QuickPath/UltraPath link encryption?

By: Aaron Spink (aaronspink.delete@this.notearthlink.net), December 12, 2018 7:02 am
Room: Moderated Discussions
Jeff S. (fakity.delete@this.fake.com) on December 11, 2018 7:54 pm wrote:
> Not my call unfortunately. The whole endeavor falls within the territory of examining all
> options by executive decree. If I can just say though "a physical attack could be done for
> $10M by making and infiltrating X", things would actually be over, but if the link encryption
> actually turns out to be strong and effectively impossible to MitM without some private
> key from Intel, proponents would still likely push for SGX-based deployments.
The simple reality is that you aren't going to MitM any high speed link without a custom board and multiple millions of dollars of large bulky equipment. You can't just put some contacts onto the board and get a viable working signal. In actual bring up, etc, these things are designed such that you can trace out the interface digital signals on unused ports because trying to do it any other way is basically impossible. And even then it is severely limited (much lower datarates than used in production hardware). I should know, I designed the QPI link layer. And I highly doubt that the mirror port functionality is exposed without utilizing an internal encrypted debug mode device (simple JTAG won't do it, you need special support hardware that is highly restricted and authenticated on every use, which is wise because in debug you need to have access and do things that you would never want to be available in any shipping hardware).

In order to even contemplate a MitM attack, someone would have to swap out the boards of the machines with custom boards that are much bulkier than actual production boards, design a custom ASIC, etc. You are well beyond $10M at that point.

Also, I highly doubt AMD is doing actual (useful) encryption on their link layer. At best they are probably scrambling it via LFSR. It is simply not that useful to usefully encrypt the link layer (and certainly not on chip). I find no references anywhere for encryption of IF and all documentation has the AES engine within the memory controller hardware.

Also relying on patents for what is actually in processors is dubious at best. Patents tend to be filed on lots of things that doesn't end up in actual hardware.

The reality is that the hardware interfaces are the least of your problems. The software interfaces will be the go to way to get into anything.
< Previous Post in ThreadNext Post in Thread >
TopicPosted ByDate
QuickPath/UltraPath link encryption?Jeff S.2018/12/11 02:16 PM
  QuickPath/UltraPath link encryption?Anon2018/12/11 05:09 PM
    QuickPath/UltraPath link encryption?Jeff S.2018/12/11 08:54 PM
      QuickPath/UltraPath link encryption?Anon2018/12/12 04:18 AM
      QuickPath/UltraPath link encryption?Aaron Spink2018/12/12 07:02 AM
        QuickPath/UltraPath link encryption?Jeff S.2018/12/12 10:03 AM
          QuickPath/UltraPath link encryption?Aaron Spink2018/12/12 02:22 PM
            QuickPath/UltraPath link encryption?Jeff S.2018/12/12 04:04 PM
Reply to this Topic
Body: No Text
How do you spell green?