Jump to content
apianti

Intel CPU hardware vulnerability

86 posts in this topic

Recommended Posts

Yeah, I saw that about a month ago. There was also an expansion of the Spectre and Meltdown vulnerabilities as well about a week later. This actually confirmed that almost every CPU made since 1995 has these vulnerabilities.

An article giving the rundown: https://www.zdnet.com/article/researchers-discover-seven-new-meltdown-and-spectre-attacks/

The actual research paper: https://arxiv.org/pdf/1811.05441.pdf

Share this post


Link to post
Share on other sites
Advertisement

In fact it is in all operating systems as it is a patch to the processor's micro kernel.

In fact it is a serious slowdown for all operating systems, and is a flaw of speculative execution.

Google has found a method to mitigate the problem without giant performance loss,
Yep... Google is going to fix sooome intel errors, is called reptoline and this fix is going to be adopted in the next major update on windows, in Google server is already used so... In Linux and soon on Mac.



This is not a conspiracy... Is human error...


Inviato dal mio MI 4 utilizzando Tapatalk

Share this post


Link to post
Share on other sites

I have no idea what you are talking about. First, google said no such thing, in fact they are quite adamant that the problem can't be fixed with software patches, including microcode updates, and that the problem is with the hardware itself (specifically the speculation feature based on the Intel microarchitectures), here is the published paper: https://arxiv.org/pdf/1902.05178.pdf. No one thinks this is a conspiracy, it is obviously human error but at some point Intel had to have known and decided it was much cheaper to not fix the problem as they probably imagined keeping the technology proprietary would protect them. But Intel is affected by this now disproportionately higher than AMD, or ARM, as all the speculation architecture is proprietary, and newer AMD and ARM chips no longer use the same speculation as older clone-style chips of x86. Retpoline only mitigates one of the like twenty attacks variants now know of SPECTRE/MELTDOWN, https://support.google.com/faqs/answer/7625886. I previously linked the new variants in a post above. I don't understand your first sentence, as updating microcode can only mitigate the problem. The actual problem is in the hardware itself, only redesigning the silicon circuits for speculation in the microarchitecture will fix the problem. There is no microcode update that will ever fix this, as the microcode is used to convert architecture instructions into microarchitecture instructions to execute architecture instructions (since many instructions perform similar actions).

Share this post


Link to post
Share on other sites
I have no idea what you are talking about. First, google said no such thing, in fact they are quite adamant that the problem can't be fixed with software patches, including microcode updates, and that the problem is with the hardware itself (specifically the speculation feature based on the Intel microarchitectures), here is the published paper: https://arxiv.org/pdf/1902.05178.pdf. No one thinks this is a conspiracy, it is obviously human error but at some point Intel had to have known and decided it was much cheaper to not fix the problem as they probably imagined keeping the technology proprietary would protect them. But Intel is affected by this now disproportionately higher than AMD, or ARM, as all the speculation architecture is proprietary, and newer AMD and ARM chips no longer use the same speculation as older clone-style chips of x86. Retpoline only mitigates one of the like twenty attacks variants now know of SPECTRE/MELTDOWN, https://support.google.com/faqs/answer/7625886. I previously linked the new variants in a post above. I don't understand your first sentence, as updating microcode can only mitigate the problem. The actual problem is in the hardware itself, only redesigning the silicon circuits for speculation in the microarchitecture will fix the problem. There is no microcode update that will ever fix this, as the microcode is used to convert architecture instructions into microarchitecture instructions to execute architecture instructions (since many instructions perform similar actions).
In fact, it manages to fix some of the most delicate and important, However it is not impossible that they can create patches that work with other types of spectre.

In fact for us that we use Intel to lose the speculative execution is a serious damage, so more than to remove it I would prefer to patch the operating system to prevent spectre from being used.

If it was possible to patch only twenty of them, they will probably be able to patch others too

Inviato dal mio MI 4 utilizzando Tapatalk

Share this post


Link to post
Share on other sites

There are multiple papers that have been published that say the problem is not fixable without redesigning the silicon circuits, I just linked you one by google. The problem is that you can't remove speculation because it is needed to determine certain things at run time by making approximate guesses without wasting multiple cycles waiting, without doing this, performance would be much much slower than any mitigation so far. Which none of the them remove speculation, most are mitigated by separating the kernel space and user spaces, which is what causes a slow down. Retpoline is a better mitigation for one variant of SPECTRE. I doubt we will see any significant fix, maybe some other mitigation but most likely Intel will push back some of their releases and redesign the speculation feature.

 

EDIT: Apparently retpoline only works on pre-skylake cpus... https://lkml.org/lkml/2018/1/4/615

Edited by apianti

Share this post


Link to post
Share on other sites

Pretty great post. I just stumbled upon your blog and wanted to say that I’ve truly loved browsing your blog posts.

Share this post


Link to post
Share on other sites

ey homes hola from bermuda ey
does these problem still happens if smt/ht is disabled? i turned off mitigations cause aint got time for thats

Share this post


Link to post
Share on other sites

No it has nothing to with smt or ht, it has to do with speculation. Which is basically how the processor determines whether it should decide to take a branch jump or not before it actually does the calculation. So it makes the choice before the instruction to jump or not based on some history and other stuff, like going backwards vs forwards, etc. If it is wrong, it must flush the pipeline and restart at where it was supposed to go, except because the instructions are pipelined many other instructions have started to execute. You can force this to happen and then steal the information from the cache or gain access to something else by messing up on purpose in a certain way. That is basically the problem, very simplified.

Share this post


Link to post
Share on other sites

ay homes can these concepts be used against some of the mierda that's come out of apple like "secure enclave" or T2 which wouldnt be super secure if what youre saying is true?

if your browser is patch and you dont use any untrusted apps is this all just extremely theoretical or real like the coronavirus where there's real chance of danger happening to you from going outside? one of my homies in mexico didnt make it

Edited by vatoesse
rip mauricio

Share this post


Link to post
Share on other sites

That is absolutely terrible man, I'm so sorry. This mutation of the coronavirus is getting way out of hand... Well wishes that you or no one else you know succumbs. Some of these vulnerabilities have no mitigation, so they can still be used in attacks. It is hard to say whether or not it could be realistically exploited. Remotely? Probably not really. But a malicious program that can gain access through other means remotely could then potentially exploit these vulnerabilities. Anything you run locally can almost definitely exploit them - even mitigated I believe they still pose a threat since mitigation is just reducing the threat vector coverage, not actually removing the threat. None have been removed. The T2 is not a new concept, it has existed in PCs for far longer (like almost two decades), basically it is the combination of two devices found in PCs, a TPM and an SCC (enterprise or opal). These are standardized by the trusted computing group, which is basically every PC and component manufacturer except Apple. All these chips are co-processors, so unless you can compromise that chip, the most that is possible is you may be able to steal the secure keys when they are used from the device with these vulnerabilities. This actually would probably allow you to do a lot though, like break the device. So while it is possible, it is also completely unnecessary. The T2 basically poses the same problem as the SMC did, it is not needed on a PC, it only affects actual macs. So the real issue is what must be done to satisfy macOS that there is actually a T2 device when there is not, if this is even necessary. I imagine that drivers could just be patched to make all the interactions succeed without actually doing anything or a fake driver could be injected like FakeSMC is.... IDK it's hard to say until there are no devices without the T2 anymore. Also, the T2 was broken last month by the checkra1n team that does jailbreaking for iphones... So this is probably a non-starter... lol.

 

EDIT: Misspelled a word.

Edited by apianti

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×