News

Intel SGX Breached by New Speculative Execution Exploit

Foreshadow Hits Secure SGX Secure Enclaves

With the release of Spectre and Meltdown, the floodgates have opened. Since the reveal of the two speculative exploits last year, more bugs have come out of the woodwork. One recent release was a variant of Spectre targettable over networks. Today, we have a new bug that hits Intel right in the jaw. Dubbed Foreshadow by researchers, the new exploit targets the supposedly secure SGX function on Intel CPUs.

SGX or Software Guard eXtensions is a new feature Intel introduced with Skylake and Kaby Lake. SGX allows the creation of Trusted Execution Environments or TEEs. These TTEs are created using SGX to create a secure enclave. Due to this secure enclave, blocks of memory or code is supposed to be protected from everything. Furthermore, this includes protection from a hostile kernel, hypervisor or operating system. Foreshadow circumvents this and ploughs right on through into the secure enclave. This feature is great for cloud virtual machines because it protects against hostile hosts and neighbours.

Intel Microcode Fix Mostly Patches the Exploit

Foreshadow works in a similar fashion to Meltdown. In fact, it builds on the speculative nature of the original attack. Normally, SGX protects the enclave data with encryption. However, the CPU decrypts protected data in the L1 cache. Once there, Intel CPUs do not perform any further protection checks. This allows the attacker to exploit the speculative execution behaviour of the CPU, like in Meltdown to read the data. The attacker can also create malicious enclaves to more easily attack other enclaves on the same core. This only works on CPUs with Hyper-Threading since they share the same logical core. All said and done though, SGX still makes the attacker’s job more difficult as Intel wants it to do.

Luckily for users, Intel has already rolled out a fix. Updated microcode has been provided to change CPU SGX function. After using the data, the CPU will flush the L1 Data cache immediately. Unfortunately, this does not fully fix the flaw with Hyper-Threading. This is because the 2 enclaves on each virtual core share the L1. This is problematic for cloud servers which now have to worry about shared Hyper-Threaded cores. Finally, Intel plans to provide a hardware fix to this issue in Cascade Lake. Given the state of things though, only more attacks are likely to come out in the meanwhile.

Samuel Wan

Samuel joined eTeknix in 2015 after becoming engrossed in technology and PC hardware. With his passion for gaming and hardware, tech writing was the logical step to share the latest news with the world. When he’s not busy dreaming about the latest hardware, he enjoys gaming, music, camping and reading.

Disqus Comments Loading...

Recent Posts

Elgato Premium 1080p HD Facecam

Studio quality f/2.4 24 mm* all-glass Elgato Prime Lens Sony® STARVIS™ Sensor optimized for indoor…

16 hours ago

Cryorig R5 Performance CPU Cooler with 140mm – Black / White

The large tower cooler relies on two 140 mm fans, six 6 mm heat pipes…

16 hours ago

Cryorig Crona S ARGB 120mm PWM Triple Fan Pack with Controller

An Alternative to Convention - With the Low-key black back frame, Crona S features the…

16 hours ago

Asetek SimSports Pagani Huayra R Sim Racing Pedals

Expand your setup with real Pagani genes - With the Asetek SimSports Pagani Huayra R…

16 hours ago

Fnatic Bolt Wireless RGB Optical Gaming Mouse 

Wireless gaming mouse with lightning bolts on scroll wheel Three connectivity modes: 2.4GHz wireless, Bluetooth…

16 hours ago

Philips Evnia 42″ 42M2N8900 3840×2160 OLED 138Hz 0.1ms A-Sync HDR Widescreen Gaming Monitor

Built for fast action Low input lag reduces time delay between devices to monitor SmartImage…

16 hours ago