Researchers from Positive Technologies vulnerability (), which allows, if you have physical access to the equipment, to extract the platform root key (Chipset key), which is used as a root of trust when verifying the authenticity of various platform components, including TPM (Trusted Platform Module) and UEFI firmware.
The vulnerability is caused by a bug in the hardware and Intel CSME firmware, which is located in the boot ROM, which prevents the problem from being fixed in devices already in use. Due to the presence of a window during an Intel CSME restart (for example, when resuming from sleep mode), through DMA manipulation it is possible to write data to Intel CSME static memory and modify already initialized Intel CSME memory page tables to intercept execution, retrieve the platform key, and obtain control over the generation of encryption keys for Intel CSME modules. Details of exploitation of the vulnerability are planned to be published later.
In addition to extracting the key, the error also allows code to be executed at zero privilege level (Converged Security and Manageability Engine). The problem affects most Intel chipsets released over the past five years, but in the 10th generation of processors (Ice Point) the problem no longer appears. Intel became aware of the problem about a year ago and released , which, although they cannot change the vulnerable code in the ROM, try to block possible exploitation paths at the level of individual Intel CSME modules.
Possible consequences of obtaining the platform root key include support for firmware of Intel CSME components, compromise of media encryption systems based on Intel CSME, as well as the possibility of forging EPID identifiers () to pass off your computer as another to bypass DRM protection. If individual CSME modules are compromised, Intel has provided the ability to regenerate the associated keys using the SVN (Security Version Number) mechanism. In case of access to the platform root key, this mechanism is not effective since the platform root key is used to generate a key for encrypting the integrity control block (ICVB, Integrity Control Value Blob), obtaining which, in turn, allows you to forge the code of any of the Intel CSME firmware modules .
It is noted that the root key of the platform is stored in encrypted form and for complete compromise it is additionally necessary to determine the hardware key stored in SKS (Secure Key Storage). The specified key is not unique and is the same for each generation of Intel chipsets. Since the bug allows code to be executed at a stage before the key generation mechanism in SKS is blocked, it is predicted that sooner or later this hardware key will be determined.
Source: opennet.ru