Foreshadow: Extracting the Keys to the Intel SGX Kingdom

This is _bananas_.<p>- Unlike previous speculative execution attacks against SGX, this extracts memory &quot;in parallel&quot; to SGX, instead of attacking the code running in SGX directly. It always works: it doesn&#x27;t require the SGX code to run and it doesn&#x27;t require it to have any particular speculative execuction vulnerability. This also means existing mitigations like retpolines don&#x27;t work.<p>- It lets you extract the sealing key and remote attestation. That&#x27;s about as bad as it gets.<p>- The second attack that fell out of this allows you to read arbitrary L1 cache memory, across kernel-userspace or even VM lines (and even reading ring -2 aka SMM).<p>If there was any doubt left that speculative execution bugs were an entire new class and not just a one-off gimmick...

AWS bulletin: <a href="https:&#x2F;&#x2F;aws.amazon.com&#x2F;security&#x2F;security-bulletins&#x2F;AWS-2018-019&#x2F;" rel="nofollow">https:&#x2F;&#x2F;aws.amazon.com&#x2F;security&#x2F;security-bulletins&#x2F;AWS-2018-...</a><p>Amazon Linux bulletin: <a href="https:&#x2F;&#x2F;alas.aws.amazon.com&#x2F;ALAS-2018-1058.html" rel="nofollow">https:&#x2F;&#x2F;alas.aws.amazon.com&#x2F;ALAS-2018-1058.html</a><p>TL;DR: AWS is patched. Go update your kernel (especially if you run other people&#x27;s code).