Re: [PATCH v6 00/11] Intel SGX Driver

From: James Bottomley
Date: Thu Jan 04 2018 - 10:09:30 EST

Next message: Will Deacon: "[PATCH 01/11] arm64: use RET instruction for exiting the trampoline"
Previous message: Johannes Berg: "Re: [PATCH] nl80211: Check for the required netlink attribute presence"
In reply to: Greg Kroah-Hartman: "Re: [PATCH v6 00/11] Intel SGX Driver"
Next in thread: Dr. Greg Wettstein: "Re: [PATCH v6 00/11] Intel SGX Driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2018-01-04 at 15:17 +0100, Cedric Blancher wrote:
> So how does this protect against the MELTDOWN attack (CVE-2017-5754)
> and the MELTATOMBOMBA4 worm which uses this exploit?

Actually, a data exfiltration attack against SGX, using page tables has
already been documented:

https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/van-bulck

It doesn't exploit speculation as the mechanism for gathering data (it
exploits page faults), but the structure of the side channel attack
used to exfiltrate data from the supposedly secure enclave is very
similar to Spectre. ÂThe targetting mechanism is very different,
though: the page table exploit assumes you can control the page tables,
so you must be highly privileged on the platform but with Spectre you
merely have to be an ordinary user.

James

Next message: Will Deacon: "[PATCH 01/11] arm64: use RET instruction for exiting the trampoline"
Previous message: Johannes Berg: "Re: [PATCH] nl80211: Check for the required netlink attribute presence"
In reply to: Greg Kroah-Hartman: "Re: [PATCH v6 00/11] Intel SGX Driver"
Next in thread: Dr. Greg Wettstein: "Re: [PATCH v6 00/11] Intel SGX Driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]