Intel, AMD Processors Affected by PCIe Vulnerabilities

Posted by Bender 1 day ago

Counter11Comment3OpenOriginal

Comments

Comment by DiabloD3 1 day ago

This is kind of a shit article.

There is no "PCIe vulnerability" unless you think someone is shimming your PCIe devices on the data lines physically inside the machine.

The only people who need to consider this are people who think a state actor is putting trash chips on data lines in their expansion cards and mainboards just to perform the shim... which, yeah, encrypting it is a pretty decent way of stopping this, they already do it for both in-flight and at-rest data on SAS and NVMe drives, this just expands it to also cover everything that flows over PCIe; ex: exfiltrating unencrypted data inside a datacenter that is being sent to/from the HTTPS endpoint gateway via the NIC's unecrypted PCIe lanes.

Comment by general1465 1 day ago

This is kind of pointless endeavor - what is preventing you from shimming the RAM sticks then?

Comment by DiabloD3 16 hours ago

They already have encrypted RAM because of this.

State actors can freeze machines, pull the sticks, and then clone their contents before the sticks warm up. We've had encrypted RAM on virtually all enterprise hardware for at least a decade, maybe closer to two at this point.