tl; dr: CPU has SGX, a super-encrypted safe place for secrets hidden from everything else. Registers for the APIC can be mapped to memory, and some kinds of misaligned etc. accesses to that mapped area can return previous data (I assume erroneously from the data cache), leaking data. This allows finding the encryption keys for the SGX. Apparently they use this for enclaves of servers, trusting it, so breaking one breaks the whole enclave.
tl; dr: CPU has SGX, a super-encrypted safe place for secrets hidden from everything else. Registers for the APIC can be mapped to memory, and some kinds of misaligned etc. accesses to that mapped area can return previous data (I assume erroneously from the data cache), leaking data. This allows finding the encryption keys for the SGX. Apparently they use this for enclaves of servers, trusting it, so breaking one breaks the whole enclave.
(post is archived)