The Spectre of a Meltdown?
The Spectre and Meltdown vulnerabilities recently detailed by Google Project Zero result from broad architectural features that are built into a wide range of processor chips from multiple vendors.
Decades since beginning a wholesale migration to COTS silicon, the mil/aero market is no less vulnerable regarding all the deployed systems now based on these processors.
Abaco has implemented comprehensive measures to prevent our customers experiencing these vulnerabilities. An outline of these measures, plus links to operating system vendor advice regarding their own preventative actions, are provided below. We are strongly advising our customers to follow up regarding the particular operating system they are using.
Please don’t hesitate to contact us if you need clarification.
As detailed by Google Project Zero, a new series of side-channel analysis methods have been discovered that potentially facilitate access to unauthorized information. All the methods take advantage of speculative execution, a common technique in processors used to achieve high performance.
There are two known variants of the issue:
- Variant 1: bounds check bypass
- Variant 2: branch target injection
- Variant 1 is mitigated by operating system-level fixes - see below.
Variant 2 is the only vulnerability that requires microcode updates. Such updates only protect SMM, UEFI and pre-operating systems solutions. Operating system vendors are providing additional operating system-level mitigations.
As detailed by Google Project Zero, an additional side-channel analysis method based on unprotected data load in cache have been discovered that potentially facilitate access to unauthorized information.
- Variant 3: rogue data cache load
Variant 3 is also mitigated by operating system-level fixes.
Impact on Abaco and remedial actions
Our UEFI bootloaders for Intel products are based on the source code of American Megatrends Inc (AMI). AMI have released a security update for Meltdown and Spectre, which lists the three variants.
The microcode is held in the UEFI and pushed to the CPU at boot time, so will require an updated UEFI with the new microcode.
Abaco will update UEFI with the latest AMI labels that include the updated microcode as they become available. Kabylake and Broadwell label updates from AMI are already available, whilst Haswell and Broadwell DE are still pending release.
Link to AMI notification (requires account to access): Meltdown and Spectre
On an Intel board, our Power-on Built-In-Test (PBIT) firmware runs from its own SPI Flash device. The PBIT Binary in this device is stored in the Region 1 area (where the UEFI is stored in the main/recovery SPI). PBIT runs from the Region 1 area and is the boot code that runs from reset; the reset vector is part of PBIT.
PBIT runs at the highest privilege level (Ring Level 0) so it effectively runs as the kernel.
PBIT is not an operating system-run application, or run as part of some other software functionality: it does not run in the background, once an operating system is running.
Therefore, PBIT firmware is not vulnerable to Spectre or Meltdown.
However, PBIT uses FSP (Firmware Support Package) to initialize the chipset, including loading the microcode into the CPU. Abaco will therefore update the PBIT firmware for the affected products, as and when the CPU specific microcode updates become available.
With regards to our COTS SDKs and BSPs, customers should seek guidance from the operating system vendors to understand how their operating system is affected and access fixes covering variants 1 and 3 of the vulnerabilities.
Here are some links to recent publications provided by the main operating system vendors:
Microsoft recommends (in this order):
- Update your antivirus software
- Install the appropriate operating system patch
- Update the CPU microcode (via BIOS update) and device drivers with new versions that address these vulnerabilities
As noted above: we are strongly advising our customers to follow up regarding the particular operating system they are using.
UPDATE 2 February 2018
The following update to the “Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method” was published by Intel on 27th January 2018 and advises to stop deployment of recent versions of microcode.
In light of some of the stability issues that have been reported with these latest microcode releases, we are currently holding off updating any firmware (UEFI and deployed test/PBIT) and are tracking any new information released by Intel.
Further information will be provided as fixed microcode releases become available from Intel.
Update September 2018
Since our last posting in February, there have been additional vulnerabilities disclosed by Intel
Variant 3a: Rogue System Register Read
Variant 4: Speculative Store Bypass
L1 Terminal Fault (L1TF)
As stable releases of microcode have been made available by Intel, Abaco has been incorporating these updates into the latest releases of UEFI to address the vulnerabilities, with the majority of boards already updated. Please contact our Technical Support team firstname.lastname@example.org for details of available UEFI updates for our products.