Epyc fail? We can defeat AMD's virtual machine encryption, say boffins

Donā€™t think the journalist understands what threat this technology from AMD is trying to mitigate.

Two types of threats:
Run a workload leasing compute from Amazon and keep that workload safe from Amazon

Run a workload leasing compute from Amazon and keep that workload safe from other customers on Amazon.

This encrypted memory kinda-sorta might protect you from the first scenarioā€¦ but you need more than encrypted memory in that scenario anyway. Makes sense if you think about it.

The second scenario is still safe. No way for an admin/bad guy in a compromised VM to steal another VMā€™s data, even with spectre/meltdown type vulnerabilities that let you otherwise read protected memory.

13 Likes

And? Do you have anything to add? @Hammerhead_Corvette

3 Likes

well it is the register not known for understanding what they are talking about

ā€¦via a hijacked hypervisorā€¦

I guess that is the telling line.

2 Likes

This comment I found under there sums up my opinion on this:
image

10 Likes

Obviously, this is taking about all t he outsourced It.

/s

I do actually, but Iā€™m currently busy.

image

14 Likes

Heres the paper for those who care

Will be giving it a read and reporting back on how i feel about it.

5 Likes

Not much else to state other than the above already having been stated at this point in time in regards to certain ā€œperceivedā€ vulnerabilities.

Good stuff, thanks.

Some of you guys need to back off a bit. Not like youā€™ve given this much of a review.

In the Meltdown and Spectre threads you guys were quick to pretend to know what you were talking about, calling it a major crisis and screaming ā€œOMFG FUCK INTEL NEVER BUYING INTEL AGAIN FUCK INTELā€. This is relevant to our interests, to ignore it because of precious AMD is ignorant.

2 Likes

Hold on there.
Spectre can be exploited from the browser. All the AMD stuff we got so far requries root or admin privileges.

2 Likes

If you wanna make accusations, you have to be more specific than that.


So far I have seen two sources for this. Given how many clicks you can get with a real story about tech security these days, that seems low. And given how the last story like this was clearly a hit piece, for right now I remain to be skeptic.

But we will see.

TL;DR they change the memory mapping so services just start dumping arbitrary memory that the VM thinks is sane therefore just bypassing AMDs SEV. (Yes i know its much more complicated then that but if you actually care enough then youll read the paper)

but also from a possibly malicious hypervisor (Paragraph 1)

This line makes me question it because you can do pretty much anything with a malicious hypervisor that a kernel really cant detect.


Overall it looks pretty good and legit. Number of people affected will be pretty small as only people like VPS providers are really effected and actually doing the attack is even harder as it pretty much requires either a malicious HV or a rouge sysadmin.

As for migrations this could either be a really simple fix by just protecting memory maps but could be harder then it seems. Not quite sure as i dont know much in this field.

4 Likes

What I find strange is the article is again AMD is broken here is a paper released 24 May 2018. Hit the press. The obligatory quote ā€œA spokesperson for AMD was not available for comment.ā€

What happened to Mathias Morbitzer, Manuel Huber, Julian Horsch and Sascha Wessel from Fraunhofer AISEC working with AMD to see if there is a problem, does it need a patch.

You know give AMD that 90 days to work on it before going CTS labs ?

Is someone shorting AMD stock again ?

We know AMD will respond to this when their engineers have a look at it. Maybe a big nothing burger again. I mean who expects a know evil host to ever be secure. If the admin is doing it then well.

3 Likes

Okay? Lots of things can get rekt from the browser.

Observations. Every AMD thread that hints at negative press is dismissive. Every nVidia thread is ā€œmuh evilā€ and ā€œmuh corporationā€. The same goes for Intel.

Hell, you guys are so drunk on your own Kool aid that you canā€™t catch your hypocrisy.

GPP, a marketing sham, the world is on fire.

nVidia hires former AMD marketing exec, lol marketing, lol one guy.

When itā€™s nVidia or Intel doing wrong, you guys blame the hive mind evil entity. When itā€™s AMD, you guys narrow it down to the single employee.

1 Like

no u

ĀÆ\_(惄)_/ĀÆ

2 Likes

Even though the AMD favouritism is strong here, yelling and pointing fingers is pointless. We know people here favour AMD. We know. Letā€™s try and not devolve yet another thread into pointless tribal AIDS.


and again, the pumpā€™nā€™dump single link topics with no added input in the OP are a bit low effort imo. If you donā€™t have time to share your thoughts, why not wait until you do?

1 Like

I find it curious that the researchers didnā€™t know of this prior work:

it also alluded to problems with hypervisor to guest isolation. Aside of the encryption problem.

But overall I find that the researchers and journalists are over-hyping the ā€˜meagreā€™ conclusions of this research.

Which often times detracts from the technical details and sidelines the fact that Engineers at AMD are actually attempting to do something quite difficult in order to harden VM -> VM and VM -> Host Hypervisor security.

Securing x86 is a hard task and sensationalism is contributing to making it even more difficult.

Donā€™t forget that there are real people behind efforts like these and theyā€™ve put a lot of work into making something they find worthwhile. Research like this, if treated right can be be used by them to make things better.

But this kind of sensationalism is disheartening and sometimes disrespectful to the many engineers working on what are often non-trivial hard problems.

The kind where deadlines and profits interfere and lead to mistakes made and implementation deficiencies that can only be improved upon by iteration.

8 Likes