Donāt think the journalist understands what threat this technology from AMD is trying to mitigate.
Two types of threats:
Run a workload leasing compute from Amazon and keep that workload safe from Amazon
Run a workload leasing compute from Amazon and keep that workload safe from other customers on Amazon.
This encrypted memory kinda-sorta might protect you from the first scenarioā¦ but you need more than encrypted memory in that scenario anyway. Makes sense if you think about it.
The second scenario is still safe. No way for an admin/bad guy in a compromised VM to steal another VMās data, even with spectre/meltdown type vulnerabilities that let you otherwise read protected memory.
well it is the register not known for understanding what they are talking about
ā¦via a hijacked hypervisorā¦
I guess that is the telling line.
This comment I found under there sums up my opinion on this:
Obviously, this is taking about all t he outsourced It.
/s
I do actually, but Iām currently busy.
Heres the paper for those who care
Will be giving it a read and reporting back on how i feel about it.
Not much else to state other than the above already having been stated at this point in time in regards to certain āperceivedā vulnerabilities.
Good stuff, thanks.
Some of you guys need to back off a bit. Not like youāve given this much of a review.
In the Meltdown and Spectre threads you guys were quick to pretend to know what you were talking about, calling it a major crisis and screaming āOMFG FUCK INTEL NEVER BUYING INTEL AGAIN FUCK INTELā. This is relevant to our interests, to ignore it because of precious AMD is ignorant.
Hold on there.
Spectre can be exploited from the browser. All the AMD stuff we got so far requries root or admin privileges.
If you wanna make accusations, you have to be more specific than that.
So far I have seen two sources for this. Given how many clicks you can get with a real story about tech security these days, that seems low. And given how the last story like this was clearly a hit piece, for right now I remain to be skeptic.
But we will see.
TL;DR they change the memory mapping so services just start dumping arbitrary memory that the VM thinks is sane therefore just bypassing AMDs SEV. (Yes i know its much more complicated then that but if you actually care enough then youll read the paper)
but also from a possibly malicious hypervisor
(Paragraph 1)
This line makes me question it because you can do pretty much anything with a malicious hypervisor that a kernel really cant detect.
Overall it looks pretty good and legit. Number of people affected will be pretty small as only people like VPS providers are really effected and actually doing the attack is even harder as it pretty much requires either a malicious HV or a rouge sysadmin.
As for migrations this could either be a really simple fix by just protecting memory maps but could be harder then it seems. Not quite sure as i dont know much in this field.
What I find strange is the article is again AMD is broken here is a paper released 24 May 2018. Hit the press. The obligatory quote āA spokesperson for AMD was not available for comment.ā
What happened to Mathias Morbitzer, Manuel Huber, Julian Horsch and Sascha Wessel from Fraunhofer AISEC working with AMD to see if there is a problem, does it need a patch.
You know give AMD that 90 days to work on it before going CTS labs ?
Is someone shorting AMD stock again ?
We know AMD will respond to this when their engineers have a look at it. Maybe a big nothing burger again. I mean who expects a know evil host to ever be secure. If the admin is doing it then well.
Okay? Lots of things can get rekt from the browser.
Observations. Every AMD thread that hints at negative press is dismissive. Every nVidia thread is āmuh evilā and āmuh corporationā. The same goes for Intel.
Hell, you guys are so drunk on your own Kool aid that you canāt catch your hypocrisy.
GPP, a marketing sham, the world is on fire.
nVidia hires former AMD marketing exec, lol marketing, lol one guy.
When itās nVidia or Intel doing wrong, you guys blame the hive mind evil entity. When itās AMD, you guys narrow it down to the single employee.
no u
ĀÆ\_(ć)_/ĀÆ
Even though the AMD favouritism is strong here, yelling and pointing fingers is pointless. We know people here favour AMD. We know. Letās try and not devolve yet another thread into pointless tribal AIDS.
and again, the pumpānādump single link topics with no added input in the OP are a bit low effort imo. If you donāt have time to share your thoughts, why not wait until you do?
I find it curious that the researchers didnāt know of this prior work:
it also alluded to problems with hypervisor to guest isolation. Aside of the encryption problem.
But overall I find that the researchers and journalists are over-hyping the āmeagreā conclusions of this research.
Which often times detracts from the technical details and sidelines the fact that Engineers at AMD are actually attempting to do something quite difficult in order to harden VM -> VM and VM -> Host Hypervisor security.
Securing x86 is a hard task and sensationalism is contributing to making it even more difficult.
Donāt forget that there are real people behind efforts like these and theyāve put a lot of work into making something they find worthwhile. Research like this, if treated right can be be used by them to make things better.
But this kind of sensationalism is disheartening and sometimes disrespectful to the many engineers working on what are often non-trivial hard problems.
The kind where deadlines and profits interfere and lead to mistakes made and implementation deficiencies that can only be improved upon by iteration.