On Sat, Mar 7, 2020 at 11:26 AM Ivan T. Ivanov <[email protected]> wrote: > > Quoting Rich Freeman (2020-03-06 23:13:55) > > > > The patched firmware executes before any software you boot, assuming > > your device was patched before the hacker got his hands on it. > > > > Well, they say that vulnerability is inside ROM code [1], which > is executed before any firmware. And because this is ROM it could > not be patched. >
The root vulnerability is indeed in ROM. The firmware patches partially mitigate the vulnerability. Without a firmware patch the CPU is vulnerable to both hardware and software attacks. With the firmware patch the CPU is still vulnerable to hardware/physical attacks, but is apparently no longer vulnerable to software attacks. Obviously both attack vectors matter depending on your use case, but software attacks are obviously far more widely applicable. If you don't patch your firmware then even a server which is completely protected physically is still vulnerable. Even if you don't intend to use these features in your CPU, a hacker who manages to get into your server could use the vulnerability to implant a rootkit that is protected by the CPU from detection by the OS. So, even though a firmware update doesn't entirely close the vulnerability, it is still important to deploy. Note that while in this case it is apparently not possible to fix the problem with firmware, there are known CPU hardware problems that can be fixed via software. It really depends on the nature of the problem. In this case we're talking about a TPM where a threat model is an attacker with physical access that is trying to play games with the busses/etc, and as such it is important that it initialize using code in ROM that is known-good. -- Rich
