New Foreshadow exploits CPU bug
47 views
Skip to first unread message
jonbrown...@gmail.com
Aug 20, 2018, 9:19:00 PM8/20/18
to qubes-users
So the new Foreshadow exploit bypasses all Intel CPU protections even secure enclaves SGX promised to solve. Additionally it bypasses all VM protections. Check it out below:
Andrew David Wong
Aug 20, 2018, 9:35:40 PM8/20/18
to jonbrown...@gmail.com, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
With respect to Qubes and Xen, "Foreshadow" is another name for
CVE-2018-3620 and CVE-2018-3646 (CVE-2018-3615 doesn't apply Xen,
since it doesn't currenty use SGX), which we've been discussing in
this thread:
https://groups.google.com/d/topic/qubes-users/Isn_hko7tQs/discussion
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlt7bFwACgkQ203TvDlQ
MDDvlA//U5HMGhY59cOLy2UmigJ049+gDJjYerjf74kO+4Oz8prH9qvxRRfb/u7x
M3+TQuz1Tum5IsxqjhQB6wwQdYHRvwpzyawwQoIWF5uMQeCsv+QBC6eRiSfSrMMF
ef8f50unVjkk9aGRhoV3BKSW3N1XgFeowBR4ifUul4PO0xwOygdO57Jz2HhL/ViP
3FWqg82xwF2z7lc3YHzrsWd7UUI1/CuUA2lgUm8pgB8sxs6CkQ7fPDt9AAViiowR
mUo5uoqgm6j3W26Nx5Gj0zixj2aYxOZnalc1Kwk7ViovCrsUwDpYM2p/JEQnpf00
PF6ttA9FvdFywf5flDIn6BLaaKbWlVoW4fLPXTD9Lr4/DdNVDt42Cp7y51GIFxPB
1a6rGtVxBBlgcBT7yonhWBxudy13KMe3bZkWp341t6uH+G+3X4JHc/tiKN8eSjLM
tqxfhRceAoolB6jkH3c8oDVy6Iez9p0GqaoTHtFm+i5skUOD35Kb4zKNvjoUpgpu
5BOrhN0PavW26uPi1SOibp0cUUOck6bSH541Rkljh1VKZb4on3tOxzSXJkmB5op8
qEHIQv26ICqLe45BtCdH429yEzVSHJNYDbZMsZJAXeXaHX+VCNn8oaMJRDf52M4Y
eNGzGNaywlErei/PKAevzjzAHX+kJXhyyf762/A8xV6QRbc6O4Y=
=d4VQ
-----END PGP SIGNATURE-----
Hash: SHA512
CVE-2018-3620 and CVE-2018-3646 (CVE-2018-3615 doesn't apply Xen,
since it doesn't currenty use SGX), which we've been discussing in
this thread:
https://groups.google.com/d/topic/qubes-users/Isn_hko7tQs/discussion
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlt7bFwACgkQ203TvDlQ
MDDvlA//U5HMGhY59cOLy2UmigJ049+gDJjYerjf74kO+4Oz8prH9qvxRRfb/u7x
M3+TQuz1Tum5IsxqjhQB6wwQdYHRvwpzyawwQoIWF5uMQeCsv+QBC6eRiSfSrMMF
ef8f50unVjkk9aGRhoV3BKSW3N1XgFeowBR4ifUul4PO0xwOygdO57Jz2HhL/ViP
3FWqg82xwF2z7lc3YHzrsWd7UUI1/CuUA2lgUm8pgB8sxs6CkQ7fPDt9AAViiowR
mUo5uoqgm6j3W26Nx5Gj0zixj2aYxOZnalc1Kwk7ViovCrsUwDpYM2p/JEQnpf00
PF6ttA9FvdFywf5flDIn6BLaaKbWlVoW4fLPXTD9Lr4/DdNVDt42Cp7y51GIFxPB
1a6rGtVxBBlgcBT7yonhWBxudy13KMe3bZkWp341t6uH+G+3X4JHc/tiKN8eSjLM
tqxfhRceAoolB6jkH3c8oDVy6Iez9p0GqaoTHtFm+i5skUOD35Kb4zKNvjoUpgpu
5BOrhN0PavW26uPi1SOibp0cUUOck6bSH541Rkljh1VKZb4on3tOxzSXJkmB5op8
qEHIQv26ICqLe45BtCdH429yEzVSHJNYDbZMsZJAXeXaHX+VCNn8oaMJRDf52M4Y
eNGzGNaywlErei/PKAevzjzAHX+kJXhyyf762/A8xV6QRbc6O4Y=
=d4VQ
-----END PGP SIGNATURE-----
Tai...@gmx.com
Aug 20, 2018, 10:38:37 PM8/20/18
to qubes...@googlegroups.com
SGX is another ME service slash intel marketing gimmick invented for DRM
not security.
If the person who purchased the computer can't examine the VM's running
on it then they are not owning it simply licensing it which is why SGX
is a bad technology and people shouldn't buy x86.
not security.
If the person who purchased the computer can't examine the VM's running
on it then they are not owning it simply licensing it which is why SGX
is a bad technology and people shouldn't buy x86.
Leo Gaspard
Aug 21, 2018, 5:11:05 AM8/21/18
to qubes...@googlegroups.com
less expensive. Then I guess you would actually like to not have to
trust the cloud provider :)
You still have to trust Intel for actually doing what they promise, but
you have to trust the processor manufacturer at some point anyway.
Not saying SGX actually meets its promises, though, just reacting to
your second paragraph. There are use cases for having the person who
owns a computer not being able to examine VM's running on it. Whether
you want or not to use or have them is a different question.
Reply all
Reply to author
Forward
0 new messages