数码科技

AMD的PSP 漏洞已被修复

去年9月28日,Google的云安全队伍的一位成员发现存在于AMD PSP的漏洞。针对性的补丁已于去年12月7日放出,各厂商只需将补丁集成后放出供客户更新。

img001.jpg

此外AMD还确认并不能通过该漏洞进行远程代码执行。想攻击服务器,必须能在物理上接触服务器,换掉现有的SPI-Flash。SPI-Flash并不能远程刷写。


最新的AGESA 1072里已经有了PSP的关闭选项。

漏洞信息及原理原文如下:

Introduction
============
AMD PSP [1] is a dedicated security processor built onto the main CPU die.
ARM TrustZone provides an isolated execution environment for sensitive and
privileged tasks, such as main x86 core startup. See [2] for details.

fTPM is a firmware TPM [3] implementation. It runs as a trustlet
application inside the PSP. fTPM exposes a TPM 2.0 interface over MMIO to
the host [4].

Research
========
The fTPM trustlet code was found in Coreboot’s git repository [5] and in
several BIOS update files. The TPM reference implementation code is
published in trustedcomputinggroup.org (TCG) TPM specification. In fact,
the code *is* the spec.
Most TPM vendors implement their TPMs based on the TCG spec code. Vendors
implement the storage layer (where non-volatile data and persistent objects
are stored), connect the crypto library to a good source of entropy, and
sometimes re-implement the low-level crypto functions. However, a lot of
the TPM code is shared with the publicly accessible TPM specification:
request/response marshaling, session management and command execution logic.
This research focused on vendor specific code that diverged from the TCG
spec.

Vulnerability
=============
Through manual static analysis, we’ve found a stack-based overflow in the
function EkCheckCurrentCert.
This function is called from TPM2_CreatePrimary with user controlled data –
a DER encoded [6] endorsement key (EK) certificate stored in the NV
storage.

A TLV (type-length-value) structure is parsed and copied on to the parent
stack frame. Unfortunately, there are missing bounds checks, and a
specially crafted certificate can lead to a stack overflow:

NESTED_CERT_DATA1 = ’x03x82x07xf0’ + ’A * 0x7f0
NESTED_CERT_DATA2 = ’x03x82’ + pack(’>H’, len(NESTED_CERT_DATA1)) +
NESTED_CERT_DATA1
CERT_DATA = ’x03x82’ + pack(’>H’, len(NESTED_CERT_DATA2)) +
NESTED_CERT_DATA2

Proof Of Concept
================
Without access to a real AMD hardware, we used an ARM emulator [7] to
emulate a call to EkCheckCurrentCert with the CERT_DATA listed above. We
verified that full control on the program counter is possible:

EkCheckCurrentCert+c8    : B               loc_10EE4
EkCheckCurrentCert+60    : LDR             R4, =0xB80
EkCheckCurrentCert+62    : ADDS            R4, #0x14
EkCheckCurrentCert+64    : ADD             SP, R4
EkCheckCurrentCert+66    : POP             {R4-R7,PC}
41414140                 : ????
|
R0=ff,R1=f00242c,R2=f001c24,R3=824,R4=41414141,R5=41414141,R6=41414141,R7=41414141,PC=41414140,SP=f003000,LR=11125

As far as we know, general exploit mitigation technologies (stack cookies,
NX stack, ASLR) are not implemented in the PSP environment.

Credits
===========
This vulnerability was discovered and reported to AMD by Cfir Cohen of the
Google Cloud Security Team.

Timeline
========
09-28-17 – Vulnerability reported to AMD Security Team.
12-07-17 – Fix is ready. Vendor works on a rollout to affected partners.
01-03-18 – Public disclosure due to 90 day disclosure deadline.

via:http://seclists.org/fulldisclosure/2018/Jan/12

剧毒术士马文

留学中 Comp.Arch|RISCV|HPC|FPGA 最近沉迷明日方舟日服 联系方式请 discord 或者 weibo 私信。目前不在其他平台活动。 邮箱已更新为[email protected]。 看板娘:ほし先生♥

相关文章

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注

返回顶部按钮