question

mario-ab avatar image
1 Vote"
mario-ab asked PV-3115 answered

Azure Confidential Computing machines affected by Load Value Injection

The Confidential Computing machines offered on Azure (DCsV2) seem to be affected by the LVI (Load Value Injection) vulnerability CVE-2020-0551. In particular, the Intel Attestation Service responds to an SGX remote attestation verification request for quotes generated by the Azure machines with the result "SW_HARDENING_NEEDED" and points to the security advisory SA-00334. This causes the official Intel Remote Attestation sample app to fail with the error "Enclave NOT TRUSTED". For our use case it would be crucial that the IAS returns with a (fully) positive result. Will Microsoft Azure offer machines that are not affected by this vulnerability in the near future?

azure-virtual-machines
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Some related links (for some reason I wasn't able to post the question with them in the text):

0 Votes 0 ·

@mario-ab

Apologies in delayed response.
I am checking with internal team on this.

0 Votes 0 ·

@mario-ab

Please 'Accept as answer' if the provided information is helpful, so that it can help others in the community looking for help on similar topics.

0 Votes 0 ·
vipullag-MSFT avatar image
0 Votes"
vipullag-MSFT answered

@mario-ab

Below is the information I got from internal team on your ask.

From the security advisory published by Intel, an attestation response may report “SW_HARDENING_NEEDED” for attestation requests originating from Intel® SGX-enabled platforms, informing that the hardware and firmware are updated and compliant. Further hardening is possible via software to mitigate INTEL-SA-00334. In this case, a Remote Attestation Verifier should evaluate the potential risk of an attack on these platforms and whether the attesting enclave employs adequate software hardening to mitigate the risk. This is an opt-in mitigation that needs to be enabled by enclave application based on their risk averse customers needs to choose the appropriate level of mitigation but it is a must have for the Intel PSW components (Architectural Enclaves) for which Intel has already released an update and users need to make sure they are running the latest PSW. As per the documentation, the software SDK needs the latest Intel SGX PSW 2.7.100.2 or above for Windows* and 2.9.100.2 or above for Linux. The app can be updated to use the latest Intel SGX SDK or OpenEnclave SDK, which have opt-in mitigation's for the Load Value Injection vulnerability.

Hope that helps.

Please 'Accept as answer' if it helped, so that it can help others in the community looking for help on similar topics.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

mario-ab avatar image
1 Vote"
mario-ab answered

Thanks @vipullag-MSFT for your response. I know what it means and what additional measures need to be taken to mitigate the risk. However, my question was not about that, but if you're going to update your confidential computing offering to include machines that aren't affected by LVI/CVE-2020-0551/INTEL-SA-00334 at all (according to https://lviattack.eu/, "the most recent Icelake Core-family processors appear unaffected by LVI"). As I understand it, for quotes from those platforms the response would be "OK" instead of "SW_HARDENING_NEEDED". Can you tell me if such an update is planned and and if yes, when it can be expected?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

vipullag-MSFT avatar image
0 Votes"
vipullag-MSFT answered

@mario-ab

I confirmed this with internal team and the team is always working with our hardware partners on improvements for future hardware.

At this time, we cannot comment on if or when new hardware or features will be available in Azure.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PV-3115 avatar image
0 Votes"
PV-3115 answered

Hi.

I'm digging this topic out because, as of today, the issue still exists (at least on DC1s_v2).

Any updates?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.