Platypuses are fascinating animals: While they are mammals, they also lay eggs, and males can detect electrical signals with their bill. Likewise to the Platypus that uses its ability to find food even in complete darkness, we sense secrets in the processor's energy measurements using Intel RAPL.Intel may not be the only one affected. The security researchers speculate AMD's server processors may have a similar vulnerability starting with the Rome generation. Furthermore, other vendors like ARM, NVIDIA, Marvell and Ampere may also be affected.
Using PLATYPUS, we demonstrate that we can observe variations in the power consumption to distinguish different instructions and different Hamming weights of operands and memory loads, allowing inference of loaded values. PLATYPUS can further infer intra-cacheline control flow of applications, break KASLR, leak AES-NI keys from Intel SGX enclaves and the Linux kernel, and establish a timing-independent covert channel.
With SGX, Intel released a security feature to create isolated environments, so-called enclaves, that are secure even if the operating system is compromised. In our work, we combine PLATYPUS with precise execution control of SGX-Step. As a result, we overcome the hurdle of the limited measuring capabilities of Intel RAPL by repeatedly executing single instructions inside the SGX enclave. Using this technique, we recover RSA keys processed by mbed TLS from an SGX enclave.
Linux tech site Phoronix reports there's a new Linux update with a CPU microcode update to protect against PLATYPUS and other bugs.