tag:blogger.com,1999:blog-24586388.post7397577755549629314..comments2023-11-24T09:52:43.963+01:00Comments on The Invisible Things Lab's blog: Attacking SMM Memory via IntelĀ® CPU Cache PoisoningJoanna Rutkowskahttp://www.blogger.com/profile/07657268181166351141noreply@blogger.comBlogger22125tag:blogger.com,1999:blog-24586388.post-40803153394905274722009-03-24T00:19:00.000+01:002009-03-24T00:19:00.000+01:00Don't forget about Rafal!Don't forget about Rafal!Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-38498796444090940552009-03-23T21:21:00.000+01:002009-03-23T21:21:00.000+01:00Congrats Joanna, nice job.Congrats Joanna, nice job.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-82731903640666616062009-03-23T16:31:00.000+01:002009-03-23T16:31:00.000+01:00Uh-oh, sorry. I admit I still haven't read your pr...Uh-oh, sorry. I admit I still haven't read your previous work on those issues.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-24452969245087628872009-03-23T15:25:00.000+01:002009-03-23T15:25:00.000+01:00@gat3way: You might have noticed I wrote "of attac...@gat3way: You might have noticed I wrote "of attack<B>s</B> on SMM", not "of <B>the</B> attack".<BR/><BR/>The current caching attack (probably) doesn't allow for Dom0->Xen escalation, but our previous attack (the remapping bug on Q35) did allow for that. Instead, the caching attack allows for TXT bypassing and also SMM rootkits installation.Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-52257860343200611472009-03-22T17:43:00.000+01:002009-03-22T17:43:00.000+01:00What do you mean by "hypervisor compromise"? I dou...What do you mean by "hypervisor compromise"? I doubt this will work from a xen domU or dom0 context because 1) AFAIK you don't have access to MTRR registers from there 2) their kernels are running in ring1 not ring0.<BR/><BR/>Moreover, you will need some reliable way to trigger the SMM mode e.g by issuing a SMI. <BR/><BR/>In a particular case where the kernel is patched so that iopl() always returns -EPERM or -ENOSYS, loading LKMs is disabled as well as write access to /dev/(k)mem, is this attack still possible?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-16040061994197445812009-03-22T15:21:00.000+01:002009-03-22T15:21:00.000+01:00Thank you Joanna! I read them, but I related them ...Thank you Joanna! I read them, but I related them to user root which was a mistake on my part. Things don't stop on having user root. :)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-6785849384657063722009-03-22T00:00:00.000+01:002009-03-22T00:00:00.000+01:00@anonymous: You haven't read the paper carefully:T...@anonymous: You haven't read the paper carefully:<BR/><I>The potential consequence of attacks on SMM might include SMM rootkits [9], hypervisor compromises [8], or OS kernel protection bypassing [2].</I>Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-80255325430626037062009-03-21T16:28:00.000+01:002009-03-21T16:28:00.000+01:00My understanding is for this attack to work attack...My understanding is for this attack to work attacker needs write access to various Programmed I/O registers, which requires superuser privilege (Unless one is running Xserver). But if you already a superuser what more do you want? Damage the hardware?<BR/><BR/>What makes this attack different then any other attack? If one for example was able to escalate privilege to superuser.<BR/><BR/>Thank you for the great research, I read it once but I'm going to read it one more time. (or maybe two :))Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-44404235782236305962009-03-20T21:43:00.000+01:002009-03-20T21:43:00.000+01:00Hate to say that, but Linux completely sucks on th...Hate to say that, but Linux completely sucks on that aspect. The iopl() syscall should have never been implemented (like in most BSD flavors). The idea that the superuser (ring3) can escalate its i/o privilege level to 3 and then access ioports and disable interrupts is totally flawed. A privileged process do NOT need to have access to I/O ports since virtually everything can be managed via ioctls.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-2388836099567019902009-03-20T17:20:00.000+01:002009-03-20T17:20:00.000+01:00@anonymous:1) It is *trivial* to get into kernel o...@anonymous:<BR/><BR/>1) It is *trivial* to get into kernel of pretty much any general purpose OS, like e.g. Windows or Linux. We (Alex, Rafal, me) have demonstrated this many times for various OSes.<BR/><BR/>2) The whole point of the attack is that normally, even if you're the kernel ("Supervisory OS level" as you call it), you don't have normally access to the SMRAM, because it is locked by the BIOS.Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-78805614355608611412009-03-20T17:10:00.000+01:002009-03-20T17:10:00.000+01:00This exploit requires that the supervisory OS (hyp...This exploit requires that the supervisory OS (hypervisor or kernel) allow modifying memory mappings, if you have attained that level of control over the system, you can get away with essentially anything. I don't see how this is somehow novel. Furthermore, the paper mentions, to paraphrase "escalation from usermode to SMM", and then they use IOPL in their usermode code. IOPL is privileged and if you're allowing non privileged users to do that, then your entire system security is compromised. What exactly is new here? All of this can be guarded against at the supervisory OS level.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-50441069741182151672009-03-20T15:31:00.000+01:002009-03-20T15:31:00.000+01:00Joanna, Why should we allow the OS kernel to mark ...Joanna, Why should we allow the OS kernel to mark the SMM region as cachable WB in the first place since the SMM is handled by the system firmware? What about de-privileging the SMM (reduce its memory addressability)?<BR/>What about the cache size? Any limitations to the attack? <BR/><BR/>Instructions accessing MTRRs and probably all MSRs are considered privileged and should require kernel privileges (e.g, WRMSR) anyway. <BR/><BR/>Can we rely on BIOS vendors to secure this security gap?Othman Esoulhttps://www.blogger.com/profile/04216236009164917793noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-86743659831319521452009-03-20T10:44:00.000+01:002009-03-20T10:44:00.000+01:00Does Intel IOMMU use caching? How about IOMMU cach...Does Intel IOMMU use caching? How about IOMMU cache poisoning? lol...Othman Esoulhttps://www.blogger.com/profile/04216236009164917793noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-19043609585644103462009-03-20T03:12:00.000+01:002009-03-20T03:12:00.000+01:00Have you also tried to attack PowerPC processors? ...Have you also tried to attack PowerPC processors? If, yes...are there more difficult?<BR/><BR/>Awesome blog.<BR/><BR/>-tonyrelop7https://www.blogger.com/profile/09391316074303276074noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-88765962334636374802009-03-20T02:15:00.000+01:002009-03-20T02:15:00.000+01:00Great work, as always! I know you deal with peopl...Great work, as always! I know you deal with people arguing whether or not there is relevance to some findings (VM escapes on certain hardware) but they miss the point that any flaw is a potential security issue.<BR/><BR/>Keep up the great work.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-42876928942508208212009-03-20T01:00:00.000+01:002009-03-20T01:00:00.000+01:00Any thoughts on a way to test a motherboard/proces...<I>Any thoughts on a way to test a motherboard/processor for this vulnerability[...]?</I><BR/><BR/>How about running the cache-snooper?Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-50735455895587529092009-03-20T00:22:00.000+01:002009-03-20T00:22:00.000+01:00Any thoughts on a way to test a motherboard/proces...Any thoughts on a way to test a motherboard/processor for this vulnerability as most BIOS vendors don't include much detail in their BIOS updates eg. CPU Microcode updated is usually what MSI says.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-13434623330016452162009-03-19T23:54:00.000+01:002009-03-19T23:54:00.000+01:00Good stuff! Was looking forward to this.Cheers,Good stuff! Was looking forward to this.<BR/>Cheers,Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-18943354220860871802009-03-19T22:04:00.000+01:002009-03-19T22:04:00.000+01:00Hi, I wanted to point your readers to my "Security...Hi, I wanted to point your readers to my "Security Concepts" book, which has a chapter on hardware security, including a link to this blog:<BR/><BR/>http://www.subspacefield.org/security/security_concepts.htmlAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-50891317738708685192009-03-19T21:35:00.000+01:002009-03-19T21:35:00.000+01:00Any thoughts on how mitigate the issue? Any work ...Any thoughts on how mitigate the issue? Any work arounds? Can this be adapted to AMD processors?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-5676730502418375722009-03-19T18:29:00.000+01:002009-03-19T18:29:00.000+01:00wow, stunedwow, stunedAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-79824478498143973942009-03-19T18:19:00.000+01:002009-03-19T18:19:00.000+01:00well thanks for it, gonna read for sure. Looks rea...well thanks for it, gonna read for sure. Looks really interrestingUnknownhttps://www.blogger.com/profile/14579083899430807417noreply@blogger.com