QSB #61 Information leak via power sidechannel (XSA-351)
38 views
Skip to first unread message
Marek Marczykowski-Górecki
Nov 11, 2020, 10:39:28 PM11/11/20
to qubes-a...@googlegroups.com, qubes...@googlegroups.com, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear Qubes Community,
We have just published Qubes Security Bulletin (QSB) #61: Information
leak via power sidechannel (XSA-351). The text of this QSB is
reproduced below. This QSB and its accompanying signatures will always
be available in the Qubes Security Pack (qubes-secpack).
View QSB #61 in the qubes-secpack:
https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-061-2020.txt
Learn about the qubes-secpack, including how to obtain, verify, and read
it:
https://www.qubes-os.org/security/pack/
View all past QSBs:
https://www.qubes-os.org/security/bulletins/
View XSA-351 in the XSA Tracker:
https://www.qubes-os.org/security/xsa/#351
```
---===[ Qubes Security Bulletin #61 ]===---
2020-11-10
Information leak via power sidechannel (XSA-351)
Summary
========
On 2020-11-10, the Xen Security Team published Xen Security Advisory
351 (XSA-351) [1] with the following description:
| Researchers have demonstrated using software power/energy monitoring
| interfaces to create covert channels, and infer the operations/data used
| by other contexts within the system.
|
| Access to these interfaces should be restricted to privileged software,
| but it was found that Xen doesn't restrict access suitably, and the
| interfaces are accessible to all guests.
|
| For more information, see:
| https://platypusattack.com
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
|
| An unprivileged guest administrator can sample platform power/energy
| data. This may be used to infer the operations/data used by other
| contexts within the system.
|
| The research demonstrates using this sidechannel to leak the AES keys
| used elsewhere in the system.
Patching
=========
The specific packages that resolve the problems discussed in this
bulletin are as follows:
For Qubes 4.0:
- Xen packages, version 4.8.5-26
For Qubes 4.1:
- Xen packages, version 4.14.0-7
The packages are to be installed in dom0 via the Qube Manager or via
the qubes-dom0-update command as follows:
For updates from the stable repository (not immediately available):
$ sudo qubes-dom0-update
For updates from the security-testing repository:
$ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing
A system restart will be required afterwards.
These packages will migrate from the security-testing repository to the
current (stable) repository over the next two weeks after being tested
by the community.
If you use Anti Evil Maid, you will need to reseal your secret
passphrase to new PCR values, as PCR18+19 will change due to the new
Xen binaries.
Credits
========
See the original Xen Security Advisory.
References
===========
[1] https://xenbits.xen.org/xsa/advisory-351.html
- --
The Qubes Security Team
https://www.qubes-os.org/security/
```
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAl+srmoACgkQ24/THMrX
1yyq8Af/fUy3neIkRJ1JDWX+7y9/o/a/oHOjGZA4ETH+Bu5JnalAxc4w2ts+XkFX
mUAN2Y6bwXmBGMaPjn7MysT3XWINYqz/RVrXbKl9k8Oky0T61HnE0MOGwQeOLXt/
AI/sgRpqK2B6degrbze+0LquzZW/Gxd/4l5diDj+Dop9dPn6EJVz5F4xCNzgRBcl
vPhpXBPN7IwUySCCOx6LdCinYjvTyVeH05dTJA04DZykSaXCullMgOl4i3WKbzgS
+yJFW9/D+NNAtb0Z9+FynvQ3lmIM+OycBsc8LbDv2scMdwakpNeVhCQY1t8I+h6Y
U9u7yjQedhSZpxD586q8zLkBzIXvFA==
=con+
-----END PGP SIGNATURE-----
Hash: SHA256
Dear Qubes Community,
We have just published Qubes Security Bulletin (QSB) #61: Information
leak via power sidechannel (XSA-351). The text of this QSB is
reproduced below. This QSB and its accompanying signatures will always
be available in the Qubes Security Pack (qubes-secpack).
View QSB #61 in the qubes-secpack:
https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-061-2020.txt
Learn about the qubes-secpack, including how to obtain, verify, and read
it:
https://www.qubes-os.org/security/pack/
View all past QSBs:
https://www.qubes-os.org/security/bulletins/
View XSA-351 in the XSA Tracker:
https://www.qubes-os.org/security/xsa/#351
```
---===[ Qubes Security Bulletin #61 ]===---
2020-11-10
Information leak via power sidechannel (XSA-351)
Summary
========
On 2020-11-10, the Xen Security Team published Xen Security Advisory
351 (XSA-351) [1] with the following description:
| Researchers have demonstrated using software power/energy monitoring
| interfaces to create covert channels, and infer the operations/data used
| by other contexts within the system.
|
| Access to these interfaces should be restricted to privileged software,
| but it was found that Xen doesn't restrict access suitably, and the
| interfaces are accessible to all guests.
|
| For more information, see:
| https://platypusattack.com
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
|
| An unprivileged guest administrator can sample platform power/energy
| data. This may be used to infer the operations/data used by other
| contexts within the system.
|
| The research demonstrates using this sidechannel to leak the AES keys
| used elsewhere in the system.
Patching
=========
The specific packages that resolve the problems discussed in this
bulletin are as follows:
For Qubes 4.0:
- Xen packages, version 4.8.5-26
For Qubes 4.1:
- Xen packages, version 4.14.0-7
The packages are to be installed in dom0 via the Qube Manager or via
the qubes-dom0-update command as follows:
For updates from the stable repository (not immediately available):
$ sudo qubes-dom0-update
For updates from the security-testing repository:
$ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing
A system restart will be required afterwards.
These packages will migrate from the security-testing repository to the
current (stable) repository over the next two weeks after being tested
by the community.
If you use Anti Evil Maid, you will need to reseal your secret
passphrase to new PCR values, as PCR18+19 will change due to the new
Xen binaries.
Credits
========
See the original Xen Security Advisory.
References
===========
[1] https://xenbits.xen.org/xsa/advisory-351.html
- --
The Qubes Security Team
https://www.qubes-os.org/security/
```
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAl+srmoACgkQ24/THMrX
1yyq8Af/fUy3neIkRJ1JDWX+7y9/o/a/oHOjGZA4ETH+Bu5JnalAxc4w2ts+XkFX
mUAN2Y6bwXmBGMaPjn7MysT3XWINYqz/RVrXbKl9k8Oky0T61HnE0MOGwQeOLXt/
AI/sgRpqK2B6degrbze+0LquzZW/Gxd/4l5diDj+Dop9dPn6EJVz5F4xCNzgRBcl
vPhpXBPN7IwUySCCOx6LdCinYjvTyVeH05dTJA04DZykSaXCullMgOl4i3WKbzgS
+yJFW9/D+NNAtb0Z9+FynvQ3lmIM+OycBsc8LbDv2scMdwakpNeVhCQY1t8I+h6Y
U9u7yjQedhSZpxD586q8zLkBzIXvFA==
=con+
-----END PGP SIGNATURE-----
unman
Nov 12, 2020, 11:49:07 AM11/12/20
to qubes...@googlegroups.com
Demi M. Obenour
Nov 12, 2020, 12:23:16 PM11/12/20
to qubes...@googlegroups.com
of trust to it. If someone could help me, that would be greatly
appreciated. Once that is done, I will file a PR to the documentation.
Sincerely,
Demi
Andrew Clausen
Nov 13, 2020, 7:56:30 AM11/13/20
to Demi M. Obenour, qubes-devel
Hi Demi,
On Thu, 12 Nov 2020 at 16:26, Demi M. Obenour <demio...@gmail.com> wrote:
FYI, I am not sure how to obtain the public key that signed that
message.
All Qubes keys are available inside the "distribution-gpg-keys" package, which you can install with "dnf install distribution-gpg-keys". Since this package is signed, it has a pretty good chain of trust built into it. Since this is a Fedora package, it is also helpful for securely installing Qubes from another Fedora-based distribution.
I have been meaning to update the Qubes documentation about this, but I have been a bit busy!
Kind regards,
Andrew
Andrew Clausen
Nov 13, 2020, 5:51:09 PM11/13/20
to Demi M. Obenour, qubes-devel
Hi Demi,
On Fri, 13 Nov 2020 at 20:06, Demi M. Obenour <demio...@gmail.com> wrote:
Thank you! That is quite helpful, although it doesn’t include the
email keys.
Oops, I missed that. Perhaps we should add in the keys from https://www.qubes-os.org/team ? I think it would be ideal to not clutter up the package though. We could just include Marek's key, which presumebly signs all the other ones?
Or alternatively, perhaps security bulletins should be signed with a Qubes project key?
Kind regards,
Andrew
Andrew David Wong
Nov 14, 2020, 3:29:35 AM11/14/20
to Andrew Clausen, qubes-devel, Demi M. Obenour
https://github.com/QubesOS/qubes-doc/pull/1079/commits/fdcaadaeec4d91edc01bdfd8774c9e27de04260d
> We could just include Marek's key, which presumebly signs all the
other ones?
> Or alternatively, perhaps security bulletins should be signed with a
Qubes project key?
Security Team keys, which are in turned signed by the Qubes Master
Signing Key, so you already have the required chain of trust there.
--
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
Andrew Clausen
Nov 14, 2020, 9:33:03 AM11/14/20
to Andrew David Wong, qubes-devel, Demi M. Obenour
Hi Andrew,
On Sat, 14 Nov 2020 at 08:29, Andrew David Wong <a...@qubes-os.org> wrote:
> I have been meaning to update the Qubes documentation about this, but I
> have been a bit busy!
Added. Thank you!
https://github.com/QubesOS/qubes-doc/pull/1079/commits/fdcaadaeec4d91edc01bdfd8774c9e27de04260d
Thanks a lot. I didn't know about this document. In general, I find it a little hard to follow. For example, distribution-gpg-keys isn't listed as one of the "several ways to get the Qubes Master Signing Key". It comes later, where it might be overlooked. I might have a shot at redrafting this soon.
Anyway, should I include a copy (and link to the original) in the distribution-gpg-keys package?
> Or alternatively, perhaps security bulletins should be signed with a
Qubes project key?
QSBs are already signed by individual Qubes Security Team members'
Security Team keys, which are in turned signed by the Qubes Master
Signing Key, so you already have the required chain of trust there.
That sounds sensible. Should this be documented in the "verifying signatures" document too?
Kind regards,
Andrew
Andrew David Wong
Nov 14, 2020, 9:28:19 PM11/14/20
to Andrew Clausen, qubes-devel
On 11/14/20 6:32 AM, Andrew Clausen wrote:
> Hi Andrew,
>
> On Sat, 14 Nov 2020 at 08:29, Andrew David Wong <a...@qubes-os.org> wrote:
>
>>> I have been meaning to update the Qubes documentation about this, but I
>>> have been a bit busy!
>>
>> Added. Thank you!
>>
>>
>> https://github.com/QubesOS/qubes-doc/pull/1079/commits/fdcaadaeec4d91edc01bdfd8774c9e27de04260d
>>
>
> Thanks a lot. I didn't know about this document. In general, I find it a
> little hard to follow. For example, distribution-gpg-keys isn't listed as
> one of the "several ways to get the Qubes Master Signing Key".
Oh, true. I'll also add it to that list.
> Hi Andrew,
>
> On Sat, 14 Nov 2020 at 08:29, Andrew David Wong <a...@qubes-os.org> wrote:
>
>>> I have been meaning to update the Qubes documentation about this, but I
>>> have been a bit busy!
>>
>> Added. Thank you!
>>
>>
>> https://github.com/QubesOS/qubes-doc/pull/1079/commits/fdcaadaeec4d91edc01bdfd8774c9e27de04260d
>>
>
> Thanks a lot. I didn't know about this document. In general, I find it a
> little hard to follow. For example, distribution-gpg-keys isn't listed as
> one of the "several ways to get the Qubes Master Signing Key".
> It comes later, where it might be overlooked.
authenticating the key.
> I might have a shot at redrafting this soon.
>
curious what you have in mind.
> Anyway, should I include a copy (and link to the original) in the
> distribution-gpg-keys package?
>
the original rather than making a copy, since the copy will probably
become desyncrhonized from the original over time.
>
>> > Or alternatively, perhaps security bulletins should be signed with a
>> Qubes project key?
>>
>> QSBs are already signed by individual Qubes Security Team members'
>> Security Team keys, which are in turned signed by the Qubes Master
>> Signing Key, so you already have the required chain of trust there.
>>
>
> That sounds sensible. Should this be documented in the "verifying
> signatures" document too?
>
https://www.qubes-os.org/security/pack/#how-to-obtain-verify-and-read
Reply all
Reply to author
Forward
0 new messages