Secure Virtual Machines and Memory Encryption on Desktop Ryzen?

I'm not sure I understand your question, but

  • No VM can read from any other VM, or the host
  • The host can't read from any VM

Ok Im just a a forklift driver but if Yoiu say so fine.....Im out of my depth

If you hard coded a CPU with a key and coded software with the other key and the cpu decoded every ram cache byte before executing it I get it.

From the start: When the PC boots the CPU randomly creates a new key. It's not read from anywhere, nor stored outside of the CPU.

Any writes to RAM are encrypted with said key. Likewise any reads decrypted. The software itself does not have to know any knowledge of the key or even its existence.

As programs are just regular data in RAM the same applies: The program is encrypted when stored and decrypted when read. So any instructions inside the CPU have already been decrypted.

(Slightly simplified, but you get the idea.)

Any running this PC boots and the CPU creates a randow key in a VM would be save how ? its in a VM

Same as before: When the VM is started the CPU randomly creates a new key and stores it inside itself. The key never leaves the CPU.

So a virtual CPU in a VM would be safe ?

The key never leaves the CPU...virtual or not.

Please read up on how the Platform Security Processor and AMD SEV & SME work before making wide sweeping assumptions.

All the information is in the links previously posted. There is no need to make uninformed arguments.

VM Pages are separated and inaccessible to each other and the PSP acts as an intermediary to almost all of the CPU's Secure Virtualization operations in particular RAM access.

You may refer to these two PDF's in particular:

1 Like

A virtual CPU is nothing but a concept. Ultimately the VM is just a (mostly) regular program that runs on the physical CPU. Since all keys remain in the physical CPU everything is safe.

I plan on reading them before commenting more :slight_smile:

You trust in software away too much.

SEV KEY MANAGEMENT
1. Hypervisor loads BIOS/OS image into DRAM
• BIOS/OS image is not encrypted
• All confidential information resides on the
virtual encrypted hard drive

http://lkml.iu.edu/hypermail/linux/kernel/1706.3/02007.html

So

It seems like Ryzen Pro may be the system that actually supports the SME and SEV features:

https://www.amd.com/en/ryzen-pro

http://www.anandtech.com/show/11591/amd-launches-ryzen-pro-cpus-enhanced-security-longer-warranty-better-quality

So here's the three Videos associated with slides previously posted that add some extra insights:

3 Likes

Can anyone confirm SME/SEV works on non pro ryzen(3900x)? Is there a method to test?

non pro doesn’t have the feature, so no.