The AMDFLAWS folks are getting a lot of flak, much of it rightfully so: for overhyping, bad disclosure process,etc. But escalation from root to secure enclave is actually not nothing. Why is this so easily dismissed? Malware in VTL1 is also a threat that seems valid to me.
-
-
Yes and no: they allegedly abused AMD’s own signed drivers (i.e. flaw in driver) to get in. If you sign the backdoor to your own systems… what exactly do you expect to happen?
-
Exploitable bug in a signed driver does sound like a legitimate vulnerability to me. Don't get me wrong, I'm rolling my eyes about their style as hard as the next person. And we're certainly not in spectre territory when it comes to the severity of things.
-
I am not denying the legitimacy of the vulnerability but the actual seriousness. AMD’s PSP was already dubious before this dump and, frankly, the dump is hardly critical for the vast majority of the world (hence: hype). I think the chipset vuln should be investigated further…
-
Frankly, I've just been skimming the "white paper". But code execution in VTL1 equals problems for MS HyperGuard and CredentialGuard, weakening their defenses. But yeah, that chipset problem too.
-
Yes, but it remains something done as admin via a signed driver. It is a design flaw but hardly dramatic for the vast majority of users. What it does show is a) dreadful QA on those critical drivers and b) dubious design choices for the PSP which appears to be over-powerful.
-
CredentialGuard is there to stop software with admin access from reading credentials, HyperGuard is there to stop software with admin access from hooking syscalls. Might not affect everybody, but still legit.
-
Agreed but is this really a QA issue with the driver or a bad design choice for the PSP? The latter might mean a sw update/redesign for the PSP, the former is plain silly.
-
Certainly nothing that I would have hired a PR agency for. Might have made for an entertaining talk at a con, max.
- 1 more reply
New conversation -
-
-
even worse there is a subsystem, the PSP, that is implementing a lot of the security features, and they claim to attack/abuse it too, which would be far worse. but still the claims remain shady, let's wait for a "useful" disclosure.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Three Rings for the Elven-kings under the sky, Seven for the Dwarf-lords in their halls of stone, Nine for Mortal Men doomed to die, One for the Dark Lord on his dark throne,
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Do you have insight on whether the issue mitigatable by BIOS updates or OS patches or will those delivered chips remain exploitable? Or too early to tell, lacking details, PoC, independent analysis, exploits in the wild etc?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
right, you have to be a corporate or nation state for that ...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.