flat assembler
Message board for the users of flat assembler.

Index > Heap > Attacking SMM Memory via Intel® CPU Cache Poisoning

Author
Thread Post new topic Reply to topic
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Today was published one vulnerability that apparently was known:
http://theinvisiblethings.blogspot.com/2009/03/attacking-smm-memory-via-intel-cpu.html

The steps described in the paper are a little shorter than those I've imagined when they published the previous blog entry but I still have the same problem: Where is the problem here?

The steps requires a way too privileged user to be able to exploit it and since the user is already too much privileged, why would you need to attack this vector??

I wonder also how Intel apparently solved the problem. I hope that not relocating the code to $A0000 because according to what I've read on Intel's manuals when the previous blog entry was published you can turn the fixed MTTR off.
Post 19 Mar 2009, 19:55
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Nice idea. Only fixes I can imagine:
- clean CPU cache upon SMM interrupt
- disable cache in SMM mode (at least for SMRAM area)
- somehow specially treat SMRAM access in the CPU (not only in northbridge as done currently)
Post 19 Mar 2009, 21:57
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2913
Location: [RSP+8*5]
bitRAKE
- Cleaning the cache takes a long time.
- Disabling the cache in SMM mode would really slow it down.
- Cache coloring would only require more space and very little time.

SMM mode is intended to be transparent, so the third option seems the most likely. Yet, the likelihood of this solution being applied to existing processors is at best dubious.

Many older systems will remain vulnerable to SMM attacks.
Post 20 Mar 2009, 03:21
View user's profile Send private message Visit poster's website Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 693
Location: Adelaide
sinsi
http://www.theregister.co.uk/2009/03/19/intel_chip_vuln/
Quote:
According to Rutkowska, Intel's own employees first wrote about how this class of CPU caching vulnerability might be exploited back in early 2005

4 years ago...nice.
Post 20 Mar 2009, 03:37
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.