Article 50A9E 5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable

5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable

by
Dan Goodin
from Ars Technica - All content on (#50A9E)
intel-processor-800x400.jpg

Enlarge / An 8th-generation Intel Core Processor. (credit: Intel)

Virtually all Intel chips released in the past five years contain an unfixable flaw that may allow sophisticated attackers to defeat a host of security measures built into the silicon. While Intel has issued patches to lessen the damage of exploits and make them harder, security firm Positive Technologies said the mitigations may not be enough to fully protect systems.

The flaw resides in the Converged Security and Management Engine, a subsystem inside Intel CPUs and chipsets that's roughly analogous to AMD's Platform Security Processor. Often abbreviated as CSME, this feature implements the firmware-based Trusted Platform Module used for silicon-based encryption, authentication of UEFI BIOS firmware, Microsoft System Guard and BitLocker, and other security features. The bug stems from the failure of the input-output memory management unit-which provides protection preventing the malicious modification of static random-access memory-to implement early enough in the firmware boot process. That failure creates a window of opportunity for other chip components, such as the Integrated Sensor Hub, to execute malicious code that runs very early in the boot process with the highest of system privileges.

Jeopardizing Intel's root of trust

Because the flaw resides in the CSME mask ROM, a piece of silicon that boots the very first piece of CSME firmware, the vulnerability can't be patched with a firmware update.

Read 9 remaining paragraphs | Comments

index?i=VsyRcv5Lzfc:ZMPGgeCrHyI:V_sGLiPB index?i=VsyRcv5Lzfc:ZMPGgeCrHyI:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments