Academic researchers developed a side-channel attack called TEE.Fail, which allows extracting secrets from the trusted execution environment in the CPU, the highly secure area of a system, such as Intel's SGX and TDX, and AMD's SEV-SNP.
The method is a memory-bus interposition attack on DDR5 systems that could be successfully done by computer hobbyists a cost of less than $1,000.
Trusted Execution Environments (TEEs) are “confidential computing” hardware within the main processor that ensure confidentiality and integrity of sensitive data, like cryptographic keys used for authentication and authorization.
This environment is isolated from the operating system and creates protected regions of memory where code and data can run securely.
Researchers from Georgia Tech and Purdue University note that modern implementations of Intel SGX, Intel TDX, and AMD SEV-SNP are no longer as secure as advertised, due to architectural trade-offs in recent generations.
Specifically, TEEs moved from client CPUs to server-grade hardware using DDR5 memory, which adopted deterministic AES-XTS memory encryption and stripped away memory integrity and replay protections in favor of performance and scalability.
Their experiments confirmed that it is possible to exploit these weaknesses for key extraction and attestation forgery. TEE.Fail is the first DDR5-based ciphertext attack, extending prior DDR4 work like WireTap and BatteringRAM.
Attack and implications
The attack requires physical access to the target as well as root-level privileges for Kernel driver modification, but no chip-level expertise.
In the technical paper, the researchers explain that they were able to capture the signal reliably by reducing the system’s memory clock to 3200 MT/s (1.6 GHz). For this, they attached a RDIMM riser and a custom probe isolation network between a DDR5 DIMM and the motherboard.
... continue reading