CPU Vulnerabilities, Meltdown and Spectre, Kernel Page Table Isolation Patches, and more

Discussion in 'Hardware Components and Aftermarket Upgrades' started by hmscott, Jan 2, 2018.

  1. Starlight5

    Starlight5 So what if I'm crazy? The best people are.

    Reputations:
    287
    Messages:
    2,431
    Likes Received:
    999
    Trophy Points:
    131
    Of course. However, originally I stated that it is definitely the Spectre BIOS update causing BSODs; with the new information about WLAN driver (which I update routinely, without paying much attention except for reading changelogs), it turns out Spectre BIOS update may or may not have caused the BSODs.

    Regardless, I thankfully didn't have any more BSODs afterwards; the machine typically runs without pagefile, so there were no dumps to analyze, and we won't know for sure what caused BSODs unless they happen again - and I very much hope they won't!
     
    Last edited: Feb 3, 2018
    hmscott likes this.
  2. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,488
    Messages:
    15,710
    Likes Received:
    19,327
    Trophy Points:
    931
    Insecure by design – lessons from the Meltdown and Spectre debacle
    Gernot Heiser Yuval Yarom February 4, 2018 1.05pm ES
    http://theconversation.com/insecure-by-design-lessons-from-the-meltdown-and-spectre-debacle-90629

    "The disclosure of the Meltdown and Spectre computer vulnerabilities on January 2, 2018 was in many ways unprecedented. It shocked – and scared – even the experts.

    The vulnerabilities bypass traditional security measures in the computer and affect billions of devices, from mobile phones to massive cloud servers.

    We have, unfortunately, grown used to attacks on computer systems that exploit the inevitable flaws resulting from vast conceptual complexity. Our computer systems are the most complex artefacts humans have ever built, and the growth of complexity has far outstripped our ability to manage it.
    A new kind of vulnerability
    Meltdown and Spectre are qualitatively different from previous computer vulnerabilities. Not only are they effective across a wide class of computer hardware and operating systems from competing vendors. And not only were the vulnerabilities hiding in plain sight for more than a decade. The really shocking realisation is that Meltdown and Spectre do not exploit flaws in the computer hardware or software.

    As Intel stated in its press release, these attacks:

    …gather sensitive data from computing devices that are operating as designed.

    The ingenuity of the attacks lies in combining seemingly unrelated design features that were thought to be well understood – stuff we teach undergraduate computer science students. The vulnerability is not in any of the individual features, but in the complex interaction between them.

    It turns out that computer systems are insecure not because of mistakes made in the implementation, but because of ill-conceived design.

    As a community of computer systems experts, we have to ask ourselves how such a debacle is possible, and how a recurrence can be prevented.

    We have known for a while that the established “wait for something to happen and then try to fix it” approach – better known as “patch and pray” – does not work even for more common implementation flaws, as witnessed by the proliferation of exploits. It works even less well for such insecure-by-design situations.

    Automated evaluation of designs
    The fundamental problem is that humans are unable to fully understand the conceptual complexity of modern computer systems and how its seemingly unrelated features might interact. There is no hope that this will change.

    But solving complex problems is what machines are increasingly good at. So, the only real solution can be the automated evaluation of designs, with the aim of mathematically provingthat under all circumstances a design will behave in a way that is considered secure – in particular by not leaking secret data.

    In other words, a design must be considered insecure unless there is a rigorous mathematical proof to the contrary.

    This is not an easy ask by any definition, and much more work across many areas of computer science and engineering is needed to make it a reality. But we need to start somewhere, and we need to start now.

    We will reap benefits of embarking on such a program long before we achieve the goal of rigorous end-to-end proof. Significant improvements will be achieved through partial results, both in the form of proving weaker properties, and by establishing desired properties in a less rigorous fashion.

    For example, an incomplete evaluation may be more feasible than a complete one, and produce a probabilistic result, such as a greatly reduced likelihood of exploits.

    Rewriting the hardware-software contract
    A necessary, and overdue, first step is a new and improved hardware-software contract.

    Computer systems are a combination of hardware and software. The people and companies that develop hardware are largely separate from those developing the software. Given the vastly different skills and experience required, this is inevitable.

    To make development practical, both sides work to an interface, called the instruction-set architecture (ISA), which presents the contract between hardware and software functionality.

    The problem, clearly exhibited by the Meltdown and Spectre attacks, is that the ISA is under-specified for security, or safety for that matter. It simply does not provide ways to isolate the speed of progress of a computation from other system activities.

    The ISA a functional specification, meaning it defines how the visible state of the machine will (eventually) change if an operation is triggered. It intentionally abstracts away anything to do with time. In particular, it hides how long operations take and how this time depends on the internal state of the machine. The problem is that this internal state depends on potentially confidential data processed by previous operations.

    This means that by observing the exact timing of particular sequences of operations, it is possible to infer data that is supposed to be kept secret. This is exactly what happened with Meltdown and Spectre.

    The abstraction is there for a good reason: It allows hardware designers to change things “under the hood”, usually in order to improve performance. Consequently, there will be resistance from hardware manufacturers to a tighter contract. But we believe that the refined specifications can be kept abstract enough to retain manufacturers’ ability to innovate, and to avoid exposing confidential IP.

    The recent debacle has shown that the ISA is too abstract, making it impossible to tell whether a system is secure or if it will leak secrets. This must change, urgently."
    Chipmakers Discuss a Future After Meltdown and Spectre
    Engineers from Intel, AMD, and ARM discuss what lies ahead for engineers, and the chip industry in general, in the wake of the Meltdown and Spectre hardware bugs.
    by: Chris Wiltz DesignCon - Santa Clara Consumer Electronics, Cyber Security, Government/Defense, Electronics & TestFebruary 05, 2018
    https://www.designnews.com/content/...ure-after-meltdown-and-spectre/42684598058203

    "At a recent panel at DesignCon 2018, “Continued Innovation in a World Challenged by the Slowing of Moore's Law,” a group of engineers from Intel, AMD, and ARM weighed in on the impact of Meltdown and Spectre chip hardware bugs and how they could impact the chip industry going forward.
    Chipmakers did not begin 2018 on a high note. In early January, reports came flooding in of a pair of hardware vulnerabilities affecting CPUs going back as far as 20 years. The bugs, Meltdown and Spectre, were initially discovered by researchers at Google in June 2017, but information about them leaked to the public before a major fix for either could be implemented. This created a scramble not only by major chipmakers Intel, ARM, and AMD but also among big technology names like Apple, Microsoft, and Google to quickly fix the problems before they could become the latest tricks in malicious hackers' toolboxes. A repository has sprung up on Github that features several applications that demonstrate the Meltdown bug. Twitter user, Michael Schwarz, who holds a PhD in information security, demonstrated how easy it would be to steal passwords by exploiting Meltdown in short enough time to fill an animated gif.

    Using #Meltdown to steal passwords in real time #intelbug #kaiser #kpti /cc @mlqxyz@lavados @StefanMangard @yuvalyarom https://t.co/gX4CxfL1Axpic.twitter.com/JbEvQSQraP

    — Michael Schwarz (@misc0110) January 4, 2018

    What made these particular exploits so thorny is that rather than typical software issues, these were hardware bugs built right into the design of the chips themselves. According to an information site hosted by Graz University of Technology in Austria, Meltdown gets its name because it “basically melts security boundaries which are normally enforced by the hardware” and Spectre, though harder to exploit than Meltdown, gets its name because it is not an easy bug to fix and “it will haunt us for quite some time.”

    “When I started designing CPUs in the mid '80s we did speculative execution,” Joe Macri, Corporate Vice President, Product Chief Technology Officer, and Corporate Fellow at AMD, told a DesignCon audience. “Speculative execution isn't going to stop; it's how we move fast. What has to change is our understanding and appreciation of the need for secure systems and end-to-end security.”

    Another panelist Rob Aitken, a Fellow and Director of Technology at ARM, emphasized that its going to take industry collaboration across all chipmakers to ensure that bugs like these don't emerge in the future. Aitken said that, going forward, engineers will need to think more about designing for resilience against cyberattacks. “Security is and has always been a feature that needs to be included in any design,” he said.

    “The industry knows how to collaborate when it's in our best interest,” Rory McInerney, VP of the Platform Engineering Group and Director of the Server Development Group at Intel, added. “This is an exposure that was caught before it was knowingly exploited, so you have to commend the industry on moving quickly on that.”

    McInerney also believed more will need to be done on the education and training level for chip designers and engineers as well to assist with testing for cyberattacks. “I think there will be a lot more investment in a lot of the tools and methods of how we attack a design from a security perspective,” he said. “We nee more tools that allow you to do these attacks at a basic building block level in order to make designs more robust. There needs to be more done to make security assurance more mainstream.”

    To McInerney's point that Meltdown and Spectre haven't been exploited yet, reports are already emerging of malware being created based off of the bugs. With chipmakers still rolling out fixes for machines affected by the bugs, it may only be a matter of time before we see the first major Meltdown or Spectre hack. On February 1, AV-Test GmbH, a German IT security firm, reported that it had found 139 examples of malware that looked to be attempts to take advantage of Meltdown or Spectre.

    Though patches have been released for operating systems, chips, and web browsers, with 20 years worth of vulnerable machines out there it seems highly unlikely that every system will ever be fully patched. And it doesn't mean there aren't other, similar chip hardware issues out there waiting to be discovered and possibly exploited.

    “What's changed with Spectre and Meltdown is it's a different form of side-channel attack than people were expecting perhaps,” ARM's Aitken said. “But the nature of side-channel attacks is essentially that they're not what you would expect. We can predict without having to use a crystal ball that there will be future side channels. ...The reality is you can't avoid them, they're going be there; they're going to disrupt things that we thought were less vulnerable than they actually turned out to be.”

    Aitken said Meltdown and Spectre in particular should get engineers thinking more about the implications of side-channel attacks – attacks based on computing hardware rather than software – when they are designing chip architecture. “What sorts of things have to change in people's mind when they think about architecture that encompasses side channels?” Aitken asked. “Beyond that, there's the question of what are the metrics. It's ridiculous to say one thing is secure and another is not. It's like if you go look at your own house or your car. Is it secure? That depends. It's not really so much is it secure as it is how much effort does it take to break into it, because somebody somewhere can.”

    “We all live in glass houses in this industry and we're all in it together,” AMD's Macri said. “It's not three companies or four companies. It's all companies... It's something that we live with everyday and we're striving to do a perfect job in a world that isn't perfect. We'll just keep at it.”

    Aitken said, “We not only have to design systems that are secure against the expected challenges of the moment, we have to actually design them so that they're resilient against some kind of attack in the future that we can't predict right this minute, but we know is coming.”

    Moving to conclude the discussion on an optimistic note, moderator Bob O'Donnell, President, Founder and Chief Analyst at TECHnalysis Research, offered, “The silver lining is it drives more corporation. In theory this provides a way for companies to know how to work together to solve this.”
    Jon Masters On Understanding Spectre & Meltdown CPU Vulnerabilities
    Written by Michael Larabel in Linux Events on 5 February 2018 at 07:38 AM EST.
    https://www.phoronix.com/scan.php?page=news_item&px=Jon-Masters-Spectre-Meltdown

    "Arguably the most interesting keynote at this year's FOSDEM event was Red Hat's Jon Masters talking about the Spectre and Meltdown CPU vulnerabilities on an interesting technical level.

    While Jon Masters is mostly known for his involvement with Fedora/RedHat on ARM hardware, he was the lead for Red Hat's mitigation efforts around the Meltdown and Spectre vulnerabilities that rocked the world last month.

    Jon's keynote presentation covered the microarchitecture of modern CPUs, helped listeners understand CPU caches / virtual memory / branch prediction / speculative execution, and finally went on to talk about the Spectre and Meltdown vulnerabilities with the current approaches and solutions for mitigating these high impact issues.
    [​IMG]
    If you are interested in learning more, there is a WebM video recording of his presentation as well as the PDF slide deck."
     
    Last edited: Feb 6, 2018
  3. inm8#2

    inm8#2 Notebook Deity

    Reputations:
    270
    Messages:
    746
    Likes Received:
    298
    Trophy Points:
    76
    I'm no expert but this has been my feeling for a couple years. Everything is so chaotic now. The rate of major security issues seems to be growing (in the last year we had WannaCry ransomware, wifi KRACK vulnerability, Equifax data breach, and Meltdown/Spectre to name a few). Windows Update is a mess. Some Android phone manufacturers slack off considerably with security updates. The fragmentation within and across platforms is staggering.

    It's like the Second Law of Thermodynamics. Entropy (disorder, randomness) keeps increasing. We have things like self-driving cars and smart home devices (internet of things seems like a security/privacy nightmare). AI and machine learning are going to be huge this year. Cryptocurrency and blockchain are the current big thing, and cryptominers are the new malware. Mobile technology continues to grow rapidly with every generation of phones trying to make the last one look outdated.

    We can do all these amazing things but cybersecurity and maintenance seem like afterthoughts because the next big technology or gadget is always around the corner. Maybe we should all just accept our fates as data points to be harvested by an endless wave of technology.
     
    Raiderman, 6730b, 0lok and 2 others like this.
  4. Raiderman

    Raiderman Notebook Deity

    Reputations:
    456
    Messages:
    746
    Likes Received:
    1,722
    Trophy Points:
    156
    There was a bios updated posted within the last few days for my motherboard. It doesnt say anything about a patch for any vulnerabilities, but does have the new agesa code. I would love to update, but am concerned their is a patch buried in it. This is what it says, and the release date shows as the 29th of January.

    - Improved memory compatibility.
    - Improved PCIE device compatibility.
    - Update AGESA Code 1.1.0.1 to support Raven Ridge CPU.
     
    hmscott and Vasudev like this.
  5. Vasudev

    Vasudev Notebook Prophet

    Reputations:
    2,758
    Messages:
    5,872
    Likes Received:
    3,705
    Trophy Points:
    431
    You will see a drop of 1% in worst case scenario. If you want to experiment you can try the uCode pack I sent you, you can have similar effects of BIOS update to judge its performance. If its bad you can uninstall it unlike a BIOS update.
     
    hmscott and Raiderman like this.
  6. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,488
    Messages:
    15,710
    Likes Received:
    19,327
    Trophy Points:
    931
    I'd check first to see if the BIOS "update" software will allow downgrading.

    By default the CLI command won't do this, it requires a newer date BIOS to overwrite the current. But there is an option to override this limit, for example with winflash:

    winflash /nodate

    Then you'd be safe trying a new BIOS knowing you can downgrade if it doesn't work out.

    Don't forget to write down all of your BIOS changes in case they get reset, I'd go so far as to take clear photo of each BIOS screen you make changes to, so you can see the difference if there are new options or tabs available after update.

    Also, I use whatever the option is to "load optimized defaults" first thing after resetting after flashing a new BIOS, I go into the BIOS first to do that before booting into Windows - I also then save the optimized defaults, which resets again, and this time I go into the BIOS and set my changes, save again, reset and restart again, and this time I let it boot into Windows.

    Sometimes the alignment of settings changes, and loading optimized defaults after flashing the new BIOS lets it clean up and install it's defaults, starting with a clean slate.

    I don't think the MB vendor is going to slip in the Spectre/Meltdown BIOS changes without noting that.

    Besides Intel told everyone to stop using them, so that's likely the state of the relationship until Intel gives a go signal again.

    What does your vendor / AMD have to say? :)
     
    Last edited: Feb 7, 2018
    Raiderman and Vasudev like this.
  7. Vasudev

    Vasudev Notebook Prophet

    Reputations:
    2,758
    Messages:
    5,872
    Likes Received:
    3,705
    Trophy Points:
    431
    Well its AMD Ryzen and not Intel.
     
    hmscott likes this.
  8. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,488
    Messages:
    15,710
    Likes Received:
    19,327
    Trophy Points:
    931
    Yeah, I know that, but I don't think AMD is going to push a BIOS change that the vendor won't disclose either.

    I had the detailed info on the Intel status to give an example, but not on AMD, I figured you'd know the difference. :)

    How about you post what the steps are to flash an older BIOS over a newer BIOS for your motherboard, and what AMD has issued for BIOS update for Vulnerabilities, that would be helpful.

    AMD Processor Security
    http://www.amd.com/en/corporate/speculative-execution
     
    Last edited: Feb 7, 2018
    Raiderman likes this.
  9. Vasudev

    Vasudev Notebook Prophet

    Reputations:
    2,758
    Messages:
    5,872
    Likes Received:
    3,705
    Trophy Points:
    431
    I don't have a desktop board anymore. Usually EZ Flash or QFlash or similar can rollback/upgrade BIOS even with protection.
     
    Raiderman and hmscott like this.
  10. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,488
    Messages:
    15,710
    Likes Received:
    19,327
    Trophy Points:
    931
    @Raiderman

    What Ryzen AMD motherboard do you have then?

    It looks like AMD is just now getting out BIOS updates, so it's probably too soon to expect them to be rolled out in recent BIOS updates.

    I don't think your motherboard vendor is going to push a BIOS change with a Vulnerability fix without disclosing it in the change list.

    Usually the vendor likes to test them for a few weeks in the lab and field before releasing them, even if they are for emergency - general release would be a while longer than immediately. It is likely this update was in the works well before AMD started contacting vendors with the Vulnerability microcode updates.

    AMD Processor Security
    http://www.amd.com/en/corporate/speculative-execution

    An Update on AMD Processor Security - 1/11/2018

    "GPZ Variant 2 (Branch Target Injection or Spectre) is applicable to AMD processors.
    • While we believe that AMD’s processor architectures make it difficult to exploit Variant 2, we continue to work closely with the industry on this threat. We have defined additional steps through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat.
    • AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks. These software updates will be provided by system providers and OS vendors; please check with your supplier for the latest information on the available option for your configuration and requirements."
    Like AMD says, check with your supplier, I'd send them an email with your posted details and question, they are most able to answer for certain what's in their BIOS update.
     
    Last edited: Feb 7, 2018
    Raiderman and Vasudev like this.
Loading...

Share This Page