Direct Connect Interface (DCI) Policy Update (INTEL-SA-00127)

Documentation

Product Information & Documentation

000029393

07/14/2018

The security of our products and our customers’ data is a top Intel priority. Product security updates are periodically delivered through a process of coordinated disclosure.

Existing UEFI* setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel® Xeon® Processor E3 Family, Intel® Xeon® Scalable Processors, and Intel® Xeon® D Processor Family can potentially allow a limited physical presence attacker to access platform secrets through debug interfaces.

Intel has implemented and validated a UEFI firmware platform code update that resolves the issue. This update has been provided to system manufacturers, many of whom have already released updates to their customers.

Potentially affected products
  • Intel® Xeon® Scalable Processors
  • Intel® Xeon® D processor Family
  • Intel® Xeon® Processor E3 v6 Family
  • Intel® Xeon® Processor E3 v5 Family
  • Intel Atom® Processor C Series
For more information on this issue, read Intel Security Advisory INTEL-SA-00127.
  • Contact your system manufacturer to obtain needed system updates.

Questions and Answers

Click or the question for the answer:

What is the Direct Connect Interface (DCI)? Direct Connect Interface (DCI) provides closed chassis access to debug hooks for silicon, platform, and software debug through USB.
Are Client platforms affected? Even though client platforms from Skylake onward (Sunrise Point) support DCI, they aren't considered to be affected by this issue. On Client platforms, EFI Secure Boot is activated by default, which prevents an attacker from toggling DCI functionality. If Client platforms have EFI Secure Boot disabled, this issue potentially affects the platform.