The expert Positive Technologies has discovered the possibility of disclosure of encryption keys in Intel ME

Image:

Intel Unsplash removed a serious vulnerability in the Intel ME firmware. Positive Technologies expert Dmitry Sklyarov discovered an error in the operation of the security mechanisms of MFS, the file system that ME uses to store data. As a result of exploiting this vulnerability, attackers can manipulate the state of MFS and extract some important secrets.

The Intel ME (Management Engine) subsystem uses MFS for storage (presumably short for ME File System). MFS security mechanisms actively use cryptographic keys. Confidentiality keys are used to ensure the secrecy of data stored in the MFS, and Integrity keys are used for integrity control. The data placed in the MFS, in order of importance, are divided into two categories, and are protected by different sets of keys. Intel keys are used for the most sensitive data, and Non-Intel keys are used for the rest. Thus, four keys are used: Intel Integrity key, Non-Intel Integrity key, Intel Confidentiality key and Non-Intel Confidentiality key.

In 2017, Positive Technologies experts Mark Yermolov and Maxim Goryachiy discovered vulnerabilityoperation of which allows you to get all four keys and completely compromise the security mechanisms of MFS.

Intel later released an update covering this vulnerability. The value of SVN (Secure Version Number) was increased - this step should have led to the upgrade of all keys and return MFS security to the planned level. Receiving MFS keys for updated ME firmware (with a new SVN value) should be impossible.

However, in 2018, Positive Technologies expert Dmitry Sklyarov discovered the CVE-2018-3655 vulnerability, described in the Intel-SA-00125 newsletter.. The essence of the problem lies in the fact that Non-Intel keys depend on the value of SVN and the underlying unchangeable secret of the subsystem. And this secret can be obtained if you use JTAG debugging, which can be enabled using a previous vulnerability. Knowledge of the base secret of the subsystem allows you to calculate both Non-Intel keys - and all this is already in the new firmware version.

Thus, an attacker can calculate the Non-Intel Integrity key and Non-Intel Confidentiality key for the firmware with the updated SVN value, and therefore compromise those MFS security mechanisms that rely on these keys.

Non-Intel Integrity key is used to control the integrity of all directories - knowing it, you can add and delete files, change their security attributes. Also, this key is tied to the protection of anti-replay-tables - a mechanism designed to prevent the replacement of the contents of some files by their previous versions. And knowing the key, anti-replay mechanisms will be easy to get around. Non-Intel Confidentiality key is used to encrypt some files. For example, with its help the AMT password is encrypted.

By consistently exploiting vulnerabilities found by Positive Technologies experts in 2017 and 2018, an attacker can interfere with ME’s work and retrieve confidential data. Operation of vulnerabilities is hampered by the need for physical access to the device, but it is still an extremely serious security error.

Positive Technologies experts found a number of vulnerabilities in the Intel ME firmware. So Mark Yermolov and Maxim Goryachy told about the vulnerability they discovered at the Black Hat Europe conference. At the same conference, Dmitry Sklyarov talked in detail about the device file system ME.

In addition, experts at Positive Technologies learned how to disable the Intel ME subsystem using the undocumented mode and showed how to enable JTAG debugging in a special webinar .