"APIC Fail: Intel 'Sunny Cove' Chips with SGX Spill Secrets"
A group of computer scientists discovered an architectural flaw in certain recent Intel CPUs that can be exploited to reveal SGX enclave data such as private encryption keys. It is referred to as AEPIC Leak because it affects the memory-mapped registers of the local Advanced Programmable Interrupt Controller (APIC), which assists the CPU in handling interrupt requests from multiple sources to facilitate multiprocessing. The flaw was discovered by a group of researchers from Sapienza University of Rome, Graz University of Technology, Amazon Web Services, and the CISPA Helmholtz Center for Information Security and is described in the paper "AEPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture." According to the team, AEPIC Leak is the first architectural CPU bug that leaks stale data from the microarchitecture without using a side channel. The bug affects recent Intel CPUs based on the company's Sunny Cove microarchitecture. This includes Intel's 10th generation Ice Lake CPUs, its current 3rd generation Xeon scalable server CPUs (Ice Lake SP), and new 12th generation Alder Lake CPUs (Golden Cove). However, Intel claims that Alder Lake is unaffected because it does not support SGX, but admits that other CPUs not identified by the researchers may be. AEPIC Leak is not a transient execution attack, such as Meltdown, that uses a side-channel to infer sensitive data. Rather, it is the result of a chip architecture flaw similar to the Pentium FDIV or Pentium F00F bugs. The authors compare the flaw to an uninitialized memory read in the CPU. They scanned the I/O address space on Sunny Cove-based Intel CPUs and discovered that the local APIC's memory-mapped registers are not properly initialized, so reading these registers yields stale data from recent memory loads and stores that moved from the L2 to the L3 cache or vice versa. In another paper, researchers explore an attack called SQUIP, which can determine an RSA-4096 key in around 38 minutes. This article continues to discuss findings regarding ÆPIC Leak and the SQUIP attack.
The Register reports "APIC Fail: Intel 'Sunny Cove' Chips with SGX Spill Secrets"