Security

Until Intel provides long-term fixes to these issues, what can be done?

As you have probably gathered from our previous discussions on this subject, addressing Foreshadow (or Meltdown or Spectre) in the short-term is not simple, and involves significant trade offs. Foreshadow requires countermeasures at both the software (operating system/hypervisor) and CPU microcode level. These mitigations are different than the ones utilized for Spectre and Meltdown (Retpoline, KPTI, IBRS, STIBP, and IBPB). The mitigations for Foreshadow focus on three areas:

  • Proactively removing sensitive data from L1 cache (especially attestation keys utilized to create anonymity in SGX enclaves) through a combination of zeroing out page tables and not setting page sizes in page directory entries or in page director pointer tables.
  • Preventing inadvertent memory mappings and the running of code outside of the System Management Mode (SMM) system.
  • Ensuring that a logical core cannot access SGX data from a sister logical core (this only works if Hyperthreading is turned off, which is recommended for situations where the safety of the software running on the system cannot be guaranteed).

Like the fixes to Spectre and Meltdown, further research is ongoing in a variety of organizations to test the strength and weaknesses of these mitigation strategies, but for today these workarounds (documented on Intel’s website) are the best option that computer users and data center operators have.