Intel x86 Root of Trust: loss of trust

The Positive Technologies blog is reporting on an unfixable flaw the company has found in Intel x86 hardware that has the potential to subvert the hardware root of trust for a variety of processors. "The EPID [Enhanced Privacy ID] issue is not too bad for the time being because the Chipset Key is stored inside the platform in the One-Time Programmable (OTP) Memory, and is encrypted. To fully compromise EPID, hackers would need to extract the hardware key used to encrypt the Chipset Key, which resides in Secure Key Storage (SKS). However, this key is not platform-specific. A single key is used for an entire generation of Intel chipsets. And since the ROM vulnerability allows seizing control of code execution before the hardware key generation mechanism in the SKS is locked, and the ROM vulnerability cannot be fixed, we believe that extracting this key is only a matter of time. When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted." Intel has said that it is aware of the problem (CVE-2019-0090), but since it cannot be fixed in the ROM, Intel is "trying to block all possible exploitation vectors"; the fix for CVE-2019-0090 only blocks one such vector, according to the blog post.