HPSBHF03587 rev. 1 - Information Disclosure Vulnerability in Storage Media in Systems with Intel® Optane™ Memory Module with Whole Disk Encryption

Potential Security Impact

Some platforms configured with Whole Disk Encryption and an Intel® Optane™ memory module, may be at risk of data remaining unencrypted and potentially accessible under specific conditions.

Source: HP, HP Product Security Response Team (PSRT)

Reported by: Intel

VULNERABILITY SUMMARY

There is an issue where some platforms configured with Microsoft* Bitlocker and an Intel® Optane™ memory module may be at risk of data remaining unencrypted and potentially accessible under specific conditions.

Due to how Intel® RST software migrates data during the Intel® Optane™ memory enabling process, there is a small region on the non-Intel® Optane™ memory module that will be kept hidden from the host operating system. If Microsoft* Bitlocker enablement occurs after configuring the Intel® Optane™ memory media device, this small region will not benefit from the Whole Disk Encryption and as a result, end-user data in the small region could possibly be at risk.

RESOLUTION

Confirm your system is set up to support Intel® Optane™, then make sure Microsoft* Bitlocker is enabled before configuring the Intel® Optane™ memory module with Intel® Rapid Storage Technology (Intel® RST) software. Refer to the steps below.

1. Go to the BIOS settings in F10 Setup/System Options and ensure the option is checked for configuring Intel® Optane™.

2. Enable Microsoft* Bitlocker.

3. Launch Intel® RST user Interface/ Intel® Optane™ Memory User Interface.

4. Disable Intel® Optane™ Memory (it will need a system restart to complete).

5. Re-enable Intel® Optane™ Memory.

Detailed instructions are below.

Intel requires following these steps to ensure the Intel® Optane™ memory with Microsoft* Bitlocker is configured properly:

• Confirm Microsoft* Bitlocker is ON. Check the Microsoft website for instructions: <https://social.technet.microsoft.com/wiki/contents/articles/969.how-to-determine-if-bitlocker-drive-encryption-is-enabled.aspx&gt;[__](<https://social.technet.microsoft.com/wiki/contents/articles/969.how-to-determine-if-bitlocker-drive-encryption-is-enabled.aspx&gt; “External site.” ) (in English).

• Follow these steps to ensure your system is properly configured:

  1. Launch Intel® RST User Interface(UI)/Intel® Optane™ Memory UI.

  2. Disable Intel® Optane™ memory.

  3. Enable Intel® Optane™ memory again.

  • Check the following link for detailed instructions to disable and enable Intel® Optane™ technology: <https://www.intel.com/content/dam/support/us/en/documents/memory-and-storage/optane-memory/intel-optane-memory-user-installation.pdf&gt;[__](<https://www.intel.com/content/dam/support/us/en/documents/memory-and-storage/optane-memory/intel-optane-memory-user-installation.pdf&gt; “External site.” ) (in English).

  • Refer to section 2.1.4 for disabling Intel® Optane™ and section 2.1.3 for enabling Intel® Optane™ using Intel® Optane™ Memory UI.

  • Refer to section 2.2.2 for disabling Intel® Optane™ and section 2.2.1 for enabling Intel® Optane™ using Intel® Optane™ Memory UI.

*Other names and brands may be claimed as the property of others (when using third-party trademarks and names).