Most likely, you’re aware of the hardware “protection rings” in Intel Architecture processors — the familiar “Ring 0” for the kernel through “Ring 3” for userland. But, have you ever heard of “rings” “minus one” through “minus three”? If not, you’re missing out on three entire levels of processor vulnerabilities.

您很可能知道英特尔架构处理器中的硬件“保护环”，即熟悉的内核“ Ring 0”和内核的“ Ring 3”。 但是，您是否听说过“铃声”，“减一”到“减三”？ 如果不是这样，您将错过三个完整级别的处理器漏洞。

环0到环3 (Ring 0 Through Ring 3)

In Intel Architecture (IA) processors, there are four protection rings, which are implemented in hardware using two bits in the Segment Descriptor Table, called the Descriptor Privilege Level (DPL) bits. The hardware logic behind the rings allows processes running at a given privilege level to access memory at that privilege level (ring number) or higher. Thus, anything running in Ring 0 (DPL of 0) can access anything in any of the other positively-numbered rings. Likewise, anything running in Ring 3 (DPL of 3) can only access other Ring 3 memory. [See notes 1 and 2.]

在英特尔架构(IA)处理器中，有四个保护环，它们是通过使用段描述符表中的两位(称为描述符特权级别(DPL)位)在硬件中实现的。 环后面的硬件逻辑允许以给定特权级别运行的进程访问该特权级别(环号)或更高级别的内存。 因此，在环0(DPL为0)中运行的任何对象都可以访问任何其他正数环中的任何对象。 同样，在Ring 3(DPL为3)中运行的任何对象都只能访问其他Ring 3内存。 [见注1和2。]

In normal usage, the rings are allocated as follows:

在正常使用中，环分配如下：

• Ring 0: Kernel (Highest Privilege)环0：内核(最高特权)
• Ring 1: Device Drivers环1：设备驱动程序
• Ring 2: Device Drivers环2：设备驱动程序
• Ring 3: User Applications (Lowest Privilege)第三环：用户应用程序(最低特权)

This concept is illustrated in the “Standard IA Protection Rings” drawing, below. The way to view these rings is that you can only access outward, to a higher-numbered ring. That is, you can never access inward, to a lower-numbered ring.

下面的“标准IA保护环”图对此概念进行了说明。 查看这些环的方法是您只能向外访问编号较高的环。 也就是说，您永远无法向内访问编号较小的环。

There are some variations to how the rings are used, but the access limitations remain the same. For example, in many cloud environments, the hypervisor sits in Ring 0, a user’s kernel is in Ring 1, that user’s device drivers are in Ring 2, and that user’s Applications are in Ring 3. This concept is illustrated in the “Alternate (Cloud) IA Protection Rings” drawing, below.

环的使用方式有所不同，但是访问限制保持不变。 例如，在许多云环境中，系统管理程序位于Ring 0，用户内核位于Ring 1，用户的设备驱动程序位于Ring 2，而用户的Applications位于Ring3。该概念在“替代(云)IA保护环”图，如下。

让我们变得负面！ (Let’s Get Negative!)

On Intel Architecture chipsets, there are three more levels of privilege, all with a higher-level privilege than the operating system’s kernel. We call those “Ring ‑1” through “Ring ‑3,” with Ring ‑1 (pronounced, “ring minus one”) being the least privileged of the negative rings, and Ring ‑3 being the most privileged. Thus, Ring ‑3 can access anything in Ring ‑3 through Ring 3. And Ring ‑2 can access anything in Ring ‑2 through Ring 3, but it cannot access Ring ‑3.

在英特尔架构芯片组上，具有三个以上的特权级别，所有特权级别均比操作系统内核更高。 我们称这些环为“环-1”到“环-3”，其中环-1(发音为“环减一”)是负环中特权最小的，环-3是特权最大。 因此，Ring‑3可以访问Ring‑3到Ring 3中的任何内容，而Ring‑2可以访问Ring‑2到Ring 3中的任何内容，但是它不能访问Ring‑3。

Now, allow me to emphasize a point: Negative rings are conceptual levels of privilege, not actual processor protection rings.

现在，让我强调一点： 负环是 概念 特权级别，而不是实际的处理器保护环。

Unlike the “positive rings,” which are implemented in hardware with a pair of bits to specify the Ring number, no equivalent set of bits exist to specify negative ring numbers. There are bits that specify state for Rings ‑1 and ‑2; and, Ring ‑3 is actually a separate processor within the processor chipset. We will briefly discuss how the processor knows it is running a process in a negative ring when we cover that ring.

与“正环”不同，“正环”在硬件中用一对位来指定环号，而没有等效的位集来指定负环号。 有一些位指定环-1和环2的状态。 并且，Ring‑3实际上是处理器芯片集中的一个独立处理器。 我们将简要讨论当覆盖该环时，处理器如何知道它正在负环中运行进程。

Each of the negatively numbered rings is reserved for a specific use. That assignment is as follows:

每个负编号的环都保留用于特定用途。 分配如下：

• Ring ‑1: Hypervisor环‑1：管理程序
• Ring ‑2: System Management Mode (SMM)第2环：系统管理模式(SMM)
• Ring ‑3: Management Engine (ME)第3环：管理引擎(ME)

This concept is illustrated in the IA Negative Rings drawing. Again, the way to view these rings is that you can only access outward, to a higher-numbered ring. That is, you can never access inward, to a lower-numbered ring.

IA Negative Rings图中说明了这一概念。 同样，查看这些环的方法是您只能向外访问编号较高的环。 也就是说，您永远无法向内访问编号较小的环。

Thus, the complete view of the ring architecture becomes:

因此，环形体系结构的完整视图变为：

• Ring ‑3: Management Engine (ME) {Highest Privilege}第3环：管理引擎(ME){最高特权}
• Ring ‑2: System Management Mode (SMM)第2环：系统管理模式(SMM)
• Ring ‑1: Hypervisor环‑1：管理程序
• Ring 0: Kernel环0：内核
• Ring 1: Device Drivers环1：设备驱动程序
• Ring 2: Device Drivers环2：设备驱动程序
• Ring 3: User Applications {Lowest Privilege}第三环：用户应用程序{最低特权}

Now, let’s take a look at each of the negative rings in more detail.

现在，让我们更详细地了解每个负环。

环‑1：管理程序 (Ring ‑1: Hypervisor)

First, we need to clarify what type of hypervisor we are discussing. There are two widely-recognized types of hypervisors:

首先，我们需要弄清楚我们正在讨论哪种类型的管理程序。 有两种公认的虚拟机管理程序类型：

• Type 1 Hypervisors, which run on “bare metal.”类型1虚拟机管理程序，在“裸机”上运行。
• Type 2 Hypervisors, which are “hosted.”类型2虚拟机管理程序，“托管”。

A type 1 hypervisor has actual control of the computer. It is what boots upon startup. Examples of type 1 hypervisors include: VMware ESXi, Microsoft Hyper-V, and Linux KVM.

类型1虚拟机管理程序可以实际控制计算机。 它是启动时启动的。 类型1虚拟机管理程序的示例包括：VMware ESXi，Microsoft Hyper-V和Linux KVM。

A type 2 hypervisor runs as an application under the computer’s operating system. Examples of type 2 hypervisors include: VMware Workstation and Fusion, Microsoft Virtual PC, and Oracle VM VirtualBox.

类型2虚拟机管理程序在计算机的操作系统下作为应用程序运行。 类型2虚拟机管理程序的示例包括：VMware Workstation和Fusion，Microsoft Virtual PC和Oracle VM VirtualBox。

For purposes of the following discussion, “hypervisor” always refers to Type 1 Hypervisors, unless explicitly stated otherwise.

出于以下讨论的目的，“超级管理程序”始终是指1类管理程序，除非另有明确说明。

Virtualization must be enabled via a firmware setting to enable the bare metal boot of a hypervisor. When virtualization is set, that enables the Virtual Machine eXtensions (VMX) in the Intel processor. Whenever VMX is enabled, the processor runs in one of two modes:

必须通过固件设置启用虚拟化，以启用虚拟机管理程序的裸机启动。 设置虚拟化后，将在Intel处理器中启用虚拟机扩展(VMX)。 每当启用VMX时，处理器就会以以下两种模式之一运行：

• VMX Root, orVMX根目录，或
• VMX non-Root.VMX非根目录。

VMX Root is the mode in which the hypervisor runs. In VMX Root, the hypervisor has access to special virtualization instructions unavailable to any other processes. The hypervisor runs with DPL set to 0. But, the hypervisor (running in VMX Root mode) is isolated from the virtualized guest operating system whose kernel runs in VMX non-Root mode, with its virtual DPL also set to 0.

VMX根是管理程序运行的模式。 在VMX Root中，管理程序可以访问其他任何进程都无法使用的特殊虚拟化指令。 系统管理程序在DPL设置为0的情况下运行。但是，系统管理程序(以VMX Root模式运行)与虚拟化来宾操作系统隔离，该操作系统的内核以VMX非Root模式运行，其虚拟DPL也设置为0。

Thus the boot process becomes:

因此，引导过程变为：

• Firmware enables VMX.固件启用VMX。
• Firmware boots the hypervisor and passes control to it. It runs in VMX Root DPL 0.固件引导管理程序并将控制权传递给它。 它在VMX Root DPL 0中运行。
• Hypervisor then boots each guest operating system kernel. Each guest runs in VMX non-Root, with each operating system’s kernel running in their own virtualized DPL 0.然后，系统管理程序将引导每个来宾操作系统内核。 每个来宾都在VMX非根目录下运行，每个操作系统的内核都在其自己的虚拟化DPL 0中运行。
• Each guest operating system then performs its normal startup procedures.然后，每个来宾操作系统执行其正常的启动过程。

Again, this is a vastly oversimplified summary of what occurs when running a bare-metal hypervisor. I do need to add one point of clarity: When a virtualized process runs, it runs with the processor’s actual protection level set to its virtualized DPL. That is, both the hypervisor and each guest operating system kernel are going to run in Ring 0. However, the processor’s virtualization technology prevents a guest operating system from accessing either the hypervisor’s memory space or the memory space of another guest operating system.

同样，这是运行裸机管理程序时发生的事情的过于简化的摘要。 我确实需要增加一点明确性：虚拟化进程运行时，它将在处理器的实际保护级别设置为虚拟化DPL的情况下运行。 也就是说，系统管理程序和每个来宾操作系统内核都将在环0中运行。但是，处理器的虚拟化技术阻止来宾操作系统访问系统管理程序的内存空间或另一个来宾操作系统的内存空间。

To clarify that the hypervisor is more privileged than the guest operating systems (which run with a VMX non-Root DPL 0), the hypervisor’s VMX Root protection level is referred to as “Ring ‑1” (which is, in reality, VMX Root DPL 0).

为了阐明虚拟机管理程序比来宾操作系统(使用VMX非根DPL 0运行)具有更高的特权，虚拟机管理程序的VMX根保护级别称为“环-1”(实际上是VMX根) DPL 0)。

Confused? Yeah, I know it’s confusing. But, you don’t have to understand all these gory details to grok that the hypervisor is running at a level more privileged than the guest operating systems’ kernel (Ring 0), and that privilege level is referred to as Ring ‑1.

困惑？ 是的，我知道这很令人困惑。 但是，您不必了解所有这些繁琐的细节即可知道虚拟机管理程序所运行的特权级别高于客户机操作系统的内核(Ring 0)，并且该特权级别称为Ring -1。

第2环：系统管理模式(SMM) (Ring ‑2: System Management Mode (SMM))

To understand SMM, the first concept that’s needed is that of processor modes. [3]

要了解SMM，首先需要的概念是处理器模式。 [3]

When the processor comes out of reset (such as after power-on or reboot), the processor is in “Real Address Mode” (usually called “real mode”). In real mode, all memory addresses are real addresses (no virtual memory), there is no memory protection, and the processor instruction set is limited.

当处理器退出复位状态(例如，在开机或重新启动后)时，处理器将处于“ 实地址模式 ” (通常称为“实模式”)。 在实模式下，所有内存地址均为实地址(无虚拟内存)，没有内存保护，并且处理器指令集受到限制。

While in real mode, the processor’s firmware (BIOS, UEFI, etc.) performs several initialization tasks, including installing the system management software into memory. It then loads special processor registers with the memory address range occupied by the system management software and its software interrupt table. Once this initialization of the system management software is completed, its memory space “disappears” from available memory.

在实模式下，处理器的固件(BIOS，UEFI等)执行一些初始化任务，包括将系统管理软件安装到内存中。 然后，它将特殊的处理器寄存器加载到系统管理软件及其软件中断表所占用的内存地址范围中。 系统管理软件的初始化完成后，其存储空间将从可用内存中“消失”。

Once the firmware has completed its initializations, it switches the processor into “Protected Mode,” which enables memory protection (“rings”), memory virtualization, and other hardware-level memory protection and management capabilities. (In 64-bit processors, there are additional modes added, but we will not cover them here.)

固件完成初始化后，它将处理器切换到“ 保护模式 ” ，从而启用内存保护(“环”)，内存虚拟化以及其他硬件级别的内存保护和管理功能。 (在64位处理器中，添加了其他模式，但在此不介绍它们。)

What is this “system management” software installed by the processor’s firmware? Typically, it is the OEM’s computer-specific software for power, thermal, and other hardware management. Sometimes vendor-specific security software is also installed as a system management component.

处理器的固件安装了什么“系统管理”软件？ 通常，它是OEM的计算机专用软件，用于电源，热量和其他硬件管理。 有时，特定于供应商的安全软件也作为系统管理组件安装。

The system management software only executes when the processor is in “System Management Mode” (SMM). SMM is the highest priority processor state that exists. When entering SMM, all other processes on the system are suspended, and processor state is saved. The processes have no awareness they have been interrupted. Upon exiting SMM, processor state is restored, and processing resumes as though no interruption had occurred. SMM program execution is completely transparent to the entire rest of the processor.

仅当处理器处于“ 系统管理模式 ” (SMM)时，系统管理软件才会执行。 SMM是存在的最高优先级处理器状态。 进入SMM时，系统上的所有其他进程都将挂起，并保存处理器状态。 进程不知道它们已被中断。 退出SMM后，处理器状态将恢复，并且好像没有发生中断一样，恢复处理。 SMM程序的执行对处理器的其余部分完全透明。

There are three ways which SMM can be entered:

可以通过三种方式输入SMM：

• Hardware triggered, via a System Management Interrupt (SMI). That is, there is a physical pin on the processor chip, which, when activated, causes the processor to enter SMM.通过系统管理中断(SMI)触发硬件。 也就是说，处理器芯片上有一个物理引脚，当激活时，该引脚会导致处理器进入SMM。
• Software triggered, via an interrupt triggered through the Advanced Programmable Interrupt Controller (APIC).通过高级可编程中断控制器(APIC)触发的中断触发软件。
• Clock triggered, via a timer within the system management software. (This is actually a software triggered event. But, I mention it separately because I want to point out that the system management software itself can trigger its own execution.)通过系统管理软件中的计时器触发时钟。 (这实际上是一个软件触发的事件。但是，我要单独提及它，因为我想指出系统管理软件本身可以触发自己的执行。)

When in SMM, the system management software has total control of the processor. It can access all of memory and all of its peripherals. It can even access the hypervisor. Since it is more privileged than the hypervisor, we assign it the logical privilege level of “Ring ‑2.”

在SMM中，系统管理软件可以完全控制处理器。 它可以访问所有内存及其所有外围设备。 它甚至可以访问管理程序。 由于它比虚拟机管理程序具有更高的特权，因此我们将其分配为“ Ring‑2”的逻辑特权级别。

第3环：管理引擎(ME) (Ring ‑3: Management Engine (ME))

Never heard of the Intel Management Engine? You’re far from alone! [4]

从未听说过英特尔管理引擎吗？ 您并不孤单！ [4]

The Management Engine (ME) currently resides in a chip called the Platform Controller Hub (PCH). It has its own separate processor. Over time, varying architectures have been used to implement the ME processor.

管理引擎(ME)当前位于称为平台控制器中枢(PCH)的芯片中。 它有自己的独立处理器。 随着时间的流逝，已使用各种架构来实现ME处理器。

The ME is downright scary. It is always running, even when the system is powered off; as long as the mainboard has power (line power or battery), the ME is running. It has its own MAC and IP addresses, and full access to the main processor, all memory (including SMM) and all peripherals. It cannot be disabled, as the main processor cannot boot in the absence of a running ME.

我是彻头彻尾的吓人。 即使系统关闭电源，它也始终在运行 ； 只要主板有电(线路电源或电池)，ME就会运行。 它具有自己的MAC和IP地址，并且可以完全访问主处理器，所有内存(包括SMM)和所有外围设备。 无法禁用它，因为在没有运行ME的情况下主处理器无法启动。

Oh, and it even runs its own web server. If that alone doesn’t terrify you, it should.

哦，它甚至运行自己的Web服务器。 如果仅此一项不会 使您 感到 恐惧 ，那应该。

And think about the fact it has its own MAC and IP addresses. That means that you can’t firewall off the ME in the host processor. The only way you can detect that the ME is communicating with the world is by monitoring all network traffic exiting that system.

考虑一下它具有自己的MAC和IP地址的事实。 这意味着您不能将主机处理器中的ME防火墙隔离。 可以检测到ME正在与世界通信的唯一方法是监视离开该系统的所有网络流量。

The ME processor is “invisible” to the main processor. That means that you can’t protect it with any type of anti-malware software, or otherwise inspect the processor for potential compromise.

ME处理器对主处理器“不可见”。 这意味着您不能使用任何类型的反恶意软件来保护它，也不能通过其他方式检查处理器是否存在潜在的危害。

It has been discovered that there is an ME mode called “High Assurance Platform,” which was allegedly developed for the exclusive use by TLA government agencies to limit the ME’s capabilities after system boot. But, its use outside of that environment allegedly violates your warranty. [7]

已经发现，存在一种称为“高保证平台”的ME模式，据称该模式是TLA政府机构专用于开发的，用于限制系统启动后ME的功能。 但是，在该环境之外使用该产品可能会违反您的保修条款。 [7]

What does the ME do? Its full functionality has never been publicly documented. Most of what is publicly known about it has been discovered by several groups who have attempted to reverse engineer its capabilities. It’s known that the ME implements secure and trusted (verified) boot, it manages the other PCH functions, provides DRM and TPM functionality, and is where the Intel Active Management Technology (AMT) is implemented.

我该怎么办？ 其完整功能从未公开记录过。 几组试图对其功能进行逆向工程的小组发现了大多数公开已知的内容。 众所周知，ME实现了安全且受信任的(已验证)启动，它管理其他PCH功能，提供DRM和TPM功能，并且是实施Intel主动管理技术(AMT)的地方。

There have been known exploitable vulnerabilities found in the ME, for which Intel has issued several firmware updates.

在ME中发现了已知的可利用漏洞，英特尔为此发布了多个固件更新。

As it is more privileged than even SMM, it is generally referred to as “Ring ‑3.”

由于它甚至比SMM更具特权，因此通常称为“ Ring-3”。

So, let’s review:

因此，让我们回顾一下：

• You have a “hidden” processor on your computer.您的计算机上有一个“隐藏”处理器。
• Its functionality has never been publicly documented.其功能从未公开记录过。
• It appears to have been customized for certain TLA government agencies.它似乎是为某些TLA政府机构定制的。
• It has unlimited access to the main processor.它可以无限制地访问主处理器。
• It has unlimited access to all memory.它具有对所有内存的无限访问权限。
• It has unlimited access to all peripherals.它可以无限制地访问所有外围设备。
• It has its own MAC and IP addresses.它具有自己的MAC和IP地址。
• It runs a web server.它运行一个Web服务器。
• It is always running.它一直在运行。
• You can’t turn it off.您无法将其关闭。
• You can’t disable it.您不能禁用它。
• It has had known exploitable vulnerabilities (which presumes more vulnerabilities exist that have yet to be found and/or disclosed).它具有已知的可利用漏洞(假定存在更多尚未发现和/或公开的漏洞)。

• It is the single most privileged known element of an Intel Architecture processor chipset.

  这是一个Intel体系结构的处理器芯片组的单个最优越的已知元件。

If you’re not scared yet, then you haven’t been paying attention! In that case, I suggest you read what the EFF has to say about the ME: Intel’s Management Engine is a security hazard, and users need a way to disable it.

如果您还不害怕，那您就不用关注了！ 在这种情况下，我建议您阅读EFF对ME的评价： 英特尔的管理引擎存在安全隐患，用户需要一种禁用它的方法 。

那微码呢？ (What About Microcode?)

By this time, you are probably wondering how microcode fits into this picture. I’m not going to go into any detail beyond showing where microcode fits into the picture.

到这个时候，您可能想知道微码如何适合这张图片。 除了显示微代码在图片中的位置之外，我将不做任何其他细节。

In most processors today, the machine code instructions are hardwired into the circuitry for performance. However, some complex machine code instructions are not easily processed in circuitry, so they are broken up into small sequences of microcode. Think of it this way: Some machine language instructions are directly executed by processor circuitry, while other machine language instructions have to be broken into simpler instructions (microcode) in order to be executed by processor circuitry.

在当今的大多数处理器中，机器代码指令都硬连接到电路中以提高性能。 但是，某些复杂的机器代码指令不容易在电路中处理，因此将它们分解成小的微代码序列。 这样想：某些机器语言指令直接由处理器电路执行，而其他机器语言指令则必须分解为更简单的指令(微码)才能由处理器电路执行。

In the Intel Architecture, the microcode for a given processor is burned into an on-processor ROM. Microcode can be updated by specially prepared packages from Intel. However, those microcode updates do not modify the ROM. Rather, they are stored in on-processor high-speed SRAM. As SRAM is volatile, all microcode updates must be reapplied with every processor reboot.

在英特尔架构中，给定处理器的微代码被刻录到处理器上的ROM中。 可以通过英特尔专门准备的软件包来更新微码。 但是，这些微代码更新不会修改ROM​​。 而是将它们存储在处理器上的高速SRAM中。 由于SRAM易失，因此每次重启处理器时都必须重新应用所有微代码更新。

It is not clear from Intel documentation whether the ME’s processor also receives microcode updates. (It does, however, definitely receive firmware updates.)

从英特尔文档中尚不清楚，ME的处理器是否也收到微码更新。 (但是，确实可以接收固件更新。)

From a “Ring Perspective,” microcode sits directly on top of the processor’s silicon. Logically, it can be considered an integral part of the processor itself. This is illustrated in the “IA Hardware View” diagram, below.

从“环”的角度来看，微代码直接位于处理器芯片的顶部。 从逻辑上讲，它可以被视为处理器本身的组成部分。 在下面的“ IA硬件视图”图中进行了说明。

How microcode is updated is one of the best-guarded secrets in the industry. It is known that updates are encrypted and digitally-signed multiple times. I can find no evidence that the exact format of the update package has ever been successfully reverse engineered.

如何更新微码是业内最受保护的秘密之一。 众所周知，更新是多次加密和数字签名的。 我找不到证据证明更新包的确切格式曾经被成功地反向工程过。

However, should anyone ever be able to tamper with a processor’s microcode, it would be “game over,” as such an attack would, in all probability, be undetectable. Thus, although I do not call it that, you could probably consider microcode to be “Ring ‑4.” Although, who knows? Intel may have other yet-to-be-discovered conceptual privilege levels between the ME and the microcode. (If you want to apply a “ring name” to it, perhaps microcode best be called “Ring ‑∞,” as I don’t think you can get more privileged than microcode!)

但是，如果任何人都能够篡改处理器的微代码，那将是“一场大战”，因为这种攻击很可能是无法检测到的。 因此，尽管我不这么认为，但您可能会认为微码是“ Ring-4”。 虽然，谁知道呢？ 英特尔在ME和微代码之间可能还有其他尚未发现的概念特权级别。 (如果您想为其加上一个“环名”，也许最好将微码称为“ Ring ‑∞”，因为我认为您不会比微码享有更多的特权！)

我需要担心哪些安全威胁？ (What Security Threats Do I Need To Worry About?)

All three of the negative rings discussed in this article are subject to exploitation. However, some of these rings have more potential to be exploited than others. The only real way to discover the exploitation of any of these negative rings is to detect the network traffic generated when the exploit phones home.

本文讨论的所有三个负环均受剥削。 但是，其中一些环比其他环有更大的开发潜力。 发现任何负面环的利用的唯一真实方法是检测利用漏洞的电话回家时生成的网络流量。

管理程序 (Hypervisor)

Hypervisor attacks are relatively old. The most famous of the early attacks is the Blue Pill attack on the AMD virtualization technology, which was later ported to also exploit Intel technology.

系统管理程序攻击相对较旧。 早期攻击中最著名的是对AMD虚拟化技术的Blue Pill攻击，后来被移植为也利用Intel技术。

There are three basic types of attacks that exploit virtualization technologies: [5]

利用虚拟化技术的攻击有三种基本类型：[5]

• Hypervisor Injection, where an operating system running on bare metal has a “hypervisor” (called a Virtual Machine Based Rootkit, or VMBR) inserted between it and the hardware. An alternative attack is to inject a virtual hypervisor between the hypervisor and a guest operating system, such as the cloudskulk attack.

  系统管理程序注入，其中在裸机上运行的操作系统在其和硬件之间插入了“系统管理程序”(称为基于虚拟机的Rootkit或VMBR)。 一种替代攻击是在虚拟机管理程序和来宾操作系统之间注入虚拟虚拟机管理程序，例如cloudskulk攻击。

• Hypervisor Escape, where an exploit run from a guest operating system gains access to either the hypervisor, to another guest operating system, or to the bare metal hardware.Hypervisor Escape，从来宾操作系统运行的漏洞可以访问管理程序，另一个来宾操作系统或裸机硬件。
• Side-Channel Attacks, where a guest operating system exploits processor hardware flaws, or other vulnerabilities, to extract information from another guest operating system executing on the same physical hardware. [6]旁道攻击，来宾操作系统利用处理器硬件漏洞或其他漏洞，从在相同物理硬件上执行的另一个来宾操作系统中提取信息。 [6]

Hypervisor Injection attacks against bare-metal operating systems used to be relatively trivial to carry out. However, recent firmware and chipset hardening have made such exploitation more complicated than it has been in the past. A substantially greater risk is the cloudskulk-like attacks that inject a VMBR in an already virtualized environment. In today’s cloud computing environment, such attacks are a growing concern.

针对裸机操作系统的虚拟机管理程序注入攻击过去通常比较简单。 但是，最近的固件和芯片组加固使这种利用变得比过去更加复杂。 更大的风险是类似cloudkulk的攻击，这些攻击会将VMBR注入已经虚拟化的环境中。 在当今的云计算环境中，此类攻击日益受到关注。

Hypervisor Escape attacks are our current greatest hypervisor risk. There have been literally dozens of recent vulnerabilities discovered which allow for attackers to escape from virtualized guest systems. A relatively complete list of known vulnerabilities and attacks can be found here.

管理程序逃逸攻击是我们当前最大的管理程序风险。 实际上，最近发现了数十个漏洞，这些漏洞使攻击者可以从虚拟访客系统逃脱。 可以在此处找到相对完整的已知漏洞和攻击列表。

Side-Channel Attacks are a rapidly growing threat. It seems as though every few weeks, a proof-of-concept is developed for some new side-channel attack. A good overview of the concepts behind side-channel attacks can be found here.

侧通道攻击是一种Swift增长的威胁。 似乎每隔几周，就会为一些新的边信道攻击开发概念验证。 可以在此处找到有关旁通道攻击的概念的概述。

Most recent side-channel attacks have been exploiting one of the various Meltdown or Spectre vulnerabilities. The original research describing those vulnerabilities can be found here. A recent video tutorial on Meltdown and Spectre (based upon Dickens’ A Christmas Carol) can be found here (original) or here (YouTube); Warning: Some language may be NSFW.

最近的旁道攻击一直在利用各种Meltdown或Spectre漏洞之一。 描述这些漏洞的原始研究可以在这里找到。 您可以在此处 (原始)或此处 (YouTube)找到有关融化和幽灵的最新视频教程(基于狄更斯的《圣诞节颂歌》)； 警告：某些语言可能是NSFW。

Today, successful side-channel attacks are probably beyond the capabilities of all but state actors. But, it is only a matter of time before they become commodity point-shoot-kill exploits any criminal can purchase on the dark web.

如今，成功的旁道攻击可能已经超出了国家行为者以外的所有能力。 但是，这成为任何犯罪分子都可以在黑暗的网络上购买的商品射击技巧，只是时间问题。

All classes of hypervisor attacks are a critical problem in cloud computing. In fact, I contend that it is impossible to adequately secure any public cloud system processing sensitive information. I will delve into those details in an upcoming blog posting, Increasingly Cloudy with Severe Security Storms: Why It Is Impossible to Secure the Public Cloud.

所有类型的系统管理程序攻击都是云计算中的关键 问题。 实际上，我认为无法充分保护任何处理敏感信息的公共云系统。 我将在即将发表的博客文章“ 随着严重的安全风暴越来越阴云密布：为什么无法保护公共云”中深入探讨这些细节。

Finally, don’t forget hypervisors are software. All software has bugs. You can’t assume that your hypervisor is not exploitable. Always ask the question: How can this software be used against me?

最后，不要忘记管理程序是软件。 所有软件都有错误。 您不能假定您的管理程序无法被利用。 总是问一个问题： 如何对我使用此软件？

系统管理模式 (System Management Mode)

To attack SMM, you need to attack the firmware. For that reason, SMM exploits are often called “BIOS Rootkits” or “Bootkits.” With recent lockdowns of the boot process, many attacks against firmware have become more difficult. However, on many systems, an attacker who can access the firmware configuration settings has the potential to disable those protections.

要攻击SMM，您需要攻击固件。 因此，SMM漏洞通常被称为“ BIOS Rootkit”或“ Bootkit”。 随着引导过程最近的锁定，针对固件的许多攻击变得更加困难。 但是，在许多系统上，可以访问固件配置设置的攻击者可能会禁用这些保护。

Today, most SMM exploits that are publicly known have been developed by either state actors or those companies who sell exploits to state actors. The presentation UEFI Firmware Rootkits: Myths and Reality — Black Hat Asia 2017 provides a good overview of some relatively recent SMM exploits. An example of a rather notorious bootkit is LoJax, which attacks UEFI.

如今，大多数公开的SMM漏洞都是由国家行为者或向国家行为者出售漏洞的公司开发的。 UEFI固件Rootkits：神话与现实— Black Hat Asia 2017演示文稿很好地概述了一些相对较新的SMM攻击。 LoJax是一个臭名昭著的Bootkit的示例 ，它攻击UEFI。

My biggest SMM concern is OEM bootkits. Like all SMM malware, they would be virtually undetectable, except by monitoring network traffic. And, since the malware was installed by the vendor, no attack vector to gain access to modify the firmware is required.

我最关心的SMM是OEM引导程序包。 像所有SMM恶意软件一样，除了监视网络流量以外，几乎无法检测到它们。 而且，由于该恶意软件是由供应商安装的，因此不需要攻击媒介即可获得修改固件的权限。

There is one potential defense against non-OEM SMM exploitation that is usually quite effective. Most SMM exploits require that the firmware be reflashed to install the malware. Many desktop and server systems have a physical jumper on the mainboard where you can disable firmware flashing. Disabling it is a trade-off between security and convenience. So, ask yourself: How often do we reflash firmware? Then, decide appropriately.

有一种针对非OEM SMM开发的潜在防御措施通常非常有效。 大多数SMM攻击都要求刷新固件以安装恶意软件。 许多台式机和服务器系统在主板上都有一个物理跳线，您可以在其中禁用固件刷新。 禁用它是安全性和便利性之间的折衷。 因此，问问自己：我们多久刷新一次固件？ 然后，适当决定。

Finally, don’t forget what runs in SMM is software. All software has bugs. You can’t assume that SMM is not exploitable. Always ask the question: How can this software be used against me? And, for SMM, you need to add the question: Do I know what software is running in SMM? (Answer: Probably not!)

最后，不要忘记SMM中运行的是软件。 所有软件都有错误。 您不能假定SMM无法利用。 总是问一个问题： 如何对我使用此软件？ 并且，对于SMM，您需要添加一个问题： 我知道SMM中正在运行什么软件吗？ (答案：可能不是！)

管理引擎 (Management Engine)

Management Engine attacks concern me the most.

管理引擎攻击是我最担心的问题。

Thus far, there have been about a dozen patched and disclosed vulnerabilities in the ME. How many more there are which are known but not yet patched and/or disclosed is not known. A few notorious examples of ME vulnerabilities and exploits include:

到目前为止， ME中已修补了大约十二个漏洞，并已披露这些漏洞 。 还有多少是已知的但尚未修补和/或公开。 ME漏洞和利用的一些臭名昭著的例子包括：

• Data Stealing Malware Found Using Intel AMT Tool to Bypass Firewall

  发现使用英特尔AMT工具绕过防火墙的数据窃取恶意软件

• Unauthenticated Users Can Remotely Access Intel ATM Web Interface

  未经身份验证的用户可以远程访问Intel ATM Web界面

• Critical Information Disclosure Bug in Security Engine

  安全引擎中的关键信息泄露错误

I am going to spend a lot more time on the ME in upcoming blog posts. [8] Meanwhile, some of the best information on the ME can be found on the Positive Technologies website.

在接下来的博客文章中，我将花更多的时间在ME上。 [8]同时，可以在Positive Technologies网站上找到有关ME的一些最佳信息。

Just keep in mind that it only requires one bug in the ME for your computer to be hacked, even when it is powered off!

请记住， 即使关闭电源 ，仅需要ME中的一个bug即可入侵您的计算机！

For anyone into bug-bounty hacking, both Intel’s Management Engine and AMD’s Platform Security Processor are probably gold mines, just waiting to be discovered.

对于任何受到漏洞赏金黑客攻击的人来说，英特尔的管理引擎和AMD的平台安全处理器都可能是金矿，只是等待被发现。

Finally, don’t forget what runs in the ME is software. As experience has shown, the ME software has had bugs. You must assume that the ME is exploitable. Always ask the question: How can this software be used against me? And, for the ME, you need to add the question: Do I know what software is running in ME? (Answer: Definitely not!)

最后，不要忘记ME中运行的是软件。 如经验所示，ME软件存在错误。 您必须假定ME是可利用的。 总是问一个问题： 如何对我使用此软件？ 并且，对于ME，您需要添加一个问题： 我是否知道ME中正在运行什么软件？ (答案： 绝对不是！)

侦测 (Detection)

Detection! That’s the crux of the problem with negative ring attacks.

检测！ 这就是负面的环形攻击问题的症结所在。

As I have indicated, attacks originating from negative rings are essentially undetectable from the positive-numbered rings. Yes, there are a few indirect ways you can possibly determine that you’ve been pwned, and even fewer direct ways. And, both direct and indirect methods only apply to certain small groups of exploits. Your safest bet is to assume that your anti-malware tools cannot detect any negative-ring attacks.

正如我已经指出的，从负号环发起的攻击基本上无法从正号环中检测到。 是的，您可以通过几种间接方式确定自己已被伪造，甚至更少。 而且，直接方法和间接方法都仅适用于某些小规模的漏洞利用。 您最安全的选择是假定您的反恶意软件工具无法检测到任何负面攻击。

There is exactly one way which stands any chance of detecting that you’ve been compromised: network monitoring. That means you must be able to monitor all traffic exiting and entering any physical network interface on the system. The key words here are “all,” “any,” and “physical.” Physical means that monitoring virtual networks is insufficient, because the ME can leak information through your network, and no level of virtual network monitoring would detect it. Any and all means exactly that: All traffic through any network interface. To do otherwise, you will leave holes in your security large enough to navigate an aircraft carrier through, undetected.

完全有一种方法可以检测到您已经受到威胁，这就是网络监视。 这意味着您必须能够监视 所有 退出和进入 任何 系统上的 物理 网络接口。 这里的关键词是“全部”，“任何”和“物理的”。 物理意味着监视虚拟网络是不够的，因为ME可以通过您的网络泄漏信息，并且没有虚拟网络监视级别可以检测到它。 Any and all完全意味着：通过任何网络接口的所有流量。 否则，您会在安全装置上留出足够大的空缺，以使航空母舰无法被发现穿过。

Regardless of your environment, today, the only effective means of breach detection are network monitoring and physical security (where the physical security threat is the malicious insider).

无论您使用哪种环境，如今， 唯一有效的漏洞检测方法就是网络监视和物理安全性 (物理安全性威胁是恶意内部人员)。

摘要 (Summary)

What runs in each of the negative rings is software. You have to assume the negative ring’s software is buggy and exploitable. You have to monitor your network traffic to detect rogue packets from exploited software in negative rings.

在每个负环中运行的是软件。 您必须假定负环的软件有故障并且可以利用。 您必须监视您的网络流量，以检测来自负面软件的恶意软件的恶意数据包。

There are three conceptual privilege levels which have greater privilege than the operating system’s kernel. Those levels are referred to as:

具有三个概念特权级别，这些特权级别具有比操作系统内核更大的特权。 这些级别称为：

• Ring ‑1: Hypervisor环‑1：管理程序
• Ring ‑2: System Management Mode第2环：系统管理模式
• Ring ‑3: Management Engine第3环：管理引擎

Unlike the positive numbered protection rings, which are designated by hardware protection measures, the negative numbered rings do not indicate a protection level. Instead, they indicate a relative privilege level, where the lower (more negative) the number, the greater the privilege level.

与由硬件保护措施指定的正号保护环不同，负号环不表示保护级别。 相反，它们指示相对特权级别，数字越小(越负)，特权级别越高。

Hypervisors are software that boots into a special hypervisor mode (VMX), which enables special instructions only usable by the hypervisor. The hypervisor co-resides in ring 0 with the guest kernels it manages. A hypervisor executes with a special protection level called VMX Root, which isolates it from other ring 0 processes. Guest operating systems execute with the protection level VMX non-Root, which isolates them from the hypervisor and other ring 0 processes.

系统管理程序是引导进入特殊系统管理程序模式(VMX)的软件，该模式可启用仅由系统管理程序使用的特殊指令。 系统管理程序与其管理的客户内核共驻留在环0中。 系统管理程序以称为VMX Root的特殊保护级别执行，该保护级别将其与其他ring 0进程隔离。 来宾操作系统以VMX非根保护级别执行，该保护级别将它们与虚拟机管理程序和其他ring 0进程隔离。

System Management Mode software is loaded by the boot firmware, which locks it into memory inaccessible by a hypervisor or operating system. The memory in which it resides appears to “disappear” from available real memory. SMM can software executes in a special processor state which renders its execution invisible to all other software running on the processor.

系统管理模式软件由引导固件加载，该引导固件将其锁定到系统管理程序或操作系统无法访问的内存中。 它所在的内存似乎从可用的实际内存中“消失”了。 SMM可以在特殊的处理器状态下执行软件，这使其执行对处理器上运行的所有其他软件不可见。

The Management Engine runs on a separate processor on the PCH chip. It is always running even when the main processor is powered off. It has full access to all memory and peripherals, and it has its own MAC and IP addresses. Without a functional ME, the main processor cannot boot. It is invisible to the main processor, and its integrity must be trusted because it cannot be verified by the main processor or by other known means.

管理引擎在PCH芯片上的单独处理器上运行。 即使关闭主处理器电源，它也始终在运行。 它具有对所有内存和外围设备的完全访问权限，并且具有自己的MAC和IP地址。 没有功能正常的ME，主处理器将无法启动。 它对主处理器是不可见的，并且必须信任其完整性，因为它不能被主处理器或其他已知方式验证。

The SMM is probably the most difficult of these three subsystems to compromise, as it involves successfully tampering with the processor’s firmware.

SMM可能是这三个子系统中最难妥协的，因为它涉及成功篡改处理器的固件。

The hypervisor is probably the easiest of these subsystems to compromise, as it would be rather trivial to inject a hypervisor exploit under an operating system. This attack vector works against both operating systems running on bare metal, and operating systems which run as guests of a legitimate hypervisor.

系统管理程序可能是这些子系统中最容易遭到破坏的系统，因为在操作系统下注入系统管理程序漏洞很简单。 此攻击媒介既可以在裸机上运行的操作系统上运行，也可以在以合法管理程序的访客身份运行的操作系统上运行。

The ME appears to be potentially open to simplistic exploitation. Compromising it would definitely be the most deadly subsystem to exploit.

ME似乎易于进行简单开发。 破坏它肯定是最致命的子系统。

Finally, I once again need to repeat: The only way most organizations can detect the exploitation of any of the negative rings is through monitoring of network traffic to detect exfiltration from any of these negative rings.

最后，我再次需要重复： 大多数组织能够检测到任何负面环的利用的唯一方法是通过监视网络流量来检测来自这些负面环中的任何泄漏。

It’s exploitation time! Do you know what’s running in your negative rings?

现在是剥削时间！ 您知道负环中正在发生什么吗？

笔记 (Notes)

1. Nearly everything presented in this paper is a greatly oversimplified explanation. My objective is to introduce big-picture concepts, not nitty-gritty technical details. Thus, I hope these oversimplifications provide sufficient details of the concepts I present here.本文中介绍的几乎所有内容都大大简化了解释。 我的目标是介绍全局概念，而不是具体的技术细节。 因此，我希望这些过分简化的方法可以为我在此处介绍的概念提供足够的细节。

2. The major takeaway for this paragraph should be: The numerically larger the Ring number, the lower the privilege level.

   对于这一段的主要外卖应该是：数字 较大 的环数， 较低 的权限级别。

3. Reference: Intel® 64 and IA-32 Architectures Software Developer’s Manual

   参考： 英特尔®64和IA-32架构软件开发人员手册

4. AMD has a similar processor called the AMD Platform Security Processor, which implements its AMD Secure Technology subsystem.AMD有一个类似的处理器，称为AMD平台安全处理器，它实现了AMD安全技术子系统。
5. This section applies to both type 1 and type 2 hypervisors.本节适用于类型1和类型2的管理程序。
6. The primary difference between Hypervisor Escapes and Side Channel Attacks is that an escape executes code on its target, and the side channel “only” leaks data.Hypervisor Escapes和Side Channel Attacks之间的主要区别在于，转义符在其目标上执行代码，而旁道“仅”泄漏数据。
7. TLA: Three Letter Acronym (e.g., NSA, CIA, FBI, DOD, NRO, MI5, etc.).TLA：三个字母的首字母缩写词(例如，NSA，CIA，FBI，DOD，NRO，MI5等)。

8. The first of these posts is now online, Ever Heard of MINIX? It’s The World’s Most Widely Used Operating System.

   这些帖子中的第一篇已经在线上， 《 MINIX》的《听过吗？ 它是世界上使用最广泛的操作系统 。

Please check out my Blog Introduction and Index to find other postings about what we are doing wrong in security and how we need to fix it.

请查看我的 博客简介和索引， 以查找有关我们在安全方面做错了什么以及我们需要如何解决的其他帖子。

About The Blogger

关于博客

特色图片 (Featured Image)