Earlier this week, news broke that a set of three vulnerabilities — collectively referred to as Foreshadow — have been found in Intel microprocessors. These vulnerabilities specifically impact Intel’s implementation of a security feature known as Software Guard Extensions, a technology Intel developed to run hardened, protected code even in cases where the underlying operating system or hardware might not be secure. But just how far does the flaw extend, and what kind of practical use can it be put to?
The Register recently spoke to one of the flaw’s discoverers, Dr. Yuval Yarom, who minced no words in his evaluation. One of the hallmarks of Foreshadow is that it can be used to falsify attestation information, which is to say, SGX can appear to attest that code is valid and unchanged while said code is anything but. Without the ability to verify that the code in question is actually the code that’s running, Dr. Yarom says, “The whole trust model collapses.”
“The main promise of SGX is that you can write code, and ship it to someone you do not fully trust,” Dr. Yarom told the Register. “That person will run the code inside SGX on their machine, and you can see that whatever they run there is protected, because you know… they haven’t modified your code, they haven’t accessed the data that your code used.”
One specific example Yarom gave of an example application that could be harmed by this flaw is a video player that used SGX to implement its DRM mechanism. The player obviously isn’t intended to allow for the video stream to be copied, but if you can muck with the SGX attestation, you can alter the player to claim that its stream is properly protected when it isn’t. In theory, this sounds like precisely the kind of break that PC pirates might exploit to break Microsoft’s PlayReady 3.0, the 4K content protection that (still) makes Netflix playback require a lot of jumping through hoops, including the use of specific browsers (Microsoft Edge) and compatible hardware (recent AMD APUs, or Kaby Lake-and-later CPUs). But it’s not at all clear if this flaw will actually enable that kind of activity. Intel’s documentation makes it absolutely clear that SGX can be used for DRM, but it’s not evident that PlayReady 3.0 actually uses it.
Microsoft’s publicly available documentation is filled with references to Trusted Execution Environments (TEEs) and the need to have hardware DRM protection baked in at the physical level in order to certify a device for SL3000 feature levels (and that’s the relevant target, as near as I can tell). Older levels, like SL2000, are software based.
SGX was technically introduced with Skylake, not Kaby Lake, and Netflix 4K playback requires the latter. This could be read to imply that whatever DRM solution MS relies on, it isn’t explicitly tied to SGX. On the other hand, however, other reports have suggested that while Skylake CPUs deployed SGX, the firmware and software that shipped with Skylake systems wasn’t necessarily capable of enabling the feature. If Intel made supporting the full capabilities of SGX out of the box mandatory only with Kaby Lake it might explain why Microsoft didn’t support the feature until 7th Generation CPUs.
On the other hand, we know that Nvidia and AMD have both added support for 4K playback over both CPUs and GPUs, which strongly implies that Microsoft’s Trusted Execution Environments are designed to be flexible rather than demanding only one vendor’s hardware implementation. And given that Intel is already distributing microcode updates to fix this bug (or at least, major parts of it), it’s not clear if there’s a meaningful window of opportunity in the first place. Like Meltdown and Spectre, this bug isn’t going to principally hit consumers but cloud service providers and enterprises. So far, Intel’s data center revenue has weathered this barrage of bad news unscathed — there are some who think the problems have created opportunities for future Intel products and accelerated upgrade cycles.
Now Read: New Speculative Execution Security Flaw Cracks Intel’s Software Guard Extensions, 4K Netflix is finally coming to PCs, but you probably still can’t watch it, and Windows 10’s PlayReady 3.0 mandates hardware DRM for 4K playback