It’s been at least a month or two since the last vulnerability in Intel CPUs was released, but this time it’s serious. Foreshadow is the latest speculative execution attack that allows balaclava-wearing hackers to steal your sensitive information. You know it’s a real 0-day because it already has a domain, a logo, and this time, there’s a video explaining in simple terms anyone can understand why the sky is falling. The video uses ukuleles in the sound track, meaning it’s very well produced.
The Foreshadow attack relies on Intel’s Software Guard Extension (SGX) instructions that allow user code to allocate private regions of memory. These private regions of memory, or enclaves, were designed for VMs and DRM.
How Foreshadow Works
The Foreshadow attack utilizes speculative execution, a feature of modern CPUs most recently in the news thanks to the Meltdown and Spectre vulnerabilities. The Foreshadow attack reads the contents of memory protected by SGX, allowing an attacker to copy and read back private keys and other personal information. There is a second Foreshadow attack, called Foreshadow-NG, that is capable of reading anything inside a CPU’s L1 cache (effectively anything in memory with a little bit of work), and might also be used to read information stored in other virtual machines running on a third-party cloud. In the worst case scenario, running your own code on an AWS or Azure box could expose data that isn’t yours on the same AWS or Azure box. Additionally, countermeasures to Meltdown and Spectre attacks might be insufficient to protect from Foreshadown-NG
The researchers behind the Foreshadow attacks have talked with Intel, and the manufacturer has confirmed Foreshadow affects all SGX-enabled Skylake and Kaby Lake Core processors. Atom processors with SGX support remain unaffected. For the Foreshadow-NG attack, many more processors are affected, including second through eighth generation Core processors, and most Xeons. This is a significant percentage of all Intel CPUs currently deployed. Intel has released a security advisory detailing all the affected CPUs.
Today’s CPUs are so advanced that they might as well be indistinguishable from magic, right? Wrong! Fundamentally, modern CPUs can be understood logically like any other technology, it’s just that they’re very fast, very small, and very complex, which makes it hard to get to grips with their inner workings. We’ve come a long way from the dawn of the home computer in the 80s, but what if there was something even simpler again, built in such a way as to be easily understandable? Enter the DDL-4-CPU, courtesy of [Dave’s Dev Lab].
The DDL-4 is a project to build a modular 4-bit CPU using bitslice methods. This is where computations are broken down into simple operations with two-bit inputs, which are executed with basic logic gates like NOR and XOR. This is great for building a CPU from individual parts, as logic chips are readily available and their operation is readily understood. That’s what’s used here – good old 74-series logic, which you can find just about anywhere!
The build consists of a series of modules, each on its own colourful PCB and labeled on the silkscreen. These modules can then be configured and plugged together with edge connectors to build the CPU. The work builds upon [Dave]’s earlier work on the Mega-One-8-One, a recreation of the 74181 Arithmetic Logic Unit for educational purposes.
As [Matt] from [DIY Perks] was about to assemble a new PC, he decided to take a unique direction when it came to building a case. Despite the appearance of a woodworking piece with weird industrial radiators, there is actually a full-fledged, high-end PC hidden inside.
Those radiators are a pair of almost-the-biggest-you-can-buy heatsinks — one of which has been modified to fit the graphics card. Separating the graphics card’s stock cooling fan unit cut down significantly on noise and works with the stringent space requirements of the build. Those fans however keep other components on the card cool, so [Matt] cut pieces of copper plate to affix to these areas and joined them to the heatsink with a heat pipe, bent to shape. The elm wood case then began to take shape around the graphics card — cut into pieces to accommodate the heat pipes, and sealed with black tack to dampen the ‘coil whine’ of the GPU; it turns out the likely culprit are the MOSFETs, but close enough.
Collecting old CPUs and firing them up again is all the rage these days, but how do you know if they will work? For many of these ICs, which ceased production decades ago, sorting the good stuff from the defective and counterfeit is a minefield.
Testing old chips is a challenge in itself. Even if you can find the right motherboard, the slim chances of escaping the effect of time on the components (in particular, capacitor and EEPROM degradation) make a reliable test setup hard to come by.
Enter [Samuel], and the Universal Chip Analyzer (UCA). Using an FPGA to emulate the motherboard, it means the experience of testing an IC takes just a matter of seconds. Why an FPGA? Microcontrollers are simply too slow to get a full speed interface to the CPU, even one from the ’80s.
So, how does it actually test? Synthesized inside the FPGA is everything the CPU needs from the motherboard to make it tick, including ROM, RAM, bus controllers, clock generation and interrupt handling. Many testing frequencies are supported (which is helpful for spotting fakes), and if connected to a computer via USB, the UCA can check power consumption, and even benchmark the chip. We can’t begin to detail the amount of thought that’s gone into the design here, from auto-detecting data bus width to the sheer amount of models supported, but you can read more technical details here.
The Mojo v3 FPGA development board was chosen as the heart of the project, featuring an ATmega32U4 and Xilinx Spartan 6 FPGA. The wily among you will have already spotted a problem – the voltage levels used by early CPUs vary greatly (as high as 15V for an Intel 4004). [Samuel]’s ingenious solution to keep the cost down is a shield for each IC family – each with its own voltage converter.
It might look like a random pile of wires to some, but it is far from random: [Paulo Constantino] built this 8-bit CPU himself from scratch. He built his remarkable creation using wires and 74HC shift register chips, plus a selection of LEDs to show the various registers.
Running at a maximum of 5MHz, it has an 8-bit data and address bus, although the latter can be expanded to 16 bits. It’s not mining Bitcoin (yet), but it can do things like play the Mario theme. His latest addition is the addition of the ability to write data out to flash memory, and he is looking to add a keyboard to make programming easier.
At the moment, he has to program the CPU by setting DIP jumpers. It’s an impressive, if somewhat frightening build that [Paulo] says took him a couple of days to design and a week or so to build. We’ve seen a few breadboard CPU builds, (some of which were tidier) and builds with similar shift register chips, but this one scores big in the blinky light and mad genius stakes.
Why on earth would you want an oversized replica of an outdated logic chip from nearly five decades ago, we hear you ask? The answer lies in education. If you were to embark on learning about the internals of a microprocessor by taking a modern example such as the one that powers the device on which you are reading this, you would find it to be a daunting task. Over six decades of progress in computer technology have delivered the performance enhancements that put a supercomputer in your smartphone, but at the expense of a contemporary microprocessor being an extremely complex machine which you can’t peer into for any level of understanding.
The starting point for the student of microprocessor internals often lies in the past. The technology of the early 1970s holds the fundamentals from which a modern processor can be understood, but remains simple enough to grasp in its entirety as a beginner. Registers, instruction decoders, counters, and an arithmetic/logic unit, or ALU. And for decades the 74181, as an all-in-one 4-bit ALU on a chip that you might have found in a minicomputer at the turn of the 1970s, represented the most convenient way to teach the operation of these devices. Electronic engineers and computer scientists of all ages will have encountered them as they gained their qualifications.
The PCB version of the 181 faithfully follows the original, but with modern 74LVC gates laid out as they would be in the circuit diagram of the chip, and LEDs to show logic state at the different parts of the circuit. Thus when it is used to teach ALU operation it can show every part of the device in detail in a way a real 74181 would never have done.
There once was a time when microprocessors were relatively straightforward devices, capable of being understood more or less in their entirety by a single engineer without especially God-like skills. They had buses upon which hung peripherals, and for code to run on them, one of those peripherals had better supply it.
A modern high-end processor is a complex multicore marvel of technological achievement, so labyrinthine in fact that unlike those simple devices of old it may need to contain a dedicated extra core whose only job is to manage the rest of the onboard functions. Intel processors have had one for years, it’s called the Management Engine, or ME, and it has its own firmware baked into the chip. It is this firmware, that according to a discovery by [Ronald Minnich], contains a copy of the MINIX operating system.
If you are not the oldest of readers, it’s possible that you may not have heard of MINIX. Or if you have, it might be in connection with the gestation of [Linus Torvalds]’ first Linux kernel. It’s a UNIX-like operating system created in the 1980s as a teaching aid, and for a time it held a significant attraction as the closest you could get to real UNIX on some of the affordable 16-bit desktop and home computers. Amiga owners paid for copies of it on floppy disks, it was even something of an object of desire. It’s still in active development, but it’s fair to say its attraction lies in its simplicity rather than its sophistication.
It’s thus a worry to find it on the Intel ME, because in that position it lies at the most privileged level of access to your computer’s hardware. Your desktop operating system, by contrast, sees the hardware through several layers of abstraction in the name of security, so a simple OS with full networking and full hardware access represents a significant opportunity to anyone with an eye to compromising it. Placing tinfoil hats firmly on your heads as the unmistakable thwop of black helicopters eases into the soundscape you might claim that this is exactly what they want anyway. We would hope that if they wanted to compromise our PCs with a backdoor they’d do it in such a way as to make it a little less easy for The Other Lot. We suspect it’s far more likely that this is a case of the firmware being considered to be an out-of-sight piece of the hardware that nobody would concern themselves with, rather than a potential attack vector that everyone should. It would be nice to think that we’ll see some abrupt updates, but we suspect that won’t happen.