Break the security of amd epyc processors for servers

AMD's data center processors, EPYC, as well as its Ryzen Pro line, Secure Encrypted Virtualization technology. This decrypts and encrypts virtual machines on the fly while they are stored in RAM, so that the host operating system, hypervisor, and any malware on the host computer cannot spy on the protected virtual machines. However, one German investigators just broke this security.

Bad news for EPYC processor safety

AMD EPYC processors use Secure Encrypted Virtualization technology that assigns each virtual machine an address space ID that is tied to a cryptographic key to encrypt and decrypt data as it moves between memory and CPU cores. The key never leaves the system on the chip, and each VM gets its own key.

This means that, in theory, even a hijacked, malicious, hypervisor, kernel, driver, or other privileged code should not be able to inspect the contents of a protected virtual machine, which is a good security feature.

However, a technique dubbed SEVered can be used by a malicious host level administrator, or malware within a hypervisor, or the like, to bypass SEV protections and copy information from a client or user's virtual machine.

The problem, said German AISEC researchers from Fraunhofer (Mathias Morbitzer, Manuel Huber, Julian Horsch and Sascha Wessel) is that host-level hackers can alter physical memory mappings on the host PC, using standard page tables, ignoring the protection mechanism of the SEV.

The Researchers believe that they have devised a method to thwart security mechanisms that EPYC server chips. So much so that they said they can extract plaintext data from an encrypted guest through a hypervisor and simple HTTP or HTTPS requests.

Hopefully, AMD will update these chips as Intel did with its Core processors, and the blessed Meltdown and Specter.

TheRegister Font