The AMDFLAWS folks are getting a lot of flak, much of it rightfully so: for overhyping, bad disclosure process,etc. But escalation from root to secure enclave is actually not nothing. Why is this so easily dismissed? Malware in VTL1 is also a threat that seems valid to me.
-
Show this thread
-
Apparently people don't realize that root/admin is not the highest level of privilege anymore. Ring 0, a.k.a. kernel, isn't either. There's a whole security architecture around virtualization and trusted enclaves. And you're not supposed to run code in there as a mere admin.
5 replies 16 retweets 33 likesShow this thread -
Replying to @andreasdotorg
Yes and no: they allegedly abused AMD’s own signed drivers (i.e. flaw in driver) to get in. If you sign the backdoor to your own systems… what exactly do you expect to happen?
1 reply 0 retweets 0 likes -
Replying to @cynicalsecurity
Exploitable bug in a signed driver does sound like a legitimate vulnerability to me. Don't get me wrong, I'm rolling my eyes about their style as hard as the next person. And we're certainly not in spectre territory when it comes to the severity of things.
1 reply 0 retweets 2 likes -
Replying to @andreasdotorg
I am not denying the legitimacy of the vulnerability but the actual seriousness. AMD’s PSP was already dubious before this dump and, frankly, the dump is hardly critical for the vast majority of the world (hence: hype). I think the chipset vuln should be investigated further…
2 replies 0 retweets 0 likes -
Replying to @cynicalsecurity
Frankly, I've just been skimming the "white paper". But code execution in VTL1 equals problems for MS HyperGuard and CredentialGuard, weakening their defenses. But yeah, that chipset problem too.
1 reply 0 retweets 0 likes -
Replying to @andreasdotorg
Yes, but it remains something done as admin via a signed driver. It is a design flaw but hardly dramatic for the vast majority of users. What it does show is a) dreadful QA on those critical drivers and b) dubious design choices for the PSP which appears to be over-powerful.
2 replies 0 retweets 0 likes -
Replying to @cynicalsecurity
CredentialGuard is there to stop software with admin access from reading credentials, HyperGuard is there to stop software with admin access from hooking syscalls. Might not affect everybody, but still legit.
1 reply 0 retweets 1 like -
Replying to @andreasdotorg
Agreed but is this really a QA issue with the driver or a bad design choice for the PSP? The latter might mean a sw update/redesign for the PSP, the former is plain silly.
1 reply 0 retweets 0 likes
Certainly nothing that I would have hired a PR agency for. Might have made for an entertaining talk at a con, max.
-
-
Replying to @andreasdotorg
That is sort of besides the point now as the short on AMD clearly failed (stock is up!). I am wondering if the choice to put the PSP on-core has meant that AMD has been superficial in its risk assessment compared to, say, ME which is off-core.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.