too busy finding normal software vulnerabilities to examine microprocessors. Security researchers are starting to look more closely at these systems, so expect to hear about more vulnerabilities along these lines.

Spectre and Meltdown are pretty catastrophic vulnerabilities, but they only affect the confidentiality of data. Now that they -- and the research into the Intel ME vulnerability -- have shown researchers where to look, more is coming -- and what they'll find will be worse than either Spectre or Meltdown. There will be vulnerabilities that will allow attackers to manipulate or delete data across processes, potentially fatal in the computers controlling our cars or implanted medical devices. These will be similarly impossible to fix, and the only strategy will be to throw our devices away and buy new ones.
Click to expand...

https://www.schneier.com/blog/archives/2018/11/more_spectremel.html

B-boy/StyLe/ · Dec 4, 2018

Researchers discover SplitSpectre, a new Spectre-like CPU attack

https://www.zdnet.com/article/researchers-discover-splitspectre-a-new-spectre-like-cpu-attack/

Minimalist · Jan 5, 2019

New side-channel leak: Boffins bash operating system page caches until they spill secrets

Some of the computer security boffins who revealed last year's data-leaking speculative-execution holes have identified yet another side-channel attack that can bypass security protections in modern systems.

While side channel attacks like Spectre and Meltdown exploited chip design flaws to glean privileged information, this one is hardware agnostic, involves the Windows and Linux operating system page cache, and can be exploited remotely, within limits.
Click to expand...

https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/

Minimalist · Jan 31, 2019

Linux Kernel Spectre Protection Changes to Boost App Performance

As suggested by Thomas Gleixner and signed off by Waiman Long in a proposed Linux kernel patch, a new bit will be introduced to toggle off Speculative Store Bypass Disable (SSBD) for programs that do not require the extra protection against the Spectre Variant 4 security issue.
Click to expand...

https://www.bleepingcomputer.com/ne...-protection-changes-to-boost-app-performance/

Minimalist · Feb 15, 2019

'This collaboration is absolutely critical going forward'... One positive thing about Meltdown CPU hole? At least it put aside tech rivalries...

A panel of eggheads from Intel, the US government, and academia held court this week to figure how they can keep the likes of El Reg from spoiling their next major bug reveal.
Click to expand...

https://www.theregister.co.uk/2019/02/15/vulnerability_experts_blab/

Log in or Sign up

'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Tinstaafl Registered Member

guest Guest

BoerenkoolMetWorst Registered Member

guest Guest

reasonablePrivacy Registered Member

WildByDesign Registered Member

Tarnak Registered Member

wat0114 Registered Member

Attached Files:

specucheck.PNG

Tarnak Registered Member

WildByDesign Registered Member

WildByDesign Registered Member

BoerenkoolMetWorst Registered Member

Tarnak Registered Member

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

BoerenkoolMetWorst Registered Member

Minimalist Registered Member

Minimalist Registered Member

B-boy/StyLe/ Registered Member

Minimalist Registered Member

Minimalist Registered Member

Minimalist Registered Member

Log in or Sign up

'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Tinstaafl Registered Member

guest Guest

BoerenkoolMetWorst Registered Member

guest Guest

reasonablePrivacy Registered Member

WildByDesign Registered Member

Tarnak Registered Member

wat0114 Registered Member

Attached Files:

specucheck.PNG

Tarnak Registered Member

WildByDesign Registered Member

WildByDesign Registered Member

BoerenkoolMetWorst Registered Member

Tarnak Registered Member

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

BoerenkoolMetWorst Registered Member

Minimalist Registered Member

Minimalist Registered Member

B-boy/StyLe/ Registered Member

Minimalist Registered Member

Minimalist Registered Member

Minimalist Registered Member

Useful Searches