The expert Positive Technologies has discovered the possibility of disclosure of encryption keys in Intel ME

Image: Unsplash

Intel has removed a serious vulnerability in the Intel ME firmware. Positive Technologies expert Dmitry Sklyarov discovered an error in the operation of the security mechanisms of MFS, the file system that ME uses to store data. As a result of exploiting this vulnerability, attackers can manipulate the state of MFS and extract some important secrets.
')
The Intel ME (Management Engine) subsystem uses MFS for storage (presumably short for ME File System). MFS security mechanisms actively use cryptographic keys. Confidentiality keys are used to ensure the secrecy of data stored in the MFS, and Integrity keys are used for integrity control. The data placed in the MFS, in order of importance, are divided into two categories, and are protected by different sets of keys. For the most sensitive data, Intel keys are used, and for everything else - Non-Intel keys. Thus, four keys are used: Intel Integrity key, Non-Intel Integrity key, Intel Confidentiality key and Non-Intel Confidentiality key.

In 2017, Positive Technologies experts Mark Yermolov and Maxim Goryachiy discovered a vulnerability , the exploitation of which allows getting all four keys and completely compromising the security mechanisms of MFS.

Intel later released an update closing this vulnerability. The value of SVN (Secure Version Number) was increased - this step should have led to the upgrade of all keys and return the MFS security to the planned level. Receiving MFS keys for updated ME firmware (with a new SVN value) should not be possible.

However, already in 2018, Positive Technologies expert Dmitry Sklyarov discovered the CVE-2018-3655 vulnerability, described in the Intel-SA-00125 newsletter . The essence of the problem lies in the fact that Non-Intel keys depend on the value of SVN and the underlying unchangeable secret of the subsystem. And this secret can be obtained if you use JTAG debugging, which can be enabled using a previous vulnerability. Knowledge of the base secret of the subsystem allows you to calculate both Non-Intel keys - and all this is already in the new firmware version.

Thus, an attacker can calculate the Non-Intel Integrity key and the Non-Intel Confidentiality key for the firmware with the updated SVN value, and therefore compromise those MFS security mechanisms that rely on these keys.

Non-Intel Integrity key is used to control the integrity of all directories - knowing it, you can add and delete files, change their security attributes. Also, this key is tied to the protection of anti-replay-tables - a mechanism designed to prevent the replacement of the contents of some files by their previous versions. And knowing the key, anti-replay mechanisms will be easy to get around. Non-Intel Confidentiality key is used to encrypt some files. For example, with its help the AMT password is encrypted.

By consistently exploiting vulnerabilities found by Positive Technologies experts in 2017 and 2018, an attacker can interfere with ME’s work and retrieve confidential data. Operation of vulnerabilities is hampered by the need for physical access to the device, but still this is an extremely serious security error.

Experts at Positive Technologies found a number of vulnerabilities in the Intel ME firmware. So Mark Yermolov and Maxim Goryachy told about the vulnerability they discovered at the Black Hat Europe conference. At the same conference, Dmitry Sklyarov spoke in detail about the ME file system device.

In addition, experts at Positive Technologies learned how to disable the Intel ME subsystem using the undocumented mode and showed how to enable JTAG debugging in a special webinar .