Altra SPI-NOR SMC

Bulletin ID: AMP-SB-0002
Potential Impact: An untrusted hypervisor can potentially allow a user to write to the SPI-NOR
Severity: CVSS score: 5.3 (Medium)

Summary

On Ampere Altra and Altra Max devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component.

Who is Impacted

Customers using SRP versions less than 1.09 on Altra, or less than 2.10 on Altra Max and deploying bare-metal servers for external or untrusted customers

Potential Impact

An untrusted hypervisor can potentially allow a user to write to the SPI-NOR

Severity

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS score: 5.3 (Medium)

Problem Statement and Impact

Prior to SRP 1.09 (Altra) and 2.10 (Altra & Altra Max) the implementation of the SMC protection included seed hashing authentication for all run-time SPI-NOR accesses. The Altra SPI-NOR interface exposed a SPI-NOR proxy interface with no knowledge of its contents and provided access to the UEFI persistent storage area. Because the interface was a direct SPI-NOR interface without knowledge of the UEFI variable, it could not distinguish between a UEFI run-time variable and a boot-time variable. In addition, in a bare metal deployment, the platform owner does not control the hypervisor code. Therefore, the hypervisor is untrusted and can potentially impact the system because it can gain access to the UEFI SMC authentication seed by scanning the UEFI data segment. Reported by Oracle and discovered by internal Oracle security researcher Hugo Magalhaes.