'Unfixable' boot ROM security flaw in millions of Intel chips could spell 'utter chaos' for DRM, file encryption, etc

2020-03-05 14:00

It cannot be fixed without replacing the silicon, only mitigated, it is claimed: the design flaw is baked into millions of Intel processor chipsets manufactured over the past five years.

Buried deep inside modern Intel chipsets is what's called the Management Engine, or these days, the Converged Security and Manageability Engine.

At the heart of this cryptography is a Chipset Key that is encrypted by another key baked into the silicon, and you can't do too much damage, it seems, until you can decrypt the Chipset Key.

"To fully compromise EPID, hackers would need to extract the hardware key used to encrypt the Chipset Key, which resides in Secure Key Storage," explained Positive's Mark Ermolov.

"However, this key is not platform-specific. A single key is used for an entire generation of Intel chipsets. And since the ROM vulnerability allows seizing control of code execution before the hardware key generation mechanism in the SKS is locked, and the ROM vulnerability cannot be fixed, we believe that extracting this key is only a matter of time."

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/05/unfixable_intel_csme_flaw/

#boot #chip #DRM #encryption #intel #security

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Intel		6830	274	757	406	28	1465

News URL

Related news

Related vendor