In our vulnerability disclosure procedure for Thunderspy, Intel has stated that Kernel DMA Protection (kDMAp) mitigates the Thunderspy vulnerabilities. While this protection may address the DMA attack vector portion of Thunderspy, it is only available on a limited number of systems shipping since 2019. Hence, all systems released between 2011-2019, and more recent systems that do not ship Kernel DMA Protection, will remain fully vulnerable to Thunderspy forever.
kDMAp is meant to limit the memory region that attached devices can see. This requires support by the operating system as well as from the CPU. However, Intel CPUs since the Haswell series (2013) can support memory virtualization and are thus in principle able to support kDMAp with a recent operating system (Windows or Linux), yet none of them support kDMAp and Intel's response to Thunderspy did not provide any upgrades or patches.
In our research we found that kDMAp support is controlled by certain software settings and can be enabled on older computers if the operating system and the CPU can support it. Thunderspy 2 provides two ways to patch systems to support kDMAp. We offer the software for the end user to fix their own systems, but expect that computer manufacturers and vendors will use the same approach to provide this service to their customers. We hope that Intel demonstrates that they care about users and provides a BIOS or UEFI upgrade.
Kernel DMA
Protection
PatcherThunderspy 2 PoC in Action
Patching kDMAp onto the victim laptop from Thunderspy 1
Our PoC demo for the Thunderspy attack was a Lenovo P1 from 2019 which did not have support for kDMAp. We showed how the attack can be used to bypass screen locking and thus get access to all data.
In our PoC video for Thunderspy 2, we show a Dell laptop from 2017, thus manufactured long before kDMAp-support became available, after applying the Thunderspy 2 patch. The operating system confirms that kDMAp is enabled and attaching a malicious device prompts the same reaction under DMA attacks as for systems that natively support kDMAp.
Full Summary
Thunderbolt is a high-bandwidth interconnect promoted by Intel and included in laptops, desktops, and other systems. Thunderbolt devices possess Direct Memory Access (DMA)-enabled I/O. One of the exploitation scenarios in Thunderspy 1 is to use the vulnerabilities to get the host computer to accept connections from a malicious Thunderbolt device which then uses DMA to bypass the login screen and to get to the user data.
Kernel DMA Protection (kDMAp) is a term coined by Intel and used by Microsoft Windows and by Linux. It describes a mechanism by which the computer memory is partitioned so that each device gets its own region. This is meant to stop attacks such as the above as the malicious device would not be able to read data outside its range. In our Thunderspy 1 documentation we explain that kDMAp can only partially mitigate the attacks; the Thunderspy 1 vulnerabilities still permit attacks similar to BadUSB.
A major problem with Intel's response being restricted to recommending the use of kDMAp is that it is only available on recent hardware. No systems shipped before 2019 support it, no matter how recent the operating system. We also found several more recent laptops which did not offer support, leaving consumers with vulnerable devices.
To understand how kDMAp could work as a mitigation on supported systems, we need some details of how it works. The partitioning of memory is done by an Input–output memory management unit (IOMMU), Intel CPUs since the Haswell generation (2013) contain an IOMMU, but these were not used to control DMA via Thunderbolt connectors. Support of kDMAp was included in Windows with release 1803 in March 2019 and in Linux with Kernel 5.0. However, kDMAp also requires support in the UEFI (BIOS) and we identified this as the main obstacle to providing kDMAp to more systems.
In our ongoing investigation we found out that support for kDMAp is signaled during the boot process by an entry in the DMAR table. Changing this value on older systems, which do not natively claim support for kDMAp, makes the operating system use the IOMMU features of the CPU to partition the memory. Systems booted this way behave the same way as systems that support kDMAp natively, both in terms of functionality as well as defense. We tested that Thunderbolt access continues to work for authorized devices at high speed, including for external graphics cards. and that attempting to do a DMA attack causes the system to crash / bluescreen, which is the same reaction as for systems with native kDMAp support.
Thunderspy 2 provides two options that aim to bring kDMAp to Thunderbolt-equipped systems that do not ship kDMAp, but do satisfy all hardware and firmware requirements. These options are
- kdmap-patcher: An experimental, OS-agnostic UEFI extension that serves as a drop-in patch requiring no changes to the operating system.
- Upgrading ACPI tables via initrd: A guide outlining how to manually patch the ACPI DMAR table on Linux.
We want to stress that these countermeasures are experimental, that these only protect during OS runtime, and at best provide the same level of security that kDMAp offers. Further research is required to analyze the security of the IOMMUs. The strongest countermeasure is to disable the use of Thunderbolt entirely. For details see I have an affected system. How can I protect myself? on the Thunderspy 1 page.
Software provided in Thunderspy 2 is meant for patching systems to enable support for kDMAp. Use for attacks is explicitly excluded.