Last May, Intel released firmware patches for vulnerabilities affecting several hardware security features in its chipsets that are used for digital rights management, device attestation, firmware validation, safe storage of cryptographic keys, disk encryption and more. A team of security researchers now warns that one of those flaws is actually unpatchable and could lead to a complete compromise of the cryptographic chain of trust in Intel-based systems with potentially disastrous implications for technologies built on top of it.
“The scenario that Intel system architects, engineers and security specialists perhaps feared most is now a reality,” researchers from security firm Positive Technologies said in a report released today. “A vulnerability has been found in the ROM of the Intel Converged Security and Management Engine (CSME). This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms.”
The unpatchable CSME flaw
When Positive Technologies found the vulnerability and reported it to Intel, it learned that it had already been reported by an external Intel…