Corona Virus, Social Distancing and The Protection of Your Intel TPM

In today’s work-at-home, socially distanced world, we’re increasingly reminded of the importance of proximity and the critical nature of physical access.  As someone who’s worked in the logical world of enterprise security for so many years, it’s easy to forget that the fastest DOS attack ever, is a hammer swung violently at your physical storage array!   And with the Corona virus on everyone’s doorstep, physical proximity has become an issue in every walk of life.  For COVID-19 it’s social distancing and the now extensively accepted elbow bump.  In software security it’s proximity to the hardware and control over physical access that underpins everything we do.    

I’m reminded of this critical dependency by the recent announcement that nearly all Intel processors have yet another critical security flaw, that is “rooted” in the ability to touch the hardware.  It now appears that anyone with machine access is able to bypass all platform security measures, including the full and unmitigated exploitation of the Trusted Platform Module (TMP).  Anyone that’s tracked the long and intricate history of cryptographic “root of trust” fully understands the magnitude and implications of this statement. 

The March 5th posting from Positive Technologies, titled “Intel x86 Root of Trust: Loss of Trust”, outlined a newly discovered critical flaw in the Intel CSME (Converged Security and Management Engine).  The Intel CSME provides the cryptographic foundation for all hardware security technologies developed by their TMP, DRM, TPM and Intel Identity Protection system. Their report states that this newly discovered vulnerability “affects the Intel CSME boot ROM on all Intel chipsets and SoCs available today other than Ice Point (Generation 10). The vulnerability allows extracting the Chipset Key and manipulating part of the hardware key and the process of its generation. However, currently it is not possible to obtain that key’s hardware component (which is hard coded in the SKS) directly. The vulnerability also sets the stage for arbitrary code execution with zero-level privileges in Intel CSME.”

The report goes on to say that “this vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms”. They further state that “The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.”. 

This latest news means that all Intel processors released in the past five years have an unpatchable vulnerability that is, once again, rooted in physical access protection.  If you’ve got physical access, you’ve got a vulnerability.  Today, in the shadow of the COV-19, just writing those words feels so old and yet so new.  Everything we thought was safe is only safe if it’s physically secured, social distanced and wrapped in the unsettling reminder that trust is transient and when lost, so very hard to regain.