Positive Technologies specialist Mark Ermolov has uncovered vulnerabilities in the Intel Software Guard Extension (SGX) system which could have serious implications for users.
The vulnerability stems from a code error that permits attackers to gain full access to secure data in SGX enclaves on outdated systems powered by Gemini processors and potentially some older Xeon processors that are still supported.
After years of research, Ermolov and his team were able to extract the SGX Fuse KEY0 (ROOT Provisioning Key) along with another key, the Root Sealing Key, which compromised the Root Provisioning Key, a key of trust for SGX. The code flaw was due to Intel engineers failing to clear the internal buffer in the processor core, which houses all fuses, including the essential FK0 from the Fuse Controller. This oversight provides a pathway for accessing secure data in SGX.
Although Intel has ceased the use of SGX technology in client processors, numerous systems still operate on these processors, especially in embedded systems. Possessing the FK0 key grants total control over secure data in SGX.
Intel clarifies that executing the attack necessitates physical access to a vulnerable device and the existence of other unknown vulnerabilities. Prior vulnerabilities such as CVE-2017-5705, CVE-2017-5706, CVE-2017-5707, and CVE-2019-0090 must also be present, for which Intel has issued fixes.
Despite Intel’s efforts, many Gemini processors are still in use, particularly in devices with low performance requirements. This leads to a significant compromise of these systems, as highlighted by Jones Hopkins University, making all data residing in guarded SGX enclaves on Gemini processors vulnerable.
The crux of the issue lies in the SGX protection software. Code flaws could potentially grant unauthorized access to materials protected by SGX, although it remains unclear if this can be achieved remotely or if physical access is required.
SGX technology was launched in 2015 with Skylake processors to safeguard critical code even from the manufacturer. However, following critical discoveries post-launch, subsequent chips omitted this technology but it is still prevalent in embedded systems, rendering the vulnerability pertinent to a wide user base.