Intel® Integrated Performance Primitives
Deliberate problems developing high-performance vision, signal, security, and storage applications.

IPP and ESXi--what is the applicability?

gentry__mike
Beginner
877 Views

So....  HPE notified me of a potential problem associated with Intel CPUs (as are found on ProLiant DL360 Gen9).  They classified this as a HPE Security Vulnerability - TLBleed Side-Channel Information Disclosure Attack Against Intel CPUs...

After creating an Intel account and such, here I am trying to make sense of all this, and am left wondering the applicability of the "issue" outlined in the HPE notification, and the fact I am running ESXi on HPE machines?

I came to Intel looking for something I could install to mitigate the TLBleed matter, but since I am not running WIndows, Apple, or Linux, is there a "fix" to be had?  Is this something I need to worry about?  I've gone as far as downloading the (2019) Windows version (as I often download the Windows iLO updates and use 7zip to extract the ilo.bin file from the exe file to update iLO on my 2 DL360 Gen9 hosts).  I didn't know if something similar was to be done with your IPP or, if, because I am running an OS you are not 'including' in your literature regarding this issue, does this mean the vulnerability does not apply?

Seems unlikely somehow.... 

I am not developing 'software' that needs 'IPP libraries' as part of software to be delivered....  I simply possess hardware that includes Intel processors on-board, and am looking to mitigate the vulnerability.  HPE didn't make this very easy in terms of the information they provided me--but they provided enough for me to find myself on your site, and I found enough information there to have created an account in the hopes to find a "solution".

Assuming there is something I can download--what is it, exactly, I need to extract?  Checking the Windows flavor of your IPP, I do see a couple of bin files within)--AND, more importantly, WHERE is this installed?

If HPE's "Critical Customer Bulletin" was well-intentioned, but not really applicable to me, perhaps more communication between Intel and HPE is required in the future?

Can someone from Intel advise?

Thanks in advance.

Regards,

MG

 

 

0 Kudos
2 Replies
Pavel_B_Intel1
Employee
877 Views

Hi Mike,

I will try to find an appropriate way for the communication. It is definitely not a topic for IPP forum. I will connect with you.

Pavel

0 Kudos
Pavel_B_Intel1
Employee
877 Views

Hi Mike,

I'm sorry for to late response, it takes much time to find right persons. The answer is:

Intel has received notice of research from Vrije Universiteit Amsterdam, which outlines a potential side-channel analysis vulnerability referred to as TLBleed. This issue is not reliant on speculative execution, and is therefore unrelated to Spectre or Meltdown. Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics (e.g. timing) of shared hardware resources. These measurements can potentially allow researchers to extract information about the software and related data. TLBleed uses the Translation Lookaside Buffer (TLB), a cache common to many high performance microprocessors that stores recent address translations from virtual memory to physical memory. Software or software libraries such as Intel® Integrated Performance Primitives Cryptography version U3.1 - written to ensure constant execution time and data independent cache traces - should be immune to TLBleed. Protecting our customers’ data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified.

0 Kudos
Reply