CVE-2022-0005 Intel SGX sensitive information may be accessible via JTAG probing. This may allow information disclosure.

This issue applies to systems using an Intel(R) Processor with SGX. Physical probing of the JTAG interface (via scan-test or similar) may enable information disclosure via physical access. Intel(R) has provided the following recommendations for mitigations: Do not physically probe the JTAG interface on Intel(R) Processors with SGX.

VEXMHC is not enabled by default on Intel(R) Processors with SGX. Therefore, systems must explicitly enable VEXMHC through the BIOS/UEFI. If configuring VEXMHC, avoid setting the SGX feature bit. Instead, disable SGX via the BIOS/UEFI.

When setting the SGX feature bit, carefully consider the security implications and operational impact.

VEXMHC

VEXMHC is a feature used by Intel(R) Processors with SGX to protect sensitive data from unauthorized access. In systems configured to use VEXMHC, the system memory is protected in case of a power loss or other volatile event.
VEXMHC helps protect the SGX feature bit and physically protects the flash memory on the platform. If VEXMHC is enabled, persistent data can't be moved outside of RAM during power loss. This helps prevent bad actors from accessing sensitive data on systems with VEXMHC enabled.

VEX MHC

VEXMHC is a feature available on Intel(R) Processors with SGX that provides a new memory management unit (MMU) in addition to the existing MMU. The VEXMHC MMU allows programs that typically do not use physical addresses to use them.
In practice, this means that VEXMHC can be used to provide virtualization support for operating systems like Linux(R), Xen(R), and Windows Server 2008(R). For example, the system running Linux could run as a guest OS on top of the Intel(R) Processor with SGX, while still having access to physical memory addresses.

VEXMHC and Intel SGX

VEXMHC is a vulnerability mitigation feature available on Intel(R) Processors with SGX. By default, VEXMHC is disabled on Intel(R) Processors with SGX.

VexMhc enables features of the BIOS/UEFI to be secured and modified when running in full virtualization mode with SGX enabled. It also provides additional protection against system-level attacks, such as hypervisor privilege escalation, by enforcing limits on hypervisors and guest OSes.
Intel(R) recommends that systems with VEXMHC enabled should not be operated without proper precautions, as malicious actors may be able to extract sensitive information from the VEXMHC memory space.

VEXMHC in Intel Processors with SGX

When Intel processors with SGX are enabled, they can perform operations without requiring a login. They also support confidential transactions. The VEXMGA feature enables most of these capabilities. Intel(R) has provided the following recommendations for mitigations:

VEXMHC is not enabled by default on Intel(R) Processors with SGX. Therefore, systems must explicitly enable VEXMHC through the BIOS/UEFI.
If configuring VEXMHC, avoid setting the SGX feature bit. Instead, disable SGX via the BIOS/UEFI.

Timeline

Published on: 05/12/2022 17:15:00 UTC
Last modified on: 06/01/2022 17:04:00 UTC

References

• https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00614.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0005