TNS
VOXPOP
How has the recent turmoil within the OpenAI offices changed your plans to use GPT in a business process or product in 2024?
Increased uncertainty means we are more likely to evaluate alternative AI chatbots and LLMs.
0%
No change in plans, though we will keep an eye on the situation.
0%
With Sam Altman back in charge, we are more likely to go all-in with GPT and LLMs.
0%
What recent turmoil?
0%
Hardware / Security

Intel SGX: Not So Safe After All, ÆPIC Leak

At last week’s 2022 Black Hat Security Conference another Intel CPU-based security hole was uncovered: ÆPIC Leak.
Aug 16th, 2022 6:00am by
Featued image for: Intel SGX: Not So Safe After All, ÆPIC Leak
Featured image by tumbledore from Pixabay.   

Intel’s Software Guard Extensions (SGX) memory encryption technology sounded like such a good idea back in 2015. This set of security instructions would enable programmers to set up protected private memory regions, called enclaves. Within them, data and code would be decrypted as needed. Oh well, it was a nice idea while it lasted. Over half-a-dozen vulnerabilities, including one Spectre variation, soon appeared. And now, at the 2022 Black Hat Security Conference, another CPU-based security hole has been uncovered: ÆPIC Leak.

This one, dug up by European graduate students and an AWS researcher, is a new Intel architectural CPU bug that can leak data without using a side channel. It’s in a word, “Bad!”

Affected CPUs

According to the researchers, with exploits using their discovery, secrets can be leaked from the processor on most 10th, 11th, and 12th generation Intel CPUs. This includes Sunny Cove microarchitecture designs such as Intel’s 10th generation Ice Lake CPUs; its current third generation Xeon scalable server CPUs (Ice Lake SP); and new 12th generation Alder Lake CPUs (Golden Cove). Intel, however, claims that the Alder Lake CPUs aren’t affected.

The ÆPIC Leak works by sampling data transferred between the L2 and last-level cache. This includes SGX enclave data, from the super queue. An attacker can target data in use, such as register values and memory loads, and data at rest, e.g., SGX-enclave data pages. So this end-to-end attack extracts AES-NI, RSA, and even SGX attestation keys from enclaves within a few seconds.

Unlike the infamous transient execution attacks Meltdown and Spectre, ÆPIC Leak is an architectural bug. An attacker can get to the sensitive data without relying on a noisy, side channel. That makes attacks potentially easier to pull up.

Good News

The good news is that pulling such an attack off requires admin or root privilege. In addition, on clouds with virtual machines (VM), hypervisors don’t allow direct access to the local hardware’s Advanced Programmable Interrupt Controller (APIC). Thus, the nightmare security case of cloud-based VMs being cracked can’t happen.

It’s a different story for systems using SGX-based memory encryption for secure, isolated environments. There are at least two techniques, Cache Line Freezing and Enclave Shaking, which can snatch AES-NI keys and RSA keys from Intel’s IPP library and the Intel SGX sealing and remote attestation keys.

Fixing the Problem

Intel is working on fixing this problem. It begins with Intel creating an updated Intel SGX Software Development Kit (SDK) that helps mitigate potential exposure. Intel also recommends users update to the latest firmware. Microcode to address the problem is already available for Linux. The Trusted Computing Base (TCB) recovery for ÆPIC Leak, however, won’t be available until March 7, 2023.

That’s all to the good, but I agree with the researchers. “The only short-term mitigations for ÆPIC Leak are to disable APIC MMIO or not rely on SGX.”

While its Common Vulnerability Scoring System (CVSS) score is only 6.0, for people that rely on SGX for security, it’s much nastier.

It’s also worth pointing out that Intel has already depreciated SGX on some processor families. This depreciation has already caused one unexpected side effect. Consumer users of Intel’s 11th and 12th-gen CPUs can’t watch UHD Blu-ray content in 4K because its digital rights management (DRM) “protection” won’t work without SGX. It’s possible that enterprise software programs may also have trouble without SGX.

Group Created with Sketch.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.